From 7f8394e7c983b1c199866fc6b1c14feb857b651d Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 13 Feb 2022 12:00:55 +0000 Subject: [PATCH] Fix include_directory in redirect routers. Bug 2715 Broken-by: 10c50704c1 --- doc/ChangeLog | 5 +++++ src/parse.c | 9 ++++++--- test/confs/0313 | 4 +++- test/log/0313 | 2 ++ test/scripts/0000-Basic/0313 | 2 ++ 5 files changed, 18 insertions(+), 4 deletions(-) --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -23,6 +23,11 @@ JH/15 Fix a resource leak in *BSD. An off-by-one erro failing to close the certificates directory, every hour or any time it was touched. +JH/18 Bug 2751: Fix include_directory in redirect routers. Previously a + bad comparison between the option value and the name of the file to + be included was done, and a mismatch was wrongly identified. + 4.88 to 4.95 are affected. + Exim version 4.95 ----------------- --- a/src/parse.c +++ b/src/parse.c @@ -1422,11 +1422,13 @@ /* Check file name if required */ if (directory) { int len = Ustrlen(directory); - uschar *p = filename + len; + uschar * p; + while (len > 0 && directory[len-1] == '/') len--; /* ignore trailing '/' */ + p = filename + len; if (Ustrncmp(filename, directory, len) != 0 || *p != '/') { *error = string_sprintf("included file %s is not in directory %s", filename, directory); @@ -1448,13 +1450,14 @@ } while (*p) { uschar temp; int fd2; - uschar * q = p; + uschar * q = p + 1; /* skip dividing '/' */ - while (*++p && *p != '/') ; + while (*q == '/') q++; /* skip extra '/' */ + while (*++p && *p != '/') ; /* end of component */ temp = *p; *p = '\0'; fd2 = exim_openat(fd, CS q, O_RDONLY|O_NOFOLLOW); close(fd);