diff -ur logrotate-3.6.2~/logrotate.c logrotate-3.6.2/logrotate.c --- logrotate-3.6.2~/logrotate.c Sat Mar 23 23:31:19 2002 +++ logrotate-3.6.2/logrotate.c Sat Mar 23 23:53:56 2002 @@ -308,6 +308,7 @@ char * baseName; char * dirName; char * firstRotated; + size_t namelen; int rotateCount = log->rotateCount ? log->rotateCount : 1; int logStart = (log->logStart == -1) ? 1 : log->logStart; @@ -331,42 +332,44 @@ dirName = ourDirName(log->files[logNum]); baseName = strdup(ourBaseName(log->files[logNum])); - oldName = alloca(strlen(dirName) + strlen(baseName) + - strlen(log->files[logNum]) + 10); - newName = alloca(strlen(dirName) + strlen(baseName) + - strlen(log->files[logNum]) + 10); - disposeName = alloca(strlen(dirName) + strlen(baseName) + - strlen(log->files[logNum]) + 10); - if (log->extension && strncmp(&baseName[strlen(baseName)-strlen(log->extension)], log->extension, strlen(log->extension)) == 0) { - char *tempstr; - + char *tempstr = calloc (strlen(baseName)-strlen(log->extension)+1, sizeof(char)); fileext = log->extension; - tempstr = calloc(strlen(baseName)-strlen(log->extension)+1, sizeof(char)); strncat(tempstr, baseName, strlen(baseName)-strlen(log->extension)); free(baseName); baseName = tempstr; } + namelen = strlen (dirName) + + strlen (baseName) + + strlen (log->files[logNum]) + + strlen (fileext) + + strlen (compext) + + 32; + oldName = alloca (namelen); + newName = alloca (namelen); + disposeName = alloca (namelen); + /* First compress the previous log when necessary */ if (log->flags & LOG_FLAG_COMPRESS && log->flags & LOG_FLAG_DELAYCOMPRESS) { struct stat sbprev; - sprintf(oldName, "%s/%s.%d%s", dirName, baseName, logStart, fileext); + snprintf(oldName, namelen, "%s/%s.%d%s", dirName, baseName, logStart, fileext); if (stat(oldName, &sbprev)) { message(MESS_DEBUG, "previous log %s does not exist\n", oldName); } else { - char * command; - - command = alloca(strlen(log->compress_prog) + - strlen(log->compress_options) + - strlen(oldName) + 10); - sprintf(command, "%s %s '%s'", log->compress_prog, + const char cmd_fmt[] = "%s %s '%s'"; + size_t len = sizeof(cmd_fmt) + + strlen(log->compress_prog) + + strlen(log->compress_options) + + strlen(oldName); + char *command = alloca(len); + snprintf(command, len, cmd_fmt, log->compress_prog, log->compress_options, oldName); message(MESS_DEBUG, "compressing previous log with: %s\n", command); @@ -378,21 +381,20 @@ } } - sprintf(oldName, "%s/%s.%d%s%s", dirName, baseName, + snprintf(oldName, namelen, "%s/%s.%d%s%s", dirName, baseName, logStart + rotateCount, fileext, compext); strcpy(disposeName, oldName); - firstRotated = alloca(strlen(dirName) + strlen(baseName) + - strlen(fileext) + strlen(compext) + 30); - sprintf(firstRotated, "%s/%s.%d%s%s", dirName, baseName, + firstRotated = alloca(namelen); + snprintf(firstRotated, namelen, "%s/%s.%d%s%s", dirName, baseName, logStart, fileext, compext); for (i = rotateCount + logStart; i && !hasErrors; i--) { tmp = newName; newName = oldName; oldName = tmp; - sprintf(oldName, "%s/%s.%d%s%s", dirName, baseName, i, + snprintf(oldName, namelen, "%s/%s.%d%s%s", dirName, baseName, i, fileext, compext); message(MESS_DEBUG, "renaming %s to %s\n", oldName, newName); @@ -412,7 +414,7 @@ finalName = oldName; /* note: the gzip extension is *not* used here! */ - sprintf(finalName, "%s/%s.%d%s", dirName, baseName, logStart, fileext); + snprintf(finalName, namelen, "%s/%s.%d%s", dirName, baseName, logStart, fileext); /* if the last rotation doesn't exist, that's okay */ if (!debug && access(disposeName, F_OK)) { @@ -521,12 +523,13 @@ if (!hasErrors && log->rotateCount && (log->flags & LOG_FLAG_COMPRESS) && !(log->flags & LOG_FLAG_DELAYCOMPRESS)) { - char * command; - - command = alloca(strlen(log->compress_prog) + - strlen(log->compress_options) + - strlen(oldName) + 10); - sprintf(command, "%s %s '%s'", log->compress_prog, + const char cmd_fmt[] = "%s %s '%s'"; + size_t len = sizeof(cmd_fmt) + + strlen(log->compress_prog) + + strlen(log->compress_options) + + strlen(finalName); + char *command = alloca(len); + snprintf(command, len, cmd_fmt, log->compress_prog, log->compress_options, finalName); message(MESS_DEBUG, "compressing new log with: %s\n", command); if (!debug && system(command)) { @@ -537,6 +540,8 @@ } if (!hasErrors && log->logAddress) { + const char cmd1_format[] = "%s < %s | %s '%s' %s"; + const char cmd2_format[] = "%s '%s' %s < %s"; char * command; char * mailFilename; @@ -546,24 +551,38 @@ mailFilename = disposeName; if (mailFilename) { - command = alloca(strlen(mailFilename) + 100 + - strlen(log->uncompress_prog)); - if ((log->flags & LOG_FLAG_COMPRESS) && !(log->flags & LOG_FLAG_DELAYCOMPRESS) && - (log->flags & LOG_FLAG_MAILFIRST)) - sprintf(command, "%s < %s | %s '%s' %s", + (log->flags & LOG_FLAG_MAILFIRST)) { + size_t len = sizeof(cmd1_format) + + strlen(log->uncompress_prog) + + strlen(mailFilename) + + strlen(mailCommand) + + strlen(log->files[logNum]) + + strlen(log->logAddress); + + command = alloca(len); + snprintf(command, len, cmd1_format, log->uncompress_prog, mailFilename, mailCommand, log->files[logNum], log->logAddress); - else - sprintf(command, "%s '%s' %s < %s", mailCommand, + } + else { + size_t len = sizeof(cmd2_format) + + strlen(mailCommand) + + strlen(mailFilename) + + strlen(log->logAddress) + + strlen(mailFilename); + + command = alloca(len); + snprintf(command, len, cmd2_format, mailCommand, mailFilename, log->logAddress, mailFilename); + } message(MESS_DEBUG, "executing: \"%s\"\n", command); if (!debug && system(command)) { - sprintf(newName, "%s.%d", log->files[logNum], getpid()); + snprintf(newName, namelen, "%s.%d", log->files[logNum], getpid()); fprintf(errorFile, "Failed to mail %s to %s!\n", mailFilename, log->logAddress);