Attachment #35051 for bug #49534

View | Details | Raw Unified | Return to bug 49534
Collapse All | Expand All

Lines 21-26 Link Here

(-)options.c (-13 / +32 lines)
21	#include "rsync.h"	21	#include "rsync.h"
22	#include "popt.h"	22	#include "popt.h"
23		23
		24	extern int sanitize_paths;
		25	extern char curr_dir[MAXPATHLEN];
24	extern struct exclude_struct **exclude_list;	26	extern struct exclude_struct **exclude_list;
25		27
26	int make_backups = 0;	28	int make_backups = 0;
Lines 359-365 Link Here
359	{"timeout", 0, POPT_ARG_INT, &io_timeout, 0, 0, 0 },	361	{"timeout", 0, POPT_ARG_INT, &io_timeout, 0, 0, 0 },
360	{"temp-dir", 'T', POPT_ARG_STRING, &tmpdir, 0, 0, 0 },	362	{"temp-dir", 'T', POPT_ARG_STRING, &tmpdir, 0, 0, 0 },
361	{"compare-dest", 0, POPT_ARG_STRING, &compare_dest, 0, 0, 0 },	363	{"compare-dest", 0, POPT_ARG_STRING, &compare_dest, 0, 0, 0 },
362	{"link-dest", 0, POPT_ARG_STRING, 0, OPT_LINK_DEST, 0, 0 },	364	{"link-dest", 0, POPT_ARG_STRING, &compare_dest, OPT_LINK_DEST, 0, 0 },
363	/* TODO: Should this take an optional int giving the compression level? */	365	/* TODO: Should this take an optional int giving the compression level? */
364	{"compress", 'z', POPT_ARG_NONE, &do_compression, 0, 0, 0 },	366	{"compress", 'z', POPT_ARG_NONE, &do_compression, 0, 0, 0 },
365	{"daemon", 0, POPT_ARG_NONE, &daemon_opt, 0, 0, 0 },	367	{"daemon", 0, POPT_ARG_NONE, &daemon_opt, 0, 0, 0 },
Lines 469-474 Link Here
469	{	471	{
470	int opt;	472	int opt;
471	char *ref = lp_refuse_options(module_id);	473	char *ref = lp_refuse_options(module_id);
		474	const char *arg;
472	poptContext pc;	475	poptContext pc;
473		476
474	if (ref && *ref)	477	if (ref && *ref)
Lines 517-528 Link Here
517	break;	520	break;
518		521
519	case OPT_EXCLUDE_FROM:	522	case OPT_EXCLUDE_FROM:
520	add_exclude_file(&exclude_list, poptGetOptArg(pc),	523	arg = poptGetOptArg(pc);
		524	if (sanitize_paths)
		525	arg = alloc_sanitize_path(arg, curr_dir);
		526	add_exclude_file(&exclude_list, arg,
521	MISSING_FATAL, ADD_EXCLUDE);	527	MISSING_FATAL, ADD_EXCLUDE);
522	break;	528	break;
523		529
524	case OPT_INCLUDE_FROM:	530	case OPT_INCLUDE_FROM:
525	add_exclude_file(&exclude_list, poptGetOptArg(pc),	531	arg = poptGetOptArg(pc);
		532	if (sanitize_paths)
		533	arg = alloc_sanitize_path(arg, curr_dir);
		534	add_exclude_file(&exclude_list, arg,
526	MISSING_FATAL, ADD_INCLUDE);	535	MISSING_FATAL, ADD_INCLUDE);
527	break;	536	break;
528		537
Lines 566-572 Link Here
566		575
567	case OPT_LINK_DEST:	576	case OPT_LINK_DEST:
568	#if HAVE_LINK	577	#if HAVE_LINK
569	compare_dest = (char *)poptGetOptArg(pc);
570	link_dest = 1;	578	link_dest = 1;
571	break;	579	break;
572	#else	580	#else
Lines 660-665 Link Here
660	if (relative_paths < 0)	668	if (relative_paths < 0)
661	relative_paths = files_from? 1 : 0;	669	relative_paths = files_from? 1 : 0;
662		670
		671	*argv = poptGetArgs(pc);
		672	if (*argv)
		673	argc = count_args(argv);
		674	else
		675	*argc = 0;
		676
		677	if (sanitize_paths) {
		678	int i;
		679	for (i = *argc; i-- > 0; )
		680	(argv)[i] = alloc_sanitize_path((argv)[i], NULL);
		681	if (tmpdir)
		682	tmpdir = alloc_sanitize_path(tmpdir, curr_dir);
		683	if (compare_dest)
		684	compare_dest = alloc_sanitize_path(compare_dest, curr_dir);
		685	if (backup_dir)
		686	backup_dir = alloc_sanitize_path(backup_dir, curr_dir);
		687	if (files_from)
		688	files_from = alloc_sanitize_path(files_from, curr_dir);
		689	}
		690
663	if (!backup_suffix)	691	if (!backup_suffix)
664	backup_suffix = backup_dir ? "" : BACKUP_SUFFIX;	692	backup_suffix = backup_dir ? "" : BACKUP_SUFFIX;
665	backup_suffix_len = strlen(backup_suffix);	693	backup_suffix_len = strlen(backup_suffix);
Lines 690-701 Link Here
690	if (do_progress && !verbose)	718	if (do_progress && !verbose)
691	verbose = 1;	719	verbose = 1;
692		720
693	*argv = poptGetArgs(pc);
694	if (*argv)
695	argc = count_args(argv);
696	else
697	*argc = 0;
698
699	if (files_from) {	721	if (files_from) {
700	char *colon;	722	char *colon;
701	if (*argc != 2) {	723	if (*argc != 2) {
Lines 718-726 Link Here
718	exit_cleanup(RERR_SYNTAX);	740	exit_cleanup(RERR_SYNTAX);
719	}	741	}
720	} else {	742	} else {
721	extern int sanitize_paths;
722	if (sanitize_paths)
723	sanitize_path(strdup(files_from), NULL);
724	filesfrom_fd = open(files_from, O_RDONLY\|O_BINARY);	743	filesfrom_fd = open(files_from, O_RDONLY\|O_BINARY);
725	if (filesfrom_fd < 0) {	744	if (filesfrom_fd < 0) {
726	rsyserr(FERROR, errno,	745	rsyserr(FERROR, errno,




		}
	}

	if (sanitize_paths) {
		/*
		 * Note that this is applied to all parameters, whether or not
		 *    they are filenames, but no other legal parameters contain
		 *    the forms that need to be sanitized so it doesn't hurt;
		 *    it is not known at this point which parameters are files
		 *    and which aren't.
		 */
		for (i = 1; i < argc; i++) {
			sanitize_path(argv[i], NULL);
		}
	}

	argp = argv;
	ret = parse_arguments(&argc, (const char ***) &argp, 0);


Lines 260-265 Link Here

(-)proto.h (+1 lines)
260	void strlower(char *s);	260	void strlower(char *s);
261	void clean_fname(char *name);	261	void clean_fname(char *name);
262	void sanitize_path(char p, char reldir);	262	void sanitize_path(char p, char reldir);
		263	char alloc_sanitize_path(const char path, const char *rootdir);
263	char push_dir(char dir, int save);	264	char push_dir(char dir, int save);
264	int pop_dir(char *dir);	265	int pop_dir(char *dir);
265	char full_fname(char fn);	266	char full_fname(char fn);




	*sanp = '\0';
}

/* Works much like sanitize_path(), with these differences:  (1) a new buffer
 * is allocated for the sanitized path rather than modifying it in-place; (2)
 * a leading slash gets transformed into the rootdir value (which can be empty
 * or NULL if you just want the slash to get dropped); (3) no "reldir" can be
 * specified. */
char *alloc_sanitize_path(const char *path, const char *rootdir)
{
	char *buf;
	int rlen, plen = strlen(path);

	if (*path == '/' && rootdir)
		rlen = strlen(rootdir);
	else
		rlen = 0;
	if (!(buf = new_array(char, rlen + plen + 1)))
		out_of_memory("alloc_sanitize_path");
	if (rlen)
		memcpy(buf, rootdir, rlen);
	memcpy(buf + rlen, path, plen + 1);

	if (rlen)
		rlen++;
	sanitize_path(buf + rlen, NULL);
	if (rlen && buf[rlen] == '.' && buf[rlen+1] == '\0')
		buf[rlen-1] = '\0';

	return buf;
}

char curr_dir[MAXPATHLEN];
unsigned int curr_dir_len;

Return to bug 49534

Lines 423-428 Link Here

(-)clientserver.c (+13 lines)
423	}	423	}
424	}	424	}
425		425
		426	if (sanitize_paths) {
		427	/*
		428	* Note that this is applied to all parameters, whether or not
		429	* they are filenames, but no other legal parameters contain
		430	* the forms that need to be sanitized so it doesn't hurt;
		431	* it is not known at this point which parameters are files
		432	* and which aren't.
		433	*/
		434	for (i = 1; i < argc; i++) {
		435	sanitize_path(argv[i], NULL);
		436	}
		437	}
		438
426	argp = argv;	439	argp = argv;
427	ret = parse_arguments(&argc, (const char ***) &argp, 0);	440	ret = parse_arguments(&argc, (const char ***) &argp, 0);
428		441

Lines 775-780 Link Here

(-)util.c (+28 lines)
775	*sanp = '\0';	775	*sanp = '\0';
776	}	776	}
777		777
		778	/* Works much like sanitize_path(), with these differences: (1) a new buffer
		779	* is allocated for the sanitized path rather than modifying it in-place; (2)
		780	* a leading slash gets transformed into the rootdir value (which can be empty
		781	* or NULL if you just want the slash to get dropped); (3) no "reldir" can be
		782	* specified. */
		783	char alloc_sanitize_path(const char path, const char *rootdir)
		784	{
		785	char *buf;
		786	int rlen, plen = strlen(path);
		787
		788	if (*path == '/' && rootdir)
		789	rlen = strlen(rootdir);
		790	else
		791	rlen = 0;
		792	if (!(buf = new_array(char, rlen + plen + 1)))
		793	out_of_memory("alloc_sanitize_path");
		794	if (rlen)
		795	memcpy(buf, rootdir, rlen);
		796	memcpy(buf + rlen, path, plen + 1);
		797
		798	if (rlen)
		799	rlen++;
		800	sanitize_path(buf + rlen, NULL);
		801	if (rlen && buf[rlen] == '.' && buf[rlen+1] == '\0')
		802	buf[rlen-1] = '\0';
		803
		804	return buf;
		805	}
778		806
779	char curr_dir[MAXPATHLEN];	807	char curr_dir[MAXPATHLEN];
780	unsigned int curr_dir_len;	808	unsigned int curr_dir_len;