rsync 2.6.1 released (including security note)
Wayne Davison
wayned at samba.org
Sun May 2 16:30:54 GMT 2004
On Sun, May 02, 2004 at 01:15:57PM +0200, Paul Slootman wrote:
> The patch below should do it. Note that line numbers may be off.
You placed the extra sanitize calls in server_options() instead of
parse_arguments(). Since the args need to be sanitized on reception,
the latter function is the right spot. Attached is a patch generated
from 2.5.7.
..wayne..
-------------- next part --------------
--- rsync-2.5.7/options.c 2003-01-27 19:11:57.000000000 -0800
+++ options.c 2004-05-02 09:27:10.000000000 -0700
@@ -21,6 +21,8 @@
#include "rsync.h"
#include "popt.h"
+extern int sanitize_paths;
+
int make_backups = 0;
/**
@@ -615,6 +617,15 @@ int parse_arguments(int *argc, const cha
}
}
+ if (sanitize_paths) {
+ if (tmpdir)
+ sanitize_path(tmpdir, NULL);
+ if (compare_dest)
+ sanitize_path(compare_dest, NULL);
+ if (backup_dir)
+ sanitize_path(backup_dir, NULL);
+ }
+
if (write_batch && read_batch) {
snprintf(err_buf,sizeof(err_buf),
"write-batch and read-batch can not be used together\n");
More information about the rsync
mailing list