From: Wayne Davison <wayned@samba.org>
Date: Mon, 3 Mar 2014 00:37:44 +0000 (-0800)
Subject: Have receiver strip bogus leading slashes on filenames.
X-Git-Tag: v3.1.1pre2~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=371242e4e8150d4f9cc74cdf2d75d8250535175e;p=thirdparty%2Frsync.git

Have receiver strip bogus leading slashes on filenames.

If the receiver is running without --relative, it shouldn't be receiving
any filenames with a leading slash.  To ensure that the sender doesn't
try to pull a fast one on us, we now make flist_sort_and_clean() strip a
leading slash even if --relative isn't specified.
---

diff --git a/flist.c b/flist.c
index 6f2a926e..a0f05dd0 100644
--- a/flist.c
+++ b/flist.c
@@ -2553,7 +2553,11 @@ struct file_list *recv_file_list(int f)
 			rprintf(FINFO, "[%s] flist_eof=1\n", who_am_i());
 	}
 
-	flist_sort_and_clean(flist, relative_paths);
+	/* The --relative option sends paths with a leading slash, so we need
+	 * to specify the strip_root option here.  We also want to ensure that
+	 * a non-relative transfer doesn't have any leading slashes or it might
+	 * cause the client a security issue. */
+	flist_sort_and_clean(flist, 1);
 
 	if (protocol_version < 30) {
 		/* Recv the io_error flag */