From 14ef0cfe72faf6696df3ef8f42927e9458ccbeeb Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Mon, 11 Jan 2010 07:22:13 +0100
Subject: *: misc fixes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 lib/Plugins/FileTransfer.cpp | 20 ++++++--------------
 1 file changed, 6 insertions(+), 14 deletions(-)

(limited to 'lib/Plugins/FileTransfer.cpp')

diff --git a/lib/Plugins/FileTransfer.cpp b/lib/Plugins/FileTransfer.cpp
index 60e1e66..9d7a59a 100644
--- a/lib/Plugins/FileTransfer.cpp
+++ b/lib/Plugins/FileTransfer.cpp
@@ -110,13 +110,11 @@ parameter "something" to each filename,
 now used in create_zip, but can be useful for some future
 archivers as well
 */
-static void traverse_directory(const char * directory, void * something,
-                               void (*func)(void *, const char *) )
+static void traverse_directory(const char *directory, void *something,
+                               void (*func)(void *, const char *))
 {
-    DIR * dp;
-    struct dirent * dirp;
-    char complete_name[BUFSIZ];
-    char * end;
+    DIR *dp;
+    struct dirent *dirp;
 
     dp = opendir(directory);
     if (dp == NULL)
@@ -127,14 +125,8 @@ static void traverse_directory(const char * directory, void * something,
     {
         if (is_regular_file(dirp, directory))
         {
-            end = stpcpy(complete_name, directory);
-            if (end[-1] != '/')
-            {
-                *end++ = '/';
-            }
-            end = stpcpy(end, dirp->d_name);
-
-            func(something, complete_name);
+            string complete_name = concat_path_file(directory, dirp->d_name);
+            func(something, complete_name.c_str());
         }
     }
     closedir(dp);
-- 
cgit 


From edf6beb585dc38c365ccbdaae85756b2814e1329 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Mon, 11 Jan 2010 12:09:57 +0100
Subject: *: assorted fixes prompted by security analysis; more to come

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 lib/Plugins/FileTransfer.cpp | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'lib/Plugins/FileTransfer.cpp')

diff --git a/lib/Plugins/FileTransfer.cpp b/lib/Plugins/FileTransfer.cpp
index 9d7a59a..b08ecd5 100644
--- a/lib/Plugins/FileTransfer.cpp
+++ b/lib/Plugins/FileTransfer.cpp
@@ -80,11 +80,7 @@ void CFileTransfer::SendFile(const char *pURL, const char *pFilename)
         {
             throw CABRTException(EXCEP_PLUGIN, "Can't open archive file '%s'", pFilename);
         }
-        if (fstat(fileno(f), &buf) == -1)
-        {
-            fclose(f);
-            throw CABRTException(EXCEP_PLUGIN, "Can't stat archive file '%s'", pFilename);
-        }
+        fstat(fileno(f), &buf); /* never fails */
         curl = xcurl_easy_init();
         /* enable uploading */
         curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L);
@@ -92,7 +88,7 @@ void CFileTransfer::SendFile(const char *pURL, const char *pFilename)
         curl_easy_setopt(curl, CURLOPT_URL, wholeURL.c_str());
         /* FILE handle: passed to the default callback, it will fread() it */
         curl_easy_setopt(curl, CURLOPT_READDATA, f);
-        curl_easy_setopt(curl, CURLOPT_INFILESIZE, buf.st_size);
+        curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, (curl_off_t)buf.st_size);
         /* everything is done here; result 0 means success */
         int result = curl_easy_perform(curl);
         curl_easy_cleanup(curl);
@@ -181,6 +177,7 @@ static void create_targz(const char * archive_name, const char * directory)
     f = fopen(name_without_gz, "r");
     if (f == NULL)
     {
+//TODO: we leak uncompressed tar file on disk??
         free(name_without_gz);
         return;
     }
@@ -226,6 +223,7 @@ static void create_tarbz2(const char * archive_name, const char * directory)
     f = fopen(archive_name, "w");
     if (f == NULL)
     {
+//TODO: we leak uncompressed tar file on disk??
         close(tarFD);
         free(name_without_bz2);
         return;
@@ -312,6 +310,7 @@ void CFileTransfer::Run(const char *pActionDir, const char *pArgs)
     else if (strcmp(pArgs, "one") == 0)
     {
         /* just send one archive */
+//TODO: where are we creating it??!! In cwd, which may well be / ??!!!
         string archivename = ssprintf("%s-%s%s", hostname, DirBase(pActionDir).c_str(), m_sArchiveType.c_str());
         try
         {
-- 
cgit