*f_in = from_child_pipe[0];
*f_out = to_child_pipe[1];
+
+ set_nonblocking(*f_in);
+ set_nonblocking(*f_out);
return pid;
}
for an error.
derived from GNU C's cccp.c. */
-int safe_read(int desc, char *ptr, int len)
+static int safe_read(int desc, char *ptr, int len)
{
int n_chars;
}
ofd = do_open(dest, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL, mode);
- if (ofd < 0) {
+ if (ofd == -1) {
rprintf(FERROR,"open %s: %s\n",
dest,strerror(errno));
close(ifd);
}
-/****************************************************************************
-check if a process exists.
-****************************************************************************/
-int process_exists(int pid)
-{
- return(kill(pid,0) == 0 || errno != ESRCH);
-}
-
/* lock a byte range in a open file */
int lock_range(int fd, int offset, int len)
{
static void glob_expand_one(char *s, char **argv, int *argc, int maxargs)
{
-#ifndef HAVE_GLOB
+#if !(defined(HAVE_GLOB) && defined(HAVE_GLOB_H))
if (!*s) s = ".";
argv[*argc] = strdup(s);
(*argc)++;
pass 1023 for n */
int vslprintf(char *str, int n, const char *format, va_list ap)
{
-#ifdef HAVE_VSNPRINTF
int ret = vsnprintf(str, n, format, ap);
if (ret > n || ret < 0) {
str[n] = 0;
}
str[ret] = 0;
return ret;
-#else
- static char *buf;
- static int len=MAXPATHLEN*8;
- int ret;
-
- /* this code is NOT a proper vsnprintf() implementation. It
- relies on the fact that all calls to slprintf() in rsync
- pass strings which have already been checked to be less
- than MAXPATHLEN in length and never more than 2 strings are
- concatenated. This means the above buffer is absolutely
- ample and can never be overflowed.
-
- In the future we would like to replace this with a proper
- vsnprintf() implementation but right now we need a solution
- that is secure and portable. This is it. */
-
- if (!buf) {
- buf = malloc(len);
- if (!buf) {
- /* can't call debug or we would recurse */
- exit_cleanup(1);
- }
- }
-
- vsprintf(buf, format, ap);
- ret = strlen(buf);
- if (ret > n) {
- /* yikes! */
- exit_cleanup(1);
- }
- buf[ret] = 0;
-
- memcpy(str, buf, ret+1);
-
- return ret;
-#endif
}
}
}
}
+
+/* determine if a symlink points outside the current directory tree */
+int unsafe_symlink(char *dest, char *src)
+{
+ char *tok;
+ int depth = 0;
+
+ /* all absolute and null symlinks are unsafe */
+ if (!dest || !(*dest) || (*dest == '/')) return 1;
+
+ src = strdup(src);
+ if (!src) out_of_memory("unsafe_symlink");
+
+ /* find out what our safety margin is */
+ for (tok=strtok(src,"/"); tok; tok=strtok(NULL,"/")) {
+ if (strcmp(tok,"..") == 0) {
+ depth=0;
+ } else if (strcmp(tok,".") == 0) {
+ /* nothing */
+ } else {
+ depth++;
+ }
+ }
+ free(src);
+
+ /* drop by one to account for the filename portion */
+ depth--;
+
+ dest = strdup(dest);
+ if (!dest) out_of_memory("unsafe_symlink");
+
+ for (tok=strtok(dest,"/"); tok; tok=strtok(NULL,"/")) {
+ if (strcmp(tok,"..") == 0) {
+ depth--;
+ } else if (strcmp(tok,".") == 0) {
+ /* nothing */
+ } else {
+ depth++;
+ }
+ /* if at any point we go outside the current directory then
+ stop - it is unsafe */
+ if (depth < 0) break;
+ }
+
+ free(dest);
+ return (depth < 0);
+}
+
+/*
+ * Make path appear as if a chroot had occurred:
+ * 1. remove leading "/" (or replace with "." if at end)
+ * 2. remove leading ".." components
+ * 3. delete any other "<dir>/.." (recursively)
+ * Return a malloc'ed copy.
+ * Contributed by Dave Dykstra <dwd@bell-labs.com>
+ */
+
+char *sanitize_path(char *p)
+{
+ char *copy, *copyp;
+
+ copy = (char *) malloc(strlen(p)+1);
+ copyp = copy;
+ while (*p != '\0') {
+ if ((*p == '/') && (copyp == copy)) {
+ /* remove leading slash */
+ p++;
+ }
+ else if ((*p == '.') && (*(p+1) == '.') &&
+ ((*(p+2) == '/') || (*(p+2) == '\0'))) {
+ /* remove .. followed by slash or end */
+ p += 2;
+ if (copyp != copy) {
+ /* backup the copy one level */
+ while ((--copyp != copy) && (*copyp == '/'))
+ /* skip trailing slashes */
+ ;
+ while ((copyp != copy) && (*copyp != '/'))
+ /* skip back through slash */
+ copyp--;
+ }
+ } else {
+ /* copy one component */
+ while (1) {
+ *copyp++ = *p++;
+ if ((*p == '\0') || (*(p-1) == '/'))
+ break;
+ }
+ }
+ }
+ *copyp = '\0';
+ return(copy);
+}
+