X-Git-Url: https://git.notmuchmail.org/git?a=blobdiff_plain;f=lib%2Fmessage-file.c;h=9e9b387fcc697a8e8b3d13a8bbbd03147714ef58;hb=e823d05ae6dc920d4fc9abf774c3d2575d891d7b;hp=e1db26fb8c143540db9b96d5e3a67f7f3bc19da3;hpb=7ad7cfbff232431377562271901ee00202bf0bd0;p=notmuch

diff --git a/lib/message-file.c b/lib/message-file.c
index e1db26fb..9e9b387f 100644
--- a/lib/message-file.c
+++ b/lib/message-file.c
@@ -64,21 +64,38 @@ _notmuch_message_file_open_ctx (notmuch_database_t *notmuch,
     if (unlikely (message == NULL))
 	return NULL;
 
-    message->filename = talloc_strdup (message, filename);
+    const char *prefix = notmuch_config_get (notmuch, NOTMUCH_CONFIG_MAIL_ROOT);
+
+    if (prefix == NULL)
+	goto FAIL;
+
+    if (*filename == '/') {
+	if (strncmp (filename, prefix, strlen (prefix)) != 0) {
+	    _notmuch_database_log (notmuch, "Error opening %s: path outside mail root\n",
+				   filename);
+	    errno = 0;
+	    goto FAIL;
+	}
+	message->filename = talloc_strdup (message, filename);
+    } else {
+	message->filename = talloc_asprintf (message, "%s/%s", prefix, filename);
+    }
+
     if (message->filename == NULL)
 	goto FAIL;
 
     talloc_set_destructor (message, _notmuch_message_file_destructor);
 
-    message->stream = g_mime_stream_gzfile_open (filename);
+    message->stream = g_mime_stream_gzfile_open (message->filename);
     if (message->stream == NULL)
 	goto FAIL;
 
     return message;
 
   FAIL:
-    _notmuch_database_log (notmuch, "Error opening %s: %s\n",
-			   filename, strerror (errno));
+    if (errno)
+	_notmuch_database_log (notmuch, "Error opening %s: %s\n",
+			       filename, strerror (errno));
     _notmuch_message_file_close (message);
 
     return NULL;