From 5eb61b4334cbc79b2e1ed0d177286ea4735d417c Mon Sep 17 00:00:00 2001 From: David Bremner Date: Wed, 10 Jun 2015 09:17:01 +0200 Subject: [PATCH] [PATCH 2/2] lib: reject relative paths in n_d_{create,open}_verbose --- b9/302fe96532690852855133ac71247d50a5e2cf | 216 ++++++++++++++++++++++ 1 file changed, 216 insertions(+) create mode 100644 b9/302fe96532690852855133ac71247d50a5e2cf diff --git a/b9/302fe96532690852855133ac71247d50a5e2cf b/b9/302fe96532690852855133ac71247d50a5e2cf new file mode 100644 index 000000000..50baf1aae --- /dev/null +++ b/b9/302fe96532690852855133ac71247d50a5e2cf @@ -0,0 +1,216 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by arlo.cworth.org (Postfix) with ESMTP id AA4AD6DE0B2F + for ; Wed, 10 Jun 2015 00:19:24 -0700 (PDT) +X-Virus-Scanned: Debian amavisd-new at cworth.org +X-Spam-Flag: NO +X-Spam-Score: 0.206 +X-Spam-Level: +X-Spam-Status: No, score=0.206 tagged_above=-999 required=5 tests=[AWL=0.196, + T_HEADER_FROM_DIFFERENT_DOMAINS=0.01] autolearn=disabled +Received: from arlo.cworth.org ([127.0.0.1]) + by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id I7JtQgadaOSg for ; + Wed, 10 Jun 2015 00:19:23 -0700 (PDT) +Received: from mx.xen14.node3324.gplhost.com (gitolite.debian.net + [87.98.215.224]) + by arlo.cworth.org (Postfix) with ESMTPS id E00076DE02CB + for ; Wed, 10 Jun 2015 00:19:22 -0700 (PDT) +Received: from remotemail by mx.xen14.node3324.gplhost.com with local (Exim + 4.80) (envelope-from ) + id 1Z2aGe-0007UE-Ro; Wed, 10 Jun 2015 07:17:44 +0000 +Received: (nullmailer pid 5329 invoked by uid 1000); Wed, 10 Jun 2015 + 07:17:09 -0000 +From: David Bremner +To: David Bremner , Morgan Veyret + , notmuch@notmuchmail.org +Subject: [PATCH 2/2] lib: reject relative paths in n_d_{create,open}_verbose +Date: Wed, 10 Jun 2015 09:17:01 +0200 +Message-Id: <1433920621-5279-2-git-send-email-david@tethera.net> +X-Mailer: git-send-email 2.1.4 +In-Reply-To: <1433920621-5279-1-git-send-email-david@tethera.net> +References: <87oakqj5rm.fsf@maritornes.cs.unb.ca> + <1433920621-5279-1-git-send-email-david@tethera.net> +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.18 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Wed, 10 Jun 2015 07:19:24 -0000 + +There are many places in the notmuch code where the path is assumed to be absolute. If someone (TM) wants a project, one could remove these assumptions. In the mean time, prevent users from shooting themselves in the foot. + +Update test suite mark tests for this error as no longer broken, and +also convert some tests that used relative paths for nonexistent +directories. +--- + NEWS | 9 +++++++++ + lib/database.cc | 12 ++++++++++++ + test/T360-symbol-hiding.sh | 21 +++++++++++---------- + test/T560-lib-error.sh | 10 ++++------ + test/symbol-test.cc | 6 +++--- + 5 files changed, 39 insertions(+), 19 deletions(-) + +diff --git a/NEWS b/NEWS +index 03254d5..004b867 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,3 +1,12 @@ ++Notmuch 0.21 (UNRELEASED) ++========================= ++ ++Library ++------- ++ ++The use of absolute paths is now enforced when calling notmuch_database_{open, create} ++ ++ + Notmuch 0.20.1 (2015-06-01) + =========================== + +diff --git a/lib/database.cc b/lib/database.cc +index e726f62..6a15174 100644 +--- a/lib/database.cc ++++ b/lib/database.cc +@@ -659,6 +659,12 @@ notmuch_database_create_verbose (const char *path, + goto DONE; + } + ++ if (path[0] != '/') { ++ message = strdup ("Error: Database path must be absolute.\n"); ++ status = NOTMUCH_STATUS_PATH_ERROR; ++ goto DONE; ++ } ++ + err = stat (path, &st); + if (err) { + IGNORE_RESULT (asprintf (&message, "Error: Cannot create database at %s: %s.\n", +@@ -849,6 +855,12 @@ notmuch_database_open_verbose (const char *path, + goto DONE; + } + ++ if (path[0] != '/') { ++ message = strdup ("Error: Database path must be absolute.\n"); ++ status = NOTMUCH_STATUS_PATH_ERROR; ++ goto DONE; ++ } ++ + if (! (notmuch_path = talloc_asprintf (local, "%s/%s", path, ".notmuch"))) { + message = strdup ("Out of memory\n"); + status = NOTMUCH_STATUS_OUT_OF_MEMORY; +diff --git a/test/T360-symbol-hiding.sh b/test/T360-symbol-hiding.sh +index d2b5d1f..98e4d4d 100755 +--- a/test/T360-symbol-hiding.sh ++++ b/test/T360-symbol-hiding.sh +@@ -11,16 +11,17 @@ test_description='exception symbol hiding' + + . ./test-lib.sh + +-run_test(){ +- result=$(LD_LIBRARY_PATH="$TEST_DIRECTORY/../lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" $TEST_DIRECTORY/symbol-test 2>&1) +-} +- +-output="A Xapian exception occurred opening database: Couldn't stat 'fakedb/.notmuch/xapian' +-caught No chert database found at path \`./nonexistent'" +- +-mkdir -p fakedb/.notmuch +- +-test_expect_success 'running test' run_test ++test_begin_subtest 'running test' run_test ++mkdir -p ${PWD}/fakedb/.notmuch ++( LD_LIBRARY_PATH="$TEST_DIRECTORY/../lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" \ ++ $TEST_DIRECTORY/symbol-test ${PWD}/fakedb ${PWD}/nonexistent \ ++ 2>&1 | sed "s,${PWD},CWD,g") > OUTPUT ++ ++cat < EXPECTED ++A Xapian exception occurred opening database: Couldn't stat 'CWD/fakedb/.notmuch/xapian' ++caught No chert database found at path \`CWD/nonexistent' ++EOF ++test_expect_equal_file EXPECTED OUTPUT + + test_begin_subtest 'checking output' + test_expect_equal "$result" "$output" +diff --git a/test/T560-lib-error.sh b/test/T560-lib-error.sh +index 9f5f7ae..b1e77aa 100755 +--- a/test/T560-lib-error.sh ++++ b/test/T560-lib-error.sh +@@ -36,7 +36,6 @@ EOF + test_expect_equal_file EXPECTED OUTPUT + + test_begin_subtest "Open relative path" +-test_subtest_known_broken + test_C <<'EOF' + #include + #include +@@ -55,7 +54,6 @@ EOF + test_expect_equal_file EXPECTED OUTPUT + + test_begin_subtest "Create database in relative path" +-test_subtest_known_broken + test_C <<'EOF' + #include + #include +@@ -108,21 +106,21 @@ Error: Cannot create a database for a NULL path. + EOF + test_expect_equal_file EXPECTED OUTPUT + +-test_begin_subtest "Create database in non-existant directory" +-test_C <<'EOF' ++test_begin_subtest "Create database in nonexistent directory" ++test_C ${PWD}/nonexistent/foo<<'EOF' + #include + #include + int main (int argc, char** argv) + { + notmuch_database_t *db; + notmuch_status_t stat; +- stat = notmuch_database_create ("./nonexistent/foo", &db); ++ stat = notmuch_database_create (argv[1], &db); + } + EOF + cat <<'EOF' >EXPECTED + == stdout == + == stderr == +-Error: Cannot create database at ./nonexistent/foo: No such file or directory. ++Error: Cannot create database at CWD/nonexistent/foo: No such file or directory. + EOF + test_expect_equal_file EXPECTED OUTPUT + +diff --git a/test/symbol-test.cc b/test/symbol-test.cc +index f17ddc8..fb77b41 100644 +--- a/test/symbol-test.cc ++++ b/test/symbol-test.cc +@@ -4,18 +4,18 @@ + #include + + +-int main() { ++int main(int argc, char** argv) { + notmuch_database_t *notmuch; + char *message = NULL; + +- if (notmuch_database_open_verbose ("fakedb", NOTMUCH_DATABASE_MODE_READ_ONLY, ¬much, &message)) ++ if (notmuch_database_open_verbose (argv[1], NOTMUCH_DATABASE_MODE_READ_ONLY, ¬much, &message)) + if (message) { + fputs (message, stderr); + free (message); + } + + try { +- (void) new Xapian::WritableDatabase("./nonexistent", Xapian::DB_OPEN); ++ (void) new Xapian::WritableDatabase(argv[2], Xapian::DB_OPEN); + } catch (const Xapian::Error &error) { + printf("caught %s\n", error.get_msg().c_str()); + return 0; +-- +2.1.4 + -- 2.26.2