[dovecot-cvs] dovecot/src/lib-storage/index/mbox mbox-storage.c,1.42,1.43

cras at procontrol.fi cras at procontrol.fi
Tue Feb 25 00:56:18 EET 2003 

Update of /home/cvs/dovecot/src/lib-storage/index/mbox
In directory danu:/tmp/cvs-serv16644/lib-storage/index/mbox

Modified Files:
	mbox-storage.c 
Log Message:
Use less strict mailbox name verification when trying to access existing
mailboxes. Don't delete directories beginning with ".." outside our maildir
root (if full_filesystem_access = yes).



Index: mbox-storage.c
===================================================================
RCS file: /home/cvs/dovecot/src/lib-storage/index/mbox/mbox-storage.c,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -d -r1.42 -r1.43
--- mbox-storage.c	23 Feb 2003 21:06:57 -0000	1.42
+++ mbox-storage.c	24 Feb 2003 22:56:15 -0000	1.43
@@ -245,13 +245,22 @@
 	return TRUE;
 }
 
-static int mbox_is_valid_name(struct mail_storage *storage, const char *name)
+static int mbox_is_valid_create_name(struct mail_storage *storage,
+				     const char *name)
 {
 	if (name[0] == '\0' || name[strlen(name)-1] == storage->hierarchy_sep ||
 	    strchr(name, '*') != NULL || strchr(name, '%') != NULL)
 		return FALSE;
 
-	return full_filesystem_access || mbox_is_valid_mask(name);
+	return mbox_is_valid_mask(name);
+}
+
+static int mbox_is_valid_existing_name(const char *name)
+{
+	if (name[0] == '\0')
+		return FALSE;
+
+	return mbox_is_valid_mask(name);
 }
 
 static const char *mbox_get_index_dir(struct mail_storage *storage,
@@ -371,7 +380,7 @@
 		return mbox_open(storage, "INBOX", readonly, fast);
 	}
 
-	if (!mbox_is_valid_name(storage, name)) {
+	if (!mbox_is_valid_existing_name(name)) {
 		mail_storage_set_error(storage, "Invalid mailbox name");
 		return FALSE;
 	}
@@ -410,7 +419,7 @@
 	if (strcasecmp(name, "INBOX") == 0)
 		name = "INBOX";
 
-	if (!mbox_is_valid_name(storage, name)) {
+	if (!mbox_is_valid_create_name(storage, name)) {
 		mail_storage_set_error(storage, "Invalid mailbox name");
 		return FALSE;
 	}
@@ -473,7 +482,7 @@
 		return FALSE;
 	}
 
-	if (!mbox_is_valid_name(storage, name)) {
+	if (!mbox_is_valid_existing_name(name)) {
 		mail_storage_set_error(storage, "Invalid mailbox name");
 		return FALSE;
 	}
@@ -539,8 +548,8 @@
 
 	mail_storage_clear_error(storage);
 
-	if (!mbox_is_valid_name(storage, oldname) ||
-	    !mbox_is_valid_name(storage, newname)) {
+	if (!mbox_is_valid_existing_name(oldname) ||
+	    !mbox_is_valid_create_name(storage, newname)) {
 		mail_storage_set_error(storage, "Invalid mailbox name");
 		return FALSE;
 	}
@@ -597,7 +606,7 @@
 	if (strcasecmp(name, "INBOX") == 0)
 		name = "INBOX";
 
-	if (!mbox_is_valid_name(storage, name)) {
+	if (!mbox_is_valid_existing_name(name)) {
 		*status = MAILBOX_NAME_INVALID;
 		return TRUE;
 	}
@@ -606,7 +615,14 @@
 	if (stat(path, &st) == 0) {
 		*status = MAILBOX_NAME_EXISTS;
 		return TRUE;
-	} else if (errno == ENOENT) {
+	}
+
+	if (!mbox_is_valid_create_name(storage, name)) {
+		*status = MAILBOX_NAME_INVALID;
+		return TRUE;
+	}
+
+	if (errno == ENOENT) {
 		*status = MAILBOX_NAME_VALID;
 		return TRUE;
 	} else if (errno == ENOTDIR) {

More information about the dovecot-cvs mailing list