counter = 1;
} while (((rc = access(path, 0)) == 0) && (counter != start));
- if (verbose > 0)
+ if (verbose > 0) {
rprintf(FINFO,"renaming %s to %s because of text busy\n",
- fname, path);
+ fname, path);
+ }
/* maybe we should return rename()'s exit status? Nah. */
if (do_rename(fname, path) != 0) {
return fcntl(fd,F_SETLK,&lock) == 0;
}
+static int exclude_server_path(char *arg)
+{
+ char *s;
+ extern struct exclude_struct **server_exclude_list;
+
+ if (server_exclude_list) {
+ for (s = arg; (s = strchr(s, '/')) != NULL; ) {
+ *s = '\0';
+ if (check_exclude(server_exclude_list, arg, 1)) {
+ /* We must leave arg truncated! */
+ return 1;
+ }
+ *s++ = '/';
+ }
+ }
+ return 0;
+}
static void glob_expand_one(char *s, char **argv, int *argc, int maxargs)
{
#if !(defined(HAVE_GLOB) && defined(HAVE_GLOB_H))
if (!*s) s = ".";
- argv[*argc] = strdup(s);
+ s = argv[*argc] = strdup(s);
+ exclude_server_path(s);
(*argc)++;
- return;
#else
extern int sanitize_paths;
glob_t globbuf;
if (!*s) s = ".";
- argv[*argc] = strdup(s);
+ s = argv[*argc] = strdup(s);
if (sanitize_paths) {
- sanitize_path(argv[*argc], NULL);
+ sanitize_path(s, NULL);
}
memset(&globbuf, 0, sizeof(globbuf));
- glob(argv[*argc], 0, NULL, &globbuf);
+ if (!exclude_server_path(s))
+ glob(s, 0, NULL, &globbuf);
if (globbuf.gl_pathc == 0) {
(*argc)++;
globfree(&globbuf);
return;
}
for (i=0; i<(maxargs - (*argc)) && i < (int) globbuf.gl_pathc;i++) {
- if (i == 0) free(argv[*argc]);
+ if (i == 0) free(s);
argv[(*argc) + i] = strdup(globbuf.gl_pathv[i]);
if (!argv[(*argc) + i]) out_of_memory("glob_expand");
}
#endif
}
+/* This routine is only used in daemon mode. */
void glob_expand(char *base1, char **argv, int *argc, int maxargs)
{
char *s = argv[*argc];
char *p, *q;
char *base = base1;
+ int base_len = strlen(base);
if (!s || !*s) return;
- if (strncmp(s, base, strlen(base)) == 0) {
- s += strlen(base);
- }
+ if (strncmp(s, base, base_len) == 0)
+ s += base_len;
s = strdup(s);
if (!s) out_of_memory("glob_expand");
if (asprintf(&base," %s/", base1) <= 0) out_of_memory("glob_expand");
+ base_len++;
q = s;
while ((p = strstr(q,base)) && ((*argc) < maxargs)) {
/* split it at this point */
*p = 0;
glob_expand_one(q, argv, argc, maxargs);
- q = p+strlen(base);
+ q = p + base_len;
}
if (*q && (*argc < maxargs)) glob_expand_one(q, argv, argc, maxargs);
void strlower(char *s)
{
while (*s) {
- if (isupper(*s)) *s = tolower(*s);
+ if (isupper(* (unsigned char *) s))
+ *s = tolower(* (unsigned char *) s);
s++;
}
}
}
allowdotdot = 0;
if ((*p == '.') && (*(p+1) == '.') &&
- ((*(p+2) == '/') || (*(p+2) == '\0'))) {
+ ((*(p+2) == '/') || (*(p+2) == '\0'))) {
/* ".." component followed by slash or end */
if ((depth > 0) && (sanp == start)) {
/* allow depth levels of .. at the beginning */
}
-static char curr_dir[MAXPATHLEN];
+char curr_dir[MAXPATHLEN];
-/** like chdir() but can be reversed with pop_dir() if save is set. It
- is also much faster as it remembers where we have been */
+/**
+ * Like chdir() but can be reversed with pop_dir() if @p save is set.
+ * It is also much faster as it remembers where we have been.
+ **/
char *push_dir(char *dir, int save)
{
char *ret = curr_dir;
if (*dir == '/') {
strlcpy(curr_dir, dir, sizeof(curr_dir));
- } else {
+ } else if (dir[0] != '.' || dir[1] != '\0') {
strlcat(curr_dir,"/", sizeof(curr_dir));
strlcat(curr_dir,dir, sizeof(curr_dir));
}
return ret;
}
-/** Reverse a push_dir call */
+/** Reverse a push_dir() call */
int pop_dir(char *dir)
{
int ret;
* else's machine it might allow them to establish a symlink to
* /etc/passwd, and then read it through a web server.
*
+ * Null symlinks and absolute symlinks are always unsafe.
+ *
+ * Basically here we are concerned with symlinks whose target contains
+ * "..", because this might cause us to walk back up out of the
+ * transferred directory. We are not allowed to go back up and
+ * reenter.
+ *
* @param dest Target of the symlink in question.
*
* @param src Top source directory currently applicable. Basically this
*
* @retval True if unsafe
* @retval False is unsafe
+ *
+ * @sa t_unsafe.c
**/
-int unsafe_symlink(char *dest, char *src)
+int unsafe_symlink(const char *dest, const char *src)
{
- char *tok;
+ const char *name, *slash;
int depth = 0;
/* all absolute and null symlinks are unsafe */
- if (!dest || !(*dest) || (*dest == '/')) return 1;
-
- src = strdup(src);
- if (!src) out_of_memory("unsafe_symlink");
+ if (!dest || !*dest || *dest == '/') return 1;
/* find out what our safety margin is */
- for (tok=strtok(src,"/"); tok; tok=strtok(NULL,"/")) {
- if (strcmp(tok,"..") == 0) {
+ for (name = src; (slash = strchr(name, '/')) != 0; name = slash+1) {
+ if (strncmp(name, "../", 3) == 0) {
depth=0;
- } else if (strcmp(tok,".") == 0) {
+ } else if (strncmp(name, "./", 2) == 0) {
/* nothing */
} else {
depth++;
}
}
- free(src);
-
- /* drop by one to account for the filename portion */
- depth--;
-
- dest = strdup(dest);
- if (!dest) out_of_memory("unsafe_symlink");
+ if (strcmp(name, "..") == 0)
+ depth = 0;
- for (tok=strtok(dest,"/"); tok; tok=strtok(NULL,"/")) {
- if (strcmp(tok,"..") == 0) {
- depth--;
- } else if (strcmp(tok,".") == 0) {
+ for (name = dest; (slash = strchr(name, '/')) != 0; name = slash+1) {
+ if (strncmp(name, "../", 3) == 0) {
+ /* if at any point we go outside the current directory
+ then stop - it is unsafe */
+ if (--depth < 0)
+ return 1;
+ } else if (strncmp(name, "./", 2) == 0) {
/* nothing */
} else {
depth++;
}
- /* if at any point we go outside the current directory then
- stop - it is unsafe */
- if (depth < 0) break;
}
+ if (strcmp(name, "..") == 0)
+ depth--;
- free(dest);
return (depth < 0);
}