From: Morgan Veyret Date: Mon, 8 Jun 2015 18:41:37 +0000 (+0200) Subject: Re: BUG: maildir flags sync with database relative path results in corrupted filename X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=8148d897ceead41b781b6f25a819e2193ebbe8f3;p=notmuch-archives.git Re: BUG: maildir flags sync with database relative path results in corrupted filename --- diff --git a/03/477e9d3fe192dd652460d557e2b0186421e511 b/03/477e9d3fe192dd652460d557e2b0186421e511 new file mode 100644 index 000000000..a0ace82a6 --- /dev/null +++ b/03/477e9d3fe192dd652460d557e2b0186421e511 @@ -0,0 +1,177 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by arlo.cworth.org (Postfix) with ESMTP id B7FF46DE02B1 + for ; Mon, 8 Jun 2015 11:41:42 -0700 (PDT) +X-Virus-Scanned: Debian amavisd-new at cworth.org +X-Spam-Flag: NO +X-Spam-Score: -0.729 +X-Spam-Level: +X-Spam-Status: No, score=-0.729 tagged_above=-999 required=5 tests=[AWL=0.090, + DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, + HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, + RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled +Received: from arlo.cworth.org ([127.0.0.1]) + by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id 7qZtRctZlEjo for ; + Mon, 8 Jun 2015 11:41:40 -0700 (PDT) +Received: from mail-yk0-f177.google.com (mail-yk0-f177.google.com + [209.85.160.177]) + by arlo.cworth.org (Postfix) with ESMTPS id 5B1236DE02D2 + for ; Mon, 8 Jun 2015 11:41:40 -0700 (PDT) +Received: by ykfl8 with SMTP id l8so56277649ykf.1 + for ; Mon, 08 Jun 2015 11:41:38 -0700 (PDT) +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; + h=mime-version:in-reply-to:references:date:message-id:subject:from:to + :content-type; bh=hLsFt/ZtgTpTp2w8HaK0QiawoCwdSLoFDHjTc8BHBEk=; + b=wb9BRcHF0D69Gy3nVTfTWuqDnwldGVmcgBVwBCICUwUP9eJi8K3GUlZHhABgvOeKJC + ehH95WomIq6qS72QedC/9oyA+PNIlU5rRJvVVzGSKOvgCql304pnVpLLlWsTmE/pWZc3 + hJK+5XWR9xyg24us/VjD2OerVxxn7gSmTeKcUb5KFY7L9xiCA5tFbZW5Di5m8QLQKGxP + qbtoM4IdDFqZyptcJTE5XxYZxWPvqMZdZ1H9mWovmgxFELdTmBJUwntmH4ufN4DkCMwH + 78G23doK5jWempK3Nup1LvGFbljDLAXKanhSnPvBcoPCJCnCYbKL0Z9XfmRuGHAoZSe6 + xcBg== +MIME-Version: 1.0 +X-Received: by 10.13.218.71 with SMTP id c68mr17715709ywe.126.1433788897355; + Mon, 08 Jun 2015 11:41:37 -0700 (PDT) +Received: by 10.129.123.197 with HTTP; Mon, 8 Jun 2015 11:41:37 -0700 (PDT) +In-Reply-To: <871thmivpt.fsf@maritornes.cs.unb.ca> +References: + + <871thmivpt.fsf@maritornes.cs.unb.ca> +Date: Mon, 8 Jun 2015 20:41:37 +0200 +Message-ID: + +Subject: Re: BUG: maildir flags sync with database relative path results in + corrupted filename +From: Morgan Veyret +To: David Bremner , notmuch@notmuchmail.org +Content-Type: multipart/alternative; boundary=94eb2c081926e8ee74051805fde2 +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.18 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Mon, 08 Jun 2015 18:41:42 -0000 + +--94eb2c081926e8ee74051805fde2 +Content-Type: text/plain; charset=UTF-8 + +It does the job, now opening the database with a relative path raise +a NotmuchError. + + + +On Mon, Jun 8, 2015 at 8:02 AM, David Bremner wrote: + +> Morgan Veyret writes: +> +> > +> > As I understand it's expected that the database path should be absolute +> but +> > corrupting the database when the path is relative sounds dangerous. +> +> Thanks for the report. I can see how this could happen, since the +> internal functions _notmuch_message_add_file_name and +> _notmuch_database_relative_path classify message filenames into absolute +> paths starting with the database path and paths relative to the database +> root. +> +> The obvious solution is to reject non-absolute paths in +> notmuch_database_open_verbose. A slightly friendlier approach would be +> to canonicalize the path, but this might have unforseen consequences for +> clients relying on the database path being exactly what they pass in. +> +> Can you see if the attached patch "fixes" it for you? You'll have to +> rebuild notmuch from source. The patch should apply to 0.20 or later. +> +> +> diff --git a/lib/database.cc b/lib/database.cc +> index 78a24f7..2a5b82a 100644 +> --- a/lib/database.cc +> +++ b/lib/database.cc +> @@ -847,6 +847,12 @@ notmuch_database_open_verbose (const char *path, +> goto DONE; +> } +> +> + if (path[0] != '/') { +> + message = strdup ("Error: Database path must be absolute.\n"); +> + status = NOTMUCH_STATUS_FILE_ERROR; +> + goto DONE; +> + } +> + +> if (! (notmuch_path = talloc_asprintf (local, "%s/%s", path, +> ".notmuch"))) { +> message = strdup ("Out of memory\n"); +> status = NOTMUCH_STATUS_OUT_OF_MEMORY; +> +> + +--94eb2c081926e8ee74051805fde2 +Content-Type: text/html; charset=UTF-8 +Content-Transfer-Encoding: quoted-printable + +
It does the job, now opening the database with a rela= +tive path raise
a NotmuchError.



On Mon, Jun 8, 2015 at 8:02 AM, Da= +vid Bremner <david@tethera.net> wrote:
Morgan Veyret <morgan.veyret@gmail.com> writes:
+
+>
+> As I understand it's expected that the database path should be abs= +olute but
+> corrupting the database when the path is relative sounds dangerous. +
+Thanks for the report.=C2=A0 I can see how this could happen, since = +the
+internal functions _notmuch_message_add_file_name and
+_notmuch_database_relative_path classify message filenames into absolute +paths starting with the database path and paths relative to the database +root.
+
+The obvious solution is to reject non-absolute paths in
+notmuch_database_open_verbose. A slightly friendlier approach would be
+to canonicalize the path, but this might have unforseen consequences for +clients relying on the database path being exactly what they pass in.
+
+Can you see if the attached patch "fixes" it for you? You'll = +have to
+rebuild notmuch from source. The patch should apply to 0.20 or later.
+
+
diff --git a/lib/database.cc b/lib/database.cc
+index 78a24f7..2a5b82a 100644
+--- a/lib/database.cc
++++ b/lib/database.cc
+@@ -847,6 +847,12 @@ notmuch_database_open_verbose (const char *path,
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 goto DONE;
+=C2=A0 =C2=A0 =C2=A0}
+
++=C2=A0 =C2=A0 if (path[0] !=3D '/') {
++=C2=A0 =C2=A0 =C2=A0 =C2=A0message =3D strdup ("Error: Database path = +must be absolute.\n");
++=C2=A0 =C2=A0 =C2=A0 =C2=A0status =3D NOTMUCH_STATUS_FILE_ERROR;
++=C2=A0 =C2=A0 =C2=A0 =C2=A0goto DONE;
++=C2=A0 =C2=A0 }
++
+=C2=A0 =C2=A0 =C2=A0if (! (notmuch_path =3D talloc_asprintf (local, "%= +s/%s", path, ".notmuch"))) {
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 message =3D strdup ("Out of memory\n"= +);
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 status =3D NOTMUCH_STATUS_OUT_OF_MEMORY;
+

+ +--94eb2c081926e8ee74051805fde2--