--- /dev/null
+Return-Path: <morgan.veyret@gmail.com>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by arlo.cworth.org (Postfix) with ESMTP id B7FF46DE02B1\r
+ for <notmuch@notmuchmail.org>; Mon, 8 Jun 2015 11:41:42 -0700 (PDT)\r
+X-Virus-Scanned: Debian amavisd-new at cworth.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: -0.729\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=-0.729 tagged_above=-999 required=5 tests=[AWL=0.090,\r
+ DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001,\r
+ HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01,\r
+ RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled\r
+Received: from arlo.cworth.org ([127.0.0.1])\r
+ by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id 7qZtRctZlEjo for <notmuch@notmuchmail.org>;\r
+ Mon, 8 Jun 2015 11:41:40 -0700 (PDT)\r
+Received: from mail-yk0-f177.google.com (mail-yk0-f177.google.com\r
+ [209.85.160.177])\r
+ by arlo.cworth.org (Postfix) with ESMTPS id 5B1236DE02D2\r
+ for <notmuch@notmuchmail.org>; Mon, 8 Jun 2015 11:41:40 -0700 (PDT)\r
+Received: by ykfl8 with SMTP id l8so56277649ykf.1\r
+ for <notmuch@notmuchmail.org>; Mon, 08 Jun 2015 11:41:38 -0700 (PDT)\r
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;\r
+ h=mime-version:in-reply-to:references:date:message-id:subject:from:to\r
+ :content-type; bh=hLsFt/ZtgTpTp2w8HaK0QiawoCwdSLoFDHjTc8BHBEk=;\r
+ b=wb9BRcHF0D69Gy3nVTfTWuqDnwldGVmcgBVwBCICUwUP9eJi8K3GUlZHhABgvOeKJC\r
+ ehH95WomIq6qS72QedC/9oyA+PNIlU5rRJvVVzGSKOvgCql304pnVpLLlWsTmE/pWZc3\r
+ hJK+5XWR9xyg24us/VjD2OerVxxn7gSmTeKcUb5KFY7L9xiCA5tFbZW5Di5m8QLQKGxP\r
+ qbtoM4IdDFqZyptcJTE5XxYZxWPvqMZdZ1H9mWovmgxFELdTmBJUwntmH4ufN4DkCMwH\r
+ 78G23doK5jWempK3Nup1LvGFbljDLAXKanhSnPvBcoPCJCnCYbKL0Z9XfmRuGHAoZSe6\r
+ xcBg==\r
+MIME-Version: 1.0\r
+X-Received: by 10.13.218.71 with SMTP id c68mr17715709ywe.126.1433788897355;\r
+ Mon, 08 Jun 2015 11:41:37 -0700 (PDT)\r
+Received: by 10.129.123.197 with HTTP; Mon, 8 Jun 2015 11:41:37 -0700 (PDT)\r
+In-Reply-To: <871thmivpt.fsf@maritornes.cs.unb.ca>\r
+References:\r
+ <CACMMjMLecmXopb8AATjE3UuCnNLOO+5Nmev5X8K-UostDEUdrQ@mail.gmail.com>\r
+ <871thmivpt.fsf@maritornes.cs.unb.ca>\r
+Date: Mon, 8 Jun 2015 20:41:37 +0200\r
+Message-ID:\r
+ <CACMMjM+twCQ9MjB6H51eVW-izekpStNT5+u75LUu9rduG1CWEQ@mail.gmail.com>\r
+Subject: Re: BUG: maildir flags sync with database relative path results in\r
+ corrupted filename\r
+From: Morgan Veyret <morgan.veyret@gmail.com>\r
+To: David Bremner <david@tethera.net>, notmuch@notmuchmail.org\r
+Content-Type: multipart/alternative; boundary=94eb2c081926e8ee74051805fde2\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.18\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch/>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Mon, 08 Jun 2015 18:41:42 -0000\r
+\r
+--94eb2c081926e8ee74051805fde2\r
+Content-Type: text/plain; charset=UTF-8\r
+\r
+It does the job, now opening the database with a relative path raise\r
+a NotmuchError.\r
+\r
+\r
+\r
+On Mon, Jun 8, 2015 at 8:02 AM, David Bremner <david@tethera.net> wrote:\r
+\r
+> Morgan Veyret <morgan.veyret@gmail.com> writes:\r
+>\r
+> >\r
+> > As I understand it's expected that the database path should be absolute\r
+> but\r
+> > corrupting the database when the path is relative sounds dangerous.\r
+>\r
+> Thanks for the report. I can see how this could happen, since the\r
+> internal functions _notmuch_message_add_file_name and\r
+> _notmuch_database_relative_path classify message filenames into absolute\r
+> paths starting with the database path and paths relative to the database\r
+> root.\r
+>\r
+> The obvious solution is to reject non-absolute paths in\r
+> notmuch_database_open_verbose. A slightly friendlier approach would be\r
+> to canonicalize the path, but this might have unforseen consequences for\r
+> clients relying on the database path being exactly what they pass in.\r
+>\r
+> Can you see if the attached patch "fixes" it for you? You'll have to\r
+> rebuild notmuch from source. The patch should apply to 0.20 or later.\r
+>\r
+>\r
+> diff --git a/lib/database.cc b/lib/database.cc\r
+> index 78a24f7..2a5b82a 100644\r
+> --- a/lib/database.cc\r
+> +++ b/lib/database.cc\r
+> @@ -847,6 +847,12 @@ notmuch_database_open_verbose (const char *path,\r
+> goto DONE;\r
+> }\r
+>\r
+> + if (path[0] != '/') {\r
+> + message = strdup ("Error: Database path must be absolute.\n");\r
+> + status = NOTMUCH_STATUS_FILE_ERROR;\r
+> + goto DONE;\r
+> + }\r
+> +\r
+> if (! (notmuch_path = talloc_asprintf (local, "%s/%s", path,\r
+> ".notmuch"))) {\r
+> message = strdup ("Out of memory\n");\r
+> status = NOTMUCH_STATUS_OUT_OF_MEMORY;\r
+>\r
+>\r
+\r
+--94eb2c081926e8ee74051805fde2\r
+Content-Type: text/html; charset=UTF-8\r
+Content-Transfer-Encoding: quoted-printable\r
+\r
+<div dir=3D"ltr"><div>It does the job, now opening the database with a rela=\r
+tive path raise<br></div>a NotmuchError.<br><br><br></div><div class=3D"gma=\r
+il_extra"><br><div class=3D"gmail_quote">On Mon, Jun 8, 2015 at 8:02 AM, Da=\r
+vid Bremner <span dir=3D"ltr"><<a href=3D"mailto:david@tethera.net" targ=\r
+et=3D"_blank">david@tethera.net</a>></span> wrote:<br><blockquote class=\r
+=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padd=\r
+ing-left:1ex"><span class=3D"">Morgan Veyret <<a href=3D"mailto:morgan.v=\r
+eyret@gmail.com">morgan.veyret@gmail.com</a>> writes:<br>\r
+<br>\r
+><br>\r
+> As I understand it's expected that the database path should be abs=\r
+olute but<br>\r
+> corrupting the database when the path is relative sounds dangerous.<br=\r
+>\r
+<br>\r
+</span>Thanks for the report.=C2=A0 I can see how this could happen, since =\r
+the<br>\r
+internal functions _notmuch_message_add_file_name and<br>\r
+_notmuch_database_relative_path classify message filenames into absolute<br=\r
+>\r
+paths starting with the database path and paths relative to the database<br=\r
+>\r
+root.<br>\r
+<br>\r
+The obvious solution is to reject non-absolute paths in<br>\r
+notmuch_database_open_verbose. A slightly friendlier approach would be<br>\r
+to canonicalize the path, but this might have unforseen consequences for<br=\r
+>\r
+clients relying on the database path being exactly what they pass in.<br>\r
+<br>\r
+Can you see if the attached patch "fixes" it for you? You'll =\r
+have to<br>\r
+rebuild notmuch from source. The patch should apply to 0.20 or later.<br>\r
+<br>\r
+<br>diff --git a/lib/database.cc b/lib/database.cc<br>\r
+index 78a24f7..2a5b82a 100644<br>\r
+--- a/lib/database.cc<br>\r
++++ b/lib/database.cc<br>\r
+@@ -847,6 +847,12 @@ notmuch_database_open_verbose (const char *path,<br>\r
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 goto DONE;<br>\r
+=C2=A0 =C2=A0 =C2=A0}<br>\r
+<br>\r
++=C2=A0 =C2=A0 if (path[0] !=3D '/') {<br>\r
++=C2=A0 =C2=A0 =C2=A0 =C2=A0message =3D strdup ("Error: Database path =\r
+must be absolute.\n");<br>\r
++=C2=A0 =C2=A0 =C2=A0 =C2=A0status =3D NOTMUCH_STATUS_FILE_ERROR;<br>\r
++=C2=A0 =C2=A0 =C2=A0 =C2=A0goto DONE;<br>\r
++=C2=A0 =C2=A0 }<br>\r
++<br>\r
+=C2=A0 =C2=A0 =C2=A0if (! (notmuch_path =3D talloc_asprintf (local, "%=\r
+s/%s", path, ".notmuch"))) {<br>\r
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 message =3D strdup ("Out of memory\n"=\r
+);<br>\r
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 status =3D NOTMUCH_STATUS_OUT_OF_MEMORY;<br>\r
+<br></blockquote></div><br></div>\r
+\r
+--94eb2c081926e8ee74051805fde2--\r
projects / notmuch-archives.git / commitdiff