diff options
| author | David Bremner <david@tethera.net> | 2020-07-18 21:11:28 -0300 |
|---|---|---|
| committer | David Bremner <david@tethera.net> | 2020-07-22 19:52:55 -0300 |
| commit | c477d7ce311335fda16a15e624ca3931d79144cf (patch) | |
| tree | c78db52fb1be1b43442797abe9d95aa9792a21ea | |
| parent | be3f4aec3f9006d066fe092e7fe0810c5a0f86e0 (diff) | |
lib: convert relative filenames to absolute in n_d_index_file
The API docs promise to handle relative filenames, but the code did
not do it.
Also check for files outside the mail root, as implied by the API
description.
This fixes the bug reported at
id:87sgdqo0rz.fsf@tethera.net
| -rw-r--r-- | lib/message-file.c | 24 | ||||
| -rwxr-xr-x | test/T562-lib-database.sh | 18 |
2 files changed, 37 insertions, 5 deletions
diff --git a/lib/message-file.c b/lib/message-file.c index e1db26fb..311bd478 100644 --- a/lib/message-file.c +++ b/lib/message-file.c @@ -64,21 +64,37 @@ _notmuch_message_file_open_ctx (notmuch_database_t *notmuch, if (unlikely (message == NULL)) return NULL; - message->filename = talloc_strdup (message, filename); + const char *prefix = notmuch_database_get_path (notmuch); + if (prefix == NULL) + goto FAIL; + + if (*filename == '/') { + if (strncmp (filename, prefix, strlen(prefix)) != 0) { + _notmuch_database_log (notmuch, "Error opening %s: path outside mail root\n", + filename); + errno = 0; + goto FAIL; + } + message->filename = talloc_strdup (message, filename); + } else { + message->filename = talloc_asprintf(message, "%s/%s", prefix, filename); + } + if (message->filename == NULL) goto FAIL; talloc_set_destructor (message, _notmuch_message_file_destructor); - message->stream = g_mime_stream_gzfile_open (filename); + message->stream = g_mime_stream_gzfile_open (message->filename); if (message->stream == NULL) goto FAIL; return message; FAIL: - _notmuch_database_log (notmuch, "Error opening %s: %s\n", - filename, strerror (errno)); + if (errno) + _notmuch_database_log (notmuch, "Error opening %s: %s\n", + filename, strerror (errno)); _notmuch_message_file_close (message); return NULL; diff --git a/test/T562-lib-database.sh b/test/T562-lib-database.sh index e8263a14..e64f0f12 100755 --- a/test/T562-lib-database.sh +++ b/test/T562-lib-database.sh @@ -258,7 +258,6 @@ test_expect_equal_file EXPECTED OUTPUT generate_message '[filename]=relative_path' test_begin_subtest "index file (relative path)" -test_subtest_known_broken cat c_head - c_tail <<'EOF' | test_C ${MAIL_DIR} { notmuch_message_t *msg; @@ -273,4 +272,21 @@ cat <<EOF > EXPECTED EOF test_expect_equal_file EXPECTED OUTPUT +test_begin_subtest "index file (absolute path outside mail root)" +cat c_head - c_tail <<'EOF' | test_C ${MAIL_DIR} + { + notmuch_message_t *msg; + stat = notmuch_database_index_file (db, "/dev/zero", NULL, &msg); + printf ("%d\n", stat == NOTMUCH_STATUS_FILE_ERROR); + } +EOF +cat <<EOF > EXPECTED +== stdout == +1 +== stderr == +Error opening /dev/zero: path outside mail root +EOF +test_expect_equal_file EXPECTED OUTPUT + + test_done |