Recent exploits have use this as a step for overwriting system files,
and msglog file should always be under the spooldir, so add this as
a defence-in-depth tactic
static int
open_msglog_file(uschar *filename, int mode, uschar **error)
{
static int
open_msglog_file(uschar *filename, int mode, uschar **error)
{
+if (Ustrstr(filename, US"/../"))
+ log_write(0, LOG_MAIN|LOG_PANIC,
+ "Attempt to open msglog file path with upward-traversal: '%s'\n", filename);
+
for (int i = 2; i > 0; i--)
{
int fd = Uopen(filename,
for (int i = 2; i > 0; i--)
{
int fd = Uopen(filename,