summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
be3f4ae)
The API docs promise to handle relative filenames, but the code did
not do it.
Also check for files outside the mail root, as implied by the API
description.
This fixes the bug reported at
id:87sgdqo0rz.fsf@tethera.net
if (unlikely (message == NULL))
return NULL;
if (unlikely (message == NULL))
return NULL;
- message->filename = talloc_strdup (message, filename);
+ const char *prefix = notmuch_database_get_path (notmuch);
+ if (prefix == NULL)
+ goto FAIL;
+
+ if (*filename == '/') {
+ if (strncmp (filename, prefix, strlen(prefix)) != 0) {
+ _notmuch_database_log (notmuch, "Error opening %s: path outside mail root\n",
+ filename);
+ errno = 0;
+ goto FAIL;
+ }
+ message->filename = talloc_strdup (message, filename);
+ } else {
+ message->filename = talloc_asprintf(message, "%s/%s", prefix, filename);
+ }
+
if (message->filename == NULL)
goto FAIL;
talloc_set_destructor (message, _notmuch_message_file_destructor);
if (message->filename == NULL)
goto FAIL;
talloc_set_destructor (message, _notmuch_message_file_destructor);
- message->stream = g_mime_stream_gzfile_open (filename);
+ message->stream = g_mime_stream_gzfile_open (message->filename);
if (message->stream == NULL)
goto FAIL;
return message;
FAIL:
if (message->stream == NULL)
goto FAIL;
return message;
FAIL:
- _notmuch_database_log (notmuch, "Error opening %s: %s\n",
- filename, strerror (errno));
+ if (errno)
+ _notmuch_database_log (notmuch, "Error opening %s: %s\n",
+ filename, strerror (errno));
_notmuch_message_file_close (message);
return NULL;
_notmuch_message_file_close (message);
return NULL;
generate_message '[filename]=relative_path'
test_begin_subtest "index file (relative path)"
generate_message '[filename]=relative_path'
test_begin_subtest "index file (relative path)"
-test_subtest_known_broken
cat c_head - c_tail <<'EOF' | test_C ${MAIL_DIR}
{
notmuch_message_t *msg;
cat c_head - c_tail <<'EOF' | test_C ${MAIL_DIR}
{
notmuch_message_t *msg;
EOF
test_expect_equal_file EXPECTED OUTPUT
EOF
test_expect_equal_file EXPECTED OUTPUT
+test_begin_subtest "index file (absolute path outside mail root)"
+cat c_head - c_tail <<'EOF' | test_C ${MAIL_DIR}
+ {
+ notmuch_message_t *msg;
+ stat = notmuch_database_index_file (db, "/dev/zero", NULL, &msg);
+ printf ("%d\n", stat == NOTMUCH_STATUS_FILE_ERROR);
+ }
+EOF
+cat <<EOF > EXPECTED
+== stdout ==
+1
+== stderr ==
+Error opening /dev/zero: path outside mail root
+EOF
+test_expect_equal_file EXPECTED OUTPUT
+
+