Commit Graph

15152 Commits

Author SHA1 Message Date
Andrew Borodin
9e5535e2d9 Merge branch '4259_sftp_verify_fingerprint'
* 4259_sftp_verify_fingerprint:
  Update po/*.po files.
  SFTPFS: verify server fingerprint (fix CVE-2021-36370).
  (sftpfs_open_connection): handle EAGAIN for libssh2_session_handshake().
  Ticket #4259: SFTPFS VFS: verify server fingerprint (CVE-2021-36370).
2021-07-26 20:35:53 +03:00
Andrew Borodin
b745eacf0a Update po/*.po files.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-07-26 20:34:33 +03:00
Andrew Borodin
9235d3c232 SFTPFS: verify server fingerprint (fix CVE-2021-36370).
Use ~/.ssh/known_hosts file to verify server fingerprint
using ssh way:

$ ssh localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ED25519 key fingerprint is SHA256:FzqKTNTroFuNUj1wUzSeV2x/1lpcESnT0ZRCmq5H6o8.
Are you sure you want to continue connecting (yes/no)? no
ssh: Host key verification failed.

$ ssh localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ED25519 key fingerprint is SHA256:FzqKTNTroFuNUj1wUzSeV2x/1lpcESnT0ZRCmq5H6o8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ED25519) to the list of known hosts.
andrew@localhost's password:

Thanks the Curl project for the used code.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
Signed-off-by: Yury V. Zaytsev <yury.zaytsev@moneymeets.com>
2021-07-26 20:34:17 +03:00
Andrew Borodin
fdd6706245 (sftpfs_open_connection): handle EAGAIN for libssh2_session_handshake().
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-07-26 20:34:17 +03:00
Andrew Borodin
b0450a1e18 Ticket #4259: SFTPFS VFS: verify server fingerprint (CVE-2021-36370).
This vulnerability was discovered by AUT-milCERT during an audit of open
source software.

Initial changeset: set minimal version of libssh2 to 1.2.8.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-07-26 20:33:48 +03:00
Andrew Borodin
fa9ea0d61c Merge branch '4260_ftp_file_month'
* 4260_ftp_file_month:
  Ticket #4260: ftpfs: the month of file is always January.
2021-07-13 21:32:43 +03:00
m_ok
36e48b04bd Ticket #4260: ftpfs: the month of file is always January.
(parse_ls_line): fix test of vfs_parse_month() value.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-07-13 21:32:35 +03:00
Andrew Borodin
0c04e23821 Merge branch '4198_hang_on_start_with_zsh'
* 4198_hang_on_start_with_zsh:
  Ticket #4198: MC hangs on start randomly with zsh as subshell.
2021-07-11 20:59:57 +03:00
Eric Roberts
e89713a3d6 Ticket #4198: MC hangs on start randomly with zsh as subshell.
The bug happens because MC tells the shell to perform a "cd" command,
and waits indefinitely for the command to complete. If the shell, for
some reason, cannot complete the "cd" command, MC just freezes
indefinitely.

This patch removes all instances of MC waiting indefinitely for "cd"
commands. Now, if the shell freezes while doing a "cd", MC will timeout
after 1 second, and just set the subshell state to ACTIVE. If the user
tries to run a command, they will get the error "The shell is already
running a command".

Some other stuff where MC waits on the shell if an error occurred is
also simplified.

In feed_subshell(), the timeout time is changed from 10 seconds to
1 second. Ten seconds seemed like far too long to wait.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-07-04 19:06:28 +03:00
Andrew Borodin
5c1d3c55dd Merge branch '4233_screen_tmux_mouse'
* 4233_screen_tmux_mouse:
  (tty_check_term): support tmux.
  Ticket #4233: enables mouse support in screen/tmux.
2021-07-04 18:52:28 +03:00
filip-hejsek
bc8020e942 (tty_check_term): support tmux.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-07-04 18:50:46 +03:00
filip-hejsek
a2377be2ee Ticket #4233: enables mouse support in screen/tmux.
(tty_check_term): don't check $DISPLAY in screen to enable mouse support there.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-07-04 18:50:46 +03:00
Andrew Borodin
0e6721c32b Ticket #4213: workaround to avoid crash on FreeBSD.
Previous fix 443a8106f1
makes the command line inaccessible if mc runs with
disabled subshell (mc -u).

This commit fixes the command line.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-07-03 18:59:38 +03:00
Andrew Borodin
7ef1925a98 (render_edit_text): fix endless loop.
Thanks Sebastian Gniazdowski <sgniazdowski@gmail.com> for the issue.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-27 15:02:49 +03:00
Andrew Borodin
a81f1ca190 Merge branch '4179_cleanup'
* 4179_cleanup: (62 commits)
  Update po/*.po files.
  src/filemanager/mountlist.c: recognize fuse.portal as dummy file system.
  (check_dir_is_empty): minor optimization.
  (do_move_dir_dir): remove unused variable.
  (sftpfs_open_file): don't destroy file handler here.
  (mc_serialize_config): fix memory leak.
  (load_group): fix use after free.
  (exec_extension): fix memory leak.
  (dir_list_reload): fix resource leak.
  mcedit: move macros-related stuff to editmacros.[ch].
  (extfs_open_archive): fix NULL dereferences.
  (vfs_findgid): fix overrunning string.
  (vfs_finduid): fix overrunning string.
  (exec_make_shell_string): simplify condition, reduce variable scope.
  (panel_recursive_cd_to_parent): fix memory leak.
  (mc_skin_color_parse_ini_file): fix memory leak.
  (apply_rules_going_right): fix deadcode.DeadStores warning.
  (edit_replace_cmd): fix deadcode.DeadStores warning.
  (edit_draw_this_line): fix deadcode.DeadStores warning.
  (edit_do_search): search descriptor should not be NULL.
  ...
2021-06-20 16:18:30 +03:00
Andrew Borodin
6b9a2bbd48 Update po/*.po files.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:46 +03:00
Andrew Borodin
eb58d94341 src/filemanager/mountlist.c: recognize fuse.portal as dummy file system.
Sync with gnulib 9a38d499ca16f2f4304992eb1ab0894cd0b478e1.

Add "fuse.portal" as a dummy file system (used in flatpak
implementations).

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:46 +03:00
Andrew Borodin
25e419ba08 (check_dir_is_empty): minor optimization.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andrew Borodin
437994eb80 (do_move_dir_dir): remove unused variable.
Variable calc_total is set but isn't read.

Found by Andreas Mohr <and@gmx.li>.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andrew Borodin
106d95229f (sftpfs_open_file): don't destroy file handler here.
Fix Coverity id #331814.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andreas Mohr
db3b30ebea (mc_serialize_config): fix memory leak.
Found by Coverity.
Coverity id #331818.

Signed-off-by: Andreas Mohr <and@gmx.li>
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andreas Mohr
10c27b28a7 (load_group): fix use after free.
Found by Coverity.
Coverity id #331812.

Signed-off-by: Andreas Mohr <and@gmx.li>
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andreas Mohr
c15b752fbf (exec_extension): fix memory leak.
Found by Coverity.
Coverity id #331829.

Signed-off-by: Andreas Mohr <and@gmx.li>
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andreas Mohr
4db80f3010 (dir_list_reload): fix resource leak.
Found by Coverity.
Coverity id #331809.

Signed-off-by: Andreas Mohr <and@gmx.li>
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andrew Borodin
5b7b48e1db mcedit: move macros-related stuff to editmacros.[ch].
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andrew Borodin
0df10f488b (extfs_open_archive): fix NULL dereferences.
Fix passing NULL pointer "tmp" to g_strconcat().

Found by Coverity.
Coverity is #331840.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andrew Borodin
6efddd7380 (vfs_findgid): fix overrunning string.
Fix out-of-boundary access to gname if it's shorter than 255 bytes.

Found by Coverity.
Coverity id #331844.

Fix macro name that is used for array size.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andrew Borodin
2dfdc6d690 (vfs_finduid): fix overrunning string.
Fix out-of-boundary access to uname if it's shorter than 255 bytes.

Found by Coverity.
Coverity id #331835.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andrew Borodin
2d4008655e (exec_make_shell_string): simplify condition, reduce variable scope.
Fix Coverity id #331832.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andrew Borodin
69b8927ec9 (panel_recursive_cd_to_parent): fix memory leak.
Found by Coverity.
Coverity id #331846.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andrew Borodin
b6a169cc24 (mc_skin_color_parse_ini_file): fix memory leak.
Found by Coverity.
Coverity id #331849.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andreas Mohr
4070d7bee5 (apply_rules_going_right): fix deadcode.DeadStores warning.
syntax.c:523:25: warning: Value stored to 'found_right' is never read [deadcode.DeadStores]
                        found_right = TRUE;
                        ^             ~~~~

Found by Clang-11 analyzer.

Signed-off-by: Andreas Mohr <and@gmx.li>
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andreas Mohr
337da4491d (edit_replace_cmd): fix deadcode.DeadStores warning.
editsearch.c:915:13: warning: Value stored to 'i' is never read [deadcode.DeadStores]
            i = edit->found_len = len;
            ^   ~~~~~~~~~~~~~~~~~~~~~

Found by Clang-11 analyzer.

Signed-off-by: Andreas Mohr <and@gmx.li>
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andreas Mohr
9b752e3a2f (edit_draw_this_line): fix deadcode.DeadStores warning.
editdraw.c:536:5: warning: Value stored to 'color' is never read [deadcode.DeadStores]
    color = edit_get_syntax_color (edit, b - 1);
    ^       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Found by Clang-11 analyzer.

Signed-off-by: Andreas Mohr <and@gmx.li>
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andrew Borodin
22a7ef782d (edit_do_search): search descriptor should not be NULL.
Fix of Coverity id #110818.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andrew Borodin
a7b8d00535 (background_attention): don't use bad file descriptor.
Found by Coverity.
Coverity id #32593.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andrew Borodin
830d6c2d48 (editcmd_dialog_raw_key_query): move to editcmd.c.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andrew Borodin
b77961a14d mcedit: move all completion-related stuff to editcomplete.[ch].
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 16:16:45 +03:00
Andrew Borodin
21eefb3e36 mcedit: move all etags-related stuff to tags.[ch].
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 15:14:56 +03:00
Andrew Borodin
3a8f21166b (edit_buffer_find_word_start): rename from edit_find_word_start
...and move to editbuffer.c.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 15:14:56 +03:00
Andrew Borodin
9094cdd1d3 mcedit: move content of choosesyntax.c to syntax.c.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 15:14:56 +03:00
Andrew Borodin
c6bdc7c1dc mcedit: move all spell-related stuff to spell.[ch].
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 15:14:56 +03:00
Andrew Borodin
3b34936b9f mcedit: move all search&replace-related stuff to editsearch.[ch]. 2021-06-20 15:14:56 +03:00
Andrew Borodin
9d4eb459da (edit_search_cmd): clarify handling of NULL item of history.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 15:14:56 +03:00
Andrew Borodin
7bc1b19676 (edit_search_cmd): get rid of code duplication.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 15:14:56 +03:00
Andrew Borodin
21feb38a8d mcedit: refactoring of search.
(edit_search_init): new function: initialization of search handler.
(edit_search_deinit): new function: deinitialization of search handler.
(edit_replace_cmd): use edit_search_init().
(edit_search_cmd): likewise.
(editcmd_dialog_search_show): use edit_search_init() and
edit_search_deinit().
(edit_search_options): move definition from editcmd_dialogs.c to editsearch.c.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 15:14:56 +03:00
Andrew Borodin
288fe62987 (mcview_continue_search_cmd): clarify handling of NULL item of history. 2021-06-20 15:14:56 +03:00
Andrew Borodin
6adcd57859 (mcview_continue_search_cmd): get rid of string duplication.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 15:14:56 +03:00
Andrew Borodin
1fa327c5a1 (mcview_continue_search_cmd): get rid of code duplication.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 15:14:56 +03:00
Andrew Borodin
65ca3da3b2 mcviewer: refactoring of search.
(mcview_search_init): new function: initialization of search handler.
(mcview_search_deinit): new function: deinitialization of search handler.
(mcview_dialog_search): use mcview_search_init() and mcview_search_deinit().
(mcview_continue_search_cmd): use mcview_search_init().
(mcview_dialog_search): use mcview_search_deinit().
(mcview_search_options) move definition from dialogs.c to search.c.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
2021-06-20 15:14:56 +03:00