Gitweb:
https://git.exim.org/exim.git/commitdiff/129a5d133927ff8fa4b3f941f83c022d2daf18f3
Commit: 129a5d133927ff8fa4b3f941f83c022d2daf18f3
Parent: d447dbd160a0fb503ed1e763f3f23d28744b6ddd
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Sun Mar 29 20:59:49 2020 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Sun Mar 29 22:25:58 2020 +0100
Dsearch: require absolute dirname
---
doc/doc-docbook/spec.xfpt | 9 +++++++--
doc/doc-txt/ChangeLog | 5 +++++
src/src/lookups/dsearch.c | 7 +++++--
test/scripts/2500-dsearch/2500 | 1 +
test/stdout/2500 | 1 +
5 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 8605fdc..b9d73ad 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -6770,8 +6770,13 @@ by default, but has an option to omit them (see section &<<SECTdbmbuild>>&).
.next
.cindex "lookup" "dsearch"
.cindex "dsearch lookup type"
-&(dsearch)&: The given file must be a directory; this is searched for an entry
-whose name is the key by calling the &[lstat()]& function. The key may not
+&(dsearch)&: The given file must be an
+.new
+absolute
+.wen
+directory path; this is searched for an entry
+whose name is the key by calling the &[lstat()]& function.
+The key may not
contain any forward slash characters. If &[lstat()]& succeeds, the result of
the lookup is the name of the entry, which may be a file, directory,
symbolic link, or any other kind of directory entry.
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 7e5de88..9de2e11 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -93,6 +93,7 @@ JH/20 Taint checking: disallow use of tainted data for
- the autoreply transport file, log and once options
- file names used by the redirect router (including filter files)
- named-queue names
+ - paths used by single-key lookups
Previously this was permitted.
JH/21 Bug 2501: Fix init call in the heimdal authenticator. Previously it
@@ -159,6 +160,10 @@ JH/33 Fix the dsearch lookup to return an untainted result. Previously the
JH/34 Fix the readsocket expansion to not segfault when an empty "options"
argument is supplied.
+JH/35 The dsearch lookup now requires that the directory is an absolute path.
+ Previously this was not checked, and nonempty relative paths made an
+ access under Exim's current working directory.
+
Exim version 4.93
-----------------
diff --git a/src/src/lookups/dsearch.c b/src/src/lookups/dsearch.c
index dba8422..07931ae 100644
--- a/src/src/lookups/dsearch.c
+++ b/src/src/lookups/dsearch.c
@@ -52,8 +52,11 @@ dsearch_check(void * handle, const uschar * filename, int modemask,
uid_t * owners, gid_t * owngroups, uschar ** errmsg)
{
handle = handle;
-return lf_check_file(-1, filename, S_IFDIR, modemask, owners, owngroups,
- "dsearch", errmsg) == 0;
+if (*filename == '/')
+ return lf_check_file(-1, filename, S_IFDIR, modemask, owners, owngroups,
+ "dsearch", errmsg) == 0;
+*errmsg = string_sprintf("dirname '%s' for dsearch is not absolute", filename);
+return FALSE;
}
diff --git a/test/scripts/2500-dsearch/2500 b/test/scripts/2500-dsearch/2500
index 49e2a37..040ce59 100644
--- a/test/scripts/2500-dsearch/2500
+++ b/test/scripts/2500-dsearch/2500
@@ -6,6 +6,7 @@ fail: ${lookup{TESTNUM.file_not_here} dsearch{DIR/aux-fixed}{$value}{FAIL}
fail: ${lookup{TESTNUM.tst} dsearch{DIR/dir_not_here}{$value}{FAIL}}
fail(case): ${lookup{TESTNUM.TST} dsearch{DIR/aux-fixed}{$value}{FAIL}}
fail(case): ${lookup{TESTNUM.TST} dsearch{DIR/AUX-fixed}{$value}{FAIL}}
+fail(path): ${lookup{TESTNUM.tst} dsearch{.}{$value}{OTHER}}
****
#
1
diff --git a/test/stdout/2500 b/test/stdout/2500
index 8ff2378..3259e72 100644
--- a/test/stdout/2500
+++ b/test/stdout/2500
@@ -3,4 +3,5 @@
> Failed: failed to open TESTSUITE/dir_not_here for directory search: No such file or directory
> fail(case): FAIL
> Failed: failed to open TESTSUITE/AUX-fixed for directory search: No such file or directory
+> Failed: dirname '.' for dsearch is not absolute
>
