[PATCH v2 09/20] insert: prevent writes outside Maildir hierarchy
Peter Wang
novalazy at gmail.com
Sat Nov 24 17:16:35 PST 2012
Don't accept a --folder name that contains a ".." component,
in order to prevent writing outside of the Maildir hierarchy.
---
notmuch-insert.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/notmuch-insert.c b/notmuch-insert.c
index a50eacc..022f7cd 100644
--- a/notmuch-insert.c
+++ b/notmuch-insert.c
@@ -38,6 +38,23 @@ safe_gethostname (char *hostname, size_t len)
return (strchr (hostname, '/') == NULL);
}
+/* Check the specified folder name does not contain a directory
+ * component ".." to prevent writes outside of the Maildir hierarchy. */
+static notmuch_bool_t
+check_folder_name (const char *folder)
+{
+ const char *p = folder;
+
+ for (;;) {
+ if ((p[0] == '.') && (p[1] == '.') && (p[2] == '\0' || p[2] == '/'))
+ return FALSE;
+ p = strchr (p, '/');
+ if (!p)
+ return TRUE;
+ p++;
+ }
+}
+
/* Open a unique file in the Maildir 'tmp' directory.
* Returns the file descriptor on success, or -1 on failure.
* On success, file paths into the 'tmp' and 'new' directories are returned
@@ -255,6 +272,10 @@ notmuch_insert_command (void *ctx, int argc, char *argv[])
db_path = notmuch_config_get_database_path (config);
if (folder != NULL) {
+ if (! check_folder_name (folder)) {
+ fprintf (stderr, "Error: bad folder name: %s\n", folder);
+ return 1;
+ }
maildir = talloc_asprintf (ctx, "%s/%s", db_path, folder);
} else {
maildir = talloc_asprintf (ctx, "%s", db_path);
--
1.7.12.1
More information about the notmuch
mailing list