X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/blobdiff_plain/b4235b3165fda2c09072ed830de9a13db5e81b41..136c5c5ec3b3cc56d3952c3ce463f58615f00f8f:/util.c

diff --git a/util.c b/util.c
index 0f5a410a..da10ca2f 100644
--- a/util.c
+++ b/util.c
@@ -345,9 +345,10 @@ int robust_unlink(char *fname)
 			counter = 1;
 	} while (((rc = access(path, 0)) == 0) && (counter != start));
 
-	if (verbose > 0)
+	if (verbose > 0) {
 		rprintf(FINFO,"renaming %s to %s because of text busy\n",
-					    fname, path);
+			fname, path);
+	}
 
 	/* maybe we should return rename()'s exit status? Nah. */
 	if (do_rename(fname, path) != 0) {
@@ -458,14 +459,31 @@ int lock_range(int fd, int offset, int len)
 	return fcntl(fd,F_SETLK,&lock) == 0;
 }
 
+static int exclude_server_path(char *arg)
+{
+	char *s;
+	extern struct exclude_struct **server_exclude_list;
+
+	if (server_exclude_list) {
+		for (s = arg; (s = strchr(s, '/')) != NULL; ) {
+			*s = '\0';
+			if (check_exclude(server_exclude_list, arg, 1)) {
+				/* We must leave arg truncated! */
+				return 1;
+			}
+			*s++ = '/';
+		}
+	}
+	return 0;
+}
 
 static void glob_expand_one(char *s, char **argv, int *argc, int maxargs)
 {
 #if !(defined(HAVE_GLOB) && defined(HAVE_GLOB_H))
 	if (!*s) s = ".";
-	argv[*argc] = strdup(s);
+	s = argv[*argc] = strdup(s);
+	exclude_server_path(s);
 	(*argc)++;
-	return;
 #else
 	extern int sanitize_paths;
 	glob_t globbuf;
@@ -473,20 +491,21 @@ static void glob_expand_one(char *s, char **argv, int *argc, int maxargs)
 
 	if (!*s) s = ".";
 
-	argv[*argc] = strdup(s);
+	s = argv[*argc] = strdup(s);
 	if (sanitize_paths) {
-		sanitize_path(argv[*argc], NULL);
+		sanitize_path(s, NULL);
 	}
 
 	memset(&globbuf, 0, sizeof(globbuf));
-	glob(argv[*argc], 0, NULL, &globbuf);
+	if (!exclude_server_path(s))
+		glob(s, 0, NULL, &globbuf);
 	if (globbuf.gl_pathc == 0) {
 		(*argc)++;
 		globfree(&globbuf);
 		return;
 	}
 	for (i=0; i<(maxargs - (*argc)) && i < (int) globbuf.gl_pathc;i++) {
-		if (i == 0) free(argv[*argc]);
+		if (i == 0) free(s);
 		argv[(*argc) + i] = strdup(globbuf.gl_pathv[i]);
 		if (!argv[(*argc) + i]) out_of_memory("glob_expand");
 	}
@@ -495,29 +514,31 @@ static void glob_expand_one(char *s, char **argv, int *argc, int maxargs)
 #endif
 }
 
+/* This routine is only used in daemon mode. */
 void glob_expand(char *base1, char **argv, int *argc, int maxargs)
 {
 	char *s = argv[*argc];
 	char *p, *q;
 	char *base = base1;
+	int base_len = strlen(base);
 
 	if (!s || !*s) return;
 
-	if (strncmp(s, base, strlen(base)) == 0) {
-		s += strlen(base);
-	}
+	if (strncmp(s, base, base_len) == 0)
+		s += base_len;
 
 	s = strdup(s);
 	if (!s) out_of_memory("glob_expand");
 
 	if (asprintf(&base," %s/", base1) <= 0) out_of_memory("glob_expand");
+	base_len++;
 
 	q = s;
 	while ((p = strstr(q,base)) && ((*argc) < maxargs)) {
 		/* split it at this point */
 		*p = 0;
 		glob_expand_one(q, argv, argc, maxargs);
-		q = p+strlen(base);
+		q = p + base_len;
 	}
 
 	if (*q && (*argc < maxargs)) glob_expand_one(q, argv, argc, maxargs);
@@ -532,7 +553,8 @@ void glob_expand(char *base1, char **argv, int *argc, int maxargs)
 void strlower(char *s)
 {
 	while (*s) {
-		if (isupper(*s)) *s = tolower(*s);
+		if (isupper(* (unsigned char *) s))
+			*s = tolower(* (unsigned char *) s);
 		s++;
 	}
 }
@@ -647,7 +669,7 @@ void sanitize_path(char *p, char *reldir)
 		}
 		allowdotdot = 0;
 		if ((*p == '.') && (*(p+1) == '.') &&
-			    ((*(p+2) == '/') || (*(p+2) == '\0'))) {
+		    ((*(p+2) == '/') || (*(p+2) == '\0'))) {
 			/* ".." component followed by slash or end */
 			if ((depth > 0) && (sanp == start)) {
 				/* allow depth levels of .. at the beginning */
@@ -698,10 +720,12 @@ void sanitize_path(char *p, char *reldir)
 }
 
 
-static char curr_dir[MAXPATHLEN];
+char curr_dir[MAXPATHLEN];
 
-/** like chdir() but can be reversed with pop_dir() if save is set. It
-   is also much faster as it remembers where we have been */
+/**
+ * Like chdir() but can be reversed with pop_dir() if @p save is set.
+ * It is also much faster as it remembers where we have been.
+ **/
 char *push_dir(char *dir, int save)
 {
 	char *ret = curr_dir;
@@ -722,7 +746,7 @@ char *push_dir(char *dir, int save)
 
 	if (*dir == '/') {
 		strlcpy(curr_dir, dir, sizeof(curr_dir));
-	} else {
+	} else if (dir[0] != '.' || dir[1] != '\0') {
 		strlcat(curr_dir,"/", sizeof(curr_dir));
 		strlcat(curr_dir,dir, sizeof(curr_dir));
 	}
@@ -732,7 +756,7 @@ char *push_dir(char *dir, int save)
 	return ret;
 }
 
-/** Reverse a push_dir call */
+/** Reverse a push_dir() call */
 int pop_dir(char *dir)
 {
 	int ret;
@@ -772,6 +796,13 @@ int u_strcmp(const char *cs1, const char *cs2)
  * else's machine it might allow them to establish a symlink to
  * /etc/passwd, and then read it through a web server.
  *
+ * Null symlinks and absolute symlinks are always unsafe.
+ *
+ * Basically here we are concerned with symlinks whose target contains
+ * "..", because this might cause us to walk back up out of the
+ * transferred directory.  We are not allowed to go back up and
+ * reenter.
+ *
  * @param dest Target of the symlink in question.
  *
  * @param src Top source directory currently applicable.  Basically this
@@ -780,50 +811,45 @@ int u_strcmp(const char *cs1, const char *cs2)
  *
  * @retval True if unsafe
  * @retval False is unsafe
+ *
+ * @sa t_unsafe.c
  **/
-int unsafe_symlink(char *dest, char *src)
+int unsafe_symlink(const char *dest, const char *src)
 {
-	char *tok;
+	const char *name, *slash;
 	int depth = 0;
 
 	/* all absolute and null symlinks are unsafe */
-	if (!dest || !(*dest) || (*dest == '/')) return 1;
-
-	src = strdup(src);
-	if (!src) out_of_memory("unsafe_symlink");
+	if (!dest || !*dest || *dest == '/') return 1;
 
 	/* find out what our safety margin is */
-	for (tok=strtok(src,"/"); tok; tok=strtok(NULL,"/")) {
-		if (strcmp(tok,"..") == 0) {
+	for (name = src; (slash = strchr(name, '/')) != 0; name = slash+1) {
+		if (strncmp(name, "../", 3) == 0) {
 			depth=0;
-		} else if (strcmp(tok,".") == 0) {
+		} else if (strncmp(name, "./", 2) == 0) {
 			/* nothing */
 		} else {
 			depth++;
 		}
 	}
-	free(src);
-
-	/* drop by one to account for the filename portion */
-	depth--;
-
-	dest = strdup(dest);
-	if (!dest) out_of_memory("unsafe_symlink");
+	if (strcmp(name, "..") == 0)
+		depth = 0;
 
-	for (tok=strtok(dest,"/"); tok; tok=strtok(NULL,"/")) {
-		if (strcmp(tok,"..") == 0) {
-			depth--;
-		} else if (strcmp(tok,".") == 0) {
+	for (name = dest; (slash = strchr(name, '/')) != 0; name = slash+1) {
+		if (strncmp(name, "../", 3) == 0) {
+			/* if at any point we go outside the current directory
+			   then stop - it is unsafe */
+			if (--depth < 0)
+				return 1;
+		} else if (strncmp(name, "./", 2) == 0) {
 			/* nothing */
 		} else {
 			depth++;
 		}
-		/* if at any point we go outside the current directory then
-		   stop - it is unsafe */
-		if (depth < 0) break;
 	}
+	if (strcmp(name, "..") == 0)
+		depth--;
 
-	free(dest);
 	return (depth < 0);
 }