X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/blobdiff_plain/932be9aa52cc56ab429f203718e847a040a3b6d8..cb13abfed024d0320c0aa865ad652c946321df3c:/util.c diff --git a/util.c b/util.c index 6e0fbaba..974e8651 100644 --- a/util.c +++ b/util.c @@ -24,6 +24,8 @@ */ #include "rsync.h" +extern int verbose; + /**************************************************************************** Set a fd into nonblocking mode. Uses POSIX O_NONBLOCK if available, else @@ -61,14 +63,14 @@ int piped_child(char **command,int *f_in,int *f_out) if (pipe(to_child_pipe) < 0 || pipe(from_child_pipe) < 0) { rprintf(FERROR,"pipe: %s\n",strerror(errno)); - exit_cleanup(1); + exit_cleanup(RERR_IPC); } pid = do_fork(); if (pid < 0) { rprintf(FERROR,"fork: %s\n",strerror(errno)); - exit_cleanup(1); + exit_cleanup(RERR_IPC); } if (pid == 0) @@ -79,7 +81,7 @@ int piped_child(char **command,int *f_in,int *f_out) close(from_child_pipe[0]) < 0 || dup2(from_child_pipe[1], STDOUT_FILENO) < 0) { rprintf(FERROR,"Failed to dup/close : %s\n",strerror(errno)); - exit_cleanup(1); + exit_cleanup(RERR_IPC); } if (to_child_pipe[0] != STDIN_FILENO) close(to_child_pipe[0]); if (from_child_pipe[1] != STDOUT_FILENO) close(from_child_pipe[1]); @@ -87,13 +89,13 @@ int piped_child(char **command,int *f_in,int *f_out) execvp(command[0], command); rprintf(FERROR,"Failed to exec %s : %s\n", command[0],strerror(errno)); - exit_cleanup(1); + exit_cleanup(RERR_IPC); } if (close(from_child_pipe[1]) < 0 || close(to_child_pipe[0]) < 0) { rprintf(FERROR,"Failed to close : %s\n",strerror(errno)); - exit_cleanup(1); + exit_cleanup(RERR_IPC); } *f_in = from_child_pipe[0]; @@ -114,14 +116,14 @@ int local_child(int argc, char **argv,int *f_in,int *f_out) if (pipe(to_child_pipe) < 0 || pipe(from_child_pipe) < 0) { rprintf(FERROR,"pipe: %s\n",strerror(errno)); - exit_cleanup(1); + exit_cleanup(RERR_IPC); } pid = do_fork(); if (pid < 0) { rprintf(FERROR,"fork: %s\n",strerror(errno)); - exit_cleanup(1); + exit_cleanup(RERR_IPC); } if (pid == 0) { @@ -136,7 +138,7 @@ int local_child(int argc, char **argv,int *f_in,int *f_out) close(from_child_pipe[0]) < 0 || dup2(from_child_pipe[1], STDOUT_FILENO) < 0) { rprintf(FERROR,"Failed to dup/close : %s\n",strerror(errno)); - exit_cleanup(1); + exit_cleanup(RERR_IPC); } if (to_child_pipe[0] != STDIN_FILENO) close(to_child_pipe[0]); if (from_child_pipe[1] != STDOUT_FILENO) close(from_child_pipe[1]); @@ -146,7 +148,7 @@ int local_child(int argc, char **argv,int *f_in,int *f_out) if (close(from_child_pipe[1]) < 0 || close(to_child_pipe[0]) < 0) { rprintf(FERROR,"Failed to close : %s\n",strerror(errno)); - exit_cleanup(1); + exit_cleanup(RERR_IPC); } *f_in = from_child_pipe[0]; @@ -160,13 +162,13 @@ int local_child(int argc, char **argv,int *f_in,int *f_out) void out_of_memory(char *str) { rprintf(FERROR,"ERROR: out of memory in %s\n",str); - exit_cleanup(1); + exit_cleanup(RERR_MALLOC); } void overflow(char *str) { rprintf(FERROR,"ERROR: buffer overflow in %s\n",str); - exit_cleanup(1); + exit_cleanup(RERR_MALLOC); } @@ -287,7 +289,7 @@ int copy_file(char *source, char *dest, mode_t mode) return -1; } - if (do_unlink(dest) && errno != ENOENT) { + if (robust_unlink(dest) && errno != ENOENT) { rprintf(FERROR,"unlink %s: %s\n", dest,strerror(errno)); return -1; @@ -323,6 +325,81 @@ int copy_file(char *source, char *dest, mode_t mode) return 0; } +/* + Robust unlink: some OS'es (HPUX) refuse to unlink busy files, so + rename to /.rsyncNNN instead. Note that successive rsync runs + will shuffle the filenames around a bit as long as the file is still + busy; this is because this function does not know if the unlink call + is due to a new file coming in, or --delete trying to remove old + .rsyncNNN files, hence it renames it each time. +*/ +/* MAX_RENAMES should be 10**MAX_RENAMES_DIGITS */ +#define MAX_RENAMES_DIGITS 3 +#define MAX_RENAMES 1000 + +int robust_unlink(char *fname) +{ +#ifndef ETXTBSY + return do_unlink(fname); +#else + static int counter = 1; + int rc, pos, start; + char path[MAXPATHLEN]; + + rc = do_unlink(fname); + if ((rc == 0) || (errno != ETXTBSY)) + return rc; + + strlcpy(path, fname, MAXPATHLEN); + + pos = strlen(path); + while((path[--pos] != '/') && (pos >= 0)) + ; + ++pos; + strlcpy(&path[pos], ".rsync", MAXPATHLEN-pos); + pos += sizeof(".rsync")-1; + + if (pos > (MAXPATHLEN-MAX_RENAMES_DIGITS-1)) { + errno = ETXTBSY; + return -1; + } + + /* start where the last one left off to reduce chance of clashes */ + start = counter; + do { + sprintf(&path[pos], "%03d", counter); + if (++counter >= MAX_RENAMES) + counter = 1; + } while (((rc = access(path, 0)) == 0) && (counter != start)); + + if (verbose > 0) + rprintf(FINFO,"renaming %s to %s because of text busy\n", + fname, path); + + /* maybe we should return rename()'s exit status? Nah. */ + if (do_rename(fname, path) != 0) { + errno = ETXTBSY; + return -1; + } + return 0; +#endif +} + +int robust_rename(char *from, char *to) +{ +#ifndef ETXTBSY + return do_rename(from, to); +#else + int rc = do_rename(from, to); + if ((rc == 0) || (errno != ETXTBSY)) + return rc; + if (robust_unlink(to) != 0) + return -1; + return do_rename(from, to); +#endif + } + + /* sleep for a while via select */ void u_sleep(int usec) { @@ -358,31 +435,6 @@ void kill_all(int sig) } } -/* like strncpy but does not 0 fill the buffer and always null - terminates (thus it can use maxlen+1 space in d) */ -void strlcpy(char *d, char *s, int maxlen) -{ - int len = strlen(s); - if (len > maxlen) len = maxlen; - memcpy(d, s, len); - d[len] = 0; -} - -/* like strncat but does not 0 fill the buffer and always null - terminates (thus it can use maxlen+1 space in d) */ -void strlcat(char *d, char *s, int maxlen) -{ - int len1 = strlen(d); - int len2 = strlen(s); - if (len1+len2 > maxlen) { - len2 = maxlen-len1; - } - if (len2 > 0) { - memcpy(d+len1, s, len2); - d[len1+len2] = 0; - } -} - /* turn a user name into a uid */ int name_to_uid(char *name, uid_t *uid) { @@ -433,12 +485,16 @@ static void glob_expand_one(char *s, char **argv, int *argc, int maxargs) (*argc)++; return; #else + extern int sanitize_paths; glob_t globbuf; int i; if (!*s) s = "."; argv[*argc] = strdup(s); + if (sanitize_paths) { + sanitize_path(argv[*argc], NULL); + } memset(&globbuf, 0, sizeof(globbuf)); glob(argv[*argc], 0, NULL, &globbuf); @@ -502,55 +558,17 @@ void strlower(char *s) } } -/* this is like vsnprintf but the 'n' limit does not include - the terminating null. So if you have a 1024 byte buffer then - pass 1023 for n */ +/* this is like vsnprintf but it always null terminates, so you + can fit at most n-1 chars in */ int vslprintf(char *str, int n, const char *format, va_list ap) { -#ifdef HAVE_VSNPRINTF int ret = vsnprintf(str, n, format, ap); - if (ret > n || ret < 0) { - str[n] = 0; + if (ret >= n || ret < 0) { + str[n-1] = 0; return -1; } str[ret] = 0; return ret; -#else - static char *buf; - static int len=MAXPATHLEN*8; - int ret; - - /* this code is NOT a proper vsnprintf() implementation. It - relies on the fact that all calls to slprintf() in rsync - pass strings which have already been checked to be less - than MAXPATHLEN in length and never more than 2 strings are - concatenated. This means the above buffer is absolutely - ample and can never be overflowed. - - In the future we would like to replace this with a proper - vsnprintf() implementation but right now we need a solution - that is secure and portable. This is it. */ - - if (!buf) { - buf = malloc(len); - if (!buf) { - /* can't call debug or we would recurse */ - exit_cleanup(1); - } - } - - vsprintf(buf, format, ap); - ret = strlen(buf); - if (ret > n) { - /* yikes! */ - exit_cleanup(1); - } - buf[ret] = 0; - - memcpy(str, buf, ret+1); - - return ret; -#endif } @@ -616,6 +634,100 @@ void clean_fname(char *name) } } +/* + * Make path appear as if a chroot had occurred: + * 1. remove leading "/" (or replace with "." if at end) + * 2. remove leading ".." components (except those allowed by "reldir") + * 3. delete any other "/.." (recursively) + * If "reldir" is non-null, it is a sanitized directory that the path will be + * relative to, so allow as many ".." at the beginning of the path as + * there are components in reldir. + * While we're at it, remove double slashes and "." components like + * clean_fname does(), but DON'T remove a trailing slash because that + * is sometimes significant on command line arguments. + * Can only shrink paths, so sanitizes in place. + * Contributed by Dave Dykstra + */ + +void sanitize_path(char *p, char *reldir) +{ + char *start, *sanp; + int depth = 0; + int allowdotdot = 0; + + if (reldir) { + depth++; + while (*reldir) { + if (*reldir++ == '/') { + depth++; + } + } + } + start = p; + sanp = p; + while (*p == '/') { + /* remove leading slashes */ + p++; + } + while (*p != '\0') { + /* this loop iterates once per filename component in p. + * both p (and sanp if the original had a slash) should + * always be left pointing after a slash + */ + if ((*p == '.') && ((*(p+1) == '/') || (*(p+1) == '\0'))) { + /* skip "." component */ + while (*++p == '/') { + /* skip following slashes */ + ; + } + continue; + } + allowdotdot = 0; + if ((*p == '.') && (*(p+1) == '.') && + ((*(p+2) == '/') || (*(p+2) == '\0'))) { + /* ".." component followed by slash or end */ + if ((depth > 0) && (sanp == start)) { + /* allow depth levels of .. at the beginning */ + --depth; + allowdotdot = 1; + } else { + p += 2; + if (*p == '/') + p++; + if (sanp != start) { + /* back up sanp one level */ + --sanp; /* now pointing at slash */ + while ((sanp > start) && (*(sanp - 1) != '/')) { + /* skip back up to slash */ + sanp--; + } + } + continue; + } + } + while (1) { + /* copy one component through next slash */ + *sanp++ = *p++; + if ((*p == '\0') || (*(p-1) == '/')) { + while (*p == '/') { + /* skip multiple slashes */ + p++; + } + break; + } + } + if (allowdotdot) { + /* move the virtual beginning to leave the .. alone */ + start = sanp; + } + } + if ((sanp == start) && !allowdotdot) { + /* ended up with nothing, so put in "." component */ + *sanp++ = '.'; + } + *sanp = '\0'; +} + static char curr_dir[MAXPATHLEN]; @@ -631,6 +743,8 @@ char *push_dir(char *dir, int save) getcwd(curr_dir, sizeof(curr_dir)-1); } + if (!dir) return NULL; /* this call was probably just to initialize */ + if (chdir(dir)) return NULL; if (save) { @@ -638,10 +752,10 @@ char *push_dir(char *dir, int save) } if (*dir == '/') { - strlcpy(curr_dir, dir, sizeof(curr_dir)-1); + strlcpy(curr_dir, dir, sizeof(curr_dir)); } else { - strlcat(curr_dir,"/", sizeof(curr_dir)-1); - strlcat(curr_dir,dir, sizeof(curr_dir)-1); + strlcat(curr_dir,"/", sizeof(curr_dir)); + strlcat(curr_dir,dir, sizeof(curr_dir)); } clean_fname(curr_dir); @@ -660,7 +774,7 @@ int pop_dir(char *dir) return ret; } - strlcpy(curr_dir, dir, sizeof(curr_dir)-1); + strlcpy(curr_dir, dir, sizeof(curr_dir)); free(dir); @@ -671,8 +785,8 @@ int pop_dir(char *dir) to ensure that signed/unsigned usage is consistent between machines. */ int u_strcmp(const char *cs1, const char *cs2) { - const uchar *s1 = (uchar *)cs1; - const uchar *s2 = (uchar *)cs2; + const uchar *s1 = (const uchar *)cs1; + const uchar *s2 = (const uchar *)cs2; while (*s1 && *s2 && (*s1 == *s2)) { s1++; s2++; @@ -752,3 +866,26 @@ int unsafe_symlink(char *dest, char *src) free(dest); return (depth < 0); } + + +/**************************************************************************** + return the date and time as a string +****************************************************************************/ +char *timestring(time_t t) +{ + static char TimeBuf[200]; + struct tm *tm = localtime(&t); + +#ifdef HAVE_STRFTIME + strftime(TimeBuf,sizeof(TimeBuf)-1,"%Y/%m/%d %T",tm); +#else + strlcpy(TimeBuf, asctime(tm), sizeof(TimeBuf)); +#endif + + if (TimeBuf[strlen(TimeBuf)-1] == '\n') { + TimeBuf[strlen(TimeBuf)-1] = 0; + } + + return(TimeBuf); +} +