===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/rsync/receiver.c,v
retrieving revision 1.25.2.1
retrieving revision 1.26
diff -u -r1.25.2.1 -r1.26
--- src/usr.bin/rsync/receiver.c	2021/11/09 13:41:24	1.25.2.1
+++ src/usr.bin/rsync/receiver.c	2021/05/06 07:29:59	1.26
@@ -1,4 +1,4 @@
-/*	$Id: receiver.c,v 1.25.2.1 2021/11/09 13:41:24 benno Exp $ */
+/*	$Id: receiver.c,v 1.26 2021/05/06 07:29:59 claudio Exp $ */
 
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -20,7 +20,6 @@
 #include <sys/stat.h>
 
 #include <assert.h>
-#include <err.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <inttypes.h>
@@ -172,7 +171,7 @@
 rsync_receiver(struct sess *sess, int fdin, int fdout, const char *root)
 {
 	struct flist	*fl = NULL, *dfl = NULL;
-	size_t		 i, flsz = 0, dflsz = 0;
+	size_t		 i, flsz = 0, dflsz = 0, excl;
 	char		*tofree;
 	int		 rc = 0, dfd = -1, phase = 0, c;
 	int32_t		 ioerror;
@@ -181,55 +180,29 @@
 	struct upload	*ul = NULL;
 	mode_t		 oumask;
 
-	if (pledge("stdio unix rpath wpath cpath dpath fattr chown getpw unveil", NULL) == -1)
-		err(ERR_IPC, "pledge");
+	if (pledge("stdio unix rpath wpath cpath dpath fattr chown getpw unveil", NULL) == -1) {
+		ERR("pledge");
+		goto out;
+	}
 
-	/*
-	 * Create the path for our destination directory, if we're not
-	 * in dry-run mode (which would otherwise crash w/the pledge).
-	 * This uses our current umask: we might set the permissions on
-	 * this directory in post_dir().
-	 */
+	/* Client sends zero-length exclusions. */
 
-	if (!sess->opts->dry_run) {
-		if ((tofree = strdup(root)) == NULL)
-			err(ERR_NOMEM, NULL);
-		if (mkpath(tofree) < 0)
-			err(ERR_FILE_IO, "%s: mkpath", tofree);
-		free(tofree);
+	if (!sess->opts->server &&
+	     !io_write_int(sess, fdout, 0)) {
+		ERRX1("io_write_int");
+		goto out;
 	}
 
-	/*
-	 * Make our entire view of the file-system be limited to what's
-	 * in the root directory.
-	 * This prevents us from accidentally (or "under the influence")
-	 * writing into other parts of the file-system.
-	 */
-	if (sess->opts->basedir[0]) {
-		/*
-		 * XXX just unveil everything for read
-		 * Could unveil each basedir or maybe a common path
-		 * also the fact that relative path are relative to the
-		 * root does not help.
-		 */
-		if (unveil("/", "r") == -1)
-			err(ERR_IPC, "%s: unveil", root);
+	if (sess->opts->server && sess->opts->del) {
+		if (!io_read_size(sess, fdin, &excl)) {
+			ERRX1("io_read_size");
+			goto out;
+		} else if (excl != 0) {
+			ERRX("exclusion list is non-empty");
+			goto out;
+		}
 	}
 
-	if (unveil(root, "rwc") == -1)
-		err(ERR_IPC, "%s: unveil", root);
-
-	if (unveil(NULL, NULL) == -1)
-		err(ERR_IPC, "unveil");
-
-	/* Client sends exclusions. */
-	if (!sess->opts->server)
-		send_rules(sess, fdout);
-
-	/* Server receives exclusions if delete is on. */
-	if (sess->opts->server && sess->opts->del)
-		recv_rules(sess, fdin);
-
 	/*
 	 * Start by receiving the file list and our mystery number.
 	 * These we're going to be touching on our local system.
@@ -260,6 +233,25 @@
 	LOG2("%s: receiver destination", root);
 
 	/*
+	 * Create the path for our destination directory, if we're not
+	 * in dry-run mode (which would otherwise crash w/the pledge).
+	 * This uses our current umask: we might set the permissions on
+	 * this directory in post_dir().
+	 */
+
+	if (!sess->opts->dry_run) {
+		if ((tofree = strdup(root)) == NULL) {
+			ERR("strdup");
+			goto out;
+		} else if (mkpath(tofree) < 0) {
+			ERRX1("%s: mkpath", root);
+			free(tofree);
+			goto out;
+		}
+		free(tofree);
+	}
+
+	/*
 	 * Disable umask() so we can set permissions fully.
 	 * Then open the directory iff we're not in dry_run.
 	 */
@@ -267,9 +259,11 @@
 	oumask = umask(0);
 
 	if (!sess->opts->dry_run) {
-		dfd = open(root, O_RDONLY | O_DIRECTORY);
-		if (dfd == -1)
-			err(ERR_FILE_IO, "%s: open", root);
+		dfd = open(root, O_RDONLY | O_DIRECTORY, 0);
+		if (dfd == -1) {
+			ERR("%s: open", root);
+			goto out;
+		}
 	}
 
 	/*
@@ -281,6 +275,21 @@
 	    sess->opts->recursive &&
 	    !flist_gen_dels(sess, root, &dfl, &dflsz, fl, flsz)) {
 		ERRX1("flist_gen_local");
+		goto out;
+	}
+
+	/*
+	 * Make our entire view of the file-system be limited to what's
+	 * in the root directory.
+	 * This prevents us from accidentally (or "under the influence")
+	 * writing into other parts of the file-system.
+	 */
+
+	if (unveil(root, "rwc") == -1) {
+		ERR("%s: unveil", root);
+		goto out;
+	} else if (unveil(NULL, NULL) == -1) {
+		ERR("%s: unveil", root);
 		goto out;
 	}