From: Jeremy Harris Date: Sun, 29 Mar 2020 19:59:49 +0000 (+0100) Subject: Dsearch: require absolute dirname X-Git-Tag: exim-4_94_RC0~40 X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=129a5d133927ff8fa4b3f941f83c022d2daf18f3;p=exim.git Dsearch: require absolute dirname --- diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 8605fdc3b..b9d73ad3f 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -6770,8 +6770,13 @@ by default, but has an option to omit them (see section &<>&). .next .cindex "lookup" "dsearch" .cindex "dsearch lookup type" -&(dsearch)&: The given file must be a directory; this is searched for an entry -whose name is the key by calling the &[lstat()]& function. The key may not +&(dsearch)&: The given file must be an +.new +absolute +.wen +directory path; this is searched for an entry +whose name is the key by calling the &[lstat()]& function. +The key may not contain any forward slash characters. If &[lstat()]& succeeds, the result of the lookup is the name of the entry, which may be a file, directory, symbolic link, or any other kind of directory entry. diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 7e5de8880..9de2e1194 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -93,6 +93,7 @@ JH/20 Taint checking: disallow use of tainted data for - the autoreply transport file, log and once options - file names used by the redirect router (including filter files) - named-queue names + - paths used by single-key lookups Previously this was permitted. JH/21 Bug 2501: Fix init call in the heimdal authenticator. Previously it @@ -159,6 +160,10 @@ JH/33 Fix the dsearch lookup to return an untainted result. Previously the JH/34 Fix the readsocket expansion to not segfault when an empty "options" argument is supplied. +JH/35 The dsearch lookup now requires that the directory is an absolute path. + Previously this was not checked, and nonempty relative paths made an + access under Exim's current working directory. + Exim version 4.93 ----------------- diff --git a/src/src/lookups/dsearch.c b/src/src/lookups/dsearch.c index dba8422cc..07931ae4a 100644 --- a/src/src/lookups/dsearch.c +++ b/src/src/lookups/dsearch.c @@ -52,8 +52,11 @@ dsearch_check(void * handle, const uschar * filename, int modemask, uid_t * owners, gid_t * owngroups, uschar ** errmsg) { handle = handle; -return lf_check_file(-1, filename, S_IFDIR, modemask, owners, owngroups, - "dsearch", errmsg) == 0; +if (*filename == '/') + return lf_check_file(-1, filename, S_IFDIR, modemask, owners, owngroups, + "dsearch", errmsg) == 0; +*errmsg = string_sprintf("dirname '%s' for dsearch is not absolute", filename); +return FALSE; } diff --git a/test/scripts/2500-dsearch/2500 b/test/scripts/2500-dsearch/2500 index 49e2a3761..040ce599e 100644 --- a/test/scripts/2500-dsearch/2500 +++ b/test/scripts/2500-dsearch/2500 @@ -6,6 +6,7 @@ fail: ${lookup{TESTNUM.file_not_here} dsearch{DIR/aux-fixed}{$value}{FAIL} fail: ${lookup{TESTNUM.tst} dsearch{DIR/dir_not_here}{$value}{FAIL}} fail(case): ${lookup{TESTNUM.TST} dsearch{DIR/aux-fixed}{$value}{FAIL}} fail(case): ${lookup{TESTNUM.TST} dsearch{DIR/AUX-fixed}{$value}{FAIL}} +fail(path): ${lookup{TESTNUM.tst} dsearch{.}{$value}{OTHER}} **** # 1 diff --git a/test/stdout/2500 b/test/stdout/2500 index 8ff2378cc..3259e726c 100644 --- a/test/stdout/2500 +++ b/test/stdout/2500 @@ -3,4 +3,5 @@ > Failed: failed to open TESTSUITE/dir_not_here for directory search: No such file or directory > fail(case): FAIL > Failed: failed to open TESTSUITE/AUX-fixed for directory search: No such file or directory +> Failed: dirname '.' for dsearch is not absolute >