From 52d3e10613fe75f02bebf30d66a768c815a40aae Mon Sep 17 00:00:00 2001
From: "J.W. Schultz" <jw@samba.org>
Date: Wed, 26 Mar 2003 11:04:14 +0000
Subject: [PATCH] Prevent tempfile names from overflowing. Debian BUG# 183667

---
 receiver.c | 67 ++++++++++++++++++++++++++++++++++++------------------
 rsync.h    |  4 ++++
 2 files changed, 49 insertions(+), 22 deletions(-)

diff --git a/receiver.c b/receiver.c
index d50e67a4..3fa154a7 100644
--- a/receiver.c
+++ b/receiver.c
@@ -164,40 +164,63 @@ void delete_files(struct file_list *flist)
 }
 
 
+/*
+ * get_tmpname() - create a tmp filename for a given filename
+ *
+ *   If a tmpdir is defined, use that as the directory to
+ *   put it in.  Otherwise, the tmp filename is in the same
+ *   directory as the given name.  Note that there may be no
+ *   directory at all in the given name!
+ *      
+ *   The tmp filename is basically the given filename with a
+ *   dot prepended, and .XXXXXX appended (for mkstemp() to
+ *   put its unique gunk in).  Take care to not exceed
+ *   either the MAXPATHLEN or NAME_MAX, esp. the last, as
+ *   the basename basically becomes 8 chars longer. In that
+ *   case, the original name is shortened sufficiently to
+ *   make it all fit.
+ *      
+ *   Of course, there's no real reason for the tmp name to
+ *   look like the original, except to satisfy us humans.
+ *   As long as it's unique, rsync will work.
+ */
+
 static int get_tmpname(char *fnametmp, char *fname)
 {
 	char *f;
+	int     length = 0;
+	int	maxname;
 
-	/* open tmp file */
 	if (tmpdir) {
-		f = strrchr(fname,'/');
-		if (f == NULL) 
-			f = fname;
-		else 
-			f++;
-		if (strlen(tmpdir)+strlen(f)+10 > MAXPATHLEN) {
-			rprintf(FERROR,"filename too long\n");
-			return 0;
+		strlcpy(fnametmp, tmpdir, MAXPATHLEN - 2);
+		length = strlen(fnametmp);
+		fnametmp[length++] = '/';
+		fnametmp[length] = '\0';	/* always NULL terminated */
 		}
-		snprintf(fnametmp,MAXPATHLEN, "%s/.%s.XXXXXX",tmpdir,f);
-		return 1;
+
+	if ((f = strrchr(fname, '/'))) {	/* extra () for gcc */
+		++f;
+		if (!tmpdir) {
+			length = f - fname;
+			strlcpy(fnametmp, fname, length + 1);
+		}		/* copy up to and including the slash */
+	} else {
+		f = fname;
 	} 
+	fnametmp[length++] = '.';
+	fnametmp[length] = '\0';		/* always NULL terminated */
 
-	f = strrchr(fname,'/');
+	maxname = MIN(MAXPATHLEN - 7 - length, NAME_MAX - 8);
 
-	if (strlen(fname)+9 > MAXPATHLEN) {
-		rprintf(FERROR,"filename too long\n");
+	if (maxname < 1)
+	{
+		rprintf(FERROR, "temporary filename too long: %s\n", fname);
+		fnametmp[0] = '\0';
 		return 0;
 	}
 
-	if (f) {
-		*f = 0;
-		snprintf(fnametmp,MAXPATHLEN,"%s/.%s.XXXXXX",
-			 fname,f+1);
-		*f = '/';
-	} else {
-		snprintf(fnametmp,MAXPATHLEN,".%s.XXXXXX",fname);
-	}
+	strlcpy(fnametmp + length, f, maxname); 
+	strcat(fnametmp + length, ".XXXXXX");
 
 	return 1;
 }
diff --git a/rsync.h b/rsync.h
index 21bd1b27..bd804f7d 100644
--- a/rsync.h
+++ b/rsync.h
@@ -344,6 +344,10 @@ enum logcode {FNONE=0, FERROR=1, FINFO=2, FLOG=3 };
 #define MAXPATHLEN 1024
 #endif
 
+#ifndef NAME_MAX
+#define NAME_MAX 255
+#endif
+
 #ifndef INADDR_NONE
 #define INADDR_NONE 0xffffffff
 #endif
-- 
2.34.1