rsync 2.6.0: possible sanitization bug?

[Adam Sampson]

Hiya.

While merging the 2.6.0 changes into our modified version of rsync, I
noticed the following bit of code in 2.6.0's options.c:

        extern int sanitize_paths;
        if (sanitize_paths)
                sanitize_path(strdup(files_from), NULL);
        filesfrom_fd = open(files_from, O_RDONLY|O_BINARY);

Since sanitize_path modifies its first argument in place, the path that
open() gets there hasn't been sanitized, which could be a security issue
-- plus it leaks memory.  Shouldn't that be something like this?

        extern int sanitize_paths;
        char *s = strdup(files_from);
        if (sanitize_paths)
                sanitize_path(s, NULL);
        filesfrom_fd = open(s, O_RDONLY|O_BINARY);
        free(s);

Thanks,

-- 
Adam Sampson <azz at us-lot.org>                        <http://offog.org/>