Don't allow a slash to be specified in a module name.

[rsync/rsync.git] / clientserver.c

diff --git a/clientserver.c b/clientserver.c
index 9207b1a..1e3af63 100644 (file)
--- a/clientserver.c
+++ b/clientserver.c
@@ -58,6 +58,7 @@ extern char curr_dir[];
 char *auth_user;
 int read_only = 0;
 int module_id = -1;
+int munge_symlinks = 0;
 struct chmod_mode_struct *daemon_chmod_modes;
 
 /* module_dirlen is the length of the module_dir string when in daemon
@@ -354,8 +355,12 @@ static int read_arg_from_pipe(int fd, char *buf, int limit)
        char *bp = buf, *eob = buf + limit - 1;
 
        while (1) {
-           if (read(fd, bp, 1) != 1)
+           int got = read(fd, bp, 1);
+           if (got != 1) {
+               if (got < 0 && errno == EINTR)
+                       continue;
                return -1;
+           }
            if (*bp == '\0')
                break;
            if (bp < eob)
@@ -624,6 +629,18 @@ static int rsync_module(int f_in, int f_out, int i, char *addr, char *host)
                sanitize_paths = 1;
        }
 
+       if ((munge_symlinks = lp_munge_symlinks(i)) < 0)
+               munge_symlinks = !use_chroot;
+       if (munge_symlinks) {
+               STRUCT_STAT st;
+               if (stat(SYMLINK_PREFIX, &st) == 0 && S_ISDIR(st.st_mode)) {
+                       rprintf(FLOG, "Symlink munging is unsupported when a %s directory exists.\n",
+                               SYMLINK_PREFIX);
+                       io_printf(f_out, "@ERROR: daemon security issue -- contact admin\n", name);
+                       exit_cleanup(RERR_UNSUPPORTED);
+               }
+       }
+
        if (am_root) {
                /* XXXX: You could argue that if the daemon is started
                 * by a non-root user and they explicitly specify a