-void *safe_calloc (size_t nmemb, size_t size)
-{
- void *p;
-
- if (!nmemb || !size)
- return NULL;
-
- if (((size_t) -1) / nmemb <= size)
- {
- mutt_error _("Integer overflow -- can't allocate memory!");
- sleep (1);
- mutt_exit (1);
- }
-
- if (!(p = calloc (nmemb, size)))
- {
- mutt_error _("Out of memory!");
- sleep (1);
- mutt_exit (1);
- }
- return p;
-}
-
-void *safe_malloc (size_t siz)
-{
- void *p;
-
- if (siz == 0)
- return 0;
- if ((p = (void *) malloc (siz)) == 0) /* __MEM_CHECKED__ */
- {
- mutt_error _("Out of memory!");
- sleep (1);
- mutt_exit (1);
- }
- return (p);
-}
-
-void safe_realloc (void *ptr, size_t siz)
-{
- void *r;
- void **p = (void **)ptr;
-
- if (siz == 0)
- {
- if (*p)
- {
- free (*p); /* __MEM_CHECKED__ */
- *p = NULL;
- }
- return;
- }
-
- if (*p)
- r = (void *) realloc (*p, siz); /* __MEM_CHECKED__ */
- else
- {
- /* realloc(NULL, nbytes) doesn't seem to work under SunOS 4.1.x --- __MEM_CHECKED__ */
- r = (void *) malloc (siz); /* __MEM_CHECKED__ */
- }
-
- if (!r)
- {
- mutt_error _("Out of memory!");
- sleep (1);
- mutt_exit (1);
- }
-
- *p = r;
-}
-
-void safe_free (void *ptr)
-{
- void **p = (void **)ptr;
- if (*p)
- {
- free (*p); /* __MEM_CHECKED__ */
- *p = 0;
- }
-}
-
-int safe_fclose (FILE **f)
-{
- int r = 0;
-
- if (*f)
- r = fclose (*f);
-
- *f = NULL;
- return r;
-}
-
-char *safe_strdup (const char *s)
-{
- char *p;
- size_t l;
-
- if (!s || !*s)
- return 0;
- l = strlen (s) + 1;
- p = (char *)safe_malloc (l);
- memcpy (p, s, l);
- return (p);
-}
-
-void mutt_str_replace (char **p, const char *s)
-{
- FREE (p);
- *p = safe_strdup (s);
-}
-
-void mutt_str_adjust (char **p)
-{
- if (!p || !*p) return;
- safe_realloc (p, strlen (*p) + 1);
-}
-
-/* convert all characters in the string to lowercase */
-char *mutt_strlower (char *s)
-{
- char *p = s;
-
- while (*p)
- {
- *p = tolower ((unsigned char) *p);
- p++;
- }
-
- return (s);
-}
-
-void mutt_unlink (const char *s)
-{
- FILE *f;
- struct stat sb;
- char buf[2048];
-
- if (stat (s, &sb) == 0)
- {
- if ((f = fopen (s, "r+")))
- {
- unlink (s);
- memset (buf, 0, sizeof (buf));
- while (sb.st_size > 0)
- {
- fwrite (buf, 1, MIN (sizeof (buf), sb.st_size), f);
- sb.st_size -= MIN (sizeof (buf), sb.st_size);
- }
- fclose (f);
- }
- }
-}
-
-int mutt_copy_bytes (FILE *in, FILE *out, size_t size)
-{
- char buf[2048];
- size_t chunk;
-
- while (size > 0)
- {
- chunk = (size > sizeof (buf)) ? sizeof (buf) : size;
- if ((chunk = fread (buf, 1, chunk, in)) < 1)
- break;
- if (fwrite (buf, 1, chunk, out) != chunk)
- {
- /* dprint (1, (debugfile, "mutt_copy_bytes(): fwrite() returned short byte count\n")); */
- return (-1);
- }
- size -= chunk;
- }
-
- return 0;
-}
-
-int mutt_copy_stream (FILE *fin, FILE *fout)
-{
- size_t l;
- char buf[LONG_STRING];
-
- while ((l = fread (buf, 1, sizeof (buf), fin)) > 0)
- {
- if (fwrite (buf, 1, l, fout) != l)
- return (-1);
- }
-
- return 0;
-}
-
-static int
-compare_stat (struct stat *osb, struct stat *nsb)
-{
- if (osb->st_dev != nsb->st_dev || osb->st_ino != nsb->st_ino ||
- osb->st_rdev != nsb->st_rdev)
- {
- return -1;
- }
-
- return 0;
-}
-
-int safe_symlink(const char *oldpath, const char *newpath)
-{
- struct stat osb, nsb;
-
- if(!oldpath || !newpath)
- return -1;
-
- if(unlink(newpath) == -1 && errno != ENOENT)
- return -1;
-
- if (oldpath[0] == '/')
- {
- if (symlink (oldpath, newpath) == -1)
- return -1;
- }
- else
- {
- char abs_oldpath[_POSIX_PATH_MAX];
-
- if ((getcwd (abs_oldpath, sizeof abs_oldpath) == NULL) ||
- (strlen (abs_oldpath) + 1 + strlen (oldpath) + 1 > sizeof abs_oldpath))
- return -1;
-
- strcat (abs_oldpath, "/"); /* __STRCAT_CHECKED__ */
- strcat (abs_oldpath, oldpath); /* __STRCAT_CHECKED__ */
- if (symlink (abs_oldpath, newpath) == -1)
- return -1;
- }
-
- if(stat(oldpath, &osb) == -1 || stat(newpath, &nsb) == -1
- || compare_stat(&osb, &nsb) == -1)
- {
- unlink(newpath);
- return -1;
- }
-
- return 0;
-}
-
-/*
- * This function is supposed to do nfs-safe renaming of files.
- *
- * Warning: We don't check whether src and target are equal.
- */
-
-int safe_rename (const char *src, const char *target)
-{
- struct stat ssb, tsb;
-
- if (!src || !target)
- return -1;
-
- if (link (src, target) != 0)
- {
-
- /*
- * Coda does not allow cross-directory links, but tells
- * us it's a cross-filesystem linking attempt.
- *
- * However, the Coda rename call is allegedly safe to use.
- *
- * With other file systems, rename should just fail when
- * the files reside on different file systems, so it's safe
- * to try it here.
- *
- */
-
- if (errno == EXDEV)
- return rename (src, target);
-
- return -1;
- }
-
- /*
- * Stat both links and check if they are equal.
- */
-
- if (stat (src, &ssb) == -1)
- {
- return -1;
- }
-
- if (stat (target, &tsb) == -1)
- {
- return -1;
- }
-
- /*
- * pretend that the link failed because the target file
- * did already exist.
- */
-
- if (compare_stat (&ssb, &tsb) == -1)
- {
- errno = EEXIST;
- return -1;
- }
-
- /*
- * Unlink the original link. Should we really ignore the return
- * value here? XXX
- */
-
- unlink (src);
-
- return 0;
-}
-
-int safe_open (const char *path, int flags)
-{
- struct stat osb, nsb;
- int fd;
-
- if ((fd = open (path, flags, 0600)) < 0)
- return fd;
-
- /* make sure the file is not symlink */
- if (lstat (path, &osb) < 0 || fstat (fd, &nsb) < 0 ||
- compare_stat(&osb, &nsb) == -1)
- {
-/* dprint (1, (debugfile, "safe_open(): %s is a symlink!\n", path)); */
- close (fd);
- return (-1);
- }
-
- return (fd);
-}
-
-/* when opening files for writing, make sure the file doesn't already exist
- * to avoid race conditions.
- */
-FILE *safe_fopen (const char *path, const char *mode)
-{
- /* first set the current umask */
- umask(Umask);
- if (mode[0] == 'w')
- {
- int fd;
- int flags = O_CREAT | O_EXCL;
-
-#ifdef O_NOFOLLOW
- flags |= O_NOFOLLOW;
-#endif
-
- if (mode[1] == '+')
- flags |= O_RDWR;
- else
- flags |= O_WRONLY;
-
- if ((fd = safe_open (path, flags)) < 0)
- return (NULL);
-
- return (fdopen (fd, mode));
- }
- else
- return (fopen (path, mode));
-}
-
-static char safe_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+@{}._-:%/";
-
-void mutt_sanitize_filename (char *f, short slash)
-{
- if (!f) return;
-
- for (; *f; f++)
- {
- if ((slash && *f == '/') || !strchr (safe_chars, *f))
- *f = '_';
- }
-}