[dovecot-cvs] dovecot/src/lib-storage/index/dbox dbox-storage.c, 1.15.2.13, 1.15.2.14
tss at dovecot.org
tss at dovecot.org
Thu Mar 1 12:30:10 UTC 2007
Update of /var/lib/cvs/dovecot/src/lib-storage/index/dbox
In directory talvi:/tmp/cvs-serv16465/dbox
Modified Files:
Tag: branch_1_0
dbox-storage.c
Log Message:
mbox: Don't allow using .imap directory in the mailbox name/mask.
mbox+dbox: Don't allow using "foo/." or "foo/.." in the masks. Although that
shouldn't really matter.
Index: dbox-storage.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/lib-storage/index/dbox/dbox-storage.c,v
retrieving revision 1.15.2.13
retrieving revision 1.15.2.14
diff -u -d -r1.15.2.13 -r1.15.2.14
--- dbox-storage.c 22 Feb 2007 13:37:32 -0000 1.15.2.13
+++ dbox-storage.c 1 Mar 2007 12:30:08 -0000 1.15.2.14
@@ -225,25 +225,28 @@
"./" and "//" could fool ACL checks. */
newdir = TRUE;
for (p = mask; *p != '\0'; p++) {
- if (newdir) {
- if (p[0] == '/')
- return FALSE; /* // */
- if (p[0] == '.') {
- if (p[1] == '/')
- return FALSE; /* ./ */
- if (p[1] == '.' && p[2] == '/')
- return FALSE; /* ../ */
- }
- if (strncmp(p, DBOX_MAILDIR_NAME,
- sizeof(DBOX_MAILDIR_NAME)-1) == 0 &&
- (p[sizeof(DBOX_MAILDIR_NAME)-1] == '\0' ||
- p[sizeof(DBOX_MAILDIR_NAME)-1] == '/')) {
- /* don't allow the dbox-Mails directory to be
- used as part of the mask */
- return FALSE;
- }
+ if (!newdir) {
+ newdir = p[0] == '/';
+ continue;
+ }
+
+ newdir = FALSE;
+ if (p[0] == '/')
+ return FALSE; /* // */
+ if (p[0] == '.') {
+ if (p[1] == '/' || p[1] == '\0')
+ return FALSE; /* ./ */
+ if (p[1] == '.' && (p[2] == '/' || p[2] == '\0'))
+ return FALSE; /* ../ */
+ }
+ if (strncmp(p, DBOX_MAILDIR_NAME,
+ sizeof(DBOX_MAILDIR_NAME)-1) == 0 &&
+ (p[sizeof(DBOX_MAILDIR_NAME)-1] == '\0' ||
+ p[sizeof(DBOX_MAILDIR_NAME)-1] == '/')) {
+ /* don't allow the dbox-Mails directory to be
+ used as part of the mask */
+ return FALSE;
}
- newdir = p[0] == '/';
}
if (mask[0] == '.' && (mask[1] == '\0' ||
More information about the dovecot-cvs
mailing list