From: Aki Tuomi Date: Wed, 13 Nov 2024 09:42:05 +0000 (+0200) Subject: auth: db-passwd-file - Normalize path with db_passwd_fix_path() X-Git-Tag: 2.4.1~543 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7fb773cffa3d78b587c406ebfeaa5a1e911a1835;p=thirdparty%2Fdovecot%2Fcore.git auth: db-passwd-file - Normalize path with db_passwd_fix_path() Otherwise there is a chance that we leak one ../ --- diff --git a/src/auth/db-passwd-file.c b/src/auth/db-passwd-file.c index f722f83adf..c14b0efe29 100644 --- a/src/auth/db-passwd-file.c +++ b/src/auth/db-passwd-file.c @@ -473,20 +473,6 @@ int db_passwd_fix_path(const char *path, const char **path_r, return 0; } -static const char * -path_fix(const char *path, void *context ATTR_UNUSED) -{ - const char *p; - - p = strchr(path, '/'); - if (p == NULL) - return path; - - /* most likely this is an invalid request. just cut off the '/' and - everything after it. */ - return t_strdup_until(path, p); -} - int db_passwd_file_lookup(struct db_passwd_file *db, struct auth_request *request, const char *username_format, @@ -504,7 +490,6 @@ int db_passwd_file_lookup(struct db_passwd_file *db, .table = auth_request_get_var_expand_table(request), .providers = auth_request_var_expand_providers, .context = request, - .escape_func = path_fix, .event = authdb_event(request), }; dest = t_str_new(256); @@ -514,7 +499,12 @@ int db_passwd_file_lookup(struct db_passwd_file *db, db->path, error); return -1; } - + const char *path; + if (db_passwd_fix_path(str_c(dest), &path, db->path, &error) < 0) { + e_info(authdb_event(request), "Failed to normalize path: %s", + error); + return 0; + } pw = hash_table_lookup(db->files, str_c(dest)); if (pw == NULL) { /* doesn't exist yet. create lookup for it. */