diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/NEWS rsync-2.5.7/NEWS --- rsync-2.5.6/NEWS 2003-01-28 16:13:16.000000000 +1100 +++ rsync-2.5.7/NEWS 2003-12-04 15:23:29.000000000 +1100 @@ -1,3 +1,11 @@ +NEWS for rsync version 2.5.7: + + SECURITY: + + * Fix buffer handling bugs. (Andrew Tridgell, Martin Pool, Paul + Russell, Andrea Barisani) + + NEWS for rsync version 2.5.6, aka the dwd-between-jobs release Changes since version 2.5.5: diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/batch.c rsync-2.5.7/batch.c --- rsync-2.5.6/batch.c 2002-12-24 18:42:04.000000000 +1100 +++ rsync-2.5.7/batch.c 2003-12-04 15:23:29.000000000 +1100 @@ -185,15 +185,14 @@ struct file_list *create_flist_from_batc fdb_open = 1; fdb_close = 0; - batch_flist = (struct file_list *) malloc(sizeof(batch_flist[0])); + batch_flist = new(struct file_list); if (!batch_flist) { out_of_memory("create_flist_from_batch"); } batch_flist->count = 0; batch_flist->malloced = 1000; - batch_flist->files = - (struct file_struct **) malloc(sizeof(batch_flist->files[0]) * - batch_flist->malloced); + batch_flist->files = new_array(struct file_struct *, + batch_flist->malloced); if (!batch_flist->files) { out_of_memory("create_flist_from_batch"); } @@ -207,14 +206,10 @@ struct file_list *create_flist_from_batc batch_flist->malloced += 1000; else batch_flist->malloced *= 2; - batch_flist->files = - (struct file_struct **) realloc(batch_flist-> - files, - sizeof - (batch_flist-> - files[0]) * - batch_flist-> - malloced); + batch_flist->files + = realloc_array(batch_flist->files, + struct file_struct *, + batch_flist->malloced); if (!batch_flist->files) out_of_memory("create_flist_from_batch"); } @@ -282,7 +277,7 @@ void read_batch_flist_info(struct file_s char buff[256]; struct file_struct *file; - file = (struct file_struct *) malloc(sizeof(*file)); + file = new(struct file_struct); if (!file) out_of_memory("read_batch_flist_info"); memset((char *) file, 0, sizeof(*file)); diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/checksum.c rsync-2.5.7/checksum.c --- rsync-2.5.6/checksum.c 2002-04-08 18:29:04.000000000 +1000 +++ rsync-2.5.7/checksum.c 2003-12-04 15:23:29.000000000 +1100 @@ -58,7 +58,7 @@ void get_checksum2(char *buf,int len,cha if (len > len1) { if (buf1) free(buf1); - buf1 = (char *)malloc(len+4); + buf1 = new_array(char, len+4); len1 = len; if (!buf1) out_of_memory("get_checksum2"); } diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/cleanup.c rsync-2.5.7/cleanup.c --- rsync-2.5.6/cleanup.c 2003-01-27 14:35:08.000000000 +1100 +++ rsync-2.5.7/cleanup.c 2003-12-04 15:23:29.000000000 +1100 @@ -26,7 +26,7 @@ * shutdown() of socket connections. This eliminates the abortive * TCP RST sent by a Winsock-based system when the close() occurs. **/ -void close_all() +void close_all(void) { #ifdef SHUTDOWN_ALL_SOCKETS int max_fd; diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/configure rsync-2.5.7/configure --- rsync-2.5.6/configure 2003-01-28 16:27:40.000000000 +1100 +++ rsync-2.5.7/configure 2003-12-04 15:27:22.000000000 +1100 @@ -1205,7 +1205,7 @@ ac_config_headers="$ac_config_headers co -RSYNC_VERSION=2.5.6 +RSYNC_VERSION=2.5.7 { echo "$as_me:$LINENO: Configuring rsync $RSYNC_VERSION" >&5 echo "$as_me: Configuring rsync $RSYNC_VERSION" >&6;} diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/configure.in rsync-2.5.7/configure.in --- rsync-2.5.6/configure.in 2003-01-28 16:27:40.000000000 +1100 +++ rsync-2.5.7/configure.in 2003-12-04 15:23:29.000000000 +1100 @@ -5,7 +5,7 @@ AC_CONFIG_SRCDIR([byteorder.h]) AC_CONFIG_HEADER(config.h) AC_PREREQ(2.52) -RSYNC_VERSION=2.5.6 +RSYNC_VERSION=2.5.7 AC_SUBST(RSYNC_VERSION) AC_MSG_NOTICE([Configuring rsync $RSYNC_VERSION]) diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/exclude.c rsync-2.5.7/exclude.c --- rsync-2.5.6/exclude.c 2003-01-27 07:10:23.000000000 +1100 +++ rsync-2.5.7/exclude.c 2003-12-04 15:23:29.000000000 +1100 @@ -36,7 +36,7 @@ static struct exclude_struct *make_exclu { struct exclude_struct *ret; - ret = (struct exclude_struct *)malloc(sizeof(*ret)); + ret = new(struct exclude_struct); if (!ret) out_of_memory("make_exclude"); memset(ret, 0, sizeof(*ret)); @@ -197,7 +197,7 @@ void add_exclude_list(const char *patter return; } - *list = (struct exclude_struct **)Realloc(*list,sizeof(struct exclude_struct *)*(len+2)); + *list = realloc_array(*list, struct exclude_struct *, len+2); if (!*list || !((*list)[len] = make_exclude(pattern, include))) out_of_memory("add_exclude"); diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/fileio.c rsync-2.5.7/fileio.c --- rsync-2.5.6/fileio.c 2002-01-26 10:07:34.000000000 +1100 +++ rsync-2.5.7/fileio.c 2003-12-04 15:23:29.000000000 +1100 @@ -102,7 +102,7 @@ int write_file(int f,char *buf,size_t le struct map_struct *map_file(int fd,OFF_T len) { struct map_struct *map; - map = (struct map_struct *)malloc(sizeof(*map)); + map = new(struct map_struct); if (!map) out_of_memory("map_file"); map->fd = fd; @@ -156,7 +156,7 @@ char *map_ptr(struct map_struct *map,OFF /* make sure we have allocated enough memory for the window */ if (window_size > map->p_size) { - map->p = (char *)Realloc(map->p, window_size); + map->p = realloc_array(map->p, char, window_size); if (!map->p) out_of_memory("map_ptr"); map->p_size = window_size; } diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/flist.c rsync-2.5.7/flist.c --- rsync-2.5.6/flist.c 2003-01-19 05:00:23.000000000 +1100 +++ rsync-2.5.7/flist.c 2003-12-04 15:23:29.000000000 +1100 @@ -118,10 +118,10 @@ static struct string_area *string_area_n if (size <= 0) size = ARENA_SIZE; - a = malloc(sizeof(*a)); + a = new(struct string_area); if (!a) out_of_memory("string_area_new"); - a->current = a->base = malloc(size); + a->current = a->base = new_array(char, size); if (!a->current) out_of_memory("string_area_new buffer"); a->end = a->base + size; @@ -305,7 +305,6 @@ static char *flist_dir; static void flist_expand(struct file_list *flist) { if (flist->count >= flist->malloced) { - size_t new_bytes; void *new_ptr; if (flist->malloced < 1000) @@ -313,16 +312,18 @@ static void flist_expand(struct file_lis else flist->malloced *= 2; - new_bytes = sizeof(flist->files[0]) * flist->malloced; - if (flist->files) - new_ptr = realloc(flist->files, new_bytes); + new_ptr = realloc_array(flist->files, + struct file_struct *, + flist->malloced); else - new_ptr = malloc(new_bytes); + new_ptr = new_array(struct file_struct *, + flist->malloced); if (verbose >= 2) { rprintf(FINFO, "expand file_list to %.0f bytes, did%s move\n", - (double) new_bytes, + (double)sizeof(flist->files[0]) + * flist->malloced, (new_ptr == flist->files) ? " not" : ""); } @@ -480,7 +481,7 @@ static void receive_file_entry(struct fi else l2 = read_byte(f); - file = (struct file_struct *) malloc(sizeof(*file)); + file = new(struct file_struct); if (!file) out_of_memory("receive_file_entry"); memset((char *) file, 0, sizeof(*file)); @@ -547,7 +548,7 @@ static void receive_file_entry(struct fi rprintf(FERROR, "overflow: l=%d\n", l); overflow("receive_file_entry"); } - file->link = (char *) malloc(l + 1); + file->link = new_array(char, l + 1); if (!file->link) out_of_memory("receive_file_entry 2"); read_sbuf(f, file->link, l); @@ -568,7 +569,7 @@ static void receive_file_entry(struct fi #endif if (always_checksum) { - file->sum = (char *) malloc(MD4_SUM_LENGTH); + file->sum = new_array(char, MD4_SUM_LENGTH); if (!file->sum) out_of_memory("md4 sum"); if (remote_version < 21) { @@ -703,7 +704,7 @@ struct file_struct *make_file(int f, cha if (verbose > 2) rprintf(FINFO, "make_file(%d,%s)\n", f, fname); - file = (struct file_struct *) malloc(sizeof(*file)); + file = new(struct file_struct); if (!file) out_of_memory("make_file"); memset((char *) file, 0, sizeof(*file)); @@ -1051,15 +1052,13 @@ struct file_list *recv_file_list(int f) start_read = stats.total_read; - flist = (struct file_list *) malloc(sizeof(flist[0])); + flist = new(struct file_list); if (!flist) goto oom; flist->count = 0; flist->malloced = 1000; - flist->files = - (struct file_struct **) malloc(sizeof(flist->files[0]) * - flist->malloced); + flist->files = new_array(struct file_struct *, flist->malloced); if (!flist->files) goto oom; @@ -1201,7 +1200,7 @@ struct file_list *flist_new(void) { struct file_list *flist; - flist = (struct file_list *) malloc(sizeof(flist[0])); + flist = new(struct file_list); if (!flist) out_of_memory("send_file_list"); diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/hlink.c rsync-2.5.7/hlink.c --- rsync-2.5.6/hlink.c 2002-03-25 18:07:03.000000000 +1100 +++ rsync-2.5.7/hlink.c 2003-12-04 15:23:29.000000000 +1100 @@ -57,9 +57,7 @@ void init_hard_links(struct file_list *f if (hlink_list) free(hlink_list); - if (!(hlink_list = - (struct file_struct *) malloc(sizeof(hlink_list[0]) * - flist->count))) + if (!(hlink_list = new_array(struct file_struct, flist->count))) out_of_memory("init_hard_links"); for (i = 0; i < flist->count; i++) diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/io.c rsync-2.5.7/io.c --- rsync-2.5.6/io.c 2002-04-11 12:11:50.000000000 +1000 +++ rsync-2.5.7/io.c 2003-12-04 15:23:29.000000000 +1100 @@ -535,7 +535,7 @@ void io_start_buffering(int fd) { if (io_buffer) return; multiplex_out_fd = fd; - io_buffer = (char *)malloc(IO_BUFFER_SIZE); + io_buffer = new_array(char, IO_BUFFER_SIZE); if (!io_buffer) out_of_memory("writefd"); io_buffer_count = 0; } diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/loadparm.c rsync-2.5.7/loadparm.c --- rsync-2.5.6/loadparm.c 2002-08-31 09:27:26.000000000 +1000 +++ rsync-2.5.7/loadparm.c 2003-12-04 15:23:29.000000000 +1100 @@ -442,10 +442,10 @@ static int add_a_service(service *pservi i = iNumServices; - ServicePtrs = (service **)Realloc(ServicePtrs,sizeof(service *)*num_to_alloc); + ServicePtrs = realloc_array(ServicePtrs, service *, num_to_alloc); if (ServicePtrs) - pSERVICE(iNumServices) = (service *)malloc(sizeof(service)); + pSERVICE(iNumServices) = new(service); if (!ServicePtrs || !pSERVICE(iNumServices)) return(-1); diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/log.c rsync-2.5.7/log.c --- rsync-2.5.6/log.c 2002-12-24 18:42:04.000000000 +1100 +++ rsync-2.5.7/log.c 2003-12-04 15:23:29.000000000 +1100 @@ -90,10 +90,10 @@ static struct err_list *err_list_tail; static void err_list_add(int code, char *buf, int len) { struct err_list *el; - el = (struct err_list *)malloc(sizeof(*el)); + el = new(struct err_list); if (!el) exit_cleanup(RERR_MALLOC); el->next = NULL; - el->buf = malloc(len+4); + el->buf = new_array(char, len+4); if (!el->buf) exit_cleanup(RERR_MALLOC); memcpy(el->buf+4, buf, len); SIVAL(el->buf, 0, ((code+MPLEX_BASE)<<24) | len); diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/match.c rsync-2.5.7/match.c --- rsync-2.5.6/match.c 2002-04-09 16:11:06.000000000 +1000 +++ rsync-2.5.7/match.c 2003-12-04 15:23:29.000000000 +1100 @@ -65,9 +65,9 @@ static void build_hash_table(struct sum_ int i; if (!tag_table) - tag_table = (int *)malloc(sizeof(tag_table[0])*TABLESIZE); + tag_table = new_array(int, TABLESIZE); - targets = (struct target *)malloc(sizeof(targets[0])*s->count); + targets = new_array(struct target, s->count); if (!tag_table || !targets) out_of_memory("build_hash_table"); diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/packaging/lsb/rsync.spec rsync-2.5.7/packaging/lsb/rsync.spec --- rsync-2.5.6/packaging/lsb/rsync.spec 2003-01-28 16:28:35.000000000 +1100 +++ rsync-2.5.7/packaging/lsb/rsync.spec 2003-12-04 15:27:22.000000000 +1100 @@ -1,10 +1,10 @@ Summary: Program for efficient remote updates of files. Name: rsync -Version: 2.5.6 +Version: 2.5.7 Release: 1 Copyright: GPL Group: Applications/Networking -Source: ftp://samba.anu.edu.au/pub/rsync/rsync-2.5.6.tar.gz +Source: ftp://samba.anu.edu.au/pub/rsync/rsync-2.5.7.tar.gz URL: http://samba.anu.edu.au/rsync/ Packager: Andrew Tridgell BuildRoot: /tmp/rsync diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/packaging/redhat/5.0/rsync.spec rsync-2.5.7/packaging/redhat/5.0/rsync.spec --- rsync-2.5.6/packaging/redhat/5.0/rsync.spec 2003-01-28 16:28:35.000000000 +1100 +++ rsync-2.5.7/packaging/redhat/5.0/rsync.spec 2003-12-04 15:27:22.000000000 +1100 @@ -1,10 +1,10 @@ Summary: Program for efficient remote updates of files. Name: rsync -Version: 2.5.6 +Version: 2.5.7 Release: 1 Copyright: GPL Group: Applications/Networking -Source: ftp://samba.anu.edu.au/pub/rsync/rsync-2.5.6.tar.gz +Source: ftp://samba.anu.edu.au/pub/rsync/rsync-2.5.7.tar.gz URL: http://samba.anu.edu.au/rsync/ Packager: Andrew Tridgell BuildRoot: /tmp/rsync diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/packaging/redhat/7.1/rsync.spec rsync-2.5.7/packaging/redhat/7.1/rsync.spec --- rsync-2.5.6/packaging/redhat/7.1/rsync.spec 2003-01-28 16:28:35.000000000 +1100 +++ rsync-2.5.7/packaging/redhat/7.1/rsync.spec 2003-12-04 15:27:22.000000000 +1100 @@ -1,10 +1,10 @@ Summary: Program for efficient remote updates of files. Name: rsync -Version: 2.5.6 +Version: 2.5.7 Release: 1 Copyright: GPL Group: Applications/Networking -Source: ftp://samba.anu.edu.au/pub/rsync/rsync-2.5.6.tar.gz +Source: ftp://samba.anu.edu.au/pub/rsync/rsync-2.5.7.tar.gz URL: http://samba.anu.edu.au/rsync/ Packager: Andrew Tridgell BuildRoot: /tmp/rsync diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/params.c rsync-2.5.7/params.c --- rsync-2.5.6/params.c 2003-01-27 07:07:55.000000000 +1100 +++ rsync-2.5.7/params.c 2003-12-04 15:23:30.000000000 +1100 @@ -207,7 +207,7 @@ static BOOL Section( FILE *InFile, BOOL if( i > (bSize - 2) ) { bSize += BUFR_INC; - bufr = Realloc( bufr, bSize ); + bufr = realloc_array( bufr, char, bSize ); if( NULL == bufr ) { rprintf(FERROR, "%s Memory re-allocation failure.", func); @@ -301,7 +301,7 @@ static BOOL Parameter( FILE *InFile, BOO if( i > (bSize - 2) ) /* Ensure there's space for next char. */ { bSize += BUFR_INC; - bufr = Realloc( bufr, bSize ); + bufr = realloc_array( bufr, char, bSize ); if( NULL == bufr ) { rprintf(FERROR, "%s Memory re-allocation failure.", func) ; @@ -366,7 +366,7 @@ static BOOL Parameter( FILE *InFile, BOO if( i > (bSize - 2) ) /* Make sure there's enough room. */ { bSize += BUFR_INC; - bufr = Realloc( bufr, bSize ); + bufr = realloc_array( bufr, char, bSize ); if( NULL == bufr ) { rprintf(FERROR, "%s Memory re-allocation failure.", func) ; @@ -530,7 +530,7 @@ BOOL pm_process( char *FileName, else /* If we don't have a buffer */ { /* allocate one, then parse, */ bSize = BUFR_INC; /* then free. */ - bufr = (char *)malloc( bSize ); + bufr = new_array( char, bSize ); if( NULL == bufr ) { rprintf(FERROR,"%s memory allocation failure.\n", func); diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/proto.h rsync-2.5.7/proto.h --- rsync-2.5.6/proto.h 2003-01-27 14:35:09.000000000 +1100 +++ rsync-2.5.7/proto.h 2003-12-04 15:23:30.000000000 +1100 @@ -254,7 +254,6 @@ int name_to_gid(char *name, gid_t *gid); int lock_range(int fd, int offset, int len); void glob_expand(char *base1, char **argv, int *argc, int maxargs); void strlower(char *s); -void *Realloc(void *p, int size); void clean_fname(char *name); void sanitize_path(char *p, char *reldir); char *push_dir(char *dir, int save); @@ -265,4 +264,6 @@ char *timestring(time_t t); int msleep(int t); int cmp_modtime(time_t file1, time_t file2); int _Insure_trap_error(int a1, int a2, int a3, int a4, int a5, int a6); +void *_new_array(unsigned int size, unsigned long num); +void *_realloc_array(void *ptr, unsigned int size, unsigned long num); int sys_gettimeofday(struct timeval *tv); diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/receiver.c rsync-2.5.7/receiver.c --- rsync-2.5.6/receiver.c 2003-01-21 10:32:17.000000000 +1100 +++ rsync-2.5.7/receiver.c 2003-12-04 15:23:30.000000000 +1100 @@ -67,7 +67,8 @@ static void add_delete_entry(struct file { if (dlist_len == dlist_alloc_len) { dlist_alloc_len += 1024; - delete_list = (struct delete_list *)Realloc(delete_list, sizeof(delete_list[0])*dlist_alloc_len); + delete_list = realloc_array(delete_list, struct delete_list, + dlist_alloc_len); if (!delete_list) out_of_memory("add_delete_entry"); } diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/rsync.c rsync-2.5.7/rsync.c --- rsync-2.5.6/rsync.c 2001-12-21 02:33:13.000000000 +1100 +++ rsync-2.5.7/rsync.c 2003-12-04 15:23:30.000000000 +1100 @@ -124,7 +124,7 @@ static int is_in_group(gid_t gid) /* treat failure (-1) as if not member of any group */ ngroups = getgroups(0, 0); if (ngroups > 0) { - gidset = (GETGROUPS_T *) malloc(ngroups * sizeof(GETGROUPS_T)); + gidset = new_array(GETGROUPS_T, ngroups); ngroups = getgroups(ngroups, gidset); } } diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/rsync.h rsync-2.5.7/rsync.h --- rsync-2.5.6/rsync.h 2003-01-27 07:11:16.000000000 +1100 +++ rsync-2.5.7/rsync.h 2003-12-04 15:23:30.000000000 +1100 @@ -579,6 +579,10 @@ extern int errno; #endif +/* Convenient wrappers for malloc and realloc. Use them. */ +#define new(type) ((type *)malloc(sizeof(type))) +#define new_array(type, num) ((type *)_new_array(sizeof(type), (num))) +#define realloc_array(ptr, type, num) ((type *)_realloc_array((ptr), sizeof(type), (num))) /* use magic gcc attributes to catch format errors */ void rprintf(enum logcode , const char *, ...) diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/sender.c rsync-2.5.7/sender.c --- rsync-2.5.6/sender.c 2002-04-09 16:03:50.000000000 +1000 +++ rsync-2.5.7/sender.c 2003-12-04 15:23:30.000000000 +1100 @@ -46,7 +46,7 @@ static struct sum_struct *receive_sums(i int i; OFF_T offset = 0; - s = (struct sum_struct *)malloc(sizeof(*s)); + s = new(struct sum_struct); if (!s) out_of_memory("receive_sums"); s->count = read_int(f); @@ -61,7 +61,7 @@ static struct sum_struct *receive_sums(i if (s->count == 0) return(s); - s->sums = (struct sum_buf *)malloc(sizeof(s->sums[0])*s->count); + s->sums = new_array(struct sum_buf, s->count); if (!s->sums) out_of_memory("receive_sums"); for (i=0; i < (int) s->count;i++) { diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/token.c rsync-2.5.7/token.c --- rsync-2.5.6/token.c 2002-04-08 18:35:30.000000000 +1000 +++ rsync-2.5.7/token.c 2003-12-04 15:23:30.000000000 +1100 @@ -68,7 +68,7 @@ static int simple_recv_token(int f,char int n; if (!buf) { - buf = (char *)malloc(CHUNK_SIZE); + buf = new_array(char, CHUNK_SIZE); if (!buf) out_of_memory("simple_recv_token"); } @@ -160,7 +160,7 @@ send_deflated_token(int f, int token, rprintf(FERROR, "compression init failed\n"); exit_cleanup(RERR_STREAMIO); } - if ((obuf = malloc(MAX_DATA_COUNT+2)) == NULL) + if ((obuf = new_array(char, MAX_DATA_COUNT+2)) == NULL) out_of_memory("send_deflated_token"); init_done = 1; } else @@ -322,8 +322,8 @@ recv_deflated_token(int f, char **data) rprintf(FERROR, "inflate init failed\n"); exit_cleanup(RERR_STREAMIO); } - if ((cbuf = malloc(MAX_DATA_COUNT)) == NULL - || (dbuf = malloc(CHUNK_SIZE)) == NULL) + if (!(cbuf = new_array(char, MAX_DATA_COUNT)) + || !(dbuf = new_array(char, CHUNK_SIZE))) out_of_memory("recv_deflated_token"); init_done = 1; } else { diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/uidlist.c rsync-2.5.7/uidlist.c --- rsync-2.5.6/uidlist.c 1999-03-02 08:16:50.000000000 +1100 +++ rsync-2.5.7/uidlist.c 2003-12-04 15:23:30.000000000 +1100 @@ -41,7 +41,7 @@ static struct idlist *gidlist; static struct idlist *add_list(int id, char *name) { - struct idlist *list = (struct idlist *)malloc(sizeof(list[0])); + struct idlist *list = new(struct idlist); if (!list) out_of_memory("add_list"); list->next = NULL; list->name = strdup(name); @@ -241,7 +241,7 @@ void recv_uid_list(int f, struct file_li id = read_int(f); while (id != 0) { int len = read_byte(f); - name = (char *)malloc(len+1); + name = new_array(char, len+1); if (!name) out_of_memory("recv_uid_list"); read_sbuf(f, name, len); if (!list) { @@ -264,7 +264,7 @@ void recv_uid_list(int f, struct file_li id = read_int(f); while (id != 0) { int len = read_byte(f); - name = (char *)malloc(len+1); + name = new_array(char, len+1); if (!name) out_of_memory("recv_uid_list"); read_sbuf(f, name, len); if (!list) { diff -x '*tmpl' -x .cvsignore -r -x cvs.log -x CVS -x config.log -upd -N rsync-2.5.6/util.c rsync-2.5.7/util.c --- rsync-2.5.6/util.c 2003-01-20 08:37:11.000000000 +1100 +++ rsync-2.5.7/util.c 2003-12-04 15:23:30.000000000 +1100 @@ -538,13 +538,6 @@ void strlower(char *s) } } -void *Realloc(void *p, int size) -{ - if (!p) return (void *)malloc(size); - return (void *)realloc(p, size); -} - - void clean_fname(char *name) { char *p; @@ -941,3 +934,23 @@ int _Insure_trap_error(int a1, int a2, i return ret; } #endif + + +#define MALLOC_MAX 0x40000000 + +void *_new_array(unsigned int size, unsigned long num) +{ + if (num >= MALLOC_MAX/size) + return NULL; + return malloc(size * num); +} + +void *_realloc_array(void *ptr, unsigned int size, unsigned long num) +{ + if (num >= MALLOC_MAX/size) + return NULL; + /* No realloc should need this, but just in case... */ + if (!ptr) + return malloc(size * num); + return realloc(ptr, size * num); +}