Re: Re[2]: Status of FTP password hiding patches
- From: Jindrich Novy <jnovy redhat com>
- To: Leonard den Ottolander <leonard den ottolander nl>
- Cc: MC Devel <mc-devel gnome org>
- Subject: Re: Re[2]: Status of FTP password hiding patches
- Date: Wed, 03 Nov 2004 17:21:34 +0100
Hello Pavel, Leonard,
On Wed, 2004-11-03 at 16:54, Leonard den Ottolander wrote:
> Hello Pavel,
>
> On Wed, 2004-11-03 at 16:41, Pavel Shirshov (pchel) wrote:
> > $ patch -p2 < mc-CVS-strippwd.patch
> > ......
> > Patching file filegui.c using Plan A...
> > Hunk #1 failed at 68.
>
> Trivial fix. tty.h is no longer included. Insert after #include key.h.
>
> > Hunk #8 failed at 907.
>
> So the freeing of def_text was dropped, as this is a function parameter.
> Reintroduce the brackets and add the g_free(def_text_secure) in this
> block and right below it. Rather trivial fix as well.
>
> > Patching file hotlist.c using Plan A...
> > Hunk #4 failed at 1008.
>
> Little mistake from Jindrich. UTF-8 patched mc uses mbstrlen, vanilla
> CVS strlen. Insert by hand in the same place. Just removing "mb" from
> mbstrlen might do the trick.
Exactly as Leonard have said. Here comes the fixed patch applicable to
the vanilla CVS.
Jindrich
--
Jindrich Novy <jnovy redhat com>, http://people.redhat.com/jnovy/
--- mc-4.6.1-20041103/src/subshell.c.strippwd 2004-09-25 15:46:23.000000000 +0200
+++ mc-4.6.1-20041103/src/subshell.c 2004-11-03 16:45:04.486692768 +0100
@@ -788,9 +788,12 @@ do_subshell_chdir (const char *directory
feed_subshell (QUIETLY, FALSE);
if (subshell_alive && strcmp (subshell_cwd, current_panel->cwd)
- && strcmp (current_panel->cwd, "."))
+ && strcmp (current_panel->cwd, ".")) {
+ char *cwd = strip_password (g_strdup (current_panel->cwd), 1);
fprintf (stderr, _("Warning: Cannot change to %s.\n"),
- current_panel->cwd);
+ cwd);
+ g_free (cwd);
+ }
if (reset_prompt)
prompt_pos = 0;
--- mc-4.6.1-20041103/src/util.c.strippwd 2004-10-13 14:23:56.000000000 +0200
+++ mc-4.6.1-20041103/src/util.c 2004-11-03 16:45:04.488692464 +0100
@@ -244,6 +244,22 @@ name_trunc (const char *txt, int trunc_l
return x;
}
+/*
+ * path_trunc() is the same as name_trunc() above but
+ * it deletes possible password from path for security
+ * reasons.
+ */
+const char *
+path_trunc (const char *path, int trunc_len) {
+ const char *ret;
+ char *secure_path = strip_password (g_strdup (path), 1);
+
+ ret = name_trunc (secure_path, trunc_len);
+ g_free (secure_path);
+
+ return ret;
+}
+
const char *size_trunc (double size)
{
static char x [BUF_TINY];
@@ -425,29 +441,29 @@ strip_password (char *p, int has_prefix)
for (i = 0; i < sizeof (prefixes)/sizeof (prefixes[0]); i++) {
char *q;
+ size_t host_len;
if (has_prefix) {
if((q = strstr (p, prefixes[i].name)) == 0)
continue;
else
p = q + prefixes[i].len;
- };
+ }
if ((dir = strchr (p, PATH_SEP)) != NULL)
- *dir = '\0';
+ host_len = dir - p;
+ else
+ host_len = strlen (p);
+
/* search for any possible user */
- at = strrchr (p, '@');
+ at = memchr (p, '@', host_len);
/* We have a username */
if (at) {
- *at = 0;
- inner_colon = strchr (p, ':');
- *at = '@';
+ inner_colon = memchr (p, ':', at - p);
if (inner_colon)
- strcpy (inner_colon, at);
+ memmove (inner_colon, at, strlen(at) + 1 );
}
- if (dir)
- *dir = PATH_SEP;
break;
}
return (result);
--- mc-4.6.1-20041103/src/filegui.c.strippwd 2004-09-21 14:40:50.000000000 +0200
+++ mc-4.6.1-20041103/src/filegui.c 2004-11-03 17:11:41.205954544 +0100
@@ -68,6 +68,7 @@
#include "fileopctx.h" /* FILE_CONT */
#include "filegui.h"
#include "key.h" /* get_event */
+#include "util.h" /* strip_password() */
/* }}} */
@@ -423,7 +424,8 @@ file_progress_show_bytes (FileOpContext
/* }}} */
-#define truncFileString(ui, s) name_trunc (s, ui->eta_extra + 47)
+#define truncFileString(ui, s) name_trunc (s, ui->eta_extra + 47)
+#define truncFileStringSecure(ui, s) path_trunc (s, ui->eta_extra + 47)
FileProgressStatus
file_progress_show_source (FileOpContext *ctx, const char *s)
@@ -472,7 +474,7 @@ file_progress_show_target (FileOpContext
if (s != NULL) {
label_set_text (ui->file_label[1], _("Target"));
- label_set_text (ui->file_string[1], truncFileString (ui, s));
+ label_set_text (ui->file_string[1], truncFileStringSecure (ui, s));
return check_progress_buttons (ctx);
} else {
label_set_text (ui->file_label[1], "");
@@ -494,7 +496,7 @@ file_progress_show_deleting (FileOpConte
ui = ctx->ui;
label_set_text (ui->file_label[0], _("Deleting"));
- label_set_text (ui->file_label[0], truncFileString (ui, s));
+ label_set_text (ui->file_label[0], truncFileStringSecure (ui, s));
return check_progress_buttons (ctx);
}
@@ -854,6 +856,7 @@ file_mask_dialog (FileOpContext *ctx, Fi
int source_easy_patterns = easy_patterns;
char *source_mask, *orig_mask, *dest_dir, *tmpdest;
const char *error;
+ char *def_text_secure;
struct stat buf;
int val;
QuickDialog Quick_input;
@@ -872,6 +875,9 @@ file_mask_dialog (FileOpContext *ctx, Fi
fmd_widgets[FMCB22].result = &ctx->stable_symlinks;
fmd_widgets[FMCB21].result = &ctx->dive_into_subdirs;
+ /* filter out a possible password from def_text */
+ def_text_secure = strip_password (g_strdup (def_text), 1);
+
/* Create the dialog */
ctx->stable_symlinks = 0;
@@ -885,15 +891,18 @@ file_mask_dialog (FileOpContext *ctx, Fi
Quick_input.i18n = 1;
Quick_input.widgets = fmd_widgets;
fmd_widgets[FMDI0].text = text;
- fmd_widgets[FMDI2].text = def_text;
+ fmd_widgets[FMDI2].text = def_text_secure;
fmd_widgets[FMDI2].str_result = &dest_dir;
fmd_widgets[FMDI1].str_result = &source_mask;
*do_background = 0;
ask_file_mask:
- if ((val = quick_dialog_skip (&Quick_input, SKIP)) == B_CANCEL)
+ if ((val = quick_dialog_skip (&Quick_input, SKIP)) == B_CANCEL) {
+ g_free (def_text_secure);
return 0;
+ }
+ g_free (def_text_secure);
if (ctx->follow_links)
ctx->stat_func = (mc_stat_fn) mc_stat;
--- mc-4.6.1-20041103/src/hotlist.c.strippwd 2004-10-16 21:17:19.000000000 +0200
+++ mc-4.6.1-20041103/src/hotlist.c 2004-11-03 16:59:19.002786576 +0100
@@ -761,7 +761,7 @@ add2hotlist (char *label, char *director
/* should be inserted before first item */
new->next = current;
current_group->head = new;
- } else if (pos == 1) { /* befor current */
+ } else if (pos == 1) { /* before current */
struct hotlist *p = current_group->head;
while (p->next != current)
@@ -905,7 +905,8 @@ static void add_new_entry_cmd (void)
int ret;
/* Take current directory as default value for input fields */
- title = url = current_panel->cwd;
+ url = strip_password (g_strdup (current_panel->cwd), 1);
+ title = g_strdup (url);
ret = add_new_entry_input (_("New hotlist entry"), _("Directory label"),
_("Directory path"), "[Hotlist]", &title, &url);
@@ -919,6 +920,9 @@ static void add_new_entry_cmd (void)
add2hotlist (title, url, HL_TYPE_ENTRY, 1);
hotlist_state.modified = 1;
+
+ g_free (title);
+ g_free (url);
}
static int add_new_group_input (const char *header, const char *label, char **result)
@@ -1004,14 +1008,20 @@ void add2hotlist_cmd (void)
char *prompt, *label;
const char *cp = _("Label for \"%s\":");
int l = strlen (cp);
-
- prompt = g_strdup_printf (cp, name_trunc (current_panel->cwd, COLS-2*UX-(l+8)));
- label = input_dialog (_(" Add to hotlist "), prompt, current_panel->cwd);
+ static char label_string[MC_MAXPATHLEN+1];
+
+ strncpy (label_string, current_panel->cwd, MC_MAXPATHLEN);
+ label_string[MC_MAXPATHLEN] = '\0';
+ strip_password (label_string, 1);
+
+ prompt = g_strdup_printf (cp, path_trunc (current_panel->cwd, COLS-2*UX-(l+8)));
+ label = input_dialog (_(" Add to hotlist "), prompt, label_string);
g_free (prompt);
+
if (!label || !*label)
return;
- add2hotlist (label,g_strdup (current_panel->cwd), HL_TYPE_ENTRY, 0);
+ add2hotlist (label, g_strdup (label_string), HL_TYPE_ENTRY, 0);
hotlist_state.modified = 1;
}
--- mc-4.6.1-20041103/src/file.c.strippwd 2004-10-16 17:38:48.000000000 +0200
+++ mc-4.6.1-20041103/src/file.c 2004-11-03 16:45:04.496691248 +0100
@@ -1111,8 +1111,8 @@ move_file_file (FileOpContext *ctx, cons
msize = 40;
msize /= 2;
- strcpy (st, name_trunc (s, msize));
- strcpy (dt, name_trunc (d, msize));
+ strcpy (st, path_trunc (s, msize));
+ strcpy (dt, path_trunc (d, msize));
message (1, MSG_ERROR,
_(" `%s' and `%s' are the same file "), st, dt);
do_refresh ();
@@ -1229,8 +1229,8 @@ move_dir_dir (FileOpContext *ctx, const
msize = 40;
msize /= 2;
- strcpy (st, name_trunc (s, msize));
- strcpy (dt, name_trunc (d, msize));
+ strcpy (st, path_trunc (s, msize));
+ strcpy (dt, path_trunc (d, msize));
message (1, MSG_ERROR,
_(" `%s' and `%s' are the same directory "), st, dt);
do_refresh ();
@@ -2157,7 +2157,7 @@ int
file_error (const char *format, const char *file)
{
g_snprintf (cmd_buf, sizeof (cmd_buf), format,
- name_trunc (file, 30), unix_error_string (errno));
+ path_trunc (file, 30), unix_error_string (errno));
return do_file_error (cmd_buf);
}
@@ -2169,8 +2169,8 @@ files_error (const char *format, const c
char nfile1[16];
char nfile2[16];
- strcpy (nfile1, name_trunc (file1, 15));
- strcpy (nfile2, name_trunc (file2, 15));
+ strcpy (nfile1, path_trunc (file1, 15));
+ strcpy (nfile2, path_trunc (file2, 15));
g_snprintf (cmd_buf, sizeof (cmd_buf), format, nfile1, nfile2,
unix_error_string (errno));
@@ -2191,7 +2191,7 @@ real_query_recursive (FileOpContext *ctx
" Delete it recursively? ")
: _("\n Background process: Directory not empty \n"
" Delete it recursively? ");
- text = g_strconcat (_(" Delete: "), name_trunc (s, 30), " ", (char *) NULL);
+ text = g_strconcat (_(" Delete: "), path_trunc (s, 30), " ", (char *) NULL);
if (safe_delete)
query_set_sel (1);
--- mc-4.6.1-20041103/src/command.c.strippwd 2004-09-25 16:34:27.000000000 +0200
+++ mc-4.6.1-20041103/src/command.c 2004-11-03 16:45:04.497691096 +0100
@@ -179,8 +179,10 @@ void do_cd_command (char *cmd)
}
} else
if (!examine_cd (&cmd [3])) {
+ char *d = strip_password (g_strdup (&cmd [3]), 1);
message (1, MSG_ERROR, _(" Cannot chdir to \"%s\" \n %s "),
- &cmd [3], unix_error_string (errno));
+ d, unix_error_string (errno));
+ g_free (d);
return;
}
}
--- mc-4.6.1-20041103/src/screen.c.strippwd 2004-09-24 17:05:28.000000000 +0200
+++ mc-4.6.1-20041103/src/screen.c 2004-11-03 16:45:04.499690792 +0100
@@ -2182,8 +2182,10 @@ panel_callback (WPanel *panel, widget_ms
current_panel = panel;
panel->active = 1;
if (mc_chdir (panel->cwd) != 0) {
+ char *cwd = strip_password (g_strdup (panel->cwd), 1);
message (1, MSG_ERROR, _(" Cannot chdir to \"%s\" \n %s "),
- panel->cwd, unix_error_string (errno));
+ cwd, unix_error_string (errno));
+ g_free(cwd);
} else
subshell_chdir (panel->cwd);
--- mc-4.6.1-20041103/src/util.h.strippwd 2004-09-26 20:36:54.000000000 +0200
+++ mc-4.6.1-20041103/src/util.h 2004-11-03 16:45:04.501690488 +0100
@@ -28,6 +28,11 @@ char *fake_name_quote (const char *c, in
* Return static buffer, no need to free() it. */
const char *name_trunc (const char *txt, int trunc_len);
+/* path_trunc() is the same as name_trunc() above but
+ * it deletes possible password from path for security
+ * reasons. */
+const char *path_trunc (const char *path, int trunc_len);
+
/* return a static string representing size, appending "K" or "M" for
* big sizes.
* NOTE: uses the same static buffer as size_trunc_sep. */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]