lib: convert relative filenames to absolute in n_d_index_file

The API docs promise to handle relative filenames, but the code did
not do it.

Also check for files outside the mail root, as implied by the API
description.

This fixes the bug reported at

     id:87sgdqo0rz.fsf@tethera.net

diff --git a/lib/message-file.c b/lib/message-file.c
index e1db26fb8c143540db9b96d5e3a67f7f3bc19da3..311bd478b0cfff13620ba653795ccb9cd62246bf 100644 (file)
--- a/lib/message-file.c
+++ b/lib/message-file.c
@@ -64,21 +64,37 @@ _notmuch_message_file_open_ctx (notmuch_database_t *notmuch,
     if (unlikely (message == NULL))
        return NULL;
 
-    message->filename = talloc_strdup (message, filename);
+    const char *prefix = notmuch_database_get_path (notmuch);
+    if (prefix == NULL)
+       goto FAIL;
+
+    if (*filename == '/') {
+       if (strncmp (filename, prefix, strlen(prefix)) != 0) {
+           _notmuch_database_log (notmuch, "Error opening %s: path outside mail root\n",
+                                  filename);
+           errno = 0;
+           goto FAIL;
+       }
+       message->filename = talloc_strdup (message, filename);
+    } else {
+       message->filename = talloc_asprintf(message, "%s/%s", prefix, filename);
+    }
+
     if (message->filename == NULL)
        goto FAIL;
 
     talloc_set_destructor (message, _notmuch_message_file_destructor);
 
-    message->stream = g_mime_stream_gzfile_open (filename);
+    message->stream = g_mime_stream_gzfile_open (message->filename);
     if (message->stream == NULL)
        goto FAIL;
 
     return message;
 
   FAIL:
-    _notmuch_database_log (notmuch, "Error opening %s: %s\n",
-                          filename, strerror (errno));
+    if (errno)
+       _notmuch_database_log (notmuch, "Error opening %s: %s\n",
+                              filename, strerror (errno));
     _notmuch_message_file_close (message);
 
     return NULL;

diff --git a/test/T562-lib-database.sh b/test/T562-lib-database.sh
index e8263a14209341d172b419219bd32e8bdffd6cc7..e64f0f12f3a8ba341fbda466542caa2d24ad45c4 100755 (executable)
--- a/test/T562-lib-database.sh
+++ b/test/T562-lib-database.sh
@@ -258,7 +258,6 @@ test_expect_equal_file EXPECTED OUTPUT
 
 generate_message '[filename]=relative_path'
 test_begin_subtest "index file (relative path)"
-test_subtest_known_broken
 cat c_head - c_tail <<'EOF' | test_C ${MAIL_DIR}
     {
         notmuch_message_t *msg;
@@ -273,4 +272,21 @@ cat <<EOF > EXPECTED
 EOF
 test_expect_equal_file EXPECTED OUTPUT
 
+test_begin_subtest "index file (absolute path outside mail root)"
+cat c_head - c_tail <<'EOF' | test_C ${MAIL_DIR}
+    {
+        notmuch_message_t *msg;
+        stat = notmuch_database_index_file (db, "/dev/zero", NULL, &msg);
+        printf ("%d\n", stat == NOTMUCH_STATUS_FILE_ERROR);
+    }
+EOF
+cat <<EOF > EXPECTED
+== stdout ==
+1
+== stderr ==
+Error opening /dev/zero: path outside mail root
+EOF
+test_expect_equal_file EXPECTED OUTPUT
+
+
 test_done