/usr/src/usr.bin/xinstall/xinstall.c

Bug Summary

File:	src/usr.bin/xinstall/xinstall.c
Warning:	line 552, column 3 This function call is prohibited after a successful vfork

Annotated Source Code

Press '?' to see keyboard shortcuts

Show analyzer invocation

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.0 -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name xinstall.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/usr.bin/xinstall/obj -resource-dir /usr/local/lib/clang/13.0.0 -internal-isystem /usr/local/lib/clang/13.0.0/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/usr.bin/xinstall/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/vmm/scan-build/2022-01-12-194120-40624-1 -x c /usr/src/usr.bin/xinstall/xinstall.c

1/*	$OpenBSD: xinstall.c,v 1.76 2021/11/28 19:28:42 deraadt Exp $	*/
2/*	$NetBSD: xinstall.c,v 1.9 1995/12/20 10:25:17 jonathan Exp $	*/

4/*
* Copyright (c) 1987, 1993
*	The Regents of the University of California.  All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
*    notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
*    notice, this list of conditions and the following disclaimer in the
*    documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
*    may be used to endorse or promote products derived from this software
*    without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/

33#include <sys/types.h>
34#include <sys/wait.h>
35#include <sys/mman.h>
36#include <sys/stat.h>

38#include <ctype.h>
39#include <err.h>
40#include <errno(*__errno()).h>
41#include <fcntl.h>
42#include <grp.h>
43#include <paths.h>
44#include <pwd.h>
45#include <stdio.h>
46#include <stdlib.h>
47#include <string.h>
48#include <unistd.h>
49#include <limits.h>
50#include <libgen.h>

52#include "pathnames.h"

54#define _MAXBSIZE(64 * 1024) (64 * 1024)

56#define MINIMUM(a, b)(((a) < (b)) ? (a) : (b))	(((a) < (b)) ? (a) : (b))

58#define	DIRECTORY0x01	0x01		/* Tell install it's a directory. */
59#define	SETFLAGS0x02	0x02		/* Tell install to set flags. */
60#define	USEFSYNC0x04	0x04		/* Tell install to use fsync(2). */
61#define NOCHANGEBITS(0x00000002 | 0x00000004 | 0x00020000 | 0x00040000)	(UF_IMMUTABLE0x00000002 | UF_APPEND0x00000004 | SF_IMMUTABLE0x00020000 | SF_APPEND0x00040000)
62#define BACKUP_SUFFIX".old"	".old"

64int dobackup, docompare, dodest, dodir, dopreserve, dostrip;
65int mode = S_IRWXU0000700|S_IRGRP0000040|S_IXGRP0000010|S_IROTH0000004|S_IXOTH0000001;
66char pathbuf[PATH_MAX1024], tempfile[PATH_MAX1024];
67char *suffix = BACKUP_SUFFIX".old";
68uid_t uid = (uid_t)-1;
69gid_t gid = (gid_t)-1;

71void	copy(int, char *, int, char *, off_t, int);
72int	compare(int, const char *, off_t, int, const char *, off_t);
73void	install(char *, char *, u_long, u_int);
74void	install_dir(char *, int);
75void	strip(char *);
76void	usage(void);
77int	create_tempfile(char *, char *, size_t);
78int	file_write(int, char *, size_t, int *, int *, int);
79void	file_flush(int, int);

81int
82main(int argc, char *argv[])
83{
struct stat from_sb, to_sb;
void *set;
u_int32_t fset;
u_int iflags;
int ch, no_target;
char *flags, *to_name, *group = NULL((void *)0), *owner = NULL((void *)0);
const char *errstr;

iflags = 0;
while ((ch = getopt(argc, argv, "B:bCcDdFf:g:m:o:pSs")) != -1)
1
Assuming the condition is true→
2
←
Loop condition is true.  Entering loop body→
7
←
Assuming the condition is false→
8
←
Loop condition is false. Execution continues on line 147→
switch(ch) {
3
←
Control jumps to 'case 102:'  at line 110→
case 'C':
	docompare = 1;
	break;
case 'B':
	suffix = optarg;
	/* fall through; -B implies -b */
case 'b':
	dobackup = 1;
	break;
case 'c':
	/* For backwards compatibility. */
	break;
case 'F':
	iflags |= USEFSYNC0x04;
	break;
case 'f':
	flags = optarg;
	if (strtofflags(&flags, &fset, NULL((void *)0)))
4
←
Assuming the condition is false→
5
←
Taking false branch→
		errx(1, "%s: invalid flag", flags);
	iflags |= SETFLAGS0x02;
	break;
6
←
 Execution continues on line 93→
case 'g':
	group = optarg;
	break;
case 'm':
	if (!(set = setmode(optarg)))
		errx(1, "%s: invalid file mode", optarg);
	mode = getmode(set, 0);
	free(set);
	break;
case 'o':
	owner = optarg;
	break;
case 'p':
	docompare = dopreserve = 1;
	break;
case 'S':
	/* For backwards compatibility. */
	break;
case 's':
	dostrip = 1;
	break;
case 'D':
	dodest = 1;
	break;
case 'd':
	dodir = 1;
	break;
case '?':
default:
	usage();
}
argc -= optind;
argv += optind;

/* some options make no sense when creating directories */
if ((docompare || dostrip) && dodir)
9
←
Assuming 'docompare' is 0→
10
←
Assuming 'dostrip' is 0→
usage();

/* must have at least two arguments, except when creating directories */
if (argc == 0 || (argc == 1 && !dodir))
11
←
Assuming 'argc' is not equal to 0→
12
←
Assuming 'argc' is not equal to 1→
usage();

/* get group and owner id's */
if (group12.1
'group' is equal to NULL
 != NULL((void *)0) && gid_from_group(group, &gid) == -1) {
gid = strtonum(group, 0, GID_MAX(2147483647 *2U +1U), &errstr);
if (errstr != NULL((void *)0))
	errx(1, "unknown group %s", group);
}
if (owner12.2
'owner' is equal to NULL
 != NULL((void *)0) && uid_from_user(owner, &uid) == -1) {
uid = strtonum(owner, 0, UID_MAX(2147483647 *2U +1U), &errstr);
if (errstr != NULL((void *)0))
	errx(1, "unknown user %s", owner);
}

if (dodir) {
13
←
Assuming 'dodir' is 0→
14
←
Taking false branch→
for (; *argv != NULL((void *)0); ++argv)
	install_dir(*argv, mode);
exit(0);
/* NOTREACHED */
}

if (dodest) {
15
←
Assuming 'dodest' is 0→
16
←
Taking false branch→
char *dest = dirname(argv[argc - 1]);
if (dest == NULL((void *)0))
	errx(1, "cannot determine dirname");
/*
 * When -D is passed, do not chmod the directory with the mode set for
 * the target file. If more restrictive permissions are required then
 * '-d -m' ought to be used instead.
 */
install_dir(dest, 0755);
}

no_target = stat(to_name = argv[argc - 1], &to_sb);
if (!no_target && S_ISDIR(to_sb.st_mode)((to_sb.st_mode & 0170000) == 0040000)) {
17
←
Assuming 'no_target' is 0→
18
←
Assuming the condition is true→
19
←
Taking true branch→
for (; *argv != to_name; ++argv)
20
←
Loop condition is true.  Entering loop body→
	install(*argv, to_name, fset, iflags | DIRECTORY0x01);
21
←
Calling 'install'→
exit(0);
/* NOTREACHED */
}

/* can't do file1 file2 directory/file */
if (argc != 2)
errx(1, "Target: %s", argv[argc-1]);

if (!no_target) {
if (stat(*argv, &from_sb))
	err(1, "%s", *argv);
if (!S_ISREG(to_sb.st_mode)((to_sb.st_mode & 0170000) == 0100000))
	errc(1, EFTYPE79, "%s", to_name);
if (to_sb.st_dev == from_sb.st_dev &&
    to_sb.st_ino == from_sb.st_ino)
	errx(1, "%s and %s are the same file", *argv, to_name);
}
install(*argv, to_name, fset, iflags);
exit(0);
/* NOTREACHED */
213}

215/*
* install --
*	build a path name and install the file
*/
219void
220install(char *from_name, char *to_name, u_long fset, u_int flags)
221{
struct stat from_sb, to_sb;
struct timespec ts[2];
int devnull, from_fd, to_fd, serrno, files_match = 0;
char *p;
char *target_name = tempfile;

(void)memset((void *)&from_sb, 0, sizeof(from_sb));
(void)memset((void *)&to_sb, 0, sizeof(to_sb));

/* If try to install NULL file to a directory, fails. */
if (flags & DIRECTORY0x01 || strcmp(from_name, _PATH_DEVNULL"/dev/null")) {
if (stat(from_name, &from_sb))
22
←
Assuming the condition is false→
23
←
Taking false branch→
	err(1, "%s", from_name);
if (!S_ISREG(from_sb.st_mode)((from_sb.st_mode & 0170000) == 0100000))
24
←
Assuming the condition is true→
25
←
Taking false branch→
	errc(1, EFTYPE79, "%s", from_name);
/* Build the target path. */
if (flags & DIRECTORY0x01) {
26
←
Taking true branch→
	(void)snprintf(pathbuf, sizeof(pathbuf), "%s/%s",
	    to_name,
	    (p = strrchr(from_name, '/')) ? ++p : from_name);
27
←
Assuming 'p' is null→
28
←
'?' condition is false→
	to_name = pathbuf;
}
devnull = 0;
} else {
devnull = 1;
}

if (stat(to_name, &to_sb) == 0) {
29
←
Assuming the condition is false→
30
←
Taking false branch→
/* Only compare against regular files. */
if (docompare && !S_ISREG(to_sb.st_mode)((to_sb.st_mode & 0170000) == 0100000)) {
	docompare = 0;
	warnc(EFTYPE79, "%s", to_name);
}
} else if (docompare30.1
'docompare' is 0
) {
31
←
Taking false branch→
/* File does not exist so silently ignore compare flag. */
docompare = 0;
}

if (!devnull31.1
'devnull' is 0
) {
32
←
Taking true branch→
if ((from_fd = open(from_name, O_RDONLY0x0000)) == -1)
33
←
Assuming the condition is false→
34
←
Taking false branch→
	err(1, "%s", from_name);
}

to_fd = create_tempfile(to_name, tempfile, sizeof(tempfile));
if (to_fd < 0)
35
←
Assuming 'to_fd' is >= 0→
36
←
Taking false branch→
err(1, "%s", tempfile);

if (!devnull36.1
'devnull' is 0
)
37
←
Taking true branch→
copy(from_fd, from_name, to_fd, tempfile, from_sb.st_size,
    ((off_t)from_sb.st_blocks * S_BLKSIZE512 < from_sb.st_size));
38
←
Assuming the condition is true→

if (dostrip) {
39
←
Assuming 'dostrip' is not equal to 0→
40
←
Taking true branch→
strip(tempfile);
41
←
Calling 'strip'→

/*
 * Re-open our fd on the target, in case we used a strip
 *  that does not work in-place -- like gnu binutils strip.
 */
close(to_fd);
if ((to_fd = open(tempfile, O_RDONLY0x0000)) == -1)
	err(1, "stripping %s", to_name);
}

/*
* Compare the (possibly stripped) temp file to the target.
*/
if (docompare) {
int temp_fd = to_fd;
struct stat temp_sb;

/* Re-open to_fd using the real target name. */
if ((to_fd = open(to_name, O_RDONLY0x0000)) == -1)
	err(1, "%s", to_name);

if (fstat(temp_fd, &temp_sb)) {
	serrno = errno(*__errno());
	(void)unlink(tempfile);
	errc(1, serrno, "%s", tempfile);
}

if (compare(temp_fd, tempfile, temp_sb.st_size, to_fd,
	    to_name, to_sb.st_size) == 0) {
	/*
	 * If target has more than one link we need to
	 * replace it in order to snap the extra links.
	 * Need to preserve target file times, though.
	 */
	if (to_sb.st_nlink != 1) {
		ts[0] = to_sb.st_atim;
		ts[1] = to_sb.st_mtim;
		futimens(temp_fd, ts);
	} else {
		files_match = 1;
		(void)unlink(tempfile);
		target_name = to_name;
		(void)close(temp_fd);
	}
}
if (!files_match) {
	(void)close(to_fd);
	to_fd = temp_fd;
}
}

/*
* Preserve the timestamp of the source file if necessary.
*/
if (dopreserve && !files_match) {
ts[0] = from_sb.st_atim;
ts[1] = from_sb.st_mtim;
futimens(to_fd, ts);
}

/*
* Set owner, group, mode for target; do the chown first,
* chown may lose the setuid bits.
*/
if ((gid != (gid_t)-1 || uid != (uid_t)-1) &&
   fchown(to_fd, uid, gid)) {
serrno = errno(*__errno());
if (target_name == tempfile)
	(void)unlink(target_name);
errx(1, "%s: chown/chgrp: %s", target_name, strerror(serrno));
}
if (fchmod(to_fd, mode)) {
serrno = errno(*__errno());
if (target_name == tempfile)
	(void)unlink(target_name);
errx(1, "%s: chmod: %s", target_name, strerror(serrno));
}

/*
* If provided a set of flags, set them, otherwise, preserve the
* flags, except for the dump flag.
*/
if (fchflags(to_fd,
   flags & SETFLAGS0x02 ? fset : from_sb.st_flags & ~UF_NODUMP0x00000001)) {
if (errno(*__errno()) != EOPNOTSUPP45 || (from_sb.st_flags & ~UF_NODUMP0x00000001) != 0)
	warnx("%s: chflags: %s", target_name, strerror(errno(*__errno())));
}

if (flags & USEFSYNC0x04)
fsync(to_fd);
(void)close(to_fd);
if (!devnull)
(void)close(from_fd);

/*
* Move the new file into place if the files are different
* or were not compared.
*/
if (!files_match) {
/* Try to turn off the immutable bits. */
if (to_sb.st_flags & (NOCHANGEBITS(0x00000002 | 0x00000004 | 0x00020000 | 0x00040000)))
	(void)chflags(to_name, to_sb.st_flags & ~(NOCHANGEBITS(0x00000002 | 0x00000004 | 0x00020000 | 0x00040000)));
if (dobackup) {
	char backup[PATH_MAX1024];
	(void)snprintf(backup, PATH_MAX1024, "%s%s", to_name,
	    suffix);
	/* It is ok for the target file not to exist. */
	if (rename(to_name, backup) == -1 && errno(*__errno()) != ENOENT2) {
		serrno = errno(*__errno());
		unlink(tempfile);
		errx(1, "rename: %s to %s: %s", to_name,
		     backup, strerror(serrno));
	}
}
if (rename(tempfile, to_name) == -1 ) {
	serrno = errno(*__errno());
	unlink(tempfile);
	errx(1, "rename: %s to %s: %s", tempfile,
	     to_name, strerror(serrno));
}
}
396}

398/*
* copy --
*	copy from one file to another
*/
402void
403copy(int from_fd, char *from_name, int to_fd, char *to_name, off_t size,
  int sparse)
405{
ssize_t nr, nw;
int serrno;
char *p, buf[_MAXBSIZE(64 * 1024)];

if (size == 0)
return;

/* Rewind file descriptors. */
if (lseek(from_fd, (off_t)0, SEEK_SET0) == (off_t)-1)
err(1, "lseek: %s", from_name);
if (lseek(to_fd, (off_t)0, SEEK_SET0) == (off_t)-1)
err(1, "lseek: %s", to_name);

/*
* Mmap and write if less than 8M (the limit is so we don't totally
* trash memory on big files.  This is really a minor hack, but it
* wins some CPU back.  Sparse files need special treatment.
*/
if (!sparse && size <= 8 * 1048576) {
size_t siz;

if ((p = mmap(NULL((void *)0), (size_t)size, PROT_READ0x01, MAP_PRIVATE0x0002,
    from_fd, (off_t)0)) == MAP_FAILED((void *)-1)) {
	serrno = errno(*__errno());
	(void)unlink(to_name);
	errc(1, serrno, "%s", from_name);
}
madvise(p, size, MADV_SEQUENTIAL2);
siz = (size_t)size;
if ((nw = write(to_fd, p, siz)) != siz) {
	serrno = errno(*__errno());
	(void)unlink(to_name);
	errx(1, "%s: %s",
	    to_name, strerror(nw > 0 ? EIO5 : serrno));
}
(void) munmap(p, (size_t)size);
} else {
int sz, rem, isem = 1;
struct stat sb;

/*
 * Pass the blocksize of the file being written to the write
 * routine.  if the size is zero, use the default S_BLKSIZE.
 */
if (fstat(to_fd, &sb) != 0 || sb.st_blksize == 0)
	sz = S_BLKSIZE512;
else
	sz = sb.st_blksize;
rem = sz;

while ((nr = read(from_fd, buf, sizeof(buf))) > 0) {
	if (sparse)
		nw = file_write(to_fd, buf, nr, &rem, &isem, sz);
	else
		nw = write(to_fd, buf, nr);
	if (nw != nr) {
		serrno = errno(*__errno());
		(void)unlink(to_name);
		errx(1, "%s: %s",
		    to_name, strerror(nw > 0 ? EIO5 : serrno));
	}
}
if (sparse)
	file_flush(to_fd, isem);
if (nr != 0) {
	serrno = errno(*__errno());
	(void)unlink(to_name);
	errc(1, serrno, "%s", from_name);
}
}
476}

478/*
* compare --
*	compare two files; non-zero means files differ
*/
482int
483compare(int from_fd, const char *from_name, off_t from_len, int to_fd,
  const char *to_name, off_t to_len)
485{
caddr_t p1, p2;
size_t length;
off_t from_off, to_off, remainder;
int dfound;

if (from_len == 0 && from_len == to_len)
return (0);

if (from_len != to_len)
return (1);

/*
* Compare the two files being careful not to mmap
* more than 8M at a time.
*/
from_off = to_off = (off_t)0;
remainder = from_len;
do {
length = MINIMUM(remainder, 8 * 1048576)(((remainder) < (8 * 1048576)) ? (remainder) : (8 * 1048576
));
remainder -= length;

if ((p1 = mmap(NULL((void *)0), length, PROT_READ0x01, MAP_PRIVATE0x0002,
    from_fd, from_off)) == MAP_FAILED((void *)-1))
	err(1, "%s", from_name);
if ((p2 = mmap(NULL((void *)0), length, PROT_READ0x01, MAP_PRIVATE0x0002,
    to_fd, to_off)) == MAP_FAILED((void *)-1))
	err(1, "%s", to_name);
if (length) {
	madvise(p1, length, MADV_SEQUENTIAL2);
	madvise(p2, length, MADV_SEQUENTIAL2);
}

dfound = memcmp(p1, p2, length);

(void) munmap(p1, length);
(void) munmap(p2, length);

from_off += length;
to_off += length;

} while (!dfound && remainder > 0);

return(dfound);
529}

531/*
* strip --
*	use strip(1) to strip the target file
*/
535void
536strip(char *to_name)
537{
int serrno, status;
char * volatile path_strip;
pid_t pid;

if (issetugid() || (path_strip = getenv("STRIP")) == NULL((void *)0))
42
←
Assuming the condition is true→
path_strip = _PATH_STRIP"/usr/bin/strip";

switch ((pid = vfork())) {
43
←
Control jumps to 'case 0:'  at line 550→
case -1:
serrno = errno(*__errno());
(void)unlink(to_name);
errc(1, serrno, "forks");
case 0:
execl(path_strip, "strip", "--", to_name, (char *)NULL((void *)0));
warn("%s", path_strip);
44
←
This function call is prohibited after a successful vfork
_exit(1);
default:
while (waitpid(pid, &status, 0) == -1) {
	if (errno(*__errno()) != EINTR4)
		break;
}
if (!WIFEXITED(status)(((status) & 0177) == 0))
	(void)unlink(to_name);
}
562}

564/*
* install_dir --
*	build directory hierarchy
*/
568void
569install_dir(char *path, int mode)
570{
char *p;
struct stat sb;
int ch;

for (p = path;; ++p)
if (!*p || (p != path && *p  == '/')) {
	ch = *p;
	*p = '\0';
	if (mkdir(path, 0777)) {
		int mkdir_errno = errno(*__errno());
		if (stat(path, &sb)) {
			/* Not there; use mkdir()s errno */
			errc(1, mkdir_errno, "%s",
			    path);
			/* NOTREACHED */
		}
		if (!S_ISDIR(sb.st_mode)((sb.st_mode & 0170000) == 0040000)) {
			/* Is there, but isn't a directory */
			errc(1, ENOTDIR20, "%s", path);
			/* NOTREACHED */
		}
	}
	if (!(*p = ch))
		break;
	}

if (((gid != (gid_t)-1 || uid != (uid_t)-1) && chown(path, uid, gid)) ||
   chmod(path, mode)) {
warn("%s", path);
}
601}

603/*
* usage --
*	print a usage message and die
*/
607void
608usage(void)
609{
(void)fprintf(stderr(&__sF[2]), "\
611usage: install [-bCcDdFpSs] [-B suffix] [-f flags] [-g group] [-m mode] [-o owner]\n	       source ... target ...\n");
exit(1);
/* NOTREACHED */
614}

616/*
* create_tempfile --
*	create a temporary file based on path and open it
*/
620int
621create_tempfile(char *path, char *temp, size_t tsize)
622{
char *p;

strlcpy(temp, path, tsize);
if ((p = strrchr(temp, '/')) != NULL((void *)0))
p++;
else
p = temp;
*p = '\0';
strlcat(p, "INS@XXXXXXXXXX", tsize);

return(mkstemp(temp));
634}

636/*
* file_write()
*	Write/copy a file (during copy or archive extract). This routine knows
*	how to copy files with lseek holes in it. (Which are read as file
*	blocks containing all 0's but do not have any file blocks associated
*	with the data). Typical examples of these are files created by dbm
*	variants (.pag files). While the file size of these files are huge, the
*	actual storage is quite small (the files are sparse). The problem is
*	the holes read as all zeros so are probably stored on the archive that
*	way (there is no way to determine if the file block is really a hole,
*	we only know that a file block of all zero's can be a hole).
*	At this writing, no major archive format knows how to archive files
*	with holes. However, on extraction (or during copy, -rw) we have to
*	deal with these files. Without detecting the holes, the files can
*	consume a lot of file space if just written to disk. This replacement
*	for write when passed the basic allocation size of a file system block,
*	uses lseek whenever it detects the input data is all 0 within that
*	file block. In more detail, the strategy is as follows:
*	While the input is all zero keep doing an lseek. Keep track of when we
*	pass over file block boundaries. Only write when we hit a non zero
*	input. once we have written a file block, we continue to write it to
*	the end (we stop looking at the input). When we reach the start of the
*	next file block, start checking for zero blocks again. Working on file
*	block boundaries significantly reduces the overhead when copying files
*	that are NOT very sparse. This overhead (when compared to a write) is
*	almost below the measurement resolution on many systems. Without it,
*	files with holes cannot be safely copied. It does has a side effect as
*	it can put holes into files that did not have them before, but that is
*	not a problem since the file contents are unchanged (in fact it saves
*	file space). (Except on paging files for diskless clients. But since we
*	cannot determine one of those file from here, we ignore them). If this
*	ever ends up on a system where CTG files are supported and the holes
*	are not desired, just do a conditional test in those routines that
*	call file_write() and have it call write() instead. BEFORE CLOSING THE
*	FILE, make sure to call file_flush() when the last write finishes with
*	an empty block. A lot of file systems will not create an lseek hole at
*	the end. In this case we drop a single 0 at the end to force the
*	trailing 0's in the file.
*	---Parameters---
*	rem: how many bytes left in this file system block
*	isempt: have we written to the file block yet (is it empty)
*	sz: basic file block allocation size
*	cnt: number of bytes on this write
*	str: buffer to write
* Return:
*	number of bytes written, -1 on write (or lseek) error.
*/

684int
685file_write(int fd, char *str, size_t cnt, int *rem, int *isempt, int sz)
686{
char *pt;
char *end;
size_t wcnt;
char *st = str;

/*
* while we have data to process
*/
while (cnt) {
if (!*rem) {
	/*
	 * We are now at the start of file system block again
	 * (or what we think one is...). start looking for
	 * empty blocks again
	 */
	*isempt = 1;
	*rem = sz;
}

/*
 * only examine up to the end of the current file block or
 * remaining characters to write, whatever is smaller
 */
wcnt = MINIMUM(cnt, *rem)(((cnt) < (*rem)) ? (cnt) : (*rem));
cnt -= wcnt;
*rem -= wcnt;
if (*isempt) {
	/*
	 * have not written to this block yet, so we keep
	 * looking for zero's
	 */
	pt = st;
	end = st + wcnt;

	/*
	 * look for a zero filled buffer
	 */
	while ((pt < end) && (*pt == '\0'))
		++pt;

	if (pt == end) {
		/*
		 * skip, buf is empty so far
		 */
		if (lseek(fd, (off_t)wcnt, SEEK_CUR1) == -1) {
			warn("lseek");
			return(-1);
		}
		st = pt;
		continue;
	}
	/*
	 * drat, the buf is not zero filled
	 */
	*isempt = 0;
}

/*
 * have non-zero data in this file system block, have to write
 */
if (write(fd, st, wcnt) != wcnt) {
	warn("write");
	return(-1);
}
st += wcnt;
}
return(st - str);
754}

756/*
* file_flush()
*	when the last file block in a file is zero, many file systems will not
*	let us create a hole at the end. To get the last block with zeros, we
*	write the last BYTE with a zero (back up one byte and write a zero).
*/
762void
763file_flush(int fd, int isempt)
764{
static char blnk[] = "\0";

/*
* silly test, but make sure we are only called when the last block is
* filled with all zeros.
*/
if (!isempt)
return;

/*
* move back one byte and write a zero
*/
if (lseek(fd, (off_t)-1, SEEK_CUR1) == -1) {
warn("Failed seek on file");
return;
}

if (write(fd, blnk, 1) == -1)
warn("Failed write to file");
return;
785}