- /* Only needed for error messages during parsing. */
- message->filename = talloc_strdup (message, filename);
+ const char *prefix = notmuch_database_get_path (notmuch);
+ if (prefix == NULL)
+ goto FAIL;
+
+ if (*filename == '/') {
+ if (strncmp (filename, prefix, strlen(prefix)) != 0) {
+ _notmuch_database_log (notmuch, "Error opening %s: path outside mail root\n",
+ filename);
+ errno = 0;
+ goto FAIL;
+ }
+ message->filename = talloc_strdup (message, filename);
+ } else {
+ message->filename = talloc_asprintf(message, "%s/%s", prefix, filename);
+ }
+