X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Freadconf.c;h=55bba4c05317f9bee419c86cb6060038938cdb8a;hb=28fb7042c4d99225f3968d6555faef598db2e9d0;hp=858496b6be89c40becf3f04a9d6adddf59a581f3;hpb=18d6b513cfa9703aa991718d1fb659867caad739;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/src/src/readconf.c b/src/src/readconf.c index 858496b6b..55bba4c05 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -22,12 +22,15 @@ static void readconf_options_auths(void); #define CSTATE_STACK_SIZE 10 +const uschar *config_directory = NULL; + /* Structure for chain (stack) of .included files */ typedef struct config_file_item { struct config_file_item *next; const uschar *filename; + const uschar *directory; FILE *file; int lineno; } config_file_item; @@ -250,7 +253,7 @@ static optionlist optionlist_config[] = { { "dns_retry", opt_int, &dns_retry }, { "dns_trust_aa", opt_stringptr, &dns_trust_aa }, { "dns_use_edns0", opt_int, &dns_use_edns0 }, - /* This option is now a no-op, retained for compability */ + /* This option is now a no-op, retained for compatibility */ { "drop_cr", opt_bool, &drop_cr }, /*********************************************************/ { "dsn_advertise_hosts", opt_stringptr, &dsn_advertise_hosts }, @@ -849,7 +852,7 @@ due to conflicts with other common macros. */ #ifdef TRANSPORT_APPENDFILE # ifdef SUPPORT_MAILDIR - macro_create(US"_HAVE_TRANSPORT_APPEND_MAILDR", US"y", FALSE, TRUE); + macro_create(US"_HAVE_TRANSPORT_APPEND_MAILDIR", US"y", FALSE, TRUE); # endif # ifdef SUPPORT_MAILSTORE macro_create(US"_HAVE_TRANSPORT_APPEND_MAILSTORE", US"y", FALSE, TRUE); @@ -944,6 +947,7 @@ for (;;) (void)fclose(config_file); config_file = config_file_stack->file; config_filename = config_file_stack->filename; + config_directory = config_file_stack->directory; config_lineno = config_file_stack->lineno; config_file_stack = config_file_stack->next; if (config_lines) @@ -1166,9 +1170,19 @@ for (;;) } *t = 0; + /* We allow relative file names. For security reasons currently + relative names not allowed with .include_if_exists. For .include_if_exists + we need to check the permissions/ownership of the containing folder */ if (*ss != '/') - log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, ".include specifies a non-" - "absolute path \"%s\"", ss); + if (include_if_exists) log_write(0, LOG_PANIC_DIE|LOG_CONFIG_IN, ".include specifies a non-" + "absolute path \"%s\"", ss); + else + { + int offset = 0; + int size = 0; + ss = string_append(NULL, &size, &offset, 3, config_directory, "/", ss); + ss[offset] = '\0'; /* string_append() does not zero terminate the string! */ + } if (include_if_exists != 0 && (Ustat(ss, &statbuf) != 0)) continue; @@ -1179,6 +1193,7 @@ for (;;) config_file_stack = save; save->file = config_file; save->filename = config_filename; + save->directory = config_directory; save->lineno = config_lineno; if (!(config_file = Ufopen(ss, "rb"))) @@ -1186,6 +1201,7 @@ for (;;) "configuration file %s", ss); config_filename = string_copy(ss); + config_directory = string_copyn(ss, (const uschar*) strrchr(ss, '/') - ss); config_lineno = 0; continue; } @@ -2352,7 +2368,7 @@ switch (type) /* We get a coverity error here for using count, as it derived from the tainted buffer pointed to by s, as parsed by sscanf(). - By the definition of sscanf we must be aceessing between start + By the definition of sscanf we must be accessing between start and end of s (assuming it is nul-terminated...) so ignore the error. */ /* coverity[tainted_data] */ if (s[count] == '.') @@ -3356,28 +3372,50 @@ while((filename = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))) if (config_file != NULL || errno != ENOENT) break; } -/* Now, once we found and opened our configuration file, we change the directory -to a safe place. Later we change to $spool_directory. */ - -if (Uchdir("/") < 0) - { - perror("exim: chdir `/': "); - exit(EXIT_FAILURE); - } - /* On success, save the name for verification; config_filename is used when logging configuration errors (it changes for .included files) whereas config_main_filename is the name shown by -bP. Failure to open a configuration file is a serious disaster. */ -if (config_file != NULL) +if (config_file) { - uschar *p; + uschar *last_slash = Ustrrchr(filename, '/'); config_filename = config_main_filename = string_copy(filename); - p = Ustrrchr(filename, '/'); - config_main_directory = p ? string_copyn(filename, p - filename) - : string_copy(US"."); + /* The config_main_directory we need for the $config_dir expansion. + config_main_filename we need for $config_file expansion. + And config_dir is the directory of the current configuration, used for + relative .includes. We do need to know it's name, as we change our working + directory later. */ + + if (filename[0] == '/') + config_main_directory = last_slash == filename ? US"/" : string_copyn(filename, last_slash - filename); + else + { + /* relative configuration file name: working dir + / + basename(filename) */ + + char buf[PATH_MAX]; + int offset = 0; + int size = 0; + + if (getcwd(buf, PATH_MAX) == NULL) + { + perror("exim: getcwd"); + exit(EXIT_FAILURE); + } + config_main_directory = string_cat(NULL, &size, &offset, buf); + + /* If the dir does not end with a "/", append one */ + if (config_main_directory[offset-1] != '/') + config_main_directory = string_catn(config_main_directory, &size, &offset, US"/", 1); + + /* If the config file contains a "/", extract the directory part */ + if (last_slash) + config_main_directory = string_catn(config_main_directory, &size, &offset, filename, last_slash - filename); + + config_main_directory[offset] = '\0'; + } + config_directory = config_main_directory; } else { @@ -3389,6 +3427,15 @@ else "configuration file %s", filename)); } +/* Now, once we found and opened our configuration file, we change the directory +to a safe place. Later we change to $spool_directory. */ + +if (Uchdir("/") < 0) + { + perror("exim: chdir `/': "); + exit(EXIT_FAILURE); + } + /* Check the status of the file we have opened, if we have retained root privileges and the file isn't /dev/null (which *should* be 0666). */