Doc.

[rsync/rsync.git] / util.c

diff --git a/util.c b/util.c
index 0f5a410..21ace4d 100644 (file)
--- a/util.c
+++ b/util.c
@@ -700,8 +700,10 @@ void sanitize_path(char *p, char *reldir)
 
 static char curr_dir[MAXPATHLEN];
 
-/** like chdir() but can be reversed with pop_dir() if save is set. It
-   is also much faster as it remembers where we have been */
+/**
+ * Like chdir() but can be reversed with pop_dir() if @p save is set.
+ * It is also much faster as it remembers where we have been.
+ **/
 char *push_dir(char *dir, int save)
 {
        char *ret = curr_dir;
@@ -732,7 +734,7 @@ char *push_dir(char *dir, int save)
        return ret;
 }
 
-/** Reverse a push_dir call */
+/** Reverse a push_dir() call */
 int pop_dir(char *dir)
 {
        int ret;
@@ -772,6 +774,13 @@ int u_strcmp(const char *cs1, const char *cs2)
  * else's machine it might allow them to establish a symlink to
  * /etc/passwd, and then read it through a web server.
  *
+ * Null symlinks and absolute symlinks are always unsafe.
+ *
+ * Basically here we are concerned with symlinks whose target contains
+ * "..", because this might cause us to walk back up out of the
+ * transferred directory.  We are not allowed to go back up and
+ * reenter.
+ *
  * @param dest Target of the symlink in question.
  *
  * @param src Top source directory currently applicable.  Basically this
@@ -780,6 +789,8 @@ int u_strcmp(const char *cs1, const char *cs2)
  *
  * @retval True if unsafe
  * @retval False is unsafe
+ *
+ * @sa t_unsafe.c
  **/
 int unsafe_symlink(char *dest, char *src)
 {