]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 924ea85)
auth: db-passwd-file - Add db_passwd_fix_path()
authorAki Tuomi <aki.tuomi@open-xchange.com>
Wed, 13 Nov 2024 09:38:30 +0000 (11:38 +0200)
committerAki Tuomi <aki.tuomi@open-xchange.com>
Fri, 17 Jan 2025 08:40:00 +0000 (10:40 +0200)
src/auth/db-passwd-file.c patch | blob | blame | history
src/auth/db-passwd-file.h patch | blob | blame | history

diff --git a/src/auth/db-passwd-file.c b/src/auth/db-passwd-file.c
index 23309177decef36b88862b51d73e45c9ad94bdca..f722f83adf961822b72bfd88f256f1c862a72144 100644 (file)
--- a/src/auth/db-passwd-file.c
+++ b/src/auth/db-passwd-file.c
@@ -14,6 +14,7 @@
 #include "str.h"
 #include "eacces-error.h"
 #include "ioloop.h"
+#include "path-util.h"
 #include "settings.h"
 
 #include <unistd.h>
@@ -448,6 +449,30 @@ void db_passwd_file_unref(struct db_passwd_file **_db)
        i_free(db);
 }
 
+int db_passwd_fix_path(const char *path, const char **path_r,
+                      const char *orig_path, const char **error_r)
+{
+       /* normalize path */
+       const char *normalized;
+       if (t_normpath(path, &normalized, error_r) < 0)
+               return -1;
+
+       /* check base path */
+       const char *p;
+       if (*orig_path != '%' &&
+           (p = strstr(orig_path, "%{")) != NULL) {
+               ptrdiff_t len = p - orig_path;
+               if (strncmp(orig_path, normalized, len) != 0) {
+                       *error_r = t_strdup_printf("Path is outside '%s'",
+                                       t_strdup_until(orig_path, p));
+                       return -1;
+               }
+       }
+
+       *path_r = normalized;
+       return 0;
+}
+
 static const char *
 path_fix(const char *path, void *context ATTR_UNUSED)
 {
diff --git a/src/auth/db-passwd-file.h b/src/auth/db-passwd-file.h
index 90a8d7727098f9750d8a0452effa4bfd2df3cb74..400b921a0a03091cb2b44c0d5859a4f9e11ab717 100644 (file)
--- a/src/auth/db-passwd-file.h
+++ b/src/auth/db-passwd-file.h
@@ -52,6 +52,8 @@ extern const struct setting_parser_info passwd_file_setting_parser_info;
 
 extern const struct var_expand_provider db_passwd_file_var_expand_fn[];
 
+int db_passwd_fix_path(const char *path, const char **path_r,
+                      const char *orig_path, const char **error_r);
 int db_passwd_file_lookup(struct db_passwd_file *db,
                          struct auth_request *request,
                          const char *username_format,
Mirror of https://github.com/dovecot/core.git