Ignore --protect-args when already sent by client

In parse_arguments when --protect-args is encountered the function exits
early. The caller is expected to check protect_args, and recall
parse_arguments setting protect_args to 2. This patch prevents the
client from resetting protect_args during the second pass of
parse_arguments. This prevents parse_arguments returning early the
second time before it's able to sanitize the arguments it received.

diff --git a/options.c b/options.c
index 64ec8b84e76f966d7d92fb49e47df2f723d7c6f4..cb94ef03aba47221410a26f8e0bae5673092d91e 100644 (file)
--- a/options.c
+++ b/options.c
@@ -1313,6 +1313,7 @@ int parse_arguments(int *argc_p, const char ***argv_p)
        const char *arg, **argv = *argv_p;
        int argc = *argc_p;
        int opt;
+       int orig_protect_args = protect_args;
 
        if (ref && *ref)
                set_refuse_options(ref);
@@ -1934,6 +1935,10 @@ int parse_arguments(int *argc_p, const char ***argv_p)
        if (fuzzy_basis > 1)
                fuzzy_basis = basis_dir_cnt + 1;
 
+       /* Don't let the client reset protect_args if it was already processed */
+       if (orig_protect_args == 2 && am_server)
+               protect_args = orig_protect_args;
+
        if (protect_args == 1 && am_server)
                return 1;