[dovecot-cvs] dovecot/src/lib-storage/index/maildir maildir-storage.c,1.33,1.34

cras at procontrol.fi cras at procontrol.fi
Tue Feb 25 00:56:17 EET 2003 

Update of /home/cvs/dovecot/src/lib-storage/index/maildir
In directory danu:/tmp/cvs-serv16644/lib-storage/index/maildir

Modified Files:
	maildir-storage.c 
Log Message:
Use less strict mailbox name verification when trying to access existing
mailboxes. Don't delete directories beginning with ".." outside our maildir
root (if full_filesystem_access = yes).



Index: maildir-storage.c
===================================================================
RCS file: /home/cvs/dovecot/src/lib-storage/index/maildir/maildir-storage.c,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -d -r1.33 -r1.34
--- maildir-storage.c	24 Feb 2003 17:39:32 -0000	1.33
+++ maildir-storage.c	24 Feb 2003 22:56:15 -0000	1.34
@@ -98,7 +98,8 @@
 		S_ISDIR(st.st_mode);
 }
 
-static int maildir_is_valid_name(struct mail_storage *storage, const char *name)
+static int maildir_is_valid_create_name(struct mail_storage *storage,
+					const char *name)
 {
 	if (name[0] == '\0' || name[strlen(name)-1] == storage->hierarchy_sep ||
 	    strchr(name, '*') != NULL || strchr(name, '%') != NULL)
@@ -111,6 +112,18 @@
 		strchr(name, '/') == NULL && strchr(name, '\\') == NULL;
 }
 
+static int maildir_is_valid_existing_name(const char *name)
+{
+	if (name[0] == '\0' || name[0] == '.')
+		return FALSE;
+
+	if (full_filesystem_access)
+		return TRUE;
+
+	return *name != '~' &&
+		strchr(name, '/') == NULL && strchr(name, '\\') == NULL;
+}
+
 static const char *maildir_get_absolute_path(const char *name)
 {
 	const char *p;
@@ -259,7 +272,7 @@
 		return maildir_open(storage, "INBOX", readonly, fast);
 	}
 
-	if (!maildir_is_valid_name(storage, name)) {
+	if (!maildir_is_valid_existing_name(name)) {
 		mail_storage_set_error(storage, "Invalid mailbox name");
 		return FALSE;
 	}
@@ -292,7 +305,7 @@
 	mail_storage_clear_error(storage);
 
 	name = inbox_fix_case(storage, name);
-	if (!maildir_is_valid_name(storage, name)) {
+	if (!maildir_is_valid_create_name(storage, name)) {
 		mail_storage_set_error(storage, "Invalid mailbox name");
 		return FALSE;
 	}
@@ -325,7 +338,7 @@
 		return FALSE;
 	}
 
-	if (!maildir_is_valid_name(storage, name)) {
+	if (!maildir_is_valid_existing_name(name)) {
 		mail_storage_set_error(storage, "Invalid mailbox name");
 		return FALSE;
 	}
@@ -463,8 +476,8 @@
 	mail_storage_clear_error(storage);
 
 	oldname = inbox_fix_case(storage, oldname);
-	if (!maildir_is_valid_name(storage, oldname) ||
-	    !maildir_is_valid_name(storage, newname)) {
+	if (!maildir_is_valid_existing_name(oldname) ||
+	    !maildir_is_valid_create_name(storage, newname)) {
 		mail_storage_set_error(storage, "Invalid mailbox name");
 		return FALSE;
 	}
@@ -519,7 +532,7 @@
 	mail_storage_clear_error(storage);
 
 	name = inbox_fix_case(storage, name);
-	if (!maildir_is_valid_name(storage, name)) {
+	if (!maildir_is_valid_existing_name(name)) {
 		*status = MAILBOX_NAME_INVALID;
 		return TRUE;
 	}
@@ -528,7 +541,14 @@
 	if (stat(path, &st) == 0) {
 		*status = MAILBOX_NAME_EXISTS;
 		return TRUE;
-	} else if (errno == ENOENT) {
+	}
+
+	if (!maildir_is_valid_create_name(storage, name)) {
+		*status = MAILBOX_NAME_INVALID;
+		return TRUE;
+	}
+
+	if (errno == ENOENT) {
 		*status = MAILBOX_NAME_VALID;
 		return TRUE;
 	} else {

More information about the dovecot-cvs mailing list