X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/blobdiff_plain/6e4fb64e6141727b8144bb77265bf0a4a8450a39..5afd8aedce004cc11700285c16ea84f1e857d473:/util.c?ds=sidebyside diff --git a/util.c b/util.c index 8b36474e..16d8f6cc 100644 --- a/util.c +++ b/util.c @@ -61,14 +61,14 @@ int piped_child(char **command,int *f_in,int *f_out) if (pipe(to_child_pipe) < 0 || pipe(from_child_pipe) < 0) { rprintf(FERROR,"pipe: %s\n",strerror(errno)); - exit_cleanup(1); + exit_cleanup(RERR_IPC); } pid = do_fork(); if (pid < 0) { rprintf(FERROR,"fork: %s\n",strerror(errno)); - exit_cleanup(1); + exit_cleanup(RERR_IPC); } if (pid == 0) @@ -79,7 +79,7 @@ int piped_child(char **command,int *f_in,int *f_out) close(from_child_pipe[0]) < 0 || dup2(from_child_pipe[1], STDOUT_FILENO) < 0) { rprintf(FERROR,"Failed to dup/close : %s\n",strerror(errno)); - exit_cleanup(1); + exit_cleanup(RERR_IPC); } if (to_child_pipe[0] != STDIN_FILENO) close(to_child_pipe[0]); if (from_child_pipe[1] != STDOUT_FILENO) close(from_child_pipe[1]); @@ -87,13 +87,13 @@ int piped_child(char **command,int *f_in,int *f_out) execvp(command[0], command); rprintf(FERROR,"Failed to exec %s : %s\n", command[0],strerror(errno)); - exit_cleanup(1); + exit_cleanup(RERR_IPC); } if (close(from_child_pipe[1]) < 0 || close(to_child_pipe[0]) < 0) { rprintf(FERROR,"Failed to close : %s\n",strerror(errno)); - exit_cleanup(1); + exit_cleanup(RERR_IPC); } *f_in = from_child_pipe[0]; @@ -114,14 +114,14 @@ int local_child(int argc, char **argv,int *f_in,int *f_out) if (pipe(to_child_pipe) < 0 || pipe(from_child_pipe) < 0) { rprintf(FERROR,"pipe: %s\n",strerror(errno)); - exit_cleanup(1); + exit_cleanup(RERR_IPC); } pid = do_fork(); if (pid < 0) { rprintf(FERROR,"fork: %s\n",strerror(errno)); - exit_cleanup(1); + exit_cleanup(RERR_IPC); } if (pid == 0) { @@ -136,7 +136,7 @@ int local_child(int argc, char **argv,int *f_in,int *f_out) close(from_child_pipe[0]) < 0 || dup2(from_child_pipe[1], STDOUT_FILENO) < 0) { rprintf(FERROR,"Failed to dup/close : %s\n",strerror(errno)); - exit_cleanup(1); + exit_cleanup(RERR_IPC); } if (to_child_pipe[0] != STDIN_FILENO) close(to_child_pipe[0]); if (from_child_pipe[1] != STDOUT_FILENO) close(from_child_pipe[1]); @@ -146,7 +146,7 @@ int local_child(int argc, char **argv,int *f_in,int *f_out) if (close(from_child_pipe[1]) < 0 || close(to_child_pipe[0]) < 0) { rprintf(FERROR,"Failed to close : %s\n",strerror(errno)); - exit_cleanup(1); + exit_cleanup(RERR_IPC); } *f_in = from_child_pipe[0]; @@ -160,13 +160,13 @@ int local_child(int argc, char **argv,int *f_in,int *f_out) void out_of_memory(char *str) { rprintf(FERROR,"ERROR: out of memory in %s\n",str); - exit_cleanup(1); + exit_cleanup(RERR_MALLOC); } void overflow(char *str) { rprintf(FERROR,"ERROR: buffer overflow in %s\n",str); - exit_cleanup(1); + exit_cleanup(RERR_MALLOC); } @@ -358,31 +358,6 @@ void kill_all(int sig) } } -/* like strncpy but does not 0 fill the buffer and always null - terminates (thus it can use maxlen+1 space in d) */ -void strlcpy(char *d, char *s, int maxlen) -{ - int len = strlen(s); - if (len > maxlen) len = maxlen; - memcpy(d, s, len); - d[len] = 0; -} - -/* like strncat but does not 0 fill the buffer and always null - terminates (thus it can use maxlen+1 space in d) */ -void strlcat(char *d, char *s, int maxlen) -{ - int len1 = strlen(d); - int len2 = strlen(s); - if (len1+len2 > maxlen) { - len2 = maxlen-len1; - } - if (len2 > 0) { - memcpy(d+len1, s, len2); - d[len1+len2] = 0; - } -} - /* turn a user name into a uid */ int name_to_uid(char *name, uid_t *uid) { @@ -425,9 +400,9 @@ int lock_range(int fd, int offset, int len) } -static void glob_expand_one(char *s, char **argv, int *argc, int maxargs) +static void glob_expand_one(char *s, char **argv, int *argc, int maxargs, int sanitize_paths) { -#ifndef HAVE_GLOB +#if !(defined(HAVE_GLOB) && defined(HAVE_GLOB_H)) if (!*s) s = "."; argv[*argc] = strdup(s); (*argc)++; @@ -438,7 +413,9 @@ static void glob_expand_one(char *s, char **argv, int *argc, int maxargs) if (!*s) s = "."; - argv[*argc] = strdup(s); + s = strdup(s); + sanitize_path(s); + argv[*argc] = s; memset(&globbuf, 0, sizeof(globbuf)); glob(argv[*argc], 0, NULL, &globbuf); @@ -457,7 +434,7 @@ static void glob_expand_one(char *s, char **argv, int *argc, int maxargs) #endif } -void glob_expand(char *base1, char **argv, int *argc, int maxargs) +void glob_expand(char *base1, char **argv, int *argc, int maxargs, int sanitize_paths) { char *s = argv[*argc]; char *p, *q; @@ -481,11 +458,11 @@ void glob_expand(char *base1, char **argv, int *argc, int maxargs) while ((p = strstr(q,base)) && ((*argc) < maxargs)) { /* split it at this point */ *p = 0; - glob_expand_one(q, argv, argc, maxargs); + glob_expand_one(q, argv, argc, maxargs, sanitize_paths); q = p+strlen(base); } - if (*q && (*argc < maxargs)) glob_expand_one(q, argv, argc, maxargs); + if (*q && (*argc < maxargs)) glob_expand_one(q, argv, argc, maxargs, sanitize_paths); free(s); free(base); @@ -502,55 +479,17 @@ void strlower(char *s) } } -/* this is like vsnprintf but the 'n' limit does not include - the terminating null. So if you have a 1024 byte buffer then - pass 1023 for n */ +/* this is like vsnprintf but it always null terminates, so you + can fit at most n-1 chars in */ int vslprintf(char *str, int n, const char *format, va_list ap) { -#ifdef HAVE_VSNPRINTF int ret = vsnprintf(str, n, format, ap); - if (ret > n || ret < 0) { - str[n] = 0; + if (ret >= n || ret < 0) { + str[n-1] = 0; return -1; } str[ret] = 0; return ret; -#else - static char *buf; - static int len=MAXPATHLEN*8; - int ret; - - /* this code is NOT a proper vsnprintf() implementation. It - relies on the fact that all calls to slprintf() in rsync - pass strings which have already been checked to be less - than MAXPATHLEN in length and never more than 2 strings are - concatenated. This means the above buffer is absolutely - ample and can never be overflowed. - - In the future we would like to replace this with a proper - vsnprintf() implementation but right now we need a solution - that is secure and portable. This is it. */ - - if (!buf) { - buf = malloc(len); - if (!buf) { - /* can't call debug or we would recurse */ - exit_cleanup(1); - } - } - - vsprintf(buf, format, ap); - ret = strlen(buf); - if (ret > n) { - /* yikes! */ - exit_cleanup(1); - } - buf[ret] = 0; - - memcpy(str, buf, ret+1); - - return ret; -#endif } @@ -616,6 +555,74 @@ void clean_fname(char *name) } } +/* + * Make path appear as if a chroot had occurred: + * 1. remove leading "/" (or replace with "." if at end) + * 2. remove leading ".." components + * 3. delete any other "