X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/blobdiff_plain/ebdd24d6d08bc4ffd632a64b3781f48cc8a46eb0..0219d4dfbacc660e97b357831ef6312e77d10387:/util.c diff --git a/util.c b/util.c index 96b7ac4f..03134e9f 100644 --- a/util.c +++ b/util.c @@ -362,8 +362,8 @@ int robust_unlink(char *fname) #endif } -/* Returns 0 on success, -1 on most errors, and -2 if we got an error - * trying to copy the file across file systems. */ +/* Returns 0 on successful rename, 1 if we successfully copied the file + * across filesystems, -2 if copy_file() failed, and -1 on other errors. */ int robust_rename(char *from, char *to, int mode) { int tries = 4; @@ -383,7 +383,7 @@ int robust_rename(char *from, char *to, int mode) if (copy_file(from, to, mode) != 0) return -2; do_unlink(from); - return 0; + return 1; default: return -1; } @@ -524,7 +524,7 @@ static void glob_expand_one(char *s, char ***argv_ptr, int *argc_ptr, s = "."; if (sanitize_paths) - s = sanitize_path(NULL, s, NULL); + s = sanitize_path(NULL, s, "", 0); else s = strdup(s); @@ -650,13 +650,31 @@ size_t stringjoin(char *dest, size_t destsize, ...) return ret; } -void clean_fname(char *name) +int count_dir_elements(const char *p) +{ + int cnt = 0, new_component = 1; + while (*p) { + if (*p++ == '/') + new_component = 1; + else if (new_component) { + new_component = 0; + cnt++; + } + } + return cnt; +} + +/* Turns multiple adjacent slashes into a single slash; gets rid of "./" + * elements; collapses ".." elements except for those at the start of the + * string; removes a trailing slash. If the resulting name would be empty, + * change it into a ".". */ +unsigned int clean_fname(char *name) { - char *limit = name, *t = name, *f = name; + char *limit = name - 1, *t = name, *f = name; int anchored; if (!name) - return; + return 0; if ((anchored = *f == '/') != 0) *t++ = *f++; @@ -669,7 +687,7 @@ void clean_fname(char *name) if (*f == '.') { /* discard "." dirs (but NOT a trailing '.'!) */ if (f[1] == '/') { - f++; /* not += 2! */ + f += 2; continue; } /* collapse ".." dirs */ @@ -680,7 +698,7 @@ void clean_fname(char *name) continue; } while (s > limit && *--s != '/') {} - if (s != t - 1 && *s == '/') { + if (s != t - 1 && (s < name || *s == '/')) { t = s + 1; f += 2; continue; @@ -698,43 +716,40 @@ void clean_fname(char *name) if (t == name) *t++ = '.'; *t = '\0'; + + return t - name; } /* Make path appear as if a chroot had occurred. This handles a leading * "/" (either removing it or expanding it) and any leading or embedded * ".." components that attempt to escape past the module's top dir. * - * If dest is NULL, a buffer is allocated to hold the result. If dest is - * the same buffer as p (the path) OR if reldir is NULL, a leading slash - * is dropped instead of being expanded to be the module's top dir. + * If dest is NULL, a buffer is allocated to hold the result. It is legal + * to call with the dest and the path (p) pointing to the same buffer, but + * rootdir will be ignored to avoid expansion of the string. * - * If reldir is non-NULL (and non-empty), it is a sanitized directory that - * the path will be relative to, so allow as many '..'s at the beginning of - * the path as there are components in reldir. This is used for symbolic - * link targets. If reldir is non-null and the path began with "/", to be - * completely like a chroot we should add in depth levels of ".." at the - * beginning of the path, but that would blow the assumption that the path - * doesn't grow and it is not likely to end up being a valid symlink - * anyway, so just do the normal removal of the leading "/" instead. + * The rootdir string contains a value to use in place of a leading slash. + * Specify NULL to get the default of lp_path(module_id). * - * While we're at it, remove double slashes and "." components like - * clean_fname() does, but DON'T remove a trailing slash because that is - * sometimes significant on command line arguments. + * If depth is > 0, it is a count of how many '..'s to allow at the start + * of the path. * - * If the resulting path would be empty, change it into ".". + * We call clean_fname() to clean up the path, but we preserve a trailing + * slash because that is sometimes significant on command-line arguments. */ -char *sanitize_path(char *dest, const char *p, const char *reldir) +char *sanitize_path(char *dest, const char *p, const char *rootdir, int depth) { char *start, *sanp; - int depth = 0; int allowdotdot = 0; int rlen = 0; if (dest != p) { int plen = strlen(p); - if (*p == '/' && reldir) { - rlen = strlen(lp_path(module_id)); - reldir = NULL; + if (*p == '/') { + if (!rootdir) + rootdir = lp_path(module_id); + rlen = strlen(rootdir); + depth = 0; p++; } if (dest) { @@ -743,24 +758,12 @@ char *sanitize_path(char *dest, const char *p, const char *reldir) } else if (!(dest = new_array(char, rlen + plen + 1))) out_of_memory("sanitize_path"); if (rlen) { - memcpy(dest, lp_path(module_id), rlen); + memcpy(dest, rootdir, rlen); if (rlen > 1) dest[rlen++] = '/'; } } - if (reldir) { - int new_component = 1; - while (*reldir) { - if (*reldir++ == '/') - new_component = 1; - else if (new_component) { - new_component = 0; - depth++; - } - } - } - start = sanp = dest + rlen; while (*p == '/') { /* remove leading slashes */ @@ -788,8 +791,7 @@ char *sanitize_path(char *dest, const char *p, const char *reldir) allowdotdot = 1; } else { p += 2; - if (*p == '/') - p++; + while (*p == '/') p++; if (sanp != start) { /* back up sanp one level */ --sanp; /* now pointing at slash */ @@ -867,7 +869,7 @@ int push_dir(char *dir) curr_dir_len += len; } - clean_fname(curr_dir); + curr_dir_len = clean_fname(curr_dir); return 1; }