dovecot-2.2: imap: Don't allow IMAP METADATA to access Dovecot's...
dovecot at dovecot.org
dovecot at dovecot.org
Mon Sep 7 10:41:46 UTC 2015
details: http://hg.dovecot.org/dovecot-2.2/rev/0ff2440bb1aa
changeset: 19096:0ff2440bb1aa
user: Timo Sirainen <tss at iki.fi>
date: Mon Sep 07 13:40:41 2015 +0300
description:
imap: Don't allow IMAP METADATA to access Dovecot's private server attributes.
diffstat:
src/lib-imap-storage/imap-metadata.c | 15 +++++++++------
1 files changed, 9 insertions(+), 6 deletions(-)
diffs (27 lines):
diff -r a4c13ab4647b -r 0ff2440bb1aa src/lib-imap-storage/imap-metadata.c
--- a/src/lib-imap-storage/imap-metadata.c Mon Sep 07 11:40:08 2015 +0300
+++ b/src/lib-imap-storage/imap-metadata.c Mon Sep 07 13:40:41 2015 +0300
@@ -100,14 +100,17 @@
i_assert((*key_r)[0] == '/');
*key_r += 1;
}
+ if (strncmp(*key_r, MAILBOX_ATTRIBUTE_PREFIX_DOVECOT_PVT,
+ strlen(MAILBOX_ATTRIBUTE_PREFIX_DOVECOT_PVT)) == 0) {
+ /* Dovecot's internal attribute (mailbox or server).
+ don't allow accessing this. */
+ return FALSE;
+ }
+ /* Add the server-prefix (after checking for the above internal
+ attribute). */
if (key_prefix != NULL)
*key_r = t_strconcat(key_prefix, *key_r, NULL);
-
- /* skip over dovecot's internal attributes. (server metadata is handled
- inside the private metadata.) */
- return (imtrans->server ||
- strncmp(*key_r, MAILBOX_ATTRIBUTE_PREFIX_DOVECOT_PVT,
- strlen(MAILBOX_ATTRIBUTE_PREFIX_DOVECOT_PVT)) != 0);
+ return TRUE;
}
static int
More information about the dovecot-cvs
mailing list