rsync 2.6.0: possible sanitization bug?

Adam Sampson azz at
Fri Jan 30 11:52:17 GMT 2004


While merging the 2.6.0 changes into our modified version of rsync, I
noticed the following bit of code in 2.6.0's options.c:

        extern int sanitize_paths;
        if (sanitize_paths)
                sanitize_path(strdup(files_from), NULL);
        filesfrom_fd = open(files_from, O_RDONLY|O_BINARY);

Since sanitize_path modifies its first argument in place, the path that
open() gets there hasn't been sanitized, which could be a security issue
-- plus it leaks memory.  Shouldn't that be something like this?

        extern int sanitize_paths;
        char *s = strdup(files_from);
        if (sanitize_paths)
                sanitize_path(s, NULL);
        filesfrom_fd = open(s, O_RDONLY|O_BINARY);


Adam Sampson <azz at>                        <>

More information about the rsync mailing list