1 files changed, 57 insertions, 0 deletions

diff --git a/extra/rssh/rsync.patch b/extra/rssh/rsync.patch
new file mode 100644
index 000000000..cafd6c54b
--- /dev/null
+++ b/extra/rssh/rsync.patch
@@ -0,0 +1,57 @@
+diff -aur old//util.c new//util.c
+--- old//util.c	2010-08-01 15:07:00.000000000 +0200
++++ new//util.c	2010-11-25 18:16:24.086709600 +0100
+@@ -56,6 +56,7 @@
+ #ifdef HAVE_LIBGEN_H
+ #include <libgen.h>
+ #endif /* HAVE_LIBGEN_H */
++#include <regex.h>
+ 
+ /* LOCAL INCLUDES */
+ #include "pathnames.h"
+@@ -187,6 +188,33 @@
+ }
+ 
+ /*
++ * check_rsync_e() - take the command line passed to rssh and look for a -e
++ *                   option.  If one is found, make sure --server is provided
++ *                   and the option contains only the protocol information.
++ *                   Returns 1 if the command line is safe; 0 otherwise.
++ */
++static int check_rsync_e( char *cl )
++{
++	int	status;
++	regex_t	re;
++
++	/*
++	 * This is more complicated than it looks because we don't want to
++	 * trigger on the e in --server, but we do want to catch the common
++	 * case of -ltpre.iL (which contains -e.).
++	 */
++	static const char pattern[] = "[ \t\v\f]-([^-][^ ]*)?e[^.0-9]";
++
++	if ( strstr(cl, "--server") == NULL ) return 0;
++	if ( regcomp(&re, pattern, REG_EXTENDED | REG_NOSUB) != 0 ){
++		return 0;
++	}
++	status = regexec(&re, cl, 0, NULL, 0);
++	regfree(&re);
++	return (status == 0) ? 0 : 1;
++}
++
++/*
+  * check_command_line() - take the command line passed to rssh, and verify
+  * 			  that the specified command is one the user is
+  * 			  allowed to run.  Return the path of the command
+@@ -230,9 +258,9 @@
+ 
+ 	if ( check_command(cl, opts, PATH_RSYNC, RSSH_ALLOW_RSYNC) ){
+ 		/* filter -e option */
+-		if ( opt_exist(cl, 'e') ){
++		if ( opt_exist(cl, 'e') && !check_rsync_e(cl) ){
+ 			fprintf(stderr, "\ninsecure -e option not allowed.");
+-			log_msg("insecure -e option in rdist command line!");
++			log_msg("insecure -e option in rsync command line!");
+ 			return NULL;
+ 		}
+