[CVE-2017-17434] Sanitize xname in read_ndx_and_attrs.

Change-Id: I0094d093dd77955b0d4abe222e613e1b9d1a8a5f Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
author: Jeriko One <jeriko.one@gmx.us> 2017-11-16 17:05:42 -0800
committer: DongHun Kwak <dh0128.kwak@samsung.com> 2021-03-11 16:01:33 +0900
commit: c8ec757b4d7f1690b523b2a709b84efdab5f9116 (patch)
tree: e6962008ab4f042a521a9b0059f5d06082ccd2fe
parent: 0860b3d8f125f9a2d94c275d280615c67665922b (diff)
download: rsync-c8ec757b4d7f1690b523b2a709b84efdab5f9116.tar.gz
rsync-c8ec757b4d7f1690b523b2a709b84efdab5f9116.tar.bz2
rsync-c8ec757b4d7f1690b523b2a709b84efdab5f9116.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/rsync.c b/rsync.c
index c498c44f..521f7dee 100644
--- a/rsync.c
+++ b/rsync.c
@@ -49,6 +49,7 @@ extern int flist_eof;
 extern int file_old_total;
 extern int keep_dirlinks;
 extern int make_backups;
+extern int sanitize_paths;
 extern struct file_list *cur_flist, *first_flist, *dir_flist;
 extern struct chmod_mode_struct *daemon_chmod_modes;
 #ifdef ICONV_OPTION
@@ -396,6 +397,11 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr,
 	if (iflags & ITEM_XNAME_FOLLOWS) {
 		if ((len = read_vstring(f_in, buf, MAXPATHLEN)) < 0)
 			exit_cleanup(RERR_PROTOCOL);
+
+		if (sanitize_paths) {
+			sanitize_path(buf, buf, "", 0, SP_DEFAULT);
+			len = strlen(buf);
+		}
 	} else {
 		*buf = '\0';
 		len = -1;
author	Jeriko One <jeriko.one@gmx.us>	2017-11-16 17:05:42 -0800
committer	DongHun Kwak <dh0128.kwak@samsung.com>	2021-03-11 16:01:33 +0900
commit	c8ec757b4d7f1690b523b2a709b84efdab5f9116 (patch)
tree	e6962008ab4f042a521a9b0059f5d06082ccd2fe
parent	0860b3d8f125f9a2d94c275d280615c67665922b (diff)
download	rsync-c8ec757b4d7f1690b523b2a709b84efdab5f9116.tar.gz rsync-c8ec757b4d7f1690b523b2a709b84efdab5f9116.tar.bz2 rsync-c8ec757b4d7f1690b523b2a709b84efdab5f9116.zip