more fixe size buffers on the stack. ok xsa@ joris@

3 files changed, 22 insertions, 35 deletions

diff --git a/usr.bin/cvs/checkout.c b/usr.bin/cvs/checkout.c
index ea04b7f3530..6d015699fe8 100644
--- a/usr.bin/cvs/checkout.c
+++ b/usr.bin/cvs/checkout.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: checkout.c,v 1.85 2007/01/26 21:48:17 xsa Exp $	*/
+/*	$OpenBSD: checkout.c,v 1.86 2007/01/26 21:59:11 otto Exp $	*/
 /*
  * Copyright (c) 2006 Joris Vink <joris@openbsd.org>
  *
@@ -203,8 +203,8 @@ cvs_checkout_file(struct cvs_file *cf, RCSNUM *rnum, int co_flags)
 	time_t rcstime;
 	CVSENTRIES *ent;
 	struct timeval tv[2];
-	char *template, *p, *entry, rev[16], timebuf[64];
-	char kbuf[8], tbuf[32], stickytag[32];
+	char template[MAXPATHLEN], *p, entry[CVS_ENT_MAXLINELEN], rev[16];
+	char timebuf[64], kbuf[8], tbuf[32], stickytag[32];
 
 	rcsnum_tostr(rnum, rev, sizeof(rev));
 
@@ -289,7 +289,6 @@ cvs_checkout_file(struct cvs_file *cf, RCSNUM *rnum, int co_flags)
 			    "-k%s", cf->file_rcs->rf_expand);
 	}
 
-	entry = xmalloc(CVS_ENT_MAXLINELEN);
 	l = snprintf(entry, CVS_ENT_MAXLINELEN, "/%s/%s/%s/%s/%s",
 	    cf->file_name, rev, timebuf, kbuf, stickytag);
 
@@ -309,19 +308,18 @@ cvs_checkout_file(struct cvs_file *cf, RCSNUM *rnum, int co_flags)
 		cvs_remote_output(entry);
 
 		if (!(co_flags & CO_COMMIT)) {
-			(void)xasprintf(&template,
+			l = snprintf(template, MAXPATHLEN,
 			    "%s/checkout.XXXXXXXXXX", cvs_tmpdir);
+			if (l == -1 || l >= (int)sizeof(template))
+				fatal("cvs_checkout_file: overflow");
 
 			/* XXX - fd race below */
 			rcs_rev_write_stmp(cf->file_rcs, rnum, template, 0);
 			cvs_remote_send_file(template);
 			cvs_worklist_run(&temp_files, cvs_worklist_unlink);
-			xfree(template);
 		}
 
 		if (p != NULL)
 			*p = ',';
 	}
-
-	xfree(entry);
 }
diff --git a/usr.bin/cvs/client.c b/usr.bin/cvs/client.c
index de0970475a3..adf2fed51f6 100644
--- a/usr.bin/cvs/client.c
+++ b/usr.bin/cvs/client.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: client.c,v 1.53 2007/01/26 21:48:17 xsa Exp $	*/
+/*	$OpenBSD: client.c,v 1.54 2007/01/26 21:59:11 otto Exp $	*/
 /*
  * Copyright (c) 2006 Joris Vink <joris@openbsd.org>
  *
@@ -142,7 +142,7 @@ client_check_directory(char *data)
 {
 	int l;
 	CVSENTRIES *entlist;
-	char *entry, *parent, *base;
+	char entry[CVS_ENT_MAXLINELEN], *parent, *base;
 
 	STRIP_SLASH(data);
 
@@ -157,7 +157,6 @@ client_check_directory(char *data)
 	if (!strcmp(parent, "."))
 		return;
 
-	entry = xmalloc(CVS_ENT_MAXLINELEN);
 	l = snprintf(entry, CVS_ENT_MAXLINELEN, "D/%s////", base);
 	if (l == -1 || l >= CVS_ENT_MAXLINELEN)
 		fatal("client_check_directory: overflow");
@@ -165,8 +164,6 @@ client_check_directory(char *data)
 	entlist = cvs_ent_open(parent);
 	cvs_ent_add(entlist, entry);
 	cvs_ent_close(entlist, ENT_SYNC);
-
-	xfree(entry);
 }
 
 void
@@ -564,18 +561,17 @@ cvs_client_checkedin(char *data)
 	int l;
 	CVSENTRIES *entlist;
 	struct cvs_ent *ent, *newent;
-	char *dir, *entry, rev[16], timebuf[64], sticky[16];
+	char *dir, *e, entry[CVS_ENT_MAXLINELEN], rev[16], timebuf[64];
+	char sticky[16];
 
 	dir = cvs_remote_input();
-	entry = cvs_remote_input();
+	e = cvs_remote_input();
 	xfree(dir);
 
 	entlist = cvs_ent_open(data);
-	newent = cvs_ent_parse(entry);
+	newent = cvs_ent_parse(e);
 	ent = cvs_ent_get(entlist, newent->ce_name);
-	xfree(entry);
-
-	entry = xmalloc(CVS_ENT_MAXLINELEN);
+	xfree(e);
 
 	rcsnum_tostr(newent->ce_rev, rev, sizeof(rev));
 	ctime_r(&ent->ce_mtime, timebuf);
@@ -599,8 +595,6 @@ cvs_client_checkedin(char *data)
 	cvs_ent_free(newent);
 	cvs_ent_add(entlist, entry);
 	cvs_ent_close(entlist, ENT_SYNC);
-
-	xfree(entry);
 }
 
 void
@@ -614,13 +608,13 @@ cvs_client_updated(char *data)
 	struct cvs_ent *e;
 	const char *errstr;
 	struct timeval tv[2];
-	char timebuf[32], repo[MAXPATHLEN], *rpath, *entry, *mode;
-	char revbuf[32], *len, *fpath, *wdir;
+	char timebuf[32], repo[MAXPATHLEN], *rpath, entry[CVS_ENT_MAXLINELEN];
+	char *en, *mode, revbuf[32], *len, *fpath, *wdir;
 
 	client_check_directory(data);
 
 	rpath = cvs_remote_input();
-	entry = cvs_remote_input();
+	en = cvs_remote_input();
 	mode = cvs_remote_input();
 	len = cvs_remote_input();
 
@@ -651,10 +645,9 @@ cvs_client_updated(char *data)
 	if (timebuf[strlen(timebuf) - 1] == '\n')
 		timebuf[strlen(timebuf) - 1] = '\0';
 
-	e = cvs_ent_parse(entry);
-	xfree(entry);
+	e = cvs_ent_parse(en);
+	xfree(en);
 	rcsnum_tostr(e->ce_rev, revbuf, sizeof(revbuf));
-	entry = xmalloc(CVS_ENT_MAXLINELEN);
 	l = snprintf(entry, CVS_ENT_MAXLINELEN, "/%s/%s/%s//", e->ce_name,
 	    revbuf, timebuf);
 	if (l == -1 || l >= CVS_ENT_MAXLINELEN)
@@ -664,7 +657,6 @@ cvs_client_updated(char *data)
 	ent = cvs_ent_open(wdir);
 	cvs_ent_add(ent, entry);
 	cvs_ent_close(ent, ENT_SYNC);
-	xfree(entry);
 
 	if ((fd = open(fpath, O_CREAT | O_WRONLY | O_TRUNC)) == -1)
 		fatal("cvs_client_updated: open: %s: %s",
diff --git a/usr.bin/cvs/rcs.c b/usr.bin/cvs/rcs.c
index 28f633bd73b..183df490b07 100644
--- a/usr.bin/cvs/rcs.c
+++ b/usr.bin/cvs/rcs.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rcs.c,v 1.205 2007/01/26 21:48:17 xsa Exp $	*/
+/*	$OpenBSD: rcs.c,v 1.206 2007/01/26 21:59:11 otto Exp $	*/
 /*
  * Copyright (c) 2004 Jean-Francois Brousseau <jfb@openbsd.org>
  * All rights reserved.
@@ -521,7 +521,7 @@ rcs_movefile(char *from, char *to, mode_t perm, u_int to_flags)
 {
 	FILE *src, *dst;
 	size_t nread, nwritten;
-	char *buf;
+	char buf[MAXBSIZE];
 	int ret;
 
 	ret = -1;
@@ -557,7 +557,6 @@ rcs_movefile(char *from, char *to, mode_t perm, u_int to_flags)
 		return (-1);
 	}
 
-	buf = xmalloc(MAXBSIZE);
 	while ((nread = fread(buf, sizeof(char), MAXBSIZE, src)) != 0) {
 		if (ferror(src)) {
 			cvs_log(LP_ERRNO, "failed to read `%s'", from);
@@ -572,14 +571,12 @@ rcs_movefile(char *from, char *to, mode_t perm, u_int to_flags)
 		}
 	}
 
+	(void)unlink(from);
 	ret = 0;
 
+out:
 	(void)fclose(src);
 	(void)fclose(dst);
-	(void)unlink(from);
-
-out:
-	xfree(buf);
 
 	return (ret);
 }