SECURITY: Fix safeguard against upward traversal in msglog files. - user/henk/code/exim.git

diff options

author	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>	2020-11-21 22:41:28 +0100
committer	Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>	2021-05-27 21:30:36 +0200
commit	40b8be2e25abb7569a05c839f5d0ab6176307a75 (patch)
tree	fa8567f5f752845ef0e7639a8556cc1cc0e5e29e /.github
parent	5dad84609e49ce4c45d29ccb98b1b7b1f296d69e (diff)

SECURITY: Fix safeguard against upward traversal in msglog files.

Credits: Qualys 3/ In src/deliver.c: 333 static int 334 open_msglog_file(uschar *filename, int mode, uschar **error) 335 { 336 if (Ustrstr(filename, US"/../")) 337 log_write(0, LOG_MAIN|LOG_PANIC, 338 "Attempt to open msglog file path with upward-traversal: '%s'\n", filename); Should this be LOG_PANIC_DIE instead of LOG_PANIC? Right now it will log the /../ attempt but will open the file anyway. (cherry picked from commit 742c27f02d83792937dcb1719b380d3dde6228bf) (cherry picked from commit 1e9a340c05d7233969637095a8a6378b14de2976)

Diffstat (limited to '.github')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: