refuse fuzzy options when fuzzy not selected

this prevents a malicious server providing a file to compare to when
the user has not given the fuzzy option

diff --git a/receiver.c b/receiver.c
index 6b4b369ee8a5ebde0f63aeb78cc0374ac9e89066..2d7f603302c0fdada40d70d433487676788d1d48 100644 (file)
--- a/receiver.c
+++ b/receiver.c
@@ -66,6 +66,7 @@ extern char sender_file_sum[MAX_DIGEST_LEN];
 extern struct file_list *cur_flist, *first_flist, *dir_flist;
 extern filter_rule_list daemon_filter_list;
 extern OFF_T preallocated_len;
+extern int fuzzy_basis;
 
 extern struct name_num_item *xfer_sum_nni;
 extern int xfer_sum_len;
@@ -716,6 +717,10 @@ int recv_files(int f_in, int f_out, char *local_name)
                                fnamecmp = get_backup_name(fname);
                                break;
                        case FNAMECMP_FUZZY:
+                               if (fuzzy_basis == 0) {
+                                       rprintf(FERROR_XFER, "rsync: refusing malicious fuzzy operation for %s\n", xname);
+                                       exit_cleanup(RERR_PROTOCOL);
+                               }
                                if (file->dirname) {
                                        pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, file->dirname, xname);
                                        fnamecmp = fnamecmpbuf;