X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/blobdiff_plain/b4235b3165fda2c09072ed830de9a13db5e81b41..b765ec32b93d8fa78f19a48fbc7cc9066beb488e:/util.c

diff --git a/util.c b/util.c
index 0f5a410a..44ff2df1 100644
--- a/util.c
+++ b/util.c
@@ -532,7 +532,8 @@ void glob_expand(char *base1, char **argv, int *argc, int maxargs)
 void strlower(char *s)
 {
 	while (*s) {
-		if (isupper(*s)) *s = tolower(*s);
+		if (isupper(* (unsigned char *) s))
+			*s = tolower(* (unsigned char *) s);
 		s++;
 	}
 }
@@ -700,8 +701,10 @@ void sanitize_path(char *p, char *reldir)
 
 static char curr_dir[MAXPATHLEN];
 
-/** like chdir() but can be reversed with pop_dir() if save is set. It
-   is also much faster as it remembers where we have been */
+/**
+ * Like chdir() but can be reversed with pop_dir() if @p save is set.
+ * It is also much faster as it remembers where we have been.
+ **/
 char *push_dir(char *dir, int save)
 {
 	char *ret = curr_dir;
@@ -732,7 +735,7 @@ char *push_dir(char *dir, int save)
 	return ret;
 }
 
-/** Reverse a push_dir call */
+/** Reverse a push_dir() call */
 int pop_dir(char *dir)
 {
 	int ret;
@@ -772,6 +775,13 @@ int u_strcmp(const char *cs1, const char *cs2)
  * else's machine it might allow them to establish a symlink to
  * /etc/passwd, and then read it through a web server.
  *
+ * Null symlinks and absolute symlinks are always unsafe.
+ *
+ * Basically here we are concerned with symlinks whose target contains
+ * "..", because this might cause us to walk back up out of the
+ * transferred directory.  We are not allowed to go back up and
+ * reenter.
+ *
  * @param dest Target of the symlink in question.
  *
  * @param src Top source directory currently applicable.  Basically this
@@ -780,16 +790,18 @@ int u_strcmp(const char *cs1, const char *cs2)
  *
  * @retval True if unsafe
  * @retval False is unsafe
+ *
+ * @sa t_unsafe.c
  **/
-int unsafe_symlink(char *dest, char *src)
+int unsafe_symlink(const char *dest_path, const char *src_path)
 {
-	char *tok;
+	char *tok, *src, *dest;
 	int depth = 0;
 
 	/* all absolute and null symlinks are unsafe */
-	if (!dest || !(*dest) || (*dest == '/')) return 1;
+	if (!dest_path || !*dest_path || *dest_path == '/') return 1;
 
-	src = strdup(src);
+	src = strdup(src_path);
 	if (!src) out_of_memory("unsafe_symlink");
 
 	/* find out what our safety margin is */
@@ -807,7 +819,7 @@ int unsafe_symlink(char *dest, char *src)
 	/* drop by one to account for the filename portion */
 	depth--;
 
-	dest = strdup(dest);
+	dest = strdup(dest_path);
 	if (!dest) out_of_memory("unsafe_symlink");
 
 	for (tok=strtok(dest,"/"); tok; tok=strtok(NULL,"/")) {