* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
#include "rsync.h"
extern int protocol_version;
extern int recurse;
extern int relative_paths;
+extern int sanitize_paths;
+extern int curr_dir_depth;
+extern int module_id;
extern int rsync_port;
extern int whole_file;
extern int read_batch;
extern pid_t cleanup_child_pid;
extern struct stats stats;
extern char *filesfrom_host;
+extern char *partial_dir;
+extern char *basis_dir[];
extern char *rsync_path;
extern char *shell_cmd;
extern char *batch_name;
+extern struct filter_list_struct server_filter_list;
int local_server = 0;
mode_t orig_umask = 0;
* it and use mode 1. If there is something other than a directory
* at the destination path, we must be transferring one file
* (anything at the destination will be overwritten). */
- if (do_stat(dest_path, &st) == 0) {
+ if (safe_stat(dest_path, &st) == 0) {
if (S_ISDIR(st.st_mode)) {
+ if (sanitize_paths)
+ die_on_unsafe_path(dest_path, 0);
if (!push_dir(dest_path)) {
rsyserr(FERROR, errno, "push_dir#1 %s failed",
full_fname(dest_path));
}
return NULL;
}
+ if (sanitize_paths && S_ISLNK(st.st_mode))
+ die_on_unsafe_path(dest_path, 0);
if (flist->count > 1) {
rprintf(FERROR,
"ERROR: destination must be a directory when"
return NULL;
}
+ if (sanitize_paths)
+ die_on_unsafe_path(dest_path, 0);
if (!push_dir(dest_path)) {
rsyserr(FERROR, errno, "push_dir#2 %s failed",
full_fname(dest_path));
dest_path = "/";
*cp = '\0';
+ if (sanitize_paths)
+ die_on_unsafe_path(dest_path, 0);
if (!push_dir(dest_path)) {
rsyserr(FERROR, errno, "push_dir#3 %s failed",
full_fname(dest_path));
return;
}
- if (!relative_paths && !push_dir(dir)) {
- rsyserr(FERROR, errno, "push_dir#3 %s failed",
- full_fname(dir));
- exit_cleanup(RERR_FILESELECT);
+ if (!relative_paths) {
+ if (sanitize_paths)
+ die_on_unsafe_path(dir, 0);
+ if (!push_dir(dir)) {
+ rsyserr(FERROR, errno, "push_dir#3 %s failed",
+ full_fname(dir));
+ exit_cleanup(RERR_FILESELECT);
+ }
}
argc--;
argv++;
if (argc > 0)
local_name = get_local_name(flist,argv[0]);
+ /* Now that we know what our destination directory turned out to be,
+ * we can sanitize the --link-/copy-/compare-dest args correctly. */
+ if (sanitize_paths) {
+ char **dir;
+ for (dir = basis_dir; *dir; dir++) {
+ *dir = sanitize_path(NULL, *dir, NULL, curr_dir_depth, NULL);
+ die_on_unsafe_path(*dir, 0);
+ }
+ if (partial_dir) {
+ partial_dir = sanitize_path(NULL, partial_dir, NULL, curr_dir_depth, NULL);
+ /* A relative path gets this checked at every dir change. */
+ if (*partial_dir == '/')
+ die_on_unsafe_path(partial_dir, 0);
+ }
+ }
+ if (server_filter_list.head) {
+ char **dir;
+ struct filter_list_struct *elp = &server_filter_list;
+
+ for (dir = basis_dir; *dir; dir++) {
+ if (check_filter(elp, *dir, 1) < 0)
+ goto options_rejected;
+ }
+ if (partial_dir && *partial_dir == '/'
+ && check_filter(elp, partial_dir, 1) < 0) {
+ options_rejected:
+ rprintf(FERROR,
+ "Your options have been rejected by the server.\n");
+ exit_cleanup(RERR_SYNTAX);
+ }
+ }
+
exit_code = do_recv(f_in,f_out,flist,local_name);
exit_cleanup(exit_code);
}
Matt McCutchen's Web Site / rsync / rsync.git / blobdiff