<<< Date Index >>>     <<< Thread Index >>>

Attachment paths (Debian bug 301236)



Hi all,

I hadn't noticed this one before. mutt CVS does indeed allow attachments to
have (and keep) arbitrary paths, which can't be good. Okay, you have to be
not paying attention in order to overwrite files, but why give people the
chance?

Please try the attached patch, which sanitises the filename first. I think
I've caught all the code paths mutt uses to save attachments.

We could also use basename, but then you've (a) lost information and (b)
got to worry about it modifying buffers. This seems better.

-- 
Paul

>Who on earth would want a double-headed mop? Is there some strange martial 
>art which needs one?
Two words: Sith housecleaners. -- Quentin Stephens and Matt McLeod
diff -r 0a6ead90106e recvattach.c
--- a/recvattach.c      Wed Mar 15 12:35:09 2006 +0000
+++ b/recvattach.c      Thu Mar 23 22:32:21 2006 +0000
@@ -408,6 +408,9 @@ static int mutt_query_save_attachment (F
   else
     buf[0] = 0;
 
+  /* Remove any paths or bad characters */
+  mutt_sanitize_filename (buf, 1);
+
   prompt = _("Save to file: ");
   while (prompt)
   {
@@ -485,6 +488,10 @@ void mutt_save_attachment_list (FILE *fp
          int append = 0;
 
          strfcpy (buf, NONULL (top->filename), sizeof (buf));
+
+         /* Remove any paths or bad characters */
+         mutt_sanitize_filename (buf, 1);
+
          if (mutt_get_field (_("Save to file: "), buf, sizeof (buf),
                                    M_FILE | M_CLEAR) != 0 || !buf[0])
            return;

Attachment: signature.asc
Description: Digital signature