Have receiver strip bogus leading slashes on filenames.

If the receiver is running without --relative, it shouldn't be receiving
any filenames with a leading slash.  To ensure that the sender doesn't
try to pull a fast one on us, we now make flist_sort_and_clean() strip a
leading slash even if --relative isn't specified.

diff --git a/flist.c b/flist.c
index 6f2a926e6d4da2928c5d32b3a7dad115cc975269..a0f05dd020a75d323e1e91a18142dd4e08388267 100644 (file)
--- a/flist.c
+++ b/flist.c
@@ -2553,7 +2553,11 @@ struct file_list *recv_file_list(int f)
                        rprintf(FINFO, "[%s] flist_eof=1\n", who_am_i());
        }
 
-       flist_sort_and_clean(flist, relative_paths);
+       /* The --relative option sends paths with a leading slash, so we need
+        * to specify the strip_root option here.  We also want to ensure that
+        * a non-relative transfer doesn't have any leading slashes or it might
+        * cause the client a security issue. */
+       flist_sort_and_clean(flist, 1);
 
        if (protocol_version < 30) {
                /* Recv the io_error flag */