diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2019-09-10 12:29:12 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2019-09-10 12:33:28 +0100 |
| commit | 8f84b06a462cb02821c09aeeb8ca77f1bbdc00cb (patch) | |
| tree | 38c9dc26019ece495203b806d87ae214712530c3 | |
| parent | b09c17939112f84e689a9c1343f00ca84610325d (diff) | |
Refuse to open a msglog file with .. in the path.
Recent exploits have use this as a step for overwriting system files,
and msglog file should always be under the spooldir, so add this as
a defence-in-depth tactic
| -rw-r--r-- | src/src/deliver.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/src/deliver.c b/src/src/deliver.c index 59fbeeaf9..72751c2dc 100644 --- a/src/src/deliver.c +++ b/src/src/deliver.c @@ -328,6 +328,10 @@ Returns: a file descriptor, or -1 (with errno set) static int open_msglog_file(uschar *filename, int mode, uschar **error) { +if (Ustrstr(filename, US"/../")) + log_write(0, LOG_MAIN|LOG_PANIC, + "Attempt to open msglog file path with upward-traversal: '%s'\n", filename); + for (int i = 2; i > 0; i--) { int fd = Uopen(filename, |