changeset 4395:3f9b7d2a7c60 HEAD

When creating a mailbox, limit the number of hierarchies (to 20) and the length of the mailbox name within a hierarchy (to 200).
author Timo Sirainen <tss@iki.fi>
date Sat, 17 Jun 2006 16:03:27 +0300
parents 0462137fa4ce
children 208194b3742a
files src/lib-storage/index/dbox/dbox-storage.c src/lib-storage/index/maildir/maildir-storage.c src/lib-storage/index/mbox/mbox-storage.c src/lib-storage/mail-storage-private.h src/lib-storage/mail-storage.c
diffstat 5 files changed, 44 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/lib-storage/index/dbox/dbox-storage.c	Sat Jun 17 15:40:29 2006 +0300
+++ b/src/lib-storage/index/dbox/dbox-storage.c	Sat Jun 17 16:03:27 2006 +0300
@@ -204,6 +204,11 @@
 	    len > DBOX_MAX_MAILBOX_NAME_LENGTH)
 		return FALSE;
 
+	if ((storage->flags & MAIL_STORAGE_FLAG_FULL_FS_ACCESS) == 0) {
+		if (mailbox_name_is_too_large(name, '/'))
+		    return FALSE;
+	}
+
 	return dbox_is_valid_mask(storage, name);
 }
 
--- a/src/lib-storage/index/maildir/maildir-storage.c	Sat Jun 17 15:40:29 2006 +0300
+++ b/src/lib-storage/index/maildir/maildir-storage.c	Sat Jun 17 16:03:27 2006 +0300
@@ -207,6 +207,9 @@
 		return FALSE;
 	}
 
+	if (mailbox_name_is_too_large(name, '.'))
+		return FALSE;
+
 	return TRUE;
 }
 
--- a/src/lib-storage/index/mbox/mbox-storage.c	Sat Jun 17 15:40:29 2006 +0300
+++ b/src/lib-storage/index/mbox/mbox-storage.c	Sat Jun 17 16:03:27 2006 +0300
@@ -407,6 +407,11 @@
 	    len > MBOX_MAX_MAILBOX_NAME_LENGTH)
 		return FALSE;
 
+	if ((storage->flags & MAIL_STORAGE_FLAG_FULL_FS_ACCESS) == 0) {
+		if (mailbox_name_is_too_large(name, '/'))
+		    return FALSE;
+	}
+
 	return mbox_is_valid_mask(storage, name);
 }
 
--- a/src/lib-storage/mail-storage-private.h	Sat Jun 17 15:40:29 2006 +0300
+++ b/src/lib-storage/mail-storage-private.h	Sat Jun 17 16:03:27 2006 +0300
@@ -254,5 +254,6 @@
 
 const char *mail_storage_class_get_last_error(struct mail_storage *storage,
 					      bool *syntax_error_r);
+bool mailbox_name_is_too_large(const char *name, char sep);
 
 #endif
--- a/src/lib-storage/mail-storage.c	Sat Jun 17 15:40:29 2006 +0300
+++ b/src/lib-storage/mail-storage.c	Sat Jun 17 16:03:27 2006 +0300
@@ -14,6 +14,14 @@
 	"Internal error occurred. Refer to server log for more information."
 #define CRITICAL_MSG_STAMP CRITICAL_MSG " [%Y-%m-%d %H:%M:%S]"
 
+/* 20 * (200+1) < 4096 which is the standard PATH_MAX. Having these settings
+   prevents malicious user from creating eg. "a/a/a/.../a" mailbox name and
+   then start renaming them to larger names from end to beginning, which
+   eventually would start causing the failures when trying to use too
+   long mailbox names. */
+#define MAILBOX_MAX_HIERARCHY_LEVELS 20
+#define MAILBOX_MAX_HIERARCHY_NAME_LENGTH 200
+
 unsigned int mail_storage_module_id = 0;
 
 static array_t ARRAY_DEFINE(storages, struct mail_storage *);
@@ -536,3 +544,25 @@
 {
 	return box->v.is_inconsistent(box);
 }
+
+bool mailbox_name_is_too_large(const char *name, char sep)
+{
+	unsigned int levels = 1, level_len = 0;
+
+	for (; *name != '\0'; name++) {
+		if (*name == sep) {
+			if (level_len > MAILBOX_MAX_HIERARCHY_NAME_LENGTH)
+				return TRUE;
+			levels++;
+			level_len = 0;
+		} else {
+			level_len++;
+		}
+	}
+
+	if (level_len > MAILBOX_MAX_HIERARCHY_NAME_LENGTH)
+		return TRUE;
+	if (levels > MAILBOX_MAX_HIERARCHY_LEVELS)
+		return TRUE;
+	return FALSE;
+}