(pre_sync): Store the previous backup file.

(copy_file): Abort if we cannot seek or read the file we copy
	from.  Abort if the value we read didn't end in a newline, start
	with "T ", "C " or "P ", if the identity number in the data isn't
	what we expected, or if it isn't followed by a space.  This
	change attempts to detect file damage as early as possible.

src/server/simple-cache.c

 /*
- * $Id: simple-cache.c,v 0.68 1998/08/14 18:54:48 ceder Exp $
+ * $Id: simple-cache.c,v 0.69 1998/10/11 17:19:10 ceder Exp $
  * Copyright (C) 1991, 1992, 1993, 1994, 1995, 1996  Lysator Academic Computer Association.
  *
  * This file is part of the LysKOM server.
@@ -35,7 +35,7 @@
  */
 
 static const char *
-rcsid = "$Id: simple-cache.c,v 0.68 1998/08/14 18:54:48 ceder Exp $";
+rcsid = "$Id: simple-cache.c,v 0.69 1998/10/11 17:19:10 ceder Exp $";
 #include "rcs.h"
 USE(rcsid);
 
@@ -1544,6 +1544,15 @@ pre_sync(void)
     
     if (is_clean(param.datafile_name))
     {
+	if (is_clean(param.backupfile_name))
+	{
+	    if (rename(param.backupfile_name,
+		       param.backupfile_name_2) != 0)
+	    {
+		log("pre_sync: can't do extra backup.\n");
+	    }
+	}
+
 	if (rename(param.datafile_name, param.backupfile_name) != 0)
 	    restart_kom("pre_sync: can't backup.\n");
     }
@@ -1601,30 +1610,77 @@ copy_file(FILE *from,
 	  FILE *to,
 	  long from_pos,
 	  long len,
-	  long UNUSED(no))	/* FIXME: should sanity-check no. */
+	  long no)
 {
     char *buf;
     long result;
+    long num;
+    long new_num;
+    long num_ix;
 
-    buf = smalloc(len);
+    if (len < 3)
+    {
+	restart_kom("copy_file: insane len %ld\n", len);
+    }
+    buf = smalloc(len+1);
     if ( fseek(from, from_pos, SEEK_SET) == -1 )
     {
 	sync_state = sync_error;
-	log("sync: copy_file(): fseek failed.\n");
+	restart_kom("sync: copy_file(): fseek failed.\n");
 	sfree(buf);
 	return;
     }
     
-    if ( (result = fread(buf, 1, len, from)) != len )
+    if ( (result = fread(buf, 1, len+1, from)) != len+1 )
     {
-	log("%s.\nfrom_pos = %ld, len = %ld, result = %ld\n",
-	    "sync: copy_file(): fread failed",
-	    from_pos, len, result);
+	restart_kom("%s.\nfrom_pos = %ld, len = %ld, result = %ld\n",
+		    "sync: copy_file(): fread failed",
+		    from_pos, len, result);
 
 	sync_state = sync_error;
 	sfree(buf);
 	return;
     }
+    if (buf[len] != '\n')
+    {
+	restart_kom("Failed to find a newline at %ld + %ld - 1\n",
+		    from_pos, len);
+    }
+    if (buf[0] != 'T' && buf[0] != 'C' && buf[0] != 'P')
+    {
+	restart_kom("Found char %d at pos %ld; expected T, C or P\n",
+		    buf[0], from_pos);
+    }
+    if (buf[1] != ' ')
+    {
+	restart_kom("Expected space after T, C or P but got %d at %ld\n",
+		    buf[1], from_pos);
+    }
+    num = 0;
+    for (num_ix = 2; num_ix < len && buf[num_ix] >= '0' && buf[num_ix] <= '9';
+	 ++num_ix)
+    {
+	new_num = 10 * num + buf[num_ix] - '0';
+	if (new_num / 10 != num)
+	{
+	    restart_kom("copy_file: number overflow at %ld\n", from_pos);
+	}
+	num = new_num;
+    }
+    if (num != no)
+    {
+	restart_kom("copy_file: expected %ld, got %ld; no sanity at %ld\n",
+		    no, num, from_pos);
+    }
+    if (num_ix >= len)
+    {
+	restart_kom("copy_file: to little data at %ld\n", from_pos);
+    }
+    if (buf[num_ix] != ' ')
+    {
+	restart_kom("copy_file: expected space after number %ld at %ld; got %d\n",
+		    num, from_pos, buf[num_ix]);
+    }
 
     if ( fseek(to, 0, SEEK_END) == -1 )
     {
@@ -2212,6 +2268,9 @@ init_cache(void)
     }
     else
     {
+	/* Don't attempt to use backupfile_name_2 automatically.  If
+	   that file is ever needed something is really broken; manual
+	   intervention is needed to assess the damage.  */
 	log("WARNING: init_cache: can't find old data base.\n");
         kom_errno = KOM_INTERNAL_ERROR;
         err_stat = 0;