Attachment #111576 for bug #152869

View | Details | Raw Unified | Return to bug 152869
Collapse All | Expand All

Lines 71-77 Link Here

(-)Makefile (-1 / +1 lines)
71		71
72	PORTNAME= scponly	72	PORTNAME= scponly
73	PORTVERSION= 4.8	73	PORTVERSION= 4.8
74	PORTREVISION= 1	74	PORTREVISION= 2
75	CATEGORIES= shells security	75	CATEGORIES= shells security
76	MASTER_SITES= http://www.sublimation.org/scponly/ \	76	MASTER_SITES= http://www.sublimation.org/scponly/ \
77	SF/${PORTNAME}/${PORTNAME}/${PORTNAME}-${PORTVERSION}	77	SF/${PORTNAME}/${PORTNAME}/${PORTNAME}-${PORTVERSION}

Lines 1-3 Link Here

(-)distinfo (-1 lines)
1	MD5 (scponly-4.8.tgz) = 139ac9abd7f3b8dbc5c5520745318f8a
2	SHA256 (scponly-4.8.tgz) = 1693dd678355749c5d9e48ecdd4628dbfe71d82955afde950ee8d88b5adc01cf	1	SHA256 (scponly-4.8.tgz) = 1693dd678355749c5d9e48ecdd4628dbfe71d82955afde950ee8d88b5adc01cf
3	SIZE (scponly-4.8.tgz) = 101687	2	SIZE (scponly-4.8.tgz) = 101687




--- helper.c	2007/08/10 18:37:27	1.24
+++ helper.c	2008/03/08 18:57:48	1.25
@@ -26,6 +26,11 @@
 #endif
 #endif
 
+#ifdef RSYNC_COMPAT
+#define RSYNC_ARG_SERVER 0x01
+#define RSYNC_ARG_EXECUTE 0x02
+#endif
+
 #define MAX(x,y)	( ( x > y ) ? x : y )
 #define MIN(x,y)	( ( x < y ) ? x : y )
 
@@ -164,6 +169,13 @@
 	int			ch;
 	int			ac=0;
 	int			longopt_index = 0;
+#ifdef RSYNC_COMPAT
+	/* 
+	 * bitwise flag: 0x01 = server, 0x02 = -e.
+	 * Thus 0x03 is allowed and 0x01 is allowed, but 0x02 is not allowed
+	 */
+	int			rsync_flags = 0; 
+#endif /* RSYNC_COMPAT */
 
 	while (cmdarg != NULL)
 	{
@@ -182,7 +194,7 @@
 			 */
 			if (1 == cmdarg->getoptflag)
 			{
-				debug(LOG_DEBUG, "Using getopt processing for cmd %s\n (%s)", cmdarg->name, logstamp());
+				debug(LOG_DEBUG, "Using getopt processing for cmd%s\n (%s)", cmdarg->name, logstamp());
 				/*	
 				 *	first count the arguments in the vector
 				 */
@@ -207,7 +219,7 @@
 				 *	otherwise, try a glibc-style reset of the global getopt vars
 				 */
 				optind=0;
-#endif
+#endif /* HAVE_OPTRESET */
 				/*
 				 *	tell getopt to only be strict if the 'opts' is well defined
 				 */
@@ -216,6 +228,18 @@
 					
 					debug(LOG_DEBUG, "getopt processing returned '%c' (%s)", ch, logstamp());
 					
+#ifdef RSYNC_COMPAT
+					if (exact_match(cmdarg->name, PROG_RSYNC) && (ch == 's' || ch == 'e')) {
+						if (ch == 's')
+							rsync_flags |= RSYNC_ARG_SERVER;
+						else
+							/* -e */
+							rsync_flags |= RSYNC_ARG_EXECUTE;
+						debug(LOG_DEBUG, "rsync_flags are now set to: %0x", rsync_flags);
+					}
+					else
+#endif /* RSYNC_COMPAT */
+
 					/* if the character is found in badarg, then it's not a permitted option */
 					if (cmdarg->badarg != NULL && (strchr(cmdarg->badarg, ch) != NULL))
 					{
@@ -230,14 +254,23 @@
 						return 1;
 					}
 				}
-#elif
+#ifdef RSYNC_COMPAT
+				/* it's not safe if the execute flag was set and server was not set */
+				if ((rsync_flags & RSYNC_ARG_EXECUTE) != 0 && (rsync_flags & RSYNC_ARG_SERVER) == 0) {
+						syslog(LOG_ERR, "option 'e' is not allowed unless '--server' is also set with cmd %s (%s)", 
+							PROG_RSYNC, logstamp());
+						return 1;
+				}
+#endif /* RSYNC_COMPAT */
+
+#elif /* HAVE_GETOPT */
 				/*
 				 * make sure that processing doesn't continue if we can't validate a rsync check
 				 * and if the getopt flag is set.
 				 */
 				syslog(LOG_ERR, "a getopt() argument check could not be performed for %s, recompile scponly without support for %s or rebuild scponly with getopt", av[0], av[0]);
 				return 1;
-#endif
+#endif /* HAVE_GETOPT */
 			}
 			else
 			/*




--- scponly.c	2008/01/15 06:30:20	1.45
+++ scponly.c	2008/03/08 18:57:48	1.46
@@ -91,16 +91,18 @@
 
 #ifdef RSYNC_COMPAT
 struct option rsync_longopts[] = {
+	/* options we need to know about that are safe */
+	{"server",			0,	0,		(int)'s'},
 	/* I use 'e' for val here because that's what's listed in cmd_arg_t->badarg  */
-	{"rsh", 			1,	0,		(int)'e'},
+	{"rsh", 			1,	0,		(int)'r'},
 	/* the following are disabled because they use daemon mode */
-	{"daemon",			0,	0,		(int)'e'},
-	{"rsync-path",		1,	0,		(int)'e'},
-	{"address",			1,	0,		(int)'e'},
-	{"port",			1,	0,		(int)'e'},
-	{"sockopts",		1,	0,		(int)'e'},
-	{"config",			1,	0,		(int)'e'},
-	{"no-detach",		0,	0,		(int)'e'},
+	{"daemon",			0,	0,		(int)'d'},
+	{"rsync-path",		1,	0,		(int)'d'},
+	{"address",			1,	0,		(int)'d'},
+	{"port",			1,	0,		(int)'d'},
+	{"sockopts",		1,	0,		(int)'d'},
+	{"config",			1,	0,		(int)'d'},
+	{"no-detach",		0,	0,		(int)'d'},
 	{ NULL,				0,	NULL,	0 },
 	};
 #endif
@@ -157,7 +159,7 @@
 	{ PROG_SCP, 		1, 				1,				"SoF",			"dfl:prtvBCc:i:P:q1246S:o:F:", empty_longopts },
 #endif
 #ifdef RSYNC_COMPAT
-	{ PROG_RSYNC, 		1, 				0,				"e",			"e:",			rsync_longopts },
+	{ PROG_RSYNC, 		1, 				0,				"rde",			"e::",			rsync_longopts },
 #endif	
 #ifdef UNISON_COMPAT	
 	{ PROG_UNISON, 		0, 				0,				"-rshcmd",		NULL, 			empty_longopts },

Return to bug 152869

Lines 1-11 Link Here

(-)files/patch-helper.c (-4 / +84 lines)
1	--- helper.c.orig 2010-01-05 21:06:05.000000000 -0800	1	--- helper.c 2007/08/10 18:37:27 1.24
2	+++ helper.c 2010-01-05 21:06:18.000000000 -0800	2	+++ helper.c 2008/03/08 18:57:48 1.25
3	@@ -230,7 +230,7 @@	3	@@ -26,6 +26,11 @@
		4	#endif
		5	#endif
		6
		7	+#ifdef RSYNC_COMPAT
		8	+#define RSYNC_ARG_SERVER 0x01
		9	+#define RSYNC_ARG_EXECUTE 0x02
		10	+#endif
		11	+
		12	#define MAX(x,y) ( ( x > y ) ? x : y )
		13	#define MIN(x,y) ( ( x < y ) ? x : y )
		14
		15	@@ -164,6 +169,13 @@
		16	int ch;
		17	int ac=0;
		18	int longopt_index = 0;
		19	+#ifdef RSYNC_COMPAT
		20	+ /*
		21	+ * bitwise flag: 0x01 = server, 0x02 = -e.
		22	+ * Thus 0x03 is allowed and 0x01 is allowed, but 0x02 is not allowed
		23	+ */
		24	+ int rsync_flags = 0;
		25	+#endif /* RSYNC_COMPAT */
		26
		27	while (cmdarg != NULL)
		28	{
		29	@@ -182,7 +194,7 @@
		30	*/
		31	if (1 == cmdarg->getoptflag)
		32	{
		33	- debug(LOG_DEBUG, "Using getopt processing for cmd %s\n (%s)", cmdarg->name, logstamp());
		34	+ debug(LOG_DEBUG, "Using getopt processing for cmd%s\n (%s)", cmdarg->name, logstamp());
		35	/*
		36	* first count the arguments in the vector
		37	*/
		38	@@ -207,7 +219,7 @@
		39	* otherwise, try a glibc-style reset of the global getopt vars
		40	*/
		41	optind=0;
		42	-#endif
		43	+#endif /* HAVE_OPTRESET */
		44	/*
		45	* tell getopt to only be strict if the 'opts' is well defined
		46	*/
		47	@@ -216,6 +228,18 @@
		48
		49	debug(LOG_DEBUG, "getopt processing returned '%c' (%s)", ch, logstamp());
		50
		51	+#ifdef RSYNC_COMPAT
		52	+ if (exact_match(cmdarg->name, PROG_RSYNC) && (ch == 's' \|\| ch == 'e')) {
		53	+ if (ch == 's')
		54	+ rsync_flags \|= RSYNC_ARG_SERVER;
		55	+ else
		56	+ /* -e */
		57	+ rsync_flags \|= RSYNC_ARG_EXECUTE;
		58	+ debug(LOG_DEBUG, "rsync_flags are now set to: %0x", rsync_flags);
		59	+ }
		60	+ else
		61	+#endif /* RSYNC_COMPAT */
		62	+
		63	/* if the character is found in badarg, then it's not a permitted option */
		64	if (cmdarg->badarg != NULL && (strchr(cmdarg->badarg, ch) != NULL))
		65	{
		66	@@ -230,14 +254,23 @@
4	return 1;	67	return 1;
5	}	68	}
6	}	69	}
7	-#elif	70	-#elif
8	+#else	71	+#ifdef RSYNC_COMPAT
		72	+ /* it's not safe if the execute flag was set and server was not set */
		73	+ if ((rsync_flags & RSYNC_ARG_EXECUTE) != 0 && (rsync_flags & RSYNC_ARG_SERVER) == 0) {
		74	+ syslog(LOG_ERR, "option 'e' is not allowed unless '--server' is also set with cmd %s (%s)",
		75	+ PROG_RSYNC, logstamp());
		76	+ return 1;
		77	+ }
		78	+#endif /* RSYNC_COMPAT */
		79	+
		80	+#elif /* HAVE_GETOPT */
9	/*	81	/*
10	* make sure that processing doesn't continue if we can't validate a rsync check	82	* make sure that processing doesn't continue if we can't validate a rsync check
11	* and if the getopt flag is set.	83	* and if the getopt flag is set.
		84	*/
		85	syslog(LOG_ERR, "a getopt() argument check could not be performed for %s, recompile scponly without support for %s or rebuild scponly with getopt", av[0], av[0]);
		86	return 1;
		87	-#endif
		88	+#endif /* HAVE_GETOPT */
		89	}
		90	else
		91	/*

Added Link Here

(-)files/patch-scponly.c (+38 lines)
1	--- scponly.c 2008/01/15 06:30:20 1.45
2	+++ scponly.c 2008/03/08 18:57:48 1.46
3	@@ -91,16 +91,18 @@
4
5	#ifdef RSYNC_COMPAT
6	struct option rsync_longopts[] = {
7	+ /* options we need to know about that are safe */
8	+ {"server", 0, 0, (int)'s'},
9	/* I use 'e' for val here because that's what's listed in cmd_arg_t->badarg */
10	- {"rsh", 1, 0, (int)'e'},
11	+ {"rsh", 1, 0, (int)'r'},
12	/* the following are disabled because they use daemon mode */
13	- {"daemon", 0, 0, (int)'e'},
14	- {"rsync-path", 1, 0, (int)'e'},
15	- {"address", 1, 0, (int)'e'},
16	- {"port", 1, 0, (int)'e'},
17	- {"sockopts", 1, 0, (int)'e'},
18	- {"config", 1, 0, (int)'e'},
19	- {"no-detach", 0, 0, (int)'e'},
20	+ {"daemon", 0, 0, (int)'d'},
21	+ {"rsync-path", 1, 0, (int)'d'},
22	+ {"address", 1, 0, (int)'d'},
23	+ {"port", 1, 0, (int)'d'},
24	+ {"sockopts", 1, 0, (int)'d'},
25	+ {"config", 1, 0, (int)'d'},
26	+ {"no-detach", 0, 0, (int)'d'},
27	{ NULL, 0, NULL, 0 },
28	};
29	#endif
30	@@ -157,7 +159,7 @@
31	{ PROG_SCP, 1, 1, "SoF", "dfl:prtvBCc:i:P:q1246S:o:F:", empty_longopts },
32	#endif
33	#ifdef RSYNC_COMPAT
34	- { PROG_RSYNC, 1, 0, "e", "e:", rsync_longopts },
35	+ { PROG_RSYNC, 1, 0, "rde", "e::", rsync_longopts },
36	#endif
37	#ifdef UNISON_COMPAT
38	{ PROG_UNISON, 0, 0, "-rshcmd", NULL, empty_longopts },