[PATCH] lib: convert relative filenames to absolute in n_d_index_file

David Bremner Sun, 19 Jul 2020 03:07:01 -0700

The API docs promise to handle relative filenames, but the code did
not do it.


Also check for files outside the mail root, as implied by the API
description.

This fixes the bug reported at

     id:87sgdqo0rz....@tethera.net
---
 lib/message-file.c        | 24 ++++++++++++++++++++----
 test/T562-lib-database.sh | 18 +++++++++++++++++-
 2 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/lib/message-file.c b/lib/message-file.c
index e1db26fb..311bd478 100644
--- a/lib/message-file.c
+++ b/lib/message-file.c
@@ -64,21 +64,37 @@ _notmuch_message_file_open_ctx (notmuch_database_t *notmuch,
     if (unlikely (message == NULL))
        return NULL;
 
-    message->filename = talloc_strdup (message, filename);
+    const char *prefix = notmuch_database_get_path (notmuch);
+    if (prefix == NULL)
+       goto FAIL;
+
+    if (*filename == '/') {
+       if (strncmp (filename, prefix, strlen(prefix)) != 0) {
+           _notmuch_database_log (notmuch, "Error opening %s: path outside 
mail root\n",
+                                  filename);
+           errno = 0;
+           goto FAIL;
+       }
+       message->filename = talloc_strdup (message, filename);
+    } else {
+       message->filename = talloc_asprintf(message, "%s/%s", prefix, filename);
+    }
+
     if (message->filename == NULL)
        goto FAIL;
 
     talloc_set_destructor (message, _notmuch_message_file_destructor);
 
-    message->stream = g_mime_stream_gzfile_open (filename);
+    message->stream = g_mime_stream_gzfile_open (message->filename);
     if (message->stream == NULL)
        goto FAIL;
 
     return message;
 
   FAIL:
-    _notmuch_database_log (notmuch, "Error opening %s: %s\n",
-                          filename, strerror (errno));
+    if (errno)
+       _notmuch_database_log (notmuch, "Error opening %s: %s\n",
+                              filename, strerror (errno));
     _notmuch_message_file_close (message);
 
     return NULL;
diff --git a/test/T562-lib-database.sh b/test/T562-lib-database.sh
index 4e225ccc..301eeb73 100755
--- a/test/T562-lib-database.sh
+++ b/test/T562-lib-database.sh
@@ -253,7 +253,6 @@ test_expect_equal_file EXPECTED OUTPUT
 
 generate_message '[filename]=relative_path'
 test_begin_subtest "index file (relative path)"
-test_subtest_known_broken
 cat c_head - c_tail <<'EOF' | test_C ${MAIL_DIR}
     {
         notmuch_message_t *msg;
@@ -268,4 +267,21 @@ cat <<EOF > EXPECTED
 EOF
 test_expect_equal_file EXPECTED OUTPUT
 
+test_begin_subtest "index file (absolute path outside mail root)"
+cat c_head - c_tail <<'EOF' | test_C ${MAIL_DIR}
+    {
+        notmuch_message_t *msg;
+        stat = notmuch_database_index_file (db, "/dev/zero", NULL, &msg);
+        printf ("%d\n", stat == NOTMUCH_STATUS_FILE_ERROR);
+    }
+EOF
+cat <<EOF > EXPECTED
+== stdout ==
+1
+== stderr ==
+Error opening /dev/zero: path outside mail root
+EOF
+test_expect_equal_file EXPECTED OUTPUT
+
+
 test_done
-- 
2.27.0
_______________________________________________
notmuch mailing list -- notmuch@notmuchmail.org
To unsubscribe send an email to notmuch-le...@notmuchmail.org

[PATCH] lib: convert relative filenames to absolute in n_d_index_file

Reply via email to