Only a little while ago, On Fri, 1 Oct 1999, I wrote:
> On Fri, 1 Oct 1999, Ray Miller wrote:
>
> > But if I specify "save /home/ray/../../tmp/foo" in the filter,
>
> Oh dear. I really don't have a devious enough mind! I will add a check
> to the code to forbid .. components when that check is set. Thanks for
> pointing out the problem.
Here's a patch for Exim 3.03 that fixes this problem. Please don't get
to rely on such fast service. :-)
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
*** exim-3.03/src/transports/appendfile.c Mon Aug 2 16:43:08 1999
--- src/transports/appendfile.c Fri Oct 1 15:49:29 1999
***************
*** 1240,1247 ****
char *file = filename;
while (file[0] == '/' && file[1] == '/') file++;
if (strncmp(file, deliver_home, len) == 0 && file[len] == '/' &&
! (ob->create_file == create_belowhome ||
! strchr(file+len+2, '/') == NULL)) OK = TRUE;
}
if (!OK)
--- 1373,1381 ----
char *file = filename;
while (file[0] == '/' && file[1] == '/') file++;
if (strncmp(file, deliver_home, len) == 0 && file[len] == '/' &&
! ((ob->create_file == create_belowhome &&
! strstr(file+len, "/../") == NULL) ||
! strchr(file+len+2, '/') == NULL)) OK = TRUE;
}
if (!OK)
