[dovecot-cvs] dovecot/src/lib-storage/index/mbox mbox-storage.c, 1.145.2.10, 1.145.2.11

[tss at dovecot.org]

Update of /var/lib/cvs/dovecot/src/lib-storage/index/mbox
In directory talvi:/tmp/cvs-serv16465/mbox

Modified Files:
      Tag: branch_1_0
	mbox-storage.c 
Log Message:
mbox: Don't allow using .imap directory in the mailbox name/mask.
mbox+dbox: Don't allow using "foo/." or "foo/.." in the masks. Although that
shouldn't really matter.



Index: mbox-storage.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/lib-storage/index/mbox/mbox-storage.c,v
retrieving revision 1.145.2.10
retrieving revision 1.145.2.11
diff -u -d -r1.145.2.10 -r1.145.2.11
--- mbox-storage.c	22 Feb 2007 17:29:43 -0000	1.145.2.10
+++ mbox-storage.c	1 Mar 2007 12:30:11 -0000	1.145.2.11
@@ -403,20 +403,29 @@
 
 	/* make sure the mailbox name doesn't contain any foolishness:
 	   "../" could give access outside the mailbox directory.
-	   "./" and "//" could fool ACL checks. */
+	   "./" and "//" could fool ACL checks.
+	   ".imap" could be used to accidentally break things. */
 	newdir = TRUE;
 	for (p = mask; *p != '\0'; p++) {
-		if (newdir) {
-			if (p[0] == '/')
-				return FALSE; /* // */
-			if (p[0] == '.') {
-				if (p[1] == '/')
-					return FALSE; /* ./ */
-				if (p[1] == '.' && p[2] == '/')
-					return FALSE; /* ../ */
-			}
+		if (!newdir) {
+			newdir = p[0] == '/';
+			continue;
+		}
+
+		newdir = FALSE;
+		if (p[0] == '/')
+			return FALSE; /* // */
+		if (p[0] == '.') {
+			if (p[1] == '/' || p[1] == '\0')
+				return FALSE; /* ./ */
+			if (p[1] == '.' && (p[2] == '/' || p[2] == '\0'))
+				return FALSE; /* ../ */
 		} 
-		newdir = p[0] == '/';
+		if (strncmp(p, MBOX_INDEX_DIR_NAME,
+			    sizeof(MBOX_INDEX_DIR_NAME)-1) == 0 &&
+		    (p[sizeof(MBOX_INDEX_DIR_NAME)-1] == '\0' ||
+		     p[sizeof(MBOX_INDEX_DIR_NAME)-1] == '/'))
+			return FALSE;
 	}
 	if (mask[0] == '.' && (mask[1] == '\0' ||
 			       (mask[1] == '.' && mask[2] == '\0'))) {