SECURITY: Fix safeguard against upward traversal in msglog files.
authorHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Sat, 21 Nov 2020 21:41:28 +0000 (22:41 +0100)
committerHeiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
Tue, 27 Apr 2021 22:40:30 +0000 (00:40 +0200)
commit1e9a340c05d7233969637095a8a6378b14de2976
tree6a042c3ca69b136497587d8ebdb4b01f76d599f2
parent2d9f1837bdd6c5946cb9cd997544eefc8cc14fc4
SECURITY: Fix safeguard against upward traversal in msglog files.

Credits: Qualys

    3/ In src/deliver.c:

     333 static int
     334 open_msglog_file(uschar *filename, int mode, uschar **error)
     335 {
     336 if (Ustrstr(filename, US"/../"))
     337   log_write(0, LOG_MAIN|LOG_PANIC,
     338     "Attempt to open msglog file path with upward-traversal: '%s'\n", filename);

    Should this be LOG_PANIC_DIE instead of LOG_PANIC? Right now it will log
    the /../ attempt but will open the file anyway.

(cherry picked from commit 742c27f02d83792937dcb1719b380d3dde6228bf)
doc/doc-txt/ChangeLog
src/src/deliver.c