The branch, master has been updated
via 371242e Have receiver strip bogus leading slashes on filenames.
from e1bfdf6 Avoid the use of an extra leading dot when using --temp-dir.
;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 371242e4e8150d4f9cc74cdf2d75d8250535175e
Author: Wayne Davison <way...@samba.org>
Date: Sun Mar 2 16:37:44 2014 -0800
Have receiver strip bogus leading slashes on filenames.
If the receiver is running without --relative, it shouldn't be receiving
any filenames with a leading slash. To ensure that the sender doesn't
try to pull a fast one on us, we now make flist_sort_and_clean() strip a
leading slash even if --relative isn't specified.
-----------------------------------------------------------------------
Summary of changes:
flist.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/flist.c b/flist.c
index 6f2a926..a0f05dd 100644
--- a/flist.c
+++ b/flist.c
@@ -2553,7 +2553,11 @@ struct file_list *recv_file_list(int f)
rprintf(FINFO, "[%s] flist_eof=1\n", who_am_i());
}
- flist_sort_and_clean(flist, relative_paths);
+ /* The --relative option sends paths with a leading slash, so we need
+ * to specify the strip_root option here. We also want to ensure that
+ * a non-relative transfer doesn't have any leading slashes or it might
+ * cause the client a security issue. */
+ flist_sort_and_clean(flist, 1);
if (protocol_version < 30) {
/* Recv the io_error flag */
--
The rsync repository.
_______________________________________________
rsync-cvs mailing list
rsync-cvs@lists.samba.org
https://lists.samba.org/mailman/listinfo/rsync-cvs
