Displaying 20 results from an estimated 22 matches for "sanitize_path".
Did you mean:
sanitize_paths
2004 Jan 30
1
rsync 2.6.0: possible sanitization bug?
Hiya.
While merging the 2.6.0 changes into our modified version of rsync, I
noticed the following bit of code in 2.6.0's options.c:
extern int sanitize_paths;
if (sanitize_paths)
sanitize_path(strdup(files_from), NULL);
filesfrom_fd = open(files_from, O_RDONLY|O_BINARY);
Since sanitize_path modifies its first argument in place, the path that
open() gets there hasn't been sanitized, which could be a security issue
--...
2017 Oct 27
1
[Bug 13105] New: 1byte heap overflow in sanitize_path
https://bugzilla.samba.org/show_bug.cgi?id=13105
Bug ID: 13105
Summary: 1byte heap overflow in sanitize_path
Product: rsync
Version: 3.1.3
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: core
Assignee: wayned at samba.org
Reporter: jeriko.one at gmx.us
QA Contact:...
2004 Mar 26
1
--link-dest mostly useless on a server without chroot
When using the rsync server without chroot, the --link-dest and
--compare-dest options are almost useless. This is because
sanitize_paths is called on the link-dest directory, stripping out
leading dots and slashes. Thus, the only possiblitiy for a link-dest
directory is under the target directory, which is generally not useful.
There doesn't seem to be an easy fix. sanitize_paths is applied
indiscriminately to all arguments,...
2004 Apr 27
2
rsync 2.6.1 released (including security note)
Hopefully the email to the announce list will show up soon. Until then,
you can get a jump on the rest by checking out the rsync home page to
read the announcement:
http://rsync.samba.org/
It includes a security note about a fix that affects read/write daemons
that are not using chroot. If that includes you, you should look into
upgrading (or maybe enabling chroot on an older rsync).
2006 Apr 26
2
--link-dest and file/dir transfer to remote rsync daemon
Hi NG,
I want to do incremental backups to a remote server running rsyncd
(because daemonless transfer via ssh often hangs!). In contrast to
transfer via ssh (without remote rsyncd) this doesn't seem possible, or
do I miss something?
Imagine I want to incrementally backup `mydir' to the backup space
`backup' on e remote server `alpha' running an rsync daemon. rsyncd on
2004 Aug 12
0
security hole in non-chroot rsync daemon
...outside the
module's hierarchy if the user uses a carefully crafted --files-from
filename. This causes each line of the file to be revealed to the user
as link_stat errors (other rsync versions hide these errors from the
remote user).
FIXES
The best fix is to apply this one-word patch to the sanitize_path()
function in util.c:
--- orig/util.c 2004-04-27 12:59:37 -0700
+++ util.c 2004-08-11 23:37:27 -0700
@@ -743,7 +743,7 @@
allowdotdot = 1;
} else {
p += 2;
- if (*p == '/')
+ while (*p == '/')
p++;
if (sanp != start) {
/* back up sanp one level *...
2002 Feb 14
1
HP/UX 11 bug
.../foo/bar
rsync directory host:/foo/bar/
Here's a patch which, at least, doesn't seem to do any harm on Solaris
or Linux and fixes the problem on HP.
Cheers,
Mark
--- util.c.OLD Tue Jan 29 15:25:08 2002
+++ util.c Tue Jan 29 15:30:03 2002
@@ -542,6 +542,7 @@
return;
#else
extern int sanitize_paths;
+ int trailing_slash = 0;
glob_t globbuf;
int i;
@@ -559,10 +560,25 @@
globfree(&globbuf);
return;
}
- for (i=0; i<(maxargs - (*argc)) && i < (int) globbuf.gl_pathc;i++) {
+
+ /* remember pattern's trailing '/' (HP/UX glob(3) leaves it off matches) */
+...
2002 Oct 21
0
daemon and absolute sym-links
...n running an rsync daemon, absolute
sym-links are not created correctly on the daemon end; the leading 'slash'
is stripped off. To 'fix' this behavior, the following 3 changes can be
made (to version 2.5.5):
flist.c:63 add: extern int am_daemon;
flist.c:538 (was 537) modify: if (sanitize_paths && !am_daemon) {
config.h:316 modify: #define RSYNC_VERSION "2.5.6"
I'm incredibly busy (aren't we all....) and don't currently have time to research how to do an 'official' patch, or how to submit official fixes, or
even figure
out if this 'fix' has...
2003 Mar 04
1
2.5.6 needs following fix on WinNTs
Hi,
Here is the problem (syscall.c, function do_open) on NT, Win2K, WinXP,
with stripped "/" for UNC path convention, detected in release 2.5.5,
2.5.6:
int do_open(char *pathname, int flags, mode_t mode)
{
if (flags != O_RDONLY) {
if (dry_run) return -1;
CHECK_RO
}
#ifdef O_BINARY
/* for Windows */
flags |= O_BINARY;
#endif
/* some systems can't handle a double / */
2004 Jan 14
1
rsyncd bug for sym-links
...; and it appears to work fine.
Although I'm pretty certain of the fix for daemon rsync, I am unsure if my
fix affects non-daemon operation..... At any rate, for your
consideration, here is the description of the fix:
flist.c:63 add: extern int am_daemon;
flist.c:531 (was 530) modify: if (sanitize_paths && !am_daemon) {
=======================
Kirby Bakken
ESW Build Architect
Rochester, MN
email: kirbyb@us.ibm.com
ezpage:kirbyb
507-253-4549 / Tie: 553-4549
Fax: 507-253-3495
......one more straw can't possibly matter....
2013 Oct 24
0
patch for combining detect-renamed and fileflags patches (fwd)
...s);
-int make_path(char *fname, int flags);
+int make_path(char *fname, mode_t mode, int flags);
int full_write(int desc, const char *ptr, size_t len);
int copy_file(const char *source, const char *dest, int ofd, mode_t mode);
int robust_unlink(const char *fname);
-@@ -373,6 +374,8 @@ char *sanitize_path(char *dest, const ch
+@@ -376,6 +377,8 @@
int flags);
int change_dir(const char *dir, int set_path_only);
char *normalize_path(char *path, BOOL force_newbuf, unsigned int *len_ptr);
2017 Jun 04
5
[Bug 12817] New: [PATCH] Allow daemon itself to chroot
https://bugzilla.samba.org/show_bug.cgi?id=12817
Bug ID: 12817
Summary: [PATCH] Allow daemon itself to chroot
Product: rsync
Version: 3.1.2
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: core
Assignee: wayned at samba.org
Reporter:
2004 Apr 27
1
rsync-2.6.1 close() fixes
..._only)
argstr[x++] = 'u';
if (dry_run)
--- rsync-2.6.1/util.c.bak 2004-04-23 01:17:15.000000000 +0300
+++ rsync-2.6.1/util.c 2004-04-27 19:15:29.000000000 +0300
@@ -29,6 +29,7 @@
extern int verbose;
extern struct exclude_list_struct server_exclude_list;
+extern int do_fsync;
int sanitize_paths = 0;
@@ -281,8 +282,22 @@ int copy_file(char *source, char *dest,
}
}
- close(ifd);
- close(ofd);
+ if (close(ifd) != 0) {
+ rprintf(FINFO, "close failed on %s: %s\n",
+ source, strerror(errno));
+ }
+
+ if (do_fsync && (fsync(ofd) != 0)) {
+ rprintf(FERROR, "f...
2005 Jan 31
1
[patch] add "--ignore" option
..., 0, 0, 0 },
@@ -656,20 +661,26 @@
XFLG_DEF_INCLUDE);
break;
+ case OPT_IGNORE:
+ add_filter(&filter_list, poptGetOptArg(pc),
+ XFLG_DEF_IGNORE);
+ break;
+
case OPT_EXCLUDE_FROM:
case OPT_INCLUDE_FROM:
+ case OPT_IGNORE_FROM:
arg = poptGetOptArg(pc);
if (sanitize_paths)
arg = sanitize_path(NULL, arg, NULL, 0);
if (server_filter_list.head) {
char *cp = (char *)arg;
clean_fname(cp, 1);
- if (check_filter(&server_filter_list, cp, 0)
< 0)
+ if (check_filter(&server_filter_list, cp, 0)
== M_EXCLUDE)
goto options_rejected;...
2006 Nov 28
3
DO NOT REPLY [Bug 4263] New: Symlinks gets corruped when rsyncd is used to 'put' the symlink.
https://bugzilla.samba.org/show_bug.cgi?id=4263
Summary: Symlinks gets corruped when rsyncd is used to 'put' the
symlink.
Product: rsync
Version: 2.6.8
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: critical
Priority: P3
Component: core
AssignedTo:
2004 May 29
1
[patch] Filename conversion
...al example using "tr" is due to these heuristics; it occurs just
once per rsync invocation, not for every file.
I believe there are no server-side security implications, since all
conversion is done at the client and the server is oblivious to it. On
the client, conversion is done before sanitize_path() and besides,
providing a sane converter program is the client's responsibility anyway.
In verbose mode the updating of non-regular files is reported via
rprintf() by the server, so the client will see the converted filename
instead the raw filename -- see my comment in recv_generator(). Fixi...
2006 Jan 24
1
propagate atimes with rsync-2.6.6 (fwd)
...t.c
--- rsync-2.6.6/flist.c 2005-07-07 21:49:14.000000000 +0200
+++ rsync-2.6.6_patch/flist.c 2006-01-07 14:04:38.000000000 +0100
@@ -54,6 +54,7 @@
extern int implied_dirs;
extern int copy_links;
extern int copy_unsafe_links;
+extern int remote_protocol;
extern int protocol_version;
extern int sanitize_paths;
extern int orig_umask;
@@ -314,6 +315,7 @@
{
unsigned short flags;
static time_t modtime;
+ static time_t acctime;
static mode_t mode;
static int64 dev;
static dev_t rdev;
@@ -329,7 +331,7 @@
if (!file) {
write_byte(f, 0);
- modtime = 0, mode = 0;
+ modtime = 0, acctime = 0,...
2001 Nov 20
2
rsync server over SSH [includes code patches]
...iled\n", lp_path(i));
! io_printf(fd,"@ERROR: chdir failed\n");
return -1;
}
} else {
if (!push_dir(lp_path(i), 0)) {
rprintf(FERROR,"chdir %s failed\n", lp_path(i));
! io_printf(fd,"@ERROR: chdir failed\n");
return -1;
}
sanitize_paths = 1;
--- 254,273 ----
if (use_chroot) {
if (chroot(lp_path(i))) {
rprintf(FERROR,"chroot %s failed\n", lp_path(i));
! io_printf(f_out,"@ERROR: chroot failed\n");
return -1;
}
if (!push_dir("/", 0)) {
rprintf(FERROR,"chdir %s fa...
2010 Jun 15
3
about rsyncing of block devices
Hiya,
I can see it's a regular subject on this list.
I, like others wanted to use rsync to synchronise two block
devices (as it happens one lvm volume and one nbd device served
by qemu-img on a remote host from a qcow2 disk image so that I
can keep the old versions)
As I couldn't find any report of it being done successfully,
I'm just sharing my findings as it might benefit others.
2001 Aug 06
1
merge rsync+ into rsync (was Re: rsync-2.4.7 NEWS file)
> Just curious: what about the rsync+ patch?
Thanks for the reminder.
I've just committed Jos's rsync+ patch onto the
"branch_mbp_rsyncplus_merge" branch. If it works OK and nobody
screams I will move it across onto the main tree tomorrow or
Wednesday.
I see the patch doesn't add documentation about the new options to the
man page, so we should fix that in the future.