From: David Bremner <david@tethera.net>
To: Morgan Veyret <morgan.veyret@gmail.com>, notmuch@notmuchmail.org
Subject: Re: BUG: maildir flags sync with database relative path results in corrupted filename
Date: Mon, 08 Jun 2015 08:02:22 +0200 [thread overview]
Message-ID: <871thmivpt.fsf@maritornes.cs.unb.ca> (raw)
In-Reply-To: <CACMMjMLecmXopb8AATjE3UuCnNLOO+5Nmev5X8K-UostDEUdrQ@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 885 bytes --]
Morgan Veyret <morgan.veyret@gmail.com> writes:
>
> As I understand it's expected that the database path should be absolute but
> corrupting the database when the path is relative sounds dangerous.
Thanks for the report. I can see how this could happen, since the
internal functions _notmuch_message_add_file_name and
_notmuch_database_relative_path classify message filenames into absolute
paths starting with the database path and paths relative to the database
root.
The obvious solution is to reject non-absolute paths in
notmuch_database_open_verbose. A slightly friendlier approach would be
to canonicalize the path, but this might have unforseen consequences for
clients relying on the database path being exactly what they pass in.
Can you see if the attached patch "fixes" it for you? You'll have to
rebuild notmuch from source. The patch should apply to 0.20 or later.
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: test.diff --]
[-- Type: text/x-diff, Size: 528 bytes --]
diff --git a/lib/database.cc b/lib/database.cc
index 78a24f7..2a5b82a 100644
--- a/lib/database.cc
+++ b/lib/database.cc
@@ -847,6 +847,12 @@ notmuch_database_open_verbose (const char *path,
goto DONE;
}
+ if (path[0] != '/') {
+ message = strdup ("Error: Database path must be absolute.\n");
+ status = NOTMUCH_STATUS_FILE_ERROR;
+ goto DONE;
+ }
+
if (! (notmuch_path = talloc_asprintf (local, "%s/%s", path, ".notmuch"))) {
message = strdup ("Out of memory\n");
status = NOTMUCH_STATUS_OUT_OF_MEMORY;
next prev parent reply other threads:[~2015-06-08 6:04 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-07 15:12 BUG: maildir flags sync with database relative path results in corrupted filename Morgan Veyret
2015-06-08 6:02 ` David Bremner [this message]
2015-06-08 18:41 ` Morgan Veyret
2015-06-08 20:37 ` David Bremner
2015-06-10 7:17 ` [PATCH 1/2] lib: add NOTMUCH_STATUS_PATH_ERROR David Bremner
2015-06-10 7:17 ` [PATCH 2/2] lib: reject relative paths in n_d_{create,open}_verbose David Bremner
2015-06-11 20:21 ` [PATCH 1/2] lib: add NOTMUCH_STATUS_PATH_ERROR Tomi Ollila
2015-06-12 5:40 ` David Bremner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871thmivpt.fsf@maritornes.cs.unb.ca \
--to=david@tethera.net \
--cc=morgan.veyret@gmail.com \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).