Skip to content

Commit 9bfab35

Browse files
flatcapjeriko-one
andcommitted
sanitise cache paths
Co-authored-by: JerikoOne <jeriko.one@gmx.us>
1 parent 98aad9c commit 9bfab35

File tree

2 files changed

+35
-7
lines changed

2 files changed

+35
-7
lines changed

Diff for: newsrc.c

+12-1
Original file line numberDiff line numberDiff line change
@@ -715,7 +715,18 @@ int nntp_active_save_cache(struct NntpServer *nserv)
715715
*/
716716
static int nntp_hcache_namer(const char *path, char *dest, size_t destlen)
717717
{
718-
return snprintf(dest, destlen, "%s.hcache", path);
718+
int count = snprintf(dest, destlen, "%s.hcache", path);
719+
720+
/* Strip out any directories in the path */
721+
char *first = strchr(dest, '/');
722+
char *last = strrchr(dest, '/');
723+
if (first && last && (last > first))
724+
{
725+
memmove(first, last, strlen(last) + 1);
726+
count -= (last - first);
727+
}
728+
729+
return count;
719730
}
720731

721732
/**

Diff for: pop.c

+23-6
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,23 @@
6363
#define HC_FEXT "hcache" /* extension for hcache as POP lacks paths */
6464
#endif
6565

66+
/**
67+
* cache_id - Make a message-cache-compatible id
68+
* @param id POP message id
69+
* @retval ptr Sanitised string
70+
*
71+
* The POP message id may contain '/' and other awkward characters.
72+
*
73+
* @note This function returns a pointer to a static buffer.
74+
*/
75+
static const char *cache_id(const char *id)
76+
{
77+
static char clean[SHORT_STRING];
78+
mutt_str_strfcpy(clean, id, sizeof(clean));
79+
mutt_file_sanitize_filename(clean, true);
80+
return clean;
81+
}
82+
6683
/**
6784
* fetch_message - write line to file
6885
* @param line String to write
@@ -242,7 +259,7 @@ static int msg_cache_check(const char *id, struct BodyCache *bcache, void *data)
242259
/* message not found in context -> remove it from cache
243260
* return the result of bcache, so we stop upon its first error
244261
*/
245-
return mutt_bcache_del(bcache, id);
262+
return mutt_bcache_del(bcache, cache_id(id));
246263
}
247264

248265
#ifdef USE_HCACHE
@@ -407,7 +424,7 @@ static int pop_fetch_headers(struct Context *ctx)
407424
* - if we don't have a body: new
408425
*/
409426
const bool bcached =
410-
(mutt_bcache_exists(pop_data->bcache, ctx->hdrs[i]->data) == 0);
427+
(mutt_bcache_exists(pop_data->bcache, cache_id(ctx->hdrs[i]->data)) == 0);
411428
ctx->hdrs[i]->old = false;
412429
ctx->hdrs[i]->read = false;
413430
if (hcached)
@@ -597,7 +614,7 @@ static int pop_fetch_message(struct Context *ctx, struct Message *msg, int msgno
597614
unsigned short bcache = 1;
598615

599616
/* see if we already have the message in body cache */
600-
msg->fp = mutt_bcache_get(pop_data->bcache, h->data);
617+
msg->fp = mutt_bcache_get(pop_data->bcache, cache_id(h->data));
601618
if (msg->fp)
602619
return 0;
603620

@@ -644,7 +661,7 @@ static int pop_fetch_message(struct Context *ctx, struct Message *msg, int msgno
644661
NetInc, h->content->length + h->content->offset - 1);
645662

646663
/* see if we can put in body cache; use our cache as fallback */
647-
msg->fp = mutt_bcache_put(pop_data->bcache, h->data);
664+
msg->fp = mutt_bcache_put(pop_data->bcache, cache_id(h->data));
648665
if (!msg->fp)
649666
{
650667
/* no */
@@ -689,7 +706,7 @@ static int pop_fetch_message(struct Context *ctx, struct Message *msg, int msgno
689706
* portion of the headers, those required for the main display.
690707
*/
691708
if (bcache)
692-
mutt_bcache_commit(pop_data->bcache, h->data);
709+
mutt_bcache_commit(pop_data->bcache, cache_id(h->data));
693710
else
694711
{
695712
cache->index = h->index;
@@ -783,7 +800,7 @@ static int pop_sync_mailbox(struct Context *ctx, int *index_hint)
783800
ret = pop_query(pop_data, buf, sizeof(buf));
784801
if (ret == 0)
785802
{
786-
mutt_bcache_del(pop_data->bcache, ctx->hdrs[i]->data);
803+
mutt_bcache_del(pop_data->bcache, cache_id(ctx->hdrs[i]->data));
787804
#ifdef USE_HCACHE
788805
mutt_hcache_delete(hc, ctx->hdrs[i]->data, strlen(ctx->hdrs[i]->data));
789806
#endif

0 commit comments

Comments
 (0)