From: Aki Tuomi Date: Wed, 13 Nov 2024 09:38:30 +0000 (+0200) Subject: auth: db-passwd-file - Add db_passwd_fix_path() X-Git-Tag: 2.4.0~269 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4fea45f11162018686c8a01c73d3297541aa75c3;p=thirdparty%2Fdovecot%2Fcore.git auth: db-passwd-file - Add db_passwd_fix_path() --- diff --git a/src/auth/db-passwd-file.c b/src/auth/db-passwd-file.c index 23309177de..f722f83adf 100644 --- a/src/auth/db-passwd-file.c +++ b/src/auth/db-passwd-file.c @@ -14,6 +14,7 @@ #include "str.h" #include "eacces-error.h" #include "ioloop.h" +#include "path-util.h" #include "settings.h" #include @@ -448,6 +449,30 @@ void db_passwd_file_unref(struct db_passwd_file **_db) i_free(db); } +int db_passwd_fix_path(const char *path, const char **path_r, + const char *orig_path, const char **error_r) +{ + /* normalize path */ + const char *normalized; + if (t_normpath(path, &normalized, error_r) < 0) + return -1; + + /* check base path */ + const char *p; + if (*orig_path != '%' && + (p = strstr(orig_path, "%{")) != NULL) { + ptrdiff_t len = p - orig_path; + if (strncmp(orig_path, normalized, len) != 0) { + *error_r = t_strdup_printf("Path is outside '%s'", + t_strdup_until(orig_path, p)); + return -1; + } + } + + *path_r = normalized; + return 0; +} + static const char * path_fix(const char *path, void *context ATTR_UNUSED) { diff --git a/src/auth/db-passwd-file.h b/src/auth/db-passwd-file.h index 90a8d77270..400b921a0a 100644 --- a/src/auth/db-passwd-file.h +++ b/src/auth/db-passwd-file.h @@ -52,6 +52,8 @@ extern const struct setting_parser_info passwd_file_setting_parser_info; extern const struct var_expand_provider db_passwd_file_var_expand_fn[]; +int db_passwd_fix_path(const char *path, const char **path_r, + const char *orig_path, const char **error_r); int db_passwd_file_lookup(struct db_passwd_file *db, struct auth_request *request, const char *username_format,