From 4791825d49df3e0076692a8e9aa7d58f9ac15813 Mon Sep 17 00:00:00 2001 From: Wayne Davison Date: Tue, 1 Jul 2003 21:45:31 +0000 Subject: [PATCH] Modified the glob_expand_one() function to check the args against the server's config-specified exclude list. This prevents the user from going around directory exclusions. Fixed push_dir() to not append "/." onto the end of the current path if it is called with "." as the "dir" arg. Made curr_dir[] exported so the exclude code can use it (for the daemon-config absolute-path excludes). --- util.c | 51 ++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 36 insertions(+), 15 deletions(-) diff --git a/util.c b/util.c index e5638f05..da10ca2f 100644 --- a/util.c +++ b/util.c @@ -345,9 +345,10 @@ int robust_unlink(char *fname) counter = 1; } while (((rc = access(path, 0)) == 0) && (counter != start)); - if (verbose > 0) + if (verbose > 0) { rprintf(FINFO,"renaming %s to %s because of text busy\n", - fname, path); + fname, path); + } /* maybe we should return rename()'s exit status? Nah. */ if (do_rename(fname, path) != 0) { @@ -458,14 +459,31 @@ int lock_range(int fd, int offset, int len) return fcntl(fd,F_SETLK,&lock) == 0; } +static int exclude_server_path(char *arg) +{ + char *s; + extern struct exclude_struct **server_exclude_list; + + if (server_exclude_list) { + for (s = arg; (s = strchr(s, '/')) != NULL; ) { + *s = '\0'; + if (check_exclude(server_exclude_list, arg, 1)) { + /* We must leave arg truncated! */ + return 1; + } + *s++ = '/'; + } + } + return 0; +} static void glob_expand_one(char *s, char **argv, int *argc, int maxargs) { #if !(defined(HAVE_GLOB) && defined(HAVE_GLOB_H)) if (!*s) s = "."; - argv[*argc] = strdup(s); + s = argv[*argc] = strdup(s); + exclude_server_path(s); (*argc)++; - return; #else extern int sanitize_paths; glob_t globbuf; @@ -473,20 +491,21 @@ static void glob_expand_one(char *s, char **argv, int *argc, int maxargs) if (!*s) s = "."; - argv[*argc] = strdup(s); + s = argv[*argc] = strdup(s); if (sanitize_paths) { - sanitize_path(argv[*argc], NULL); + sanitize_path(s, NULL); } memset(&globbuf, 0, sizeof(globbuf)); - glob(argv[*argc], 0, NULL, &globbuf); + if (!exclude_server_path(s)) + glob(s, 0, NULL, &globbuf); if (globbuf.gl_pathc == 0) { (*argc)++; globfree(&globbuf); return; } for (i=0; i<(maxargs - (*argc)) && i < (int) globbuf.gl_pathc;i++) { - if (i == 0) free(argv[*argc]); + if (i == 0) free(s); argv[(*argc) + i] = strdup(globbuf.gl_pathv[i]); if (!argv[(*argc) + i]) out_of_memory("glob_expand"); } @@ -495,29 +514,31 @@ static void glob_expand_one(char *s, char **argv, int *argc, int maxargs) #endif } +/* This routine is only used in daemon mode. */ void glob_expand(char *base1, char **argv, int *argc, int maxargs) { char *s = argv[*argc]; char *p, *q; char *base = base1; + int base_len = strlen(base); if (!s || !*s) return; - if (strncmp(s, base, strlen(base)) == 0) { - s += strlen(base); - } + if (strncmp(s, base, base_len) == 0) + s += base_len; s = strdup(s); if (!s) out_of_memory("glob_expand"); if (asprintf(&base," %s/", base1) <= 0) out_of_memory("glob_expand"); + base_len++; q = s; while ((p = strstr(q,base)) && ((*argc) < maxargs)) { /* split it at this point */ *p = 0; glob_expand_one(q, argv, argc, maxargs); - q = p+strlen(base); + q = p + base_len; } if (*q && (*argc < maxargs)) glob_expand_one(q, argv, argc, maxargs); @@ -648,7 +669,7 @@ void sanitize_path(char *p, char *reldir) } allowdotdot = 0; if ((*p == '.') && (*(p+1) == '.') && - ((*(p+2) == '/') || (*(p+2) == '\0'))) { + ((*(p+2) == '/') || (*(p+2) == '\0'))) { /* ".." component followed by slash or end */ if ((depth > 0) && (sanp == start)) { /* allow depth levels of .. at the beginning */ @@ -699,7 +720,7 @@ void sanitize_path(char *p, char *reldir) } -static char curr_dir[MAXPATHLEN]; +char curr_dir[MAXPATHLEN]; /** * Like chdir() but can be reversed with pop_dir() if @p save is set. @@ -725,7 +746,7 @@ char *push_dir(char *dir, int save) if (*dir == '/') { strlcpy(curr_dir, dir, sizeof(curr_dir)); - } else { + } else if (dir[0] != '.' || dir[1] != '\0') { strlcat(curr_dir,"/", sizeof(curr_dir)); strlcat(curr_dir,dir, sizeof(curr_dir)); } -- 2.34.1