Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/lib/libc/gen/getcap.c,v
rcsdiff: /ftp/cvs/cvsroot/src/lib/libc/gen/getcap.c,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.31
retrieving revision 1.39
diff -u -p -r1.31 -r1.39
--- src/lib/libc/gen/getcap.c	1999/09/20 04:38:59	1.31
+++ src/lib/libc/gen/getcap.c	2003/10/27 00:12:42	1.39
@@ -1,4 +1,4 @@
-/*	$NetBSD: getcap.c,v 1.31 1999/09/20 04:38:59 lukem Exp $	*/
+/*	$NetBSD: getcap.c,v 1.39 2003/10/27 00:12:42 lukem Exp $	*/
 
 /*-
  * Copyright (c) 1992, 1993
@@ -15,11 +15,7 @@
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
+ * 3. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
  *
@@ -36,17 +32,22 @@
  * SUCH DAMAGE.
  */
 
+#if HAVE_NBTOOL_CONFIG_H
+#include "nbtool_config.h"
+#endif
+
 #include <sys/cdefs.h>
 #if defined(LIBC_SCCS) && !defined(lint)
 #if 0
 static char sccsid[] = "@(#)getcap.c	8.3 (Berkeley) 3/25/94";
 #else
-__RCSID("$NetBSD: getcap.c,v 1.31 1999/09/20 04:38:59 lukem Exp $");
+__RCSID("$NetBSD: getcap.c,v 1.39 2003/10/27 00:12:42 lukem Exp $");
 #endif
 #endif /* LIBC_SCCS and not lint */
 
 #include "namespace.h"
 #include <sys/types.h>
+#include <sys/param.h>
 
 #include <assert.h>
 #include <ctype.h>
@@ -60,16 +61,16 @@ __RCSID("$NetBSD: getcap.c,v 1.31 1999/0
 #include <unistd.h>
 
 #ifdef __weak_alias
-__weak_alias(cgetcap,_cgetcap);
-__weak_alias(cgetclose,_cgetclose);
-__weak_alias(cgetent,_cgetent);
-__weak_alias(cgetfirst,_cgetfirst);
-__weak_alias(cgetmatch,_cgetmatch);
-__weak_alias(cgetnext,_cgetnext);
-__weak_alias(cgetnum,_cgetnum);
-__weak_alias(cgetset,_cgetset);
-__weak_alias(cgetstr,_cgetstr);
-__weak_alias(cgetustr,_cgetustr);
+__weak_alias(cgetcap,_cgetcap)
+__weak_alias(cgetclose,_cgetclose)
+__weak_alias(cgetent,_cgetent)
+__weak_alias(cgetfirst,_cgetfirst)
+__weak_alias(cgetmatch,_cgetmatch)
+__weak_alias(cgetnext,_cgetnext)
+__weak_alias(cgetnum,_cgetnum)
+__weak_alias(cgetset,_cgetset)
+__weak_alias(cgetstr,_cgetstr)
+__weak_alias(cgetustr,_cgetustr)
 #endif
 
 #define	BFRAG		1024
@@ -249,9 +250,9 @@ getent(cap, len, db_array, fd, name, dep
 	char *r_end, *rp = NULL, **db_p;	/* pacify gcc */
 	int myfd = 0, eof, foundit, retval;
 	size_t clen;
-	char *record, *cbuf;
+	char *record, *cbuf, *newrecord;
 	int tc_not_resolved;
-	char pbuf[_POSIX_PATH_MAX];
+	char pbuf[MAXPATHLEN];
 	
 	_DIAGASSERT(cap != NULL);
 	_DIAGASSERT(len != NULL);
@@ -435,13 +436,15 @@ getent(cap, len, db_array, fd, name, dep
 
 					pos = rp - record;
 					newsize = r_end - record + BFRAG;
-					record = realloc(record, newsize);
-					if (record == NULL) {
+					newrecord = realloc(record, newsize);
+					if (newrecord == NULL) {
+						free(record);
 						if (myfd)
 							(void)close(fd);
 						errno = ENOMEM;
 						return (-2);
 					}
+					record = newrecord;
 					r_end = record + newsize;
 					rp = record + pos;
 				}
@@ -577,14 +580,16 @@ tc_exp:	{
 				newsize = r_end - record + diff + BFRAG;
 				tcpos = tcstart - record;
 				tcposend = tcend - record;
-				record = realloc(record, newsize);
-				if (record == NULL) {
+				newrecord = realloc(record, newsize);
+				if (newrecord == NULL) {
+					free(record);
 					if (myfd)
 						(void)close(fd);
 					free(icap);
 					errno = ENOMEM;
 					return (-2);
 				}
+				record = newrecord;
 				r_end = record + newsize;
 				rp = record + pos;
 				tcstart = record + tcpos;
@@ -615,12 +620,15 @@ tc_exp:	{
 	if (myfd)
 		(void)close(fd);
 	*len = rp - record - 1;	/* don't count NUL */
-	if (r_end > rp)
-		if ((record = 
+	if (r_end > rp) {
+		if ((newrecord = 
 		     realloc(record, (size_t)(rp - record))) == NULL) {
+			free(record);
 			errno = ENOMEM;
 			return (-2);
 		}
+		record = newrecord;
+	}
 		
 	*cap = record;
 	if (tc_not_resolved)
@@ -701,7 +709,10 @@ cgetmatch(buf, name)
 		/*
 		 * Match failed, skip to next name in record.
 		 */
-		bp--;	/* a '|' or ':' may have stopped the match */
+		if (bp > buf)
+			bp--;	/* a '|' or ':' may have stopped the match */
+		else
+			return (-1);
 		for (;;)
 			if (*bp == '\0' || *bp == ':')
 				return (-1);	/* match failed totally */
@@ -812,6 +823,8 @@ cgetnext(bp, db_array)
 		/* 
 		 * Line points to a name line.
 		 */
+		if (len > sizeof(nbuf))
+			return -1;
 		done = 0;
 		np = nbuf;
 		for (;;) {
@@ -843,6 +856,8 @@ cgetnext(bp, db_array)
 					line[len - 1] = '\0';
 			}
 		}
+		if (len > sizeof(buf))
+			return -1;
 		rp = buf;
 		for(cp = nbuf; *cp != '\0'; cp++)
 			if (*cp == '|' || *cp == ':')
@@ -887,7 +902,7 @@ cgetstr(buf, cap, str)
 	const char *bp;
 	char *mp;
 	int len;
-	char *mem;
+	char *mem, *newmem;
 
 	_DIAGASSERT(buf != NULL);
 	_DIAGASSERT(cap != NULL);
@@ -978,8 +993,11 @@ cgetstr(buf, cap, str)
 		if (m_room == 0) {
 			size_t size = mp - mem;
 
-			if ((mem = realloc(mem, size + SFRAG)) == NULL)
+			if ((newmem = realloc(mem, size + SFRAG)) == NULL) {
+				free(mem);
 				return (-2);
+			}
+			mem = newmem;
 			m_room = SFRAG;
 			mp = mem + size;
 		}
@@ -991,9 +1009,13 @@ cgetstr(buf, cap, str)
 	/*
 	 * Give back any extra memory and return value and success.
 	 */
-	if (m_room != 0)
-		if ((mem = realloc(mem, (size_t)(mp - mem))) == NULL)
+	if (m_room != 0) {
+		if ((newmem = realloc(mem, (size_t)(mp - mem))) == NULL) {
+			free(mem);
 			return (-2);
+		}
+		mem = newmem;
+	}
 	*str = mem;
 	return (len);
 }
@@ -1018,7 +1040,7 @@ cgetustr(buf, cap, str)
 	const char *bp;
 	char *mp;
 	int len;
-	char *mem;
+	char *mem, *newmem;
 
 	_DIAGASSERT(buf != NULL);
 	_DIAGASSERT(cap != NULL);
@@ -1058,8 +1080,11 @@ cgetustr(buf, cap, str)
 		if (m_room == 0) {
 			size_t size = mp - mem;
 
-			if ((mem = realloc(mem, size + SFRAG)) == NULL)
+			if ((newmem = realloc(mem, size + SFRAG)) == NULL) {
+				free(mem);
 				return (-2);
+			}
+			mem = newmem;
 			m_room = SFRAG;
 			mp = mem + size;
 		}
@@ -1071,9 +1096,13 @@ cgetustr(buf, cap, str)
 	/*
 	 * Give back any extra memory and return value and success.
 	 */
-	if (m_room != 0)
-		if ((mem = realloc(mem, (size_t)(mp - mem))) == NULL)
+	if (m_room != 0) {
+		if ((newmem = realloc(mem, (size_t)(mp - mem))) == NULL) {
+			free(mem);
 			return (-2);
+		}
+		mem = newmem;
+	}
 	*str = mem;
 	return (len);
 }