X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fdeliver.c;h=72751c2dc5d415404356df594df10f61fbddc1e6;hb=5c03403d88afcde2bb3f543296b0fca6f05c9f2c;hp=59fbeeaf9a18bc69694c1996a3e0970d114cac58;hpb=2944124ccb62cbf64e44bc8e0894fb30307514da;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/deliver.c b/src/src/deliver.c
index 59fbeeaf9..72751c2dc 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -328,6 +328,10 @@ Returns:    a file descriptor, or -1 (with errno set)
 static int
 open_msglog_file(uschar *filename, int mode, uschar **error)
 {
+if (Ustrstr(filename, US"/../"))
+  log_write(0, LOG_MAIN|LOG_PANIC,
+    "Attempt to open msglog file path with upward-traversal: '%s'\n", filename);
+
 for (int i = 2; i > 0; i--)
   {
   int fd = Uopen(filename,