[PATCH 08/18] insert: check folder name
Don't accept folder names containing a ".." component, to prevent writing outside of the maildir. --- notmuch-insert.c | 20 1 files changed, 20 insertions(+), 0 deletions(-) diff --git a/notmuch-insert.c b/notmuch-insert.c index 6398618..ee51a87 100644 --- a/notmuch-insert.c +++ b/notmuch-insert.c @@ -25,6 +25,22 @@ #include static notmuch_bool_t +check_folder_name (const char *folder) +{ +const char *p = folder; + +/* Check ".." appears nowhere in the folder name. */ +for (;;) { + if ((p[0] == '.') && (p[1] == '.') && (p[2] == '\0' || p[2] == '/')) + return FALSE; + p = strchr (p, '/'); + if (!p) + return TRUE; + p++; +} +} + +static notmuch_bool_t safe_gethostname (char *hostname, size_t hostname_size) { if (gethostname (hostname, hostname_size) == -1) { @@ -232,6 +248,10 @@ notmuch_insert_command (void *ctx, int argc, char *argv[]) db_path = notmuch_config_get_database_path (config); if (folder != NULL) { + if (! check_folder_name (folder)) { + fprintf (stderr, "Error: bad folder name: %s\n", folder); + return 1; + } maildir = talloc_asprintf (ctx, "%s/%s", db_path, folder); } else { maildir = talloc_asprintf (ctx, "%s", db_path); -- 1.7.4.4
[PATCH 08/18] insert: check folder name
Don't accept folder names containing a ".." component, to prevent writing outside of the maildir. --- notmuch-insert.c | 20 1 files changed, 20 insertions(+), 0 deletions(-) diff --git a/notmuch-insert.c b/notmuch-insert.c index 6398618..ee51a87 100644 --- a/notmuch-insert.c +++ b/notmuch-insert.c @@ -25,6 +25,22 @@ #include static notmuch_bool_t +check_folder_name (const char *folder) +{ +const char *p = folder; + +/* Check ".." appears nowhere in the folder name. */ +for (;;) { + if ((p[0] == '.') && (p[1] == '.') && (p[2] == '\0' || p[2] == '/')) + return FALSE; + p = strchr (p, '/'); + if (!p) + return TRUE; + p++; +} +} + +static notmuch_bool_t safe_gethostname (char *hostname, size_t hostname_size) { if (gethostname (hostname, hostname_size) == -1) { @@ -232,6 +248,10 @@ notmuch_insert_command (void *ctx, int argc, char *argv[]) db_path = notmuch_config_get_database_path (config); if (folder != NULL) { + if (! check_folder_name (folder)) { + fprintf (stderr, "Error: bad folder name: %s\n", folder); + return 1; + } maildir = talloc_asprintf (ctx, "%s/%s", db_path, folder); } else { maildir = talloc_asprintf (ctx, "%s", db_path); -- 1.7.4.4 ___ notmuch mailing list notmuch@notmuchmail.org http://notmuchmail.org/mailman/listinfo/notmuch