Commit | Line | Data |
---|---|---|
0c0c20aa AM |
1 | From 0d5d8fc918c4b999a2d5b025d94e25e43680377d Mon Sep 17 00:00:00 2001 |
2 | From: Qualys Security Advisory <qsa@qualys.com> | |
3 | Date: Sun, 21 Feb 2021 22:00:31 -0800 | |
4 | Subject: [PATCH 15/29] Security: Safeguard against relative names for msglog | |
5 | files. | |
6 | ||
7 | Based on Heiko Schlittermann's commit 4f0ac4ad. This fixes: | |
8 | ||
9 | 3/ In src/deliver.c: | |
10 | ||
11 | 333 static int | |
12 | 334 open_msglog_file(uschar *filename, int mode, uschar **error) | |
13 | 335 { | |
14 | 336 if (Ustrstr(filename, US"/../")) | |
15 | 337 log_write(0, LOG_MAIN|LOG_PANIC, | |
16 | 338 "Attempt to open msglog file path with upward-traversal: '%s'\n", filename); | |
17 | ||
18 | Should this be LOG_PANIC_DIE instead of LOG_PANIC? Right now it will log | |
19 | the /../ attempt but will open the file anyway. | |
20 | --- | |
21 | src/deliver.c | 4 ++++ | |
22 | 1 file changed, 4 insertions(+) | |
23 | ||
24 | diff --git a/src/deliver.c b/src/deliver.c | |
25 | index d4ed8af08..279672ce0 100644 | |
26 | --- a/src/deliver.c | |
27 | +++ b/src/deliver.c | |
28 | @@ -331,6 +331,10 @@ open_msglog_file(uschar *filename, int mode, uschar **error) | |
29 | { | |
30 | int fd, i; | |
31 | ||
32 | +if (Ustrstr(filename, US"/../")) | |
33 | + log_write(0, LOG_MAIN|LOG_PANIC_DIE, | |
34 | + "Attempt to open msglog file path with upward-traversal: '%s'", filename); | |
35 | + | |
36 | for (i = 2; i > 0; i--) | |
37 | { | |
38 | fd = Uopen(filename, | |
39 | -- | |
40 | 2.30.2 | |
41 |