Dsearch: require absolute dirname

[exim.git] / src / src / lookups / dsearch.c

diff --git a/src/src/lookups/dsearch.c b/src/src/lookups/dsearch.c
index 9f7dd8da0c0319050bfb8586a7eaf0e099d25207..07931ae4a42f2197f7399b6aa0f6e4ad487762e1 100644 (file)
--- a/src/src/lookups/dsearch.c
+++ b/src/src/lookups/dsearch.c
@@ -25,10 +25,10 @@ it open, because the "search" can be done by a call to lstat() rather than
 actually scanning through the list of files. */
 
 static void *
-dsearch_open(uschar *dirname, uschar **errmsg)
+dsearch_open(const uschar * dirname, uschar ** errmsg)
 {
-DIR *dp = opendir(CS dirname);
-if (dp == NULL)
+DIR * dp = exim_opendir(dirname);
+if (!dp)
   {
   int save_errno = errno;
   *errmsg = string_open_failed(errno, "%s for directory search", dirname);
@@ -47,13 +47,16 @@ return (void *)(-1);
 /* The handle will always be (void *)(-1), but don't try casting it to an
 integer as this gives warnings on 64-bit systems. */
 
-BOOL
-static dsearch_check(void *handle, uschar *filename, int modemask, uid_t *owners,
-  gid_t *owngroups, uschar **errmsg)
+static BOOL
+dsearch_check(void * handle, const uschar * filename, int modemask,
+  uid_t * owners, gid_t * owngroups, uschar ** errmsg)
 {
 handle = handle;
-return lf_check_file(-1, filename, S_IFDIR, modemask, owners, owngroups,
-  "dsearch", errmsg) == 0;
+if (*filename == '/')
+  return lf_check_file(-1, filename, S_IFDIR, modemask, owners, owngroups,
+    "dsearch", errmsg) == 0;
+*errmsg = string_sprintf("dirname '%s' for dsearch is not absolute", filename);
+return FALSE;
 }
 
 
@@ -65,13 +68,13 @@ return lf_check_file(-1, filename, S_IFDIR, modemask, owners, owngroups,
 scanning the directory, as it is hopefully faster to let the OS do the scanning
 for us. */
 
-int
-static dsearch_find(void *handle, uschar *dirname, const uschar *keystring, int length,
-  uschar **result, uschar **errmsg, uint *do_cache)
+static int
+dsearch_find(void * handle, const uschar * dirname, const uschar * keystring,
+  int length, uschar ** result, uschar ** errmsg, uint * do_cache)
 {
 struct stat statbuf;
 int save_errno;
-uschar filename[PATH_MAX];
+uschar * filename;
 
 handle = handle;  /* Keep picky compilers happy */
 length = length;
@@ -84,15 +87,12 @@ if (Ustrchr(keystring, '/') != 0)
   return DEFER;
   }
 
-if (!string_format(filename, sizeof(filename), "%s/%s", dirname, keystring))
-  {
-  *errmsg = US"path name too long";
-  return DEFER;
-  }
-
+filename = string_sprintf("%s/%s", dirname, keystring);
 if (Ulstat(filename, &statbuf) >= 0)
   {
-  *result = string_copy(keystring);
+  /* Since the filename exists in the filesystem, we can return a
+  non-tainted result. */
+  *result = string_copy_taint(keystring, FALSE);
   return OK;
   }