From: David Bremner Date: Mon, 8 Jun 2015 06:02:22 +0000 (+0200) Subject: Re: BUG: maildir flags sync with database relative path results in corrupted filename X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=4d4d57a8c7132040f342586c9b28cb5266b27639;p=notmuch-archives.git Re: BUG: maildir flags sync with database relative path results in corrupted filename --- diff --git a/78/14502f303ea87bcc46822f89ec2b15047ab091 b/78/14502f303ea87bcc46822f89ec2b15047ab091 new file mode 100644 index 000000000..e8fa9241c --- /dev/null +++ b/78/14502f303ea87bcc46822f89ec2b15047ab091 @@ -0,0 +1,100 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by arlo.cworth.org (Postfix) with ESMTP id 7E2FA6DE1502 + for ; Sun, 7 Jun 2015 23:04:11 -0700 (PDT) +X-Virus-Scanned: Debian amavisd-new at cworth.org +X-Spam-Flag: NO +X-Spam-Score: 0.208 +X-Spam-Level: +X-Spam-Status: No, score=0.208 tagged_above=-999 required=5 tests=[AWL=0.208] + autolearn=disabled +Received: from arlo.cworth.org ([127.0.0.1]) + by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id lBgrY67LLRfp for ; + Sun, 7 Jun 2015 23:04:09 -0700 (PDT) +Received: from mx.xen14.node3324.gplhost.com (gitolite.debian.net + [87.98.215.224]) + by arlo.cworth.org (Postfix) with ESMTPS id 387866DE119C + for ; Sun, 7 Jun 2015 23:04:08 -0700 (PDT) +Received: from remotemail by mx.xen14.node3324.gplhost.com with local (Exim + 4.80) (envelope-from ) + id 1Z1q8v-0007Nv-5D; Mon, 08 Jun 2015 06:02:41 +0000 +Received: (nullmailer pid 29648 invoked by uid 1000); Mon, 08 Jun 2015 + 06:02:22 -0000 +From: David Bremner +To: Morgan Veyret , notmuch@notmuchmail.org +Subject: Re: BUG: maildir flags sync with database relative path results in + corrupted filename +In-Reply-To: + +References: + +User-Agent: Notmuch/0.20+15~ga1b054b (http://notmuchmail.org) Emacs/24.4.1 + (x86_64-pc-linux-gnu) +Date: Mon, 08 Jun 2015 08:02:22 +0200 +Message-ID: <871thmivpt.fsf@maritornes.cs.unb.ca> +MIME-Version: 1.0 +Content-Type: multipart/mixed; boundary="=-=-=" +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.18 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Mon, 08 Jun 2015 06:04:11 -0000 + +--=-=-= +Content-Type: text/plain + +Morgan Veyret writes: + +> +> As I understand it's expected that the database path should be absolute but +> corrupting the database when the path is relative sounds dangerous. + +Thanks for the report. I can see how this could happen, since the +internal functions _notmuch_message_add_file_name and +_notmuch_database_relative_path classify message filenames into absolute +paths starting with the database path and paths relative to the database +root. + +The obvious solution is to reject non-absolute paths in +notmuch_database_open_verbose. A slightly friendlier approach would be +to canonicalize the path, but this might have unforseen consequences for +clients relying on the database path being exactly what they pass in. + +Can you see if the attached patch "fixes" it for you? You'll have to +rebuild notmuch from source. The patch should apply to 0.20 or later. + + +--=-=-= +Content-Type: text/x-diff +Content-Disposition: inline; filename=test.diff + +diff --git a/lib/database.cc b/lib/database.cc +index 78a24f7..2a5b82a 100644 +--- a/lib/database.cc ++++ b/lib/database.cc +@@ -847,6 +847,12 @@ notmuch_database_open_verbose (const char *path, + goto DONE; + } + ++ if (path[0] != '/') { ++ message = strdup ("Error: Database path must be absolute.\n"); ++ status = NOTMUCH_STATUS_FILE_ERROR; ++ goto DONE; ++ } ++ + if (! (notmuch_path = talloc_asprintf (local, "%s/%s", path, ".notmuch"))) { + message = strdup ("Out of memory\n"); + status = NOTMUCH_STATUS_OUT_OF_MEMORY; + +--=-=-=--