diff options
| author | Wayne Davison <wayned@samba.org> | 2006-10-12 03:01:18 +0000 |
|---|---|---|
| committer | Wayne Davison <wayned@samba.org> | 2006-10-12 03:01:18 +0000 |
| commit | 1a7f3d99c5d4bcb5f38e2143bfb99fdf571fab69 (patch) | |
| tree | 0e4b92d9e082ac6d48fe383e4a9179ab2ea4dc7e /util.c | |
| parent | e80876700c49d5465df9e4b7c3e2f985eb137b8d (diff) | |
| download | android_external_rsync-1a7f3d99c5d4bcb5f38e2143bfb99fdf571fab69.tar.gz android_external_rsync-1a7f3d99c5d4bcb5f38e2143bfb99fdf571fab69.tar.bz2 android_external_rsync-1a7f3d99c5d4bcb5f38e2143bfb99fdf571fab69.zip | |
Removed the changes in symlink handling in non-chroot daemon mode as
they were not yet safe (I'll consider similar changes for the next
release).
Diffstat (limited to 'util.c')
| -rw-r--r-- | util.c | 82 |
1 files changed, 0 insertions, 82 deletions
@@ -861,86 +861,6 @@ char *sanitize_path(char *dest, const char *p, const char *rootdir, int depth, return dest; } -/* If sanitize_paths is not set, this works exactly the same as do_stat(). - * Otherwise, we verify that no symlink takes us outside the module path. - * If we encounter an escape attempt, we return a symlink's stat info! */ -int safe_stat(const char *fname, STRUCT_STAT *stp) -{ -#ifdef SUPPORT_LINKS - char tmpbuf[MAXPATHLEN], linkbuf[MAXPATHLEN], *mod_path; - int i, llen, mod_path_len; - - if (!sanitize_paths) - return do_stat(fname, stp); - - mod_path = lp_path(module_id); - mod_path_len = strlen(mod_path); - - for (i = 0; i < 16; i++) { -#ifdef DEBUG - if (*fname == '/') - assert(strncmp(fname, mod_path, mod_path_len) == 0 && fname[mod_path_len] == '/'); -#endif - if (do_lstat(fname, stp) < 0) - return -1; - if (!S_ISLNK(stp->st_mode)) - return 0; - if ((llen = readlink(fname, linkbuf, sizeof linkbuf - 1)) < 0) - return -1; - linkbuf[llen] = '\0'; - if (*fname == '/') - fname += mod_path_len; - if (!(fname = sanitize_path(tmpbuf, fname, mod_path, curr_dir_depth, linkbuf))) - break; - } - - return 0; /* Leave *stp set to the last symlink. */ -#else - return do_stat(fname, stp); -#endif -} - -void die_on_unsafe_path(char *path, int strip_filename) -{ -#ifdef SUPPORT_LINKS - char *final_slash, *p; - STRUCT_STAT st; - - if (!path) - return; - if (strip_filename) { - if (!(final_slash = strrchr(path, '/'))) - return; - *final_slash = '\0'; - } else - final_slash = NULL; - - p = path; - if (*p == '/') - p += module_dirlen + 1; - while (*p) { - if ((p = strchr(p, '/')) != NULL) - *p = '\0'; - if (safe_stat(path, &st) < 0) { - if (p) - *p = '/'; - goto done; - } - if (S_ISLNK(st.st_mode)) { - rprintf(FERROR, "Unsafe path: %s\n", path); - exit_cleanup(RERR_SYNTAX); - } - if (!p) - break; - *p++ = '/'; - } - - done: - if (final_slash) - *final_slash = '/'; -#endif -} - /* Like chdir(), but it keeps track of the current directory (in the * global "curr_dir"), and ensures that the path size doesn't overflow. * Also cleans the path using the clean_fname() function. */ @@ -1091,8 +1011,6 @@ int handle_partial_dir(const char *fname, int create) if (create) { STRUCT_STAT st; int statret = do_lstat(dir, &st); - if (sanitize_paths && *partial_dir != '/') - die_on_unsafe_path(dir, 1); /* lstat handles last element */ if (statret == 0 && !S_ISDIR(st.st_mode)) { if (do_unlink(dir) < 0) return 0; |