From be54882039632c791493d3657042f7ea9d6f4a20 Mon Sep 17 00:00:00 2001

From: Ondrej Dubaj <odubaj@redhat.com>

Date: Tue, 21 Sep 2021 11:42:02 +0200

Subject: [PATCH] * src/dstring.c (ds_init): Take a single argument. 

 (ds_free):  New function. (ds_resize): Take a single argument.  Use 

 x2nrealloc to expand  the storage. 

 (ds_reset,ds_append,ds_concat,ds_endswith): New function.  (ds_fgetstr): 

 Rewrite.  In particular, this fixes integer overflow.  (ds_resize): Take 

 additional argument: number of  bytes to leave available after ds_idx.  All 

 uses changed. * src/dstring.h (dynamic_string): Keep both the allocated 

 length (ds_size) and  index of the  next free byte in the string (ds_idx). 

 (ds_init,ds_resize):  Change  signature. (ds_len): New macro. 

 (ds_free,ds_reset,ds_append,ds_concat,ds_endswith): New protos. * 

 src/copyin.c: Use new ds_ functions. (read_name_from_file): Handle len == 0. 

 (read_name_from_file): Print error message and skip file if its name is not 

 nul-terminated. (long_format): Cast rdev numbers to unsigned long * 

 src/copyout.c: Likewise. * src/copypass.c: Likewise. * src/util.c: Likewise. 

 (tape_empty_output_buffer): Fix condition. * src/idcache.c 

 (getuser,getgroup): Use umaxtostr instead of sprintf. * src/userspec.c 

 (parse_user_spec): Likewise.

---

 configure.ac   |   4 +-

 src/copyin.c   | 228 ++++++++++++++++++-------------------------------

 src/copyout.c  |  77 +++++++++--------

 src/copypass.c |  34 ++++----

 src/cpiohdr.h  |   9 +-

 src/dstring.c  |  89 +++++++++++++------

 src/dstring.h  |  30 +++----

 src/extern.h   |  22 +++--

 src/idcache.c  |  11 ++-

 src/makepath.c |   2 +-

 src/userspec.c |   9 +-

 src/util.c     |  53 +++++++++---

 12 files changed, 294 insertions(+), 274 deletions(-)

diff --git a/configure.ac b/configure.ac

index c68bd44..49eaacd 100644

--- a/configure.ac

+++ b/configure.ac

@@ -21,8 +21,8 @@ AC_INIT([GNU cpio], [2.12], [bug-cpio@gnu.org],,

 AC_CONFIG_SRCDIR(src/cpio.h)

 AC_CONFIG_AUX_DIR([build-aux])

 AC_CONFIG_HEADERS([config.h])

-AC_PREREQ([2.63])

-AM_INIT_AUTOMAKE([1.11.1 gnits tar-ustar dist-bzip2 std-options silent-rules])

+AC_PREREQ([2.64])

+AM_INIT_AUTOMAKE([1.15 gnits tar-ustar dist-bzip2 std-options silent-rules])

 # Enable silent rules by default:

 AM_SILENT_RULES([yes])

diff --git a/src/copyin.c b/src/copyin.c

index 267ed4b..2f9da73 100644

--- a/src/copyin.c

+++ b/src/copyin.c

@@ -56,10 +56,10 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out,

   static dynamic_string new_name;	/* New file name for rename option.  */

   static int initialized_new_name = false;

   if (!initialized_new_name)

-  {

-    ds_init (&new_name, 128);

-    initialized_new_name = true;

-  }

+    {

+      ds_init (&new_name);

+      initialized_new_name = true;

+    }

   if (rename_flag)

     {

@@ -76,28 +76,7 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out,

       return -1;

     }

   else

-  /* Debian hack: file_hrd.c_name is sometimes set to

-     point to static memory by code in tar.c.  This

-     causes a segfault.  This has been fixed and an

-     additional check to ensure that the file name

-     is not too long has been added.  (Reported by

-     Horst Knobloch.)  This bug has been reported to

-     "bug-gnu-utils@prep.ai.mit.edu". (99/1/6) -BEM */

-    {

-      if (archive_format != arf_tar && archive_format != arf_ustar)

-	{

-	  free (file_hdr->c_name);

-	  file_hdr->c_name = xstrdup (new_name.ds_string);

-	}

-      else

-	{

-	  if (is_tar_filename_too_long (new_name.ds_string))

-	    error (0, 0, _("%s: file name too long"),

-		   new_name.ds_string);

-	  else

-	    strcpy (file_hdr->c_name, new_name.ds_string);

-	}

-    }

+    cpio_set_c_name (file_hdr, new_name.ds_string);

   return 0;

 }

@@ -173,10 +152,8 @@ list_file (struct cpio_file_stat* file_hdr, int in_file_des)

     }

   else

     {

-      /* Debian hack: Modified to print a list of filenames

-	 terminiated by a null character when the -t and -0

-	 flags are used.  This has been submitted as a

-	 suggestion to "bug-gnu-utils@prep.ai.mit.edu".  -BEM */

+      /* Print out the name as it is.  The name_end delimiter is normally

+	 '\n', but can be reset to '\0' by the -0 option. */

       printf ("%s%c", file_hdr->c_name, name_end);

     }

@@ -201,7 +178,7 @@ list_file (struct cpio_file_stat* file_hdr, int in_file_des)

 static int

 try_existing_file (struct cpio_file_stat* file_hdr, int in_file_des,

-		   int *existing_dir)

+		   bool *existing_dir)

 {

   struct stat file_stat;

@@ -344,8 +321,7 @@ create_defered_links_to_skipped (struct cpio_file_stat *file_hdr,

 	    d_prev->next = d->next;

 	  else

 	    deferments = d->next;

-	  free (file_hdr->c_name);

-	  file_hdr->c_name = xstrdup(d->header.c_name);

+	  cpio_set_c_name (file_hdr, d->header.c_name);

 	  free_deferment (d);

 	  copyin_regular_file(file_hdr, in_file_des);

 	  return 0;

@@ -697,7 +673,7 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des)

 static void

 copyin_file (struct cpio_file_stat *file_hdr, int in_file_des)

 {

-  int existing_dir;

+  bool existing_dir = false;

   if (!to_stdout_option

       && try_existing_file (file_hdr, in_file_des, &existing_dir) < 0)

@@ -748,7 +724,7 @@ static time_t current_time;

    this file is a symbolic link to.  */

 void

-long_format (struct cpio_file_stat *file_hdr, char *link_name)

+long_format (struct cpio_file_stat *file_hdr, char const *link_name)

 {

   char mbuf[11];

   char tbuf[40];

@@ -780,92 +756,42 @@ long_format (struct cpio_file_stat *file_hdr, char *link_name)

   if ((file_hdr->c_mode & CP_IFMT) == CP_IFCHR

       || (file_hdr->c_mode & CP_IFMT) == CP_IFBLK)

-    printf ("%3lu, %3lu ", file_hdr->c_rdev_maj,

-	    file_hdr->c_rdev_min);

+    printf ("%3lu, %3lu ",

+	    (unsigned long) file_hdr->c_rdev_maj,

+	    (unsigned long) file_hdr->c_rdev_min);

   else

     printf ("%8"PRIuMAX" ", (uintmax_t) file_hdr->c_filesize);

   printf ("%s ", tbuf + 4);

-  print_name_with_quoting (file_hdr->c_name);

+  printf ("%s", quotearg (file_hdr->c_name));

   if (link_name)

     {

       printf (" -> ");

-      print_name_with_quoting (link_name);

+      printf ("%s", quotearg (link_name));

     }

   putc ('\n', stdout);

 }

-void

-print_name_with_quoting (register char *p)

-{

-  register unsigned char c;

-

-  while ( (c = *p++) )

-    {

-      switch (c)

-	{

-	case '\\':

-	  printf ("\\\\");

-	  break;

-

-	case '\n':

-	  printf ("\\n");

-	  break;

-

-	case '\b':

-	  printf ("\\b");

-	  break;

-

-	case '\r':

-	  printf ("\\r");

-	  break;

-

-	case '\t':

-	  printf ("\\t");

-	  break;

-

-	case '\f':

-	  printf ("\\f");

-	  break;

-

-	case ' ':

-	  printf ("\\ ");

-	  break;

-

-	case '"':

-	  printf ("\\\"");

-	  break;

-

-	default:

-	  if (c > 040 && c < 0177)

-	    putchar (c);

-	  else

-	    printf ("\\%03o", (unsigned int) c);

-	}

-    }

-}

-

 /* Read a pattern file (for the -E option).  Put a list of

    `num_patterns' elements in `save_patterns'.  Any patterns that were

    already in `save_patterns' (from the command line) are preserved.  */

 static void

-read_pattern_file ()

+read_pattern_file (void)

 {

-  int max_new_patterns;

-  char **new_save_patterns;

-  int new_num_patterns;

+  char **new_save_patterns = NULL;

+  size_t max_new_patterns;

+  size_t new_num_patterns;

   int i;

-  dynamic_string pattern_name;

+  dynamic_string pattern_name = DYNAMIC_STRING_INITIALIZER;

   FILE *pattern_fp;

   if (num_patterns < 0)

     num_patterns = 0;

-  max_new_patterns = 1 + num_patterns;

-  new_save_patterns = (char **) xmalloc (max_new_patterns * sizeof (char *));

   new_num_patterns = num_patterns;

-  ds_init (&pattern_name, 128);

+  max_new_patterns = num_patterns;

+  new_save_patterns = xcalloc (max_new_patterns, sizeof (new_save_patterns[0]));

   pattern_fp = fopen (pattern_file_name, "r");

   if (pattern_fp == NULL)

@@ -874,16 +800,16 @@ read_pattern_file ()

   {

     while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL)

       {

-        if (new_num_patterns >= max_new_patterns)

-        {

-          max_new_patterns += 1;

-          new_save_patterns = (char **)

-          xrealloc ((char *) new_save_patterns,

-            max_new_patterns * sizeof (char *));

-        }

+        if (new_num_patterns == max_new_patterns)

+          new_save_patterns = x2nrealloc (new_save_patterns,

+                  &max_new_patterns,

+                  sizeof (new_save_patterns[0]));

         new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string);

         ++new_num_patterns;

       }

+

+    ds_free (&pattern_name);

+

     if (ferror (pattern_fp) || fclose (pattern_fp) == EOF)

       close_error (pattern_file_name);

   }

@@ -1066,6 +992,27 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des)

     }

 }

+static void

+read_name_from_file (struct cpio_file_stat *file_hdr, int fd, uintmax_t len)

+{

+  if (len == 0)

+    {

+      error (0, 0, _("malformed header: file name of zero length"));

+    }

+  else

+    {

+      cpio_realloc_c_name (file_hdr, len);

+      tape_buffered_read (file_hdr->c_name, fd, len);

+      if (file_hdr->c_name[len-1] != 0)

+	{

+	  error (0, 0, _("malformed header: file name is not nul-terminated"));

+	  /* Skip this file */

+	  len = 0;

+	}

+     }

+  file_hdr->c_namesize = len;

+}

+

 /* Fill in FILE_HDR by reading an old-format ASCII format cpio header from

    file descriptor IN_DES, except for the magic number, which is

    already filled in.  */

@@ -1092,14 +1039,9 @@ read_in_old_ascii (struct cpio_file_stat *file_hdr, int in_des)

   file_hdr->c_rdev_min = minor (dev);

   file_hdr->c_mtime = FROM_OCTAL (ascii_header.c_mtime);

-  file_hdr->c_namesize = FROM_OCTAL (ascii_header.c_namesize);

   file_hdr->c_filesize = FROM_OCTAL (ascii_header.c_filesize);

-  /* Read file name from input.  */

-  if (file_hdr->c_name != NULL)

-    free (file_hdr->c_name);

-  file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize + 1);

-  tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize);

+  read_name_from_file (file_hdr, in_des, FROM_OCTAL (ascii_header.c_namesize));

   /* HP/UX cpio creates archives that look just like ordinary archives,

      but for devices it sets major = 0, minor = 1, and puts the

@@ -1154,14 +1096,9 @@ read_in_new_ascii (struct cpio_file_stat *file_hdr, int in_des)

   file_hdr->c_dev_min = FROM_HEX (ascii_header.c_dev_min);

   file_hdr->c_rdev_maj = FROM_HEX (ascii_header.c_rdev_maj);

   file_hdr->c_rdev_min = FROM_HEX (ascii_header.c_rdev_min);

-  file_hdr->c_namesize = FROM_HEX (ascii_header.c_namesize);

   file_hdr->c_chksum = FROM_HEX (ascii_header.c_chksum);

-  /* Read file name from input.  */

-  if (file_hdr->c_name != NULL)

-    free (file_hdr->c_name);

-  file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize);

-  tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize);

+  read_name_from_file (file_hdr, in_des, FROM_HEX (ascii_header.c_namesize));

   /* In SVR4 ASCII format, the amount of space allocated for the header

      is rounded up to the next long-word, so we might need to drop

@@ -1209,16 +1146,10 @@ read_in_binary (struct cpio_file_stat *file_hdr,

   file_hdr->c_rdev_min = minor ((unsigned short)short_hdr->c_rdev);

   file_hdr->c_mtime = (unsigned long) short_hdr->c_mtimes[0] << 16

                       | short_hdr->c_mtimes[1];

-

-  file_hdr->c_namesize = short_hdr->c_namesize;

   file_hdr->c_filesize = (unsigned long) short_hdr->c_filesizes[0] << 16

                       | short_hdr->c_filesizes[1];

-  /* Read file name from input.  */

-  if (file_hdr->c_name != NULL)

-    free (file_hdr->c_name);

-  file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize);

-  tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize);

+  read_name_from_file (file_hdr, in_des, short_hdr->c_namesize);

   /* In binary mode, the amount of space allocated in the header for

      the filename is `c_namesize' rounded up to the next short-word,

@@ -1278,14 +1209,14 @@ swab_array (char *ptr, int count)

    in the file system.  */

 void

-process_copy_in ()

+process_copy_in (void)

 {

-  char done = false;		/* True if trailer reached.  */

   FILE *tty_in = NULL;		/* Interactive file for rename option.  */

   FILE *tty_out = NULL;		/* Interactive file for rename option.  */

   FILE *rename_in = NULL;	/* Batch file for rename option.  */

   struct stat file_stat;	/* Output file stat record.  */

-  struct cpio_file_stat file_hdr;	/* Output header information.  */

+  struct cpio_file_stat file_hdr = CPIO_FILE_STAT_INITIALIZER;

+                                /* Output header information.  */

   int in_file_des;		/* Input file descriptor.  */

   char skip_file;		/* Flag for use with patterns.  */

   int i;			/* Loop index variable.  */

@@ -1298,8 +1229,7 @@ process_copy_in ()

     {

       read_pattern_file ();

     }

-  file_hdr.c_name = NULL;

-

+  file_hdr.c_namesize = 0;

   if (rename_batch_file)

     {

       rename_in = fopen (rename_batch_file, "r");

@@ -1352,7 +1282,7 @@ process_copy_in ()

   change_dir ();

   /* While there is more input in the collection, process the input.  */

-  while (!done)

+  while (1)

     {

       swapping_halfwords = swapping_bytes = false;

@@ -1380,30 +1310,32 @@ process_copy_in ()

 	}

 #endif

-      /* Is this the header for the TRAILER file?  */

-      if (strcmp (CPIO_TRAILER_NAME, file_hdr.c_name) == 0)

+      if (file_hdr.c_namesize == 0)

+	skip_file = true;

+      else

 	{

-	  done = true;

-	  break;

-	}

+	  /* Is this the header for the TRAILER file?  */

+	  if (strcmp (CPIO_TRAILER_NAME, file_hdr.c_name) == 0)

+	    break;

-      cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,

-			      false);

+	  cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,

+				  false);

-      /* Does the file name match one of the given patterns?  */

-      if (num_patterns <= 0)

-	skip_file = false;

-      else

-	{

-	  skip_file = copy_matching_files;

-	  for (i = 0; i < num_patterns

-	       && skip_file == copy_matching_files; i++)

+	  /* Does the file name match one of the given patterns?  */

+	  if (num_patterns <= 0)

+	    skip_file = false;

+	  else

 	    {

-	      if (fnmatch (save_patterns[i], file_hdr.c_name, 0) == 0)

-		skip_file = !copy_matching_files;

+	      skip_file = copy_matching_files;

+	      for (i = 0; i < num_patterns

+		     && skip_file == copy_matching_files; i++)

+		{

+		  if (fnmatch (save_patterns[i], file_hdr.c_name, 0) == 0)

+		    skip_file = !copy_matching_files;

+		}

 	    }

 	}

-

+      

       if (skip_file)

 	{

 	  /* If we're skipping a file with links, there might be other

@@ -1494,6 +1426,8 @@ process_copy_in ()

     fputc ('\n', stderr);

   apply_delayed_set_stat ();

+

+  cpio_file_stat_free (&file_hdr);

   if (append_flag)

     return;

diff --git a/src/copyout.c b/src/copyout.c

index 56416ba..a576f27 100644

--- a/src/copyout.c

+++ b/src/copyout.c

@@ -269,26 +269,32 @@ writeout_final_defers (int out_des)

    so it should be moved to paxutils too.

    Allowed values for logbase are: 1 (binary), 2, 3 (octal), 4 (hex) */

 int

-to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase)

+to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase, bool nul)

 {

   static char codetab[] = "0123456789ABCDEF";

-  int i = digits;

-  do

+  if (nul)

+    where[--digits] = 0;

+  while (digits > 0)

     {

-      where[--i] = codetab[(v & ((1 << logbase) - 1))];

+      where[--digits] = codetab[(v & ((1 << logbase) - 1))];

       v >>= logbase;

     }

-  while (i);

   return v != 0;

 }

-static void

-field_width_error (const char *filename, const char *fieldname)

+void

+field_width_error (const char *filename, const char *fieldname,

+		   uintmax_t value, size_t width, bool nul)

 {

-  error (1, 0, _("%s: field width not sufficient for storing %s"),

-	 filename, fieldname);

+  char valbuf[UINTMAX_STRSIZE_BOUND + 1];

+  char maxbuf[UINTMAX_STRSIZE_BOUND + 1];

+  error (1, 0, _("%s: value %s %s out of allowed range 0..%s"),

+	 filename, fieldname,

+	 STRINGIFY_BIGINT (value, valbuf),

+	 STRINGIFY_BIGINT (MAX_VAL_WITH_DIGITS (width - nul, LG_8),

+			   maxbuf));

 }

 static void

@@ -303,7 +309,7 @@ to_ascii_or_warn (char *where, uintmax_t n, size_t digits,

 		  unsigned logbase,

 		  const char *filename, const char *fieldname)

 {

-  if (to_ascii (where, n, digits, logbase))

+  if (to_ascii (where, n, digits, logbase, false))

     field_width_warning (filename, fieldname);

 }    

@@ -312,9 +318,9 @@ to_ascii_or_error (char *where, uintmax_t n, size_t digits,

 		   unsigned logbase,

 		   const char *filename, const char *fieldname)

 {

-  if (to_ascii (where, n, digits, logbase))

+  if (to_ascii (where, n, digits, logbase, false))

     {

-      field_width_error (filename, fieldname);

+      field_width_error (filename, fieldname, n, digits, false);

       return 1;

     }

   return 0;

@@ -371,7 +377,7 @@ write_out_new_ascii_header (const char *magic_string,

 			 _("name size")))

     return 1;

   p += 8;

-  to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16);

+  to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16, false);

   tape_buffered_write (ascii_header, out_des, sizeof ascii_header);

@@ -388,7 +394,7 @@ write_out_old_ascii_header (dev_t dev, dev_t rdev,

   char ascii_header[76];

   char *p = ascii_header;

-  to_ascii (p, file_hdr->c_magic, 6, LG_8);

+  to_ascii (p, file_hdr->c_magic, 6, LG_8, false);

   p += 6;

   to_ascii_or_warn (p, dev, 6, LG_8, file_hdr->c_name, _("device number"));

   p += 6;

@@ -492,7 +498,10 @@ write_out_binary_header (dev_t rdev,

   short_hdr.c_namesize = file_hdr->c_namesize & 0xFFFF;

   if (short_hdr.c_namesize != file_hdr->c_namesize)

     {

-      field_width_error (file_hdr->c_name, _("name size"));

+      char maxbuf[UINTMAX_STRSIZE_BOUND + 1];

+      error (1, 0, _("%s: value %s %s out of allowed range 0..%u"),

+	     file_hdr->c_name, _("name size"),

+	     STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFu);

       return 1;

     }

@@ -502,7 +511,10 @@ write_out_binary_header (dev_t rdev,

   if (((off_t)short_hdr.c_filesizes[0] << 16) + short_hdr.c_filesizes[1]

        != file_hdr->c_filesize)

     {

-      field_width_error (file_hdr->c_name, _("file size"));

+      char maxbuf[UINTMAX_STRSIZE_BOUND + 1];

+      error (1, 0, _("%s: value %s %s out of allowed range 0..%lu"),

+	     file_hdr->c_name, _("file size"),

+	     STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFFFFFlu);

       return 1;

     }

@@ -582,17 +594,18 @@ assign_string (char **pvar, char *value)

    The format of the header depends on the compatibility (-c) flag.  */

 void

-process_copy_out ()

+process_copy_out (void)

 {

-  dynamic_string input_name;	/* Name of file read from stdin.  */

+  dynamic_string input_name = DYNAMIC_STRING_INITIALIZER;

+                                /* Name of file read from stdin.  */

   struct stat file_stat;	/* Stat record for file.  */

-  struct cpio_file_stat file_hdr; /* Output header information.  */

+  struct cpio_file_stat file_hdr = CPIO_FILE_STAT_INITIALIZER;

+                                /* Output header information.  */

   int in_file_des;		/* Source file descriptor.  */

   int out_file_des;		/* Output file descriptor.  */

   char *orig_file_name = NULL;

   /* Initialize the copy out.  */

-  ds_init (&input_name, 128);

   file_hdr.c_magic = 070707;

   /* Check whether the output file might be a tape.  */

@@ -644,14 +657,9 @@ process_copy_out ()

 	    {

 	      if (file_hdr.c_mode & CP_IFDIR)

 		{

-		  int len = strlen (input_name.ds_string);

 		  /* Make sure the name ends with a slash */

-		  if (input_name.ds_string[len-1] != '/')

-		    {

-		      ds_resize (&input_name, len + 2);

-		      input_name.ds_string[len] = '/';

-		      input_name.ds_string[len+1] = 0;

-		    }

+		  if (!ds_endswith (&input_name, '/'))

+		    ds_append (&input_name, '/');

 		}

 	    }

@@ -659,8 +667,7 @@ process_copy_out ()

 	  cpio_safer_name_suffix (input_name.ds_string, false,

 				  !no_abs_paths_flag, true);

 #ifndef HPUX_CDF

-	  file_hdr.c_name = input_name.ds_string;

-	  file_hdr.c_namesize = strlen (input_name.ds_string) + 1;

+	  cpio_set_c_name (&file_hdr, input_name.ds_string);

 #else

 	  if ( (archive_format != arf_tar) && (archive_format != arf_ustar) )

 	    {

@@ -669,16 +676,15 @@ process_copy_out ()

 		 properly recreate the directory as hidden (in case the

 		 files of a directory go into the archive before the

 		 directory itself (e.g from "find ... -depth ... | cpio")).  */

-	      file_hdr.c_name = add_cdf_double_slashes (input_name.ds_string);

-	      file_hdr.c_namesize = strlen (file_hdr.c_name) + 1;

+              cpio_set_c_name (&file_hdr,

+                               add_cdf_double_slashes (input_name.ds_string));

 	    }

 	  else

 	    {

 	      /* We don't mark CDF's in tar files.  We assume the "hidden"

 		 directory will always go into the archive before any of

 		 its files.  */

-	      file_hdr.c_name = input_name.ds_string;

-	      file_hdr.c_namesize = strlen (input_name.ds_string) + 1;

+              cpio_set_c_name (&file_hdr, input_name.ds_string);

 	    }

 #endif

@@ -865,8 +871,7 @@ process_copy_out ()

   file_hdr.c_chksum = 0;

   file_hdr.c_filesize = 0;

-  file_hdr.c_namesize = 11;

-  file_hdr.c_name = CPIO_TRAILER_NAME;

+  cpio_set_c_name (&file_hdr, CPIO_TRAILER_NAME);

   if (archive_format != arf_tar && archive_format != arf_ustar)

     write_out_header (&file_hdr, out_file_des);

   else

@@ -884,6 +889,8 @@ process_copy_out ()

 	       ngettext ("%lu block\n", "%lu blocks\n",

 			 (unsigned long) blocks), (unsigned long) blocks);

     }

+  cpio_file_stat_free (&file_hdr);

+  ds_free (&input_name);

 }

diff --git a/src/tar.c b/src/tar.c

index 1b1156e..0a34845 100644

--- a/src/tar.c

+++ b/src/tar.c

@@ -282,7 +282,7 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des)

       if (null_block ((long *) &tar_rec, TARRECORDSIZE))

 #endif

 	{

-	  file_hdr->c_name = CPIO_TRAILER_NAME;

+	  cpio_set_c_name (file_hdr, CPIO_TRAILER_NAME);

 	  return;

 	}

 #if 0

@@ -316,9 +316,11 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des)

 	}

       if (archive_format != arf_ustar)

-	file_hdr->c_name = stash_tar_filename (NULL, tar_hdr->name);

+        cpio_set_c_name (file_hdr, stash_tar_filename (NULL, tar_hdr->name));

       else

-	file_hdr->c_name = stash_tar_filename (tar_hdr->prefix, tar_hdr->name);

+        cpio_set_c_name (file_hdr, stash_tar_filename (tar_hdr->prefix,

+                                                      tar_hdr->name));

+

       file_hdr->c_nlink = 1;

       file_hdr->c_mode = FROM_OCTAL (tar_hdr->mode);

       file_hdr->c_mode = file_hdr->c_mode & 07777;

@@ -398,7 +400,7 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des)

 	case AREGTYPE:

 	  /* Old tar format; if the last char in filename is '/' then it is

 	     a directory, otherwise it's a regular file.  */

-	  if (file_hdr->c_name[strlen (file_hdr->c_name) - 1] == '/')

+	  if (file_hdr->c_name[file_hdr->c_namesize - 1] == '/')

 	    file_hdr->c_mode |= CP_IFDIR;

 	  else

 	    file_hdr->c_mode |= CP_IFREG;

diff --git a/src/copypass.c b/src/copypass.c

index b4e7169..8378a9b 100644

--- a/src/copypass.c

+++ b/src/copypass.c

@@ -48,10 +48,12 @@ set_copypass_perms (int fd, const char *name, struct stat *st)

    If `link_flag', link instead of copying.  */

 void

-process_copy_pass ()

+process_copy_pass (void)

 {

-  dynamic_string input_name;	/* Name of file from stdin.  */

-  dynamic_string output_name;	/* Name of new file.  */

+  dynamic_string input_name = DYNAMIC_STRING_INITIALIZER;

+                                /* Name of file from stdin.  */

+  dynamic_string output_name = DYNAMIC_STRING_INITIALIZER;

+                                /* Name of new file.  */

   size_t dirname_len;		/* Length of `directory_name'.  */

   int res;			/* Result of functions.  */

   char *slash;			/* For moving past slashes in input name.  */

@@ -69,25 +71,19 @@ process_copy_pass ()

 				   created files  */

   /* Initialize the copy pass.  */

-  ds_init (&input_name, 128);

   dirname_len = strlen (directory_name);

   if (change_directory_option && !ISSLASH (directory_name[0]))

     {

       char *pwd = xgetcwd ();