Re: FTP password visibility fixes

From: Jindrich Novy <jnovy redhat com>
To: Leonard den Ottolander <leonard den ottolander nl>
Cc: MC Devel <mc-devel gnome org>
Subject: Re: FTP password visibility fixes
Date: Mon, 11 Oct 2004 11:58:22 +0200

On Sat, 2004-10-09 at 13:52, Leonard den Ottolander wrote:

> Could you please provide diff -up s and attach instead of inline? The
> former for readability and the latter to avoid line wrapping problems
> when extracting the patch. TIA.

Ok, this patch should look a bit better. CVS version available this
morning can be patched fine with it.

-- 
Jindrich Novy <jnovy redhat com>, http://people.redhat.com/jnovy/

--- mc-4.6.1-20041011/src/subshell.c.strippwd	2004-10-11 11:37:11.720582512 +0200
+++ mc-4.6.1-20041011/src/subshell.c	2004-10-11 11:37:11.752577648 +0200
@@ -788,9 +788,12 @@ do_subshell_chdir (const char *directory
     feed_subshell (QUIETLY, FALSE);
 
     if (subshell_alive && strcmp (subshell_cwd, current_panel->cwd)
-	&& strcmp (current_panel->cwd, "."))
+	&& strcmp (current_panel->cwd, ".")) {
+	char *cwd = strip_password (g_strdup (current_panel->cwd), 1);
 	fprintf (stderr, _("Warning: Cannot change to %s.\n"),
-		 current_panel->cwd);
+		 cwd);
+	g_free (cwd);
+    }
 
     if (reset_prompt)
 	prompt_pos = 0;
--- mc-4.6.1-20041011/src/util.c.strippwd	2004-10-11 11:37:11.728581296 +0200
+++ mc-4.6.1-20041011/src/util.c	2004-10-11 11:37:11.754577344 +0200
@@ -340,6 +340,22 @@ name_trunc (const char *txt, int trunc_l
     return x;
 }
 
+/*
+ * path_trunc() is the same as name_trunc() above but
+ * it deletes possible password from path for security
+ * reasons.
+ */
+const char *
+path_trunc (const char *path, int trunc_len) {
+    const char *ret;
+    char *secure_path = strip_password (g_strdup (path), 1);
+    
+    ret = name_trunc (secure_path, trunc_len);
+    g_free (secure_path);
+    
+    return ret;
+}
+
 const char *size_trunc (double size)
 {
     static char x [BUF_TINY];
@@ -513,6 +529,7 @@ strip_password (char *p, int has_prefix)
 		     {"/#mc:", 5},
 		     {"ftp://";, 6},
 		     {"/#smb:", 6},
+		     {"/#sh:", 5},
     };
     char *at, *inner_colon, *dir;
     size_t i;
@@ -520,29 +537,29 @@ strip_password (char *p, int has_prefix)
     
     for (i = 0; i < sizeof (prefixes)/sizeof (prefixes[0]); i++) {
 	char *q;
+	size_t host_len;
 
 	if (has_prefix) {
 	    if((q = strstr (p, prefixes[i].name)) == 0)
 	       continue;
             else
 	        p = q + prefixes[i].len;
-       	};
+       	}
 
         if ((dir = strchr (p, PATH_SEP)) != NULL)
-   	    *dir = '\0';
+	    host_len = dir - p;
+	else
+	    host_len = strlen (p);
+	
         /* search for any possible user */
-        at = strrchr (p, '@');
+	at = memchr (p, '@', host_len);
 
         /* We have a username */
         if (at) {
-            *at = 0;
-            inner_colon = strchr (p, ':');
-  	    *at = '@';
+	    inner_colon = memchr (p, ':', at - p);
             if (inner_colon)
-                strcpy (inner_colon, at);
+		memmove (inner_colon, at, strlen(at) + 1 );
         }
-        if (dir)
-	    *dir = PATH_SEP;
 	break;
     }
     return (result);
--- mc-4.6.1-20041011/src/filegui.c.strippwd	2004-10-11 11:37:11.709584184 +0200
+++ mc-4.6.1-20041011/src/filegui.c	2004-10-11 11:37:11.757576888 +0200
@@ -68,6 +68,7 @@
 #include "fileopctx.h"		/* FILE_CONT */
 #include "filegui.h"
 #include "key.h"		/* get_event */
+#include "util.h"		/* strip_password() */
 
 /* }}} */
 
@@ -423,7 +424,8 @@ file_progress_show_bytes (FileOpContext 
 
 /* }}} */
 
-#define truncFileString(ui, s) name_trunc (s, ui->eta_extra + 47)
+#define truncFileString(ui, s)       name_trunc (s, ui->eta_extra + 47)
+#define truncFileStringSecure(ui, s) path_trunc (s, ui->eta_extra + 47)
 
 FileProgressStatus
 file_progress_show_source (FileOpContext *ctx, const char *s)
@@ -472,7 +474,7 @@ file_progress_show_target (FileOpContext
 
     if (s != NULL) {
 	label_set_text (ui->file_label[1], _("Target"));
-	label_set_text (ui->file_string[1], truncFileString (ui, s));
+	label_set_text (ui->file_string[1], truncFileStringSecure (ui, s));
 	return check_progress_buttons (ctx);
     } else {
 	label_set_text (ui->file_label[1], "");
@@ -494,7 +496,7 @@ file_progress_show_deleting (FileOpConte
     ui = ctx->ui;
 
     label_set_text (ui->file_label[0], _("Deleting"));
-    label_set_text (ui->file_label[0], truncFileString (ui, s));
+    label_set_text (ui->file_label[0], truncFileStringSecure (ui, s));
     return check_progress_buttons (ctx);
 }
 
@@ -854,6 +856,7 @@ file_mask_dialog (FileOpContext *ctx, Fi
     int source_easy_patterns = easy_patterns;
     char *source_mask, *orig_mask, *dest_dir, *tmpdest;
     const char *error;
+    char *def_text_secure;
     struct stat buf;
     int val;
     QuickDialog Quick_input;
@@ -872,6 +875,9 @@ file_mask_dialog (FileOpContext *ctx, Fi
     fmd_widgets[FMCB22].result = &ctx->stable_symlinks;
     fmd_widgets[FMCB21].result = &ctx->dive_into_subdirs;
 
+    /* filter out a possible password from def_text */
+    def_text_secure = strip_password (g_strdup (def_text), 1);
+
     /* Create the dialog */
 
     ctx->stable_symlinks = 0;
@@ -885,15 +891,18 @@ file_mask_dialog (FileOpContext *ctx, Fi
     Quick_input.i18n = 1;
     Quick_input.widgets = fmd_widgets;
     fmd_widgets[FMDI0].text = text;
-    fmd_widgets[FMDI2].text = def_text;
+    fmd_widgets[FMDI2].text = def_text_secure;
     fmd_widgets[FMDI2].str_result = &dest_dir;
     fmd_widgets[FMDI1].str_result = &source_mask;
 
     *do_background = 0;
   ask_file_mask:
 
-    if ((val = quick_dialog_skip (&Quick_input, SKIP)) == B_CANCEL)
+    if ((val = quick_dialog_skip (&Quick_input, SKIP)) == B_CANCEL) {
+	g_free (def_text_secure);
 	return 0;
+    }
+    g_free (def_text_secure);
 
     if (ctx->follow_links)
 	ctx->stat_func = (mc_stat_fn) mc_stat;
--- mc-4.6.1-20041011/src/hotlist.c.strippwd	2004-10-11 11:37:11.674589504 +0200
+++ mc-4.6.1-20041011/src/hotlist.c	2004-10-11 11:37:11.760576432 +0200
@@ -761,7 +761,7 @@ add2hotlist (char *label, char *director
 			   /* should be inserted before first item */
 	new->next = current;
 	current_group->head = new;
-    } else if (pos == 1) { /* befor current */
+    } else if (pos == 1) { /* before current */
 	struct hotlist  *p = current_group->head;
 
 	while (p->next != current)
@@ -905,7 +905,8 @@ static void add_new_entry_cmd (void)
     int ret;
 
     /* Take current directory as default value for input fields */
-    title = url = current_panel->cwd;
+    url   = strip_password (g_strdup (current_panel->cwd), 1);
+    title = g_strdup (url);
 
     ret = add_new_entry_input (_("New hotlist entry"), _("Directory label"), _("Directory path"),
 	 "[Hotlist]", &title, &url);
@@ -919,6 +920,9 @@ static void add_new_entry_cmd (void)
 	add2hotlist (g_strdup (title),g_strdup (url), HL_TYPE_ENTRY, 1);
 
     hotlist_state.modified = 1;
+    
+    g_free (title);
+    g_free (url);
 }
 
 static int add_new_group_input (const char *header, const char *label, char **result)
@@ -1003,15 +1007,16 @@ void add2hotlist_cmd (void)
 {
     char *prompt, *label;
     const char *cp = _("Label for \"%s\":");
+    char *label_string = strip_password (g_strdup (current_panel->cwd), 1);
     int l = mbstrlen (cp);
 
-    prompt = g_strdup_printf (cp, name_trunc (current_panel->cwd, COLS-2*UX-(l+8)));
-    label = input_dialog (_(" Add to hotlist "), prompt, current_panel->cwd);
+    prompt = g_strdup_printf (cp, name_trunc (label_string, COLS-2*UX-(l+8)));
+    label = input_dialog (_(" Add to hotlist "), prompt, label_string);
     g_free (prompt);
     if (!label || !*label)
 	return;
 
-    add2hotlist (label,g_strdup (current_panel->cwd), HL_TYPE_ENTRY, 0);
+    add2hotlist (label, label_string, HL_TYPE_ENTRY, 0);
     hotlist_state.modified = 1;
 }
 
--- mc-4.6.1-20041011/src/file.c.strippwd	2004-10-11 07:27:58.000000000 +0200
+++ mc-4.6.1-20041011/src/file.c	2004-10-11 11:37:11.763575976 +0200
@@ -1111,8 +1111,8 @@ move_file_file (FileOpContext *ctx, cons
 		msize = 40;
 	    msize /= 2;
 
-	    strcpy (st, name_trunc (s, msize));
-	    strcpy (dt, name_trunc (d, msize));
+	    strcpy (st, path_trunc (s, msize));
+	    strcpy (dt, path_trunc (d, msize));
 	    message (1, MSG_ERROR,
 			_(" `%s' and `%s' are the same file "), st, dt);
 	    do_refresh ();
@@ -1229,8 +1229,8 @@ move_dir_dir (FileOpContext *ctx, const 
 	    msize = 40;
 	msize /= 2;
 
-	strcpy (st, name_trunc (s, msize));
-	strcpy (dt, name_trunc (d, msize));
+	strcpy (st, path_trunc (s, msize));
+	strcpy (dt, path_trunc (d, msize));
 	message (1, MSG_ERROR,
 		    _(" `%s' and `%s' are the same directory "), st, dt);
 	do_refresh ();
@@ -2157,7 +2157,7 @@ int
 file_error (const char *format, const char *file)
 {
     g_snprintf (cmd_buf, sizeof (cmd_buf), format,
-		name_trunc (file, 30), unix_error_string (errno));
+		path_trunc (file, 30), unix_error_string (errno));
 
     return do_file_error (cmd_buf);
 }
@@ -2169,8 +2169,8 @@ files_error (const char *format, const c
     char nfile1[16];
     char nfile2[16];
 
-    strcpy (nfile1, name_trunc (file1, 15));
-    strcpy (nfile2, name_trunc (file2, 15));
+    strcpy (nfile1, path_trunc (file1, 15));
+    strcpy (nfile2, path_trunc (file2, 15));
 
     g_snprintf (cmd_buf, sizeof (cmd_buf), format, nfile1, nfile2,
 		unix_error_string (errno));
@@ -2191,7 +2191,7 @@ real_query_recursive (FileOpContext *ctx
 	      "   Delete it recursively? ")
 	    : _("\n   Background process: Directory not empty \n"
 		"   Delete it recursively? ");
-	text = g_strconcat (_(" Delete: "), name_trunc (s, 30), " ", (char *) NULL);
+	text = g_strconcat (_(" Delete: "), path_trunc (s, 30), " ", (char *) NULL);
 
 	if (safe_delete)
 	    query_set_sel (1);
--- mc-4.6.1-20041011/src/command.c.strippwd	2004-09-25 16:34:27.000000000 +0200
+++ mc-4.6.1-20041011/src/command.c	2004-10-11 11:37:11.765575672 +0200
@@ -179,8 +179,10 @@ void do_cd_command (char *cmd)
 	}
     } else
 	if (!examine_cd (&cmd [3])) {
+	    char *d = strip_password (g_strdup (&cmd [3]), 1);
 	    message (1, MSG_ERROR, _(" Cannot chdir to \"%s\" \n %s "),
-		     &cmd [3], unix_error_string (errno));
+		     d, unix_error_string (errno));
+	    g_free (d);
 	    return;
 	}
 }
--- mc-4.6.1-20041011/src/screen.c.strippwd	2004-10-11 11:37:11.718582816 +0200
+++ mc-4.6.1-20041011/src/screen.c	2004-10-11 11:37:11.768575216 +0200
@@ -2293,8 +2293,10 @@ panel_callback (WPanel *panel, widget_ms
 	current_panel = panel;
 	panel->active = 1;
 	if (mc_chdir (panel->cwd) != 0) {
+	    char *cwd = strip_password (g_strdup (panel->cwd), 1);
 	    message (1, MSG_ERROR, _(" Cannot chdir to \"%s\" \n %s "),
-		     panel->cwd, unix_error_string (errno));
+		     cwd, unix_error_string (errno));
+	    g_free(cwd);
 	} else
 	    subshell_chdir (panel->cwd);
 
--- mc-4.6.1-20041011/src/util.h.strippwd	2004-10-11 11:37:11.668590416 +0200
+++ mc-4.6.1-20041011/src/util.h	2004-10-11 11:37:11.770574912 +0200
@@ -28,6 +28,11 @@ char *fake_name_quote (const char *c, in
  * Return static buffer, no need to free() it. */
 const char *name_trunc (const char *txt, int trunc_len);
 
+/* path_trunc() is the same as name_trunc() above but
+ * it deletes possible password from path for security
+ * reasons. */
+const char *path_trunc (const char *path, int trunc_len);
+
 /* return a static string representing size, appending "K" or "M" for
  * big sizes.
  * NOTE: uses the same static buffer as size_trunc_sep. */

References:
- Re: FTP password visibility fixes
  - From: Jindrich Novy
- Re: FTP password visibility fixes
  - From: Leonard den Ottolander

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]