1999-08-30 Norbert Warmuth <nwarmuth@privat.circular.de>

* lib/mc.sh: create temporary files in ~/.mc/tmp in order to avoid
symlink attacks (mcfn_install and the man page still needs to be
updated).

* src/main.c (print_mc_usage): Print the bug reporting address.
(main): Put prompt in a new line at termination.

* vfs/shared_ftp_fish.c (get_line): Fixed off by one error ('\0' might
have been written one slot past the supplied character array).

* vfs/ftpfs.c (resolve_symlink_without_ls_options): Don't dump core on
strange symlinks (ls -la doesn't reveal where the symlink points to
and ls -lLa doesn't resolve the symlink either)

Added protection against recursive symbolic links.

ChangeLog

@@ -1,3 +1,9 @@
+1999-08-30  Norbert Warmuth  <nwarmuth@privat.circular.de>
+
+	* lib/mc.sh: create temporary files in ~/.mc/tmp in order to avoid
+	symlink attacks (mcfn_install and the man page still needs to be
+	updated).
+
 1999-08-20  Norbert Warmuth <nwarmuth@privat.circular.de>
 
 	* configure.in (AC_WITH_SLANG): rm -f destination before makeing

lib/mc.sh

@@ -1,6 +1,8 @@
 mc ()
 {
-	MC=/tmp/mc$$-"$RANDOM"
+        mkdir -p ~/.mc/tmp 2> /dev/null
+	chmod 700 ~/.mc/tmp
+	MC=~/.mc/tmp/mc$$-"$RANDOM"
 	/usr/bin/mc -P "$@" > "$MC"
 	cd "`cat $MC`"
 	rm "$MC"

src/ChangeLog

@@ -1,3 +1,8 @@
+1999-08-30  Norbert Warmuth  <nwarmuth@privat.circular.de>
+
+	* main.c (print_mc_usage): Print the bug reporting address.
+	(main): Put prompt in a new line at termination.
+
 1999-08-27  Federico Mena Quintero  <federico@redhat.com>
 
 	* ext.c (quote_block): How did this ever work?  People, if you

src/main.c

@@ -2518,6 +2518,9 @@ print_mc_usage (void)
 #ifdef HAVE_SUBSHELL_SUPPORT
     "-X, --dbgsubshell  [DEVEL-ONLY: Debug the subshell].\n"
 #endif
+    "\n"
+    "Please send any bug reports (including the output of `mc -V')\n"
+    "to mc-bugs@nuclecu.unam.mx\n"
     );
 }
 
@@ -3156,7 +3159,7 @@ main (int argc, char *argv [])
 #   ifndef HAVE_X
     if (console_flag)
 	handle_console (CONSOLE_DONE);
-    putchar ('\r');  /* Hack to make shell's prompt start at left of screen */
+    putchar ('\n');  /* Hack to make shell's prompt start at left of screen */
 #   endif
 
 #ifdef _OS_NT

vfs/ChangeLog

@@ -1,3 +1,14 @@
+1999-08-30  Norbert Warmuth  <nwarmuth@privat.circular.de>
+
+	* shared_ftp_fish.c (get_line): Fixed off by one error ('\0' might
+	have been written one slot past the supplied character array).
+
+	* ftpfs.c (resolve_symlink_without_ls_options): Don't dump core on
+	strange symlinks (ls -la doesn't reveal where the symlink points to
+	and ls -lLa doesn't resolve the symlink either)
+
+	Added protection against recursive symbolic links.
+	
 1999-08-19  Norbert Warmuth  <nwarmuth@privat.circular.de>
 
 	* smbfs.c: added missing include file

vfs/ftpfs.c

@@ -1089,12 +1089,13 @@ resolve_symlink_without_ls_options(struct connection *bucket, struct dir *dir)
     struct linklist *flist;
     struct direntry *fe, *fel;
     char tmp[MC_MAXPATHLEN];
+    int depth;
     
     dir->symlink_status = FTPFS_RESOLVING_SYMLINKS;
     for (flist = dir->file_list->next; flist != dir->file_list; flist = flist->next) {
         /* flist->data->l_stat is alread initialized with 0 */
         fel = flist->data;
-        if (S_ISLNK(fel->s.st_mode)) {
+        if (S_ISLNK(fel->s.st_mode) && fel->linkname) {
   	    if (fel->linkname[0] == '/') {
 		if (strlen (fel->linkname) >= MC_MAXPATHLEN)
 		    continue;
@@ -1107,7 +1108,7 @@ resolve_symlink_without_ls_options(struct connection *bucket, struct dir *dir)
                    strcat (tmp, "/");
                 strcat (tmp + 1, fel->linkname);
 	    }
-	    for ( ;; ) {
+	    for ( depth = 0; depth < 100; depth++) { /* depth protects against recursive symbolic links */
 		canonicalize_pathname (tmp);
                 fe = _get_file_entry(bucket, tmp, 0, 0);
                 if (fe) {

vfs/shared_ftp_fish.c

@@ -46,7 +46,7 @@ get_line (int sock, char *buf, int buf_len, char term)
     int i, status;
     char c;
 
-    for (i = 0; i < buf_len; i++, buf++) {
+    for (i = 0; i < buf_len - 1; i++, buf++) {
 	if (read(sock, buf, sizeof(char)) <= 0)
 	    return 0;
 	if (logfile){