X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/blobdiff_plain/896bd482c0c87d11e19f9bcffbcb35c6aba00e43..cb13abfed024d0320c0aa865ad652c946321df3c:/clientserver.c

diff --git a/clientserver.c b/clientserver.c
index 9e79538e..84252432 100644
--- a/clientserver.c
+++ b/clientserver.c
@@ -25,6 +25,7 @@ extern int read_only;
 extern int verbose;
 extern int rsync_port;
 char *auth_user;
+int sanitize_paths = 0;
 
 int start_socket_client(char *host, char *path, int argc, char *argv[])
 {
@@ -221,6 +222,7 @@ static int rsync_module(int fd, int i)
 			io_printf(fd,"@ERROR: chdir failed\n");
 			return -1;
 		}
+		sanitize_paths = 1;
 	}
 
 	if (am_root) {
@@ -262,7 +264,7 @@ static int rsync_module(int fd, int i)
 				request = strdup(p);
 				start_glob++;
 			}
-			glob_expand(name, argv, &argc, MAX_ARGS, !use_chroot);
+			glob_expand(name, argv, &argc, MAX_ARGS);
 		} else {
 			argc++;
 		}
@@ -276,7 +278,7 @@ static int rsync_module(int fd, int i)
 		}
 	}
 
-	if (!use_chroot) {
+	if (sanitize_paths) {
 		/*
 		 * Note that this is applied to all parameters, whether or not
 		 *    they are filenames, but no other legal parameters contain
@@ -285,7 +287,7 @@ static int rsync_module(int fd, int i)
 		 *    and which aren't.
 		 */
 		for (i = 1; i < argc; i++) {
-			sanitize_path(argv[i]);
+			sanitize_path(argv[i], NULL);
 		}
 	}
 
@@ -417,6 +419,7 @@ static int start_daemon(int fd)
 int daemon_main(void)
 {
 	extern char *config_file;
+	extern int orig_umask;
 	char *pid_file;
 
 	if (is_a_socket(STDIN_FILENO)) {
@@ -447,16 +450,19 @@ int daemon_main(void)
 	rprintf(FINFO,"rsyncd version %s starting\n",VERSION);
 
 	if (((pid_file = lp_pid_file()) != NULL) && (*pid_file != '\0')) {
-		FILE *f;
+		char pidbuf[16];
+		int fd;
 		int pid = (int) getpid();
 		cleanup_set_pid(pid);
-		if ((f = fopen(lp_pid_file(), "w")) == NULL) {
+		if ((fd = do_open(lp_pid_file(), O_WRONLY|O_CREAT|O_TRUNC,
+					0666 & ~orig_umask)) == -1) {
 		    cleanup_set_pid(0);
 		    fprintf(stderr,"failed to create pid file %s\n", pid_file);
 		    exit_cleanup(RERR_FILEIO);
 		}
-		fprintf(f, "%d\n", pid);
-		fclose(f);
+		slprintf(pidbuf, sizeof(pidbuf), "%d\n", pid);
+		write(fd, pidbuf, strlen(pidbuf));
+		close(fd);
 	}
 
 	start_accept_loop(rsync_port, start_daemon);