X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/blobdiff_plain/e9357a2deb1adbeb8dd50f90f959a3ecd5f88806..8e41b68e8f975c02a5d9281be780ba5d1a385107:/util.c diff --git a/util.c b/util.c index db0275a0..656c3bf5 100644 --- a/util.c +++ b/util.c @@ -1,12 +1,14 @@ -/* -*- c-file-style: "linux" -*- +/* + * Utility routines used in rsync. * - * Copyright (C) 1996-2000 by Andrew Tridgell - * Copyright (C) Paul Mackerras 1996 - * Copyright (C) 2001, 2002 by Martin Pool + * Copyright (C) 1996-2000 Andrew Tridgell + * Copyright (C) 1996 Paul Mackerras + * Copyright (C) 2001, 2002 Martin Pool + * Copyright (C) 2003-2007 Wayne Davison * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, @@ -14,17 +16,10 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * You should have received a copy of the GNU General Public License along + * with this program; if not, visit the http://fsf.org website. */ -/** - * @file - * - * Utilities used in rsync - **/ - #include "rsync.h" extern int verbose; @@ -33,22 +28,24 @@ extern int module_id; extern int modify_window; extern int relative_paths; extern int human_readable; +extern char *module_dir; +extern unsigned int module_dirlen; extern mode_t orig_umask; extern char *partial_dir; extern struct filter_list_struct server_filter_list; int sanitize_paths = 0; +char curr_dir[MAXPATHLEN]; +unsigned int curr_dir_len; +int curr_dir_depth; /* This is only set for a sanitizing daemon. */ - -/** - * Set a fd into nonblocking mode - **/ +/* Set a fd into nonblocking mode. */ void set_nonblocking(int fd) { int val; - if ((val = fcntl(fd, F_GETFL, 0)) == -1) + if ((val = fcntl(fd, F_GETFL)) == -1) return; if (!(val & NONBLOCK_FLAG)) { val |= NONBLOCK_FLAG; @@ -56,14 +53,12 @@ void set_nonblocking(int fd) } } -/** - * Set a fd into blocking mode - **/ +/* Set a fd into blocking mode. */ void set_blocking(int fd) { int val; - if ((val = fcntl(fd, F_GETFL, 0)) == -1) + if ((val = fcntl(fd, F_GETFL)) == -1) return; if (val & NONBLOCK_FLAG) { val &= ~NONBLOCK_FLAG; @@ -97,7 +92,7 @@ int fd_pair(int fd[2]) void print_child_argv(char **cmd) { - rprintf(FINFO, "opening connection using "); + rprintf(FCLIENT, "opening connection using "); for (; *cmd; cmd++) { /* Look for characters that ought to be quoted. This * is not a great quoting algorithm, but it's @@ -106,27 +101,27 @@ void print_child_argv(char **cmd) "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "0123456789" ",.-_=+@/") != strlen(*cmd)) { - rprintf(FINFO, "\"%s\" ", *cmd); + rprintf(FCLIENT, "\"%s\" ", *cmd); } else { - rprintf(FINFO, "%s ", *cmd); + rprintf(FCLIENT, "%s ", *cmd); } } - rprintf(FINFO, "\n"); + rprintf(FCLIENT, "\n"); } -void out_of_memory(char *str) +NORETURN void out_of_memory(const char *str) { - rprintf(FERROR, "ERROR: out of memory in %s\n", str); + rprintf(FERROR, "ERROR: out of memory in %s [%s]\n", str, who_am_i()); exit_cleanup(RERR_MALLOC); } -void overflow_exit(char *str) +NORETURN void overflow_exit(const char *str) { - rprintf(FERROR, "ERROR: buffer overflow in %s\n", str); + rprintf(FERROR, "ERROR: buffer overflow in %s [%s]\n", str, who_am_i()); exit_cleanup(RERR_MALLOC); } -int set_modtime(char *fname, time_t modtime, mode_t mode) +int set_modtime(const char *fname, time_t modtime, mode_t mode) { #if !defined HAVE_LUTIMES || !defined HAVE_UTIMES if (S_ISLNK(mode)) @@ -150,8 +145,10 @@ int set_modtime(char *fname, time_t modtime, mode_t mode) t[1].tv_sec = modtime; t[1].tv_usec = 0; # ifdef HAVE_LUTIMES - if (S_ISLNK(mode)) - return lutimes(fname, t); + if (S_ISLNK(mode)) { + lutimes(fname, t); + return 0; /* ignore errors */ + } # endif return utimes(fname, t); #elif defined HAVE_UTIMBUF @@ -184,28 +181,29 @@ int mkdir_defmode(char *fname) return ret; } -/** - Create any necessary directories in fname. Unfortunately we don't know - what perms to give the directory when this is called so we need to rely - on the umask -**/ +/* Create any necessary directories in fname. Any missing directories are + * created with default permissions. */ int create_directory_path(char *fname) { char *p; + int ret = 0; while (*fname == '/') fname++; while (strncmp(fname, "./", 2) == 0) fname += 2; + umask(orig_umask); p = fname; while ((p = strchr(p,'/')) != NULL) { - *p = 0; - mkdir_defmode(fname); - *p = '/'; - p++; + *p = '\0'; + if (do_mkdir(fname, ACCESSPERMS) < 0 && errno != EEXIST) + ret = -1; + *p++ = '/'; } - return 0; + umask(0); + + return ret; } /** @@ -218,7 +216,7 @@ int create_directory_path(char *fname) * * Derived from GNU C's cccp.c. */ -int full_write(int desc, char *ptr, size_t len) +int full_write(int desc, const char *ptr, size_t len) { int total_written; @@ -363,7 +361,7 @@ int robust_unlink(const char *fname) /* start where the last one left off to reduce chance of clashes */ start = counter; do { - sprintf(&path[pos], "%03d", counter); + snprintf(&path[pos], MAX_RENAMES_DIGITS+1, "%03d", counter); if (++counter >= MAX_RENAMES) counter = 1; } while ((rc = access(path, 0)) == 0 && counter != start); @@ -386,7 +384,7 @@ int robust_unlink(const char *fname) * across filesystems, -2 if copy_file() failed, and -1 on other errors. * If partialptr is not NULL and we need to do a copy, copy the file into * the active partial-dir instead of over the destination file. */ -int robust_rename(char *from, char *to, char *partialptr, +int robust_rename(const char *from, const char *to, const char *partialptr, int mode) { int tries = 4; @@ -463,7 +461,7 @@ void kill_all(int sig) } /** Turn a user name into a uid */ -int name_to_uid(char *name, uid_t *uid) +int name_to_uid(const char *name, uid_t *uid) { struct passwd *pass; if (!name || !*name) @@ -477,7 +475,7 @@ int name_to_uid(char *name, uid_t *uid) } /** Turn a group name into a gid */ -int name_to_gid(char *name, gid_t *gid) +int name_to_gid(const char *name, gid_t *gid) { struct group *grp; if (!name || !*name) @@ -548,7 +546,7 @@ static void glob_expand_one(char *s, char ***argv_ptr, int *argc_ptr, s = "."; if (sanitize_paths) - s = sanitize_path(NULL, s, "", 0); + s = sanitize_path(NULL, s, "", 0, NULL); else s = strdup(s); @@ -616,8 +614,8 @@ void glob_expand(char *base1, char ***argv_ptr, int *argc_ptr, int *maxargs_ptr) void strlower(char *s) { while (*s) { - if (isupper(*(unsigned char *)s)) - *s = tolower(*(unsigned char *)s); + if (isUpper(s)) + *s = toLower(s); s++; } } @@ -679,7 +677,7 @@ int count_dir_elements(const char *p) int cnt = 0, new_component = 1; while (*p) { if (*p++ == '/') - new_component = 1; + new_component = (*p != '.' || (p[1] != '/' && p[1] != '\0')); else if (new_component) { new_component = 0; cnt++; @@ -752,29 +750,36 @@ unsigned int clean_fname(char *name, BOOL collapse_dot_dot) * rootdir will be ignored to avoid expansion of the string. * * The rootdir string contains a value to use in place of a leading slash. - * Specify NULL to get the default of lp_path(module_id). + * Specify NULL to get the default of "module_dir". * - * If depth is >= 0, it is a count of how many '..'s to allow at the start - * of the path. Use -1 to allow unlimited depth. + * The depth var is a count of how many '..'s to allow at the start of the + * path. If symlink is set, combine its value with the "p" value to get + * the target path, and **return NULL if any '..'s try to escape**. * * We also clean the path in a manner similar to clean_fname() but with a - * few differences: + * few differences: * * Turns multiple adjacent slashes into a single slash, gets rid of "." dir * elements (INCLUDING a trailing dot dir), PRESERVES a trailing slash, and * ALWAYS collapses ".." elements (except for those at the start of the * string up to "depth" deep). If the resulting name would be empty, * change it into a ".". */ -char *sanitize_path(char *dest, const char *p, const char *rootdir, int depth) +char *sanitize_path(char *dest, const char *p, const char *rootdir, int depth, + const char *symlink) { - char *start, *sanp; + char *start, *sanp, *save_dest = dest; int rlen = 0, leave_one_dotdir = relative_paths; + if (symlink && *symlink == '/') { + p = symlink; + symlink = ""; + } + if (dest != p) { int plen = strlen(p); if (*p == '/') { if (!rootdir) - rootdir = lp_path(module_id); + rootdir = module_dir; rlen = strlen(rootdir); depth = 0; p++; @@ -792,7 +797,18 @@ char *sanitize_path(char *dest, const char *p, const char *rootdir, int depth) } start = sanp = dest + rlen; - while (*p != '\0') { + while (1) { + if (*p == '\0') { + if (!symlink || !*symlink) + break; + while (sanp != start && sanp[-1] != '/') { + /* strip last element */ + sanp--; + } + /* Append a relative symlink */ + p = symlink; + symlink = ""; + } /* discard leading or extra slashes */ if (*p == '/') { p++; @@ -814,6 +830,11 @@ char *sanitize_path(char *dest, const char *p, const char *rootdir, int depth) if (*p == '.' && p[1] == '.' && (p[2] == '/' || p[2] == '\0')) { /* ".." component followed by slash or end */ if (depth <= 0 || sanp != start) { + if (symlink && sanp == start) { + if (!save_dest) + free(dest); + return NULL; + } p += 2; if (sanp != start) { /* back up sanp one level */ @@ -842,15 +863,10 @@ char *sanitize_path(char *dest, const char *p, const char *rootdir, int depth) return dest; } -char curr_dir[MAXPATHLEN]; -unsigned int curr_dir_len; - -/** - * Like chdir(), but it keeps track of the current directory (in the +/* Like chdir(), but it keeps track of the current directory (in the * global "curr_dir"), and ensures that the path size doesn't overflow. - * Also cleans the path using the clean_fname() function. - **/ -int push_dir(char *dir) + * Also cleans the path using the clean_fname() function. */ +int push_dir(const char *dir, int set_path_only) { static int initialised; unsigned int len; @@ -868,10 +884,12 @@ int push_dir(char *dir) if (len == 1 && *dir == '.') return 1; - if ((*dir == '/' ? len : curr_dir_len + 1 + len) >= sizeof curr_dir) + if ((*dir == '/' ? len : curr_dir_len + 1 + len) >= sizeof curr_dir) { + errno = ENAMETOOLONG; return 0; + } - if (chdir(dir)) + if (!set_path_only && chdir(dir)) return 0; if (*dir == '/') { @@ -884,6 +902,11 @@ int push_dir(char *dir) } curr_dir_len = clean_fname(curr_dir, 1); + if (sanitize_paths) { + if (module_dirlen > curr_dir_len) + module_dirlen = curr_dir_len; + curr_dir_depth = count_dir_elements(curr_dir + module_dirlen); + } return 1; } @@ -892,7 +915,7 @@ int push_dir(char *dir) * Reverse a push_dir() call. You must pass in an absolute path * that was copied from a prior value of "curr_dir". **/ -int pop_dir(char *dir) +int pop_dir(const char *dir) { if (chdir(dir)) return 0; @@ -900,6 +923,8 @@ int pop_dir(char *dir) curr_dir_len = strlcpy(curr_dir, dir, sizeof curr_dir); if (curr_dir_len >= sizeof curr_dir) curr_dir_len = sizeof curr_dir - 1; + if (sanitize_paths) + curr_dir_depth = count_dir_elements(curr_dir + module_dirlen); return 1; } @@ -921,7 +946,7 @@ char *full_fname(const char *fn) if (*fn == '/') p1 = p2 = ""; else { - p1 = curr_dir; + p1 = curr_dir + module_dirlen; for (p2 = p1; *p2 == '/'; p2++) {} if (*p2) p2 = "/"; @@ -930,17 +955,11 @@ char *full_fname(const char *fn) m1 = " (in "; m2 = lp_name(module_id); m3 = ")"; - if (p1 == curr_dir) { - if (!lp_use_chroot(module_id)) { - char *p = lp_path(module_id); - if (*p != '/' || p[1]) - p1 += strlen(p); - } - } } else m1 = m2 = m3 = ""; - asprintf(&result, "\"%s%s%s\"%s%s%s", p1, p2, fn, m1, m2, m3); + if (asprintf(&result, "\"%s%s%s\"%s%s%s", p1, p2, fn, m1, m2, m3) <= 0) + out_of_memory("full_fname"); return result; } @@ -966,13 +985,11 @@ char *partial_dir_fname(const char *fname) if ((int)pathjoin(t, sz, partial_dir, fn) >= sz) return NULL; if (server_filter_list.head) { - static int len; - if (!len) - len = strlen(partial_dir); - t[len] = '\0'; + t = strrchr(partial_fname, '/'); + *t = '\0'; if (check_filter(&server_filter_list, partial_fname, 1) < 0) return NULL; - t[len] = '/'; + *t = '/'; if (check_filter(&server_filter_list, partial_fname, 0) < 0) return NULL; } @@ -1102,7 +1119,7 @@ char *human_num(int64 num) units = 'K'; } if (units) { - sprintf(bufs[n], "%.2f%c", dnum, units); + snprintf(bufs[n], sizeof bufs[0], "%.2f%c", dnum, units); return bufs[n]; } } @@ -1113,7 +1130,7 @@ char *human_num(int64 num) if (!num) *--s = '0'; while (num) { - *--s = (num % 10) + '0'; + *--s = (char)(num % 10) + '0'; num /= 10; } return s; @@ -1126,7 +1143,7 @@ char *human_dnum(double dnum, int decimal_digits) { char *buf = human_num(dnum); int len = strlen(buf); - if (isdigit(*(uchar*)(buf+len-1))) { + if (isDigit(buf + len - 1)) { /* There's extra room in buf prior to the start of the num. */ buf -= decimal_digits + 1; snprintf(buf, len + decimal_digits + 2, "%.*f", decimal_digits, dnum); @@ -1134,9 +1151,7 @@ char *human_dnum(double dnum, int decimal_digits) return buf; } -/** - * Return the date and time as a string - **/ +/* Return the date and time as a string. Some callers tweak returned buf. */ char *timestring(time_t t) { static char TimeBuf[200]; @@ -1251,7 +1266,6 @@ void *_realloc_array(void *ptr, unsigned int size, unsigned long num) { if (num >= MALLOC_MAX/size) return NULL; - /* No realloc should need this, but just in case... */ if (!ptr) return malloc(size * num); return realloc(ptr, size * num); @@ -1294,7 +1308,7 @@ const char *find_filename_suffix(const char *fn, int fn_len, int *len_ptr) if (strcmp(s+1, "orig") == 0) continue; } else if (s_len > 2 && had_tilde - && s[1] == '~' && isdigit(*(uchar*)(s+2))) + && s[1] == '~' && isDigit(s + 2)) continue; *len_ptr = s_len; suf = s; @@ -1302,7 +1316,7 @@ const char *find_filename_suffix(const char *fn, int fn_len, int *len_ptr) break; /* Determine if the suffix is all digits. */ for (s++, s_len--; s_len > 0; s++, s_len--) { - if (!isdigit(*(uchar*)s)) + if (!isDigit(s)) return suf; } /* An all-digit suffix may not be that signficant. */ @@ -1455,3 +1469,31 @@ int bitbag_next_bit(struct bitbag *bb, int after) return -1; } + +void *expand_item_list(item_list *lp, size_t item_size, + const char *desc, int incr) +{ + /* First time through, 0 <= 0, so list is expanded. */ + if (lp->malloced <= lp->count) { + void *new_ptr; + size_t new_size = lp->malloced; + if (incr < 0) + new_size -= incr; /* increase slowly */ + else if (new_size < (size_t)incr) + new_size += incr; + else + new_size *= 2; + new_ptr = realloc_array(lp->items, char, new_size * item_size); + if (verbose >= 4) { + rprintf(FINFO, "[%s] expand %s to %.0f bytes, did%s move\n", + who_am_i(), desc, (double)new_size * item_size, + new_ptr == lp->items ? " not" : ""); + } + if (!new_ptr) + out_of_memory("expand_item_list"); + + lp->items = new_ptr; + lp->malloced = new_size; + } + return (char*)lp->items + (lp->count++ * item_size); +}