[dovecot-cvs] dovecot/src/lib-storage/index/dbox dbox-storage.c,
1.15, 1.15.2.1
cras at dovecot.org
cras at dovecot.org
Wed May 10 12:05:22 EEST 2006
Update of /var/lib/cvs/dovecot/src/lib-storage/index/dbox
In directory talvi:/tmp/cvs-serv15836/lib-storage/index/dbox
Modified Files:
Tag: branch_1_0
dbox-storage.c
Log Message:
Don't allow accessing Mails directory in any way, just return "Invalid
mailbox name".
Index: dbox-storage.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/lib-storage/index/dbox/dbox-storage.c,v
retrieving revision 1.15
retrieving revision 1.15.2.1
diff -u -d -r1.15 -r1.15.2.1
--- dbox-storage.c 20 Apr 2006 14:08:28 -0000 1.15
+++ dbox-storage.c 10 May 2006 09:05:20 -0000 1.15.2.1
@@ -173,7 +173,15 @@
if (p[1] == '.' && p[2] == '/')
return FALSE; /* ../ */
}
- }
+ if (strncmp(p, DBOX_MAILDIR_NAME,
+ sizeof(DBOX_MAILDIR_NAME)-1) == 0 &&
+ (p[sizeof(DBOX_MAILDIR_NAME)-1] == '\0' ||
+ p[sizeof(DBOX_MAILDIR_NAME)-1] == '/')) {
+ /* don't allow the Mails directory to be
+ used as part of the mask */
+ return FALSE;
+ }
+ }
newdir = p[0] == '/';
}
More information about the dovecot-cvs
mailing list