Dsearch: require absolute dirname

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 8605fdc3ba73e8a2ad1a21b3e4fb8072464624ff..b9d73ad3f1d6ff6561eb11191e7df65f7bfc0a03 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -6770,8 +6770,13 @@ by default, but has an option to omit them (see section &<<SECTdbmbuild>>&).
 .next
 .cindex "lookup" "dsearch"
 .cindex "dsearch lookup type"
 .next
 .cindex "lookup" "dsearch"
 .cindex "dsearch lookup type"

-&(dsearch)&: The given file must be a directory; this is searched for an entry
-whose name is the key by calling the &[lstat()]& function. The key may not
+&(dsearch)&: The given file must be an
+.new
+absolute
+.wen
+directory path; this is searched for an entry
+whose name is the key by calling the &[lstat()]& function.
+The key may not

 contain any forward slash characters. If &[lstat()]& succeeds, the result of
 the lookup is the name of the entry, which may be a file, directory,
 symbolic link, or any other kind of directory entry.
 contain any forward slash characters. If &[lstat()]& succeeds, the result of
 the lookup is the name of the entry, which may be a file, directory,
 symbolic link, or any other kind of directory entry.

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 7e5de88806fd3ef739bba69b805de83e020bd336..9de2e1194e1ea83f577ced06b58e098d95943628 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -93,6 +93,7 @@ JH/20 Taint checking: disallow use of tainted data for
       - the autoreply transport file, log and once options
       - file names used by the redirect router (including filter files)
       - named-queue names
       - the autoreply transport file, log and once options
       - file names used by the redirect router (including filter files)
       - named-queue names

+      - paths used by single-key lookups

       Previously this was permitted.
 
 JH/21 Bug 2501: Fix init call in the heimdal authenticator.  Previously it
       Previously this was permitted.
 
 JH/21 Bug 2501: Fix init call in the heimdal authenticator.  Previously it


@@ -159,6 +160,10 @@ JH/33 Fix the dsearch lookup to return an untainted result.  Previously the
 JH/34 Fix the readsocket expansion to not segfault when an empty "options"
       argument is supplied.
 
 JH/34 Fix the readsocket expansion to not segfault when an empty "options"
       argument is supplied.
 

+JH/35 The dsearch lookup now requires that the directory is an absolute path.
+      Previously this was not checked, and nonempty relative paths made an
+      access under Exim's current working directory.
+

 
 Exim version 4.93
 -----------------
 
 Exim version 4.93
 -----------------

diff --git a/src/src/lookups/dsearch.c b/src/src/lookups/dsearch.c
index dba8422ccf1e07c65d919f38c62e5708ab57b4b7..07931ae4a42f2197f7399b6aa0f6e4ad487762e1 100644 (file)
--- a/src/src/lookups/dsearch.c
+++ b/src/src/lookups/dsearch.c
@@ -52,8 +52,11 @@ dsearch_check(void * handle, const uschar * filename, int modemask,
   uid_t * owners, gid_t * owngroups, uschar ** errmsg)
 {
 handle = handle;
   uid_t * owners, gid_t * owngroups, uschar ** errmsg)
 {
 handle = handle;

-return lf_check_file(-1, filename, S_IFDIR, modemask, owners, owngroups,
-  "dsearch", errmsg) == 0;
+if (*filename == '/')
+  return lf_check_file(-1, filename, S_IFDIR, modemask, owners, owngroups,
+    "dsearch", errmsg) == 0;
+*errmsg = string_sprintf("dirname '%s' for dsearch is not absolute", filename);
+return FALSE;

 }
 
 
 }
 
 

diff --git a/test/scripts/2500-dsearch/2500 b/test/scripts/2500-dsearch/2500
index 49e2a37619c70e82d366e34cf2040af6930ba8ba..040ce599eb57c944ed0ec111732f6b908a1e0f2e 100644 (file)
--- a/test/scripts/2500-dsearch/2500
+++ b/test/scripts/2500-dsearch/2500
@@ -6,6 +6,7 @@ fail:       ${lookup{TESTNUM.file_not_here}     dsearch{DIR/aux-fixed}{$value}{FAIL}
 fail:       ${lookup{TESTNUM.tst}              dsearch{DIR/dir_not_here}{$value}{FAIL}}
 fail(case): ${lookup{TESTNUM.TST}              dsearch{DIR/aux-fixed}{$value}{FAIL}}
 fail(case): ${lookup{TESTNUM.TST}              dsearch{DIR/AUX-fixed}{$value}{FAIL}}
 fail:       ${lookup{TESTNUM.tst}              dsearch{DIR/dir_not_here}{$value}{FAIL}}
 fail(case): ${lookup{TESTNUM.TST}              dsearch{DIR/aux-fixed}{$value}{FAIL}}
 fail(case): ${lookup{TESTNUM.TST}              dsearch{DIR/AUX-fixed}{$value}{FAIL}}

+fail(path): ${lookup{TESTNUM.tst}              dsearch{.}{$value}{OTHER}}

 ****
 #
 1
 ****
 #
 1

diff --git a/test/stdout/2500 b/test/stdout/2500
index 8ff2378cc8e4a2396e48a06e4349a0cf14189bf7..3259e726c10b22c100a04047dc70d250bea9d914 100644 (file)
--- a/test/stdout/2500
+++ b/test/stdout/2500
@@ -3,4 +3,5 @@
 > Failed: failed to open TESTSUITE/dir_not_here for directory search: No such file or directory
 > fail(case): FAIL
 > Failed: failed to open TESTSUITE/AUX-fixed for directory search: No such file or directory
 > Failed: failed to open TESTSUITE/dir_not_here for directory search: No such file or directory
 > fail(case): FAIL
 > Failed: failed to open TESTSUITE/AUX-fixed for directory search: No such file or directory

+> Failed: dirname '.' for dsearch is not absolute

 > 
 >