This vulnerability was discovered by AUT-milCERT during an audit of open
source software.
Initial changeset: set minimal version of libssh2 to 1.2.8.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
The bug happens because MC tells the shell to perform a "cd" command,
and waits indefinitely for the command to complete. If the shell, for
some reason, cannot complete the "cd" command, MC just freezes
indefinitely.
This patch removes all instances of MC waiting indefinitely for "cd"
commands. Now, if the shell freezes while doing a "cd", MC will timeout
after 1 second, and just set the subshell state to ACTIVE. If the user
tries to run a command, they will get the error "The shell is already
running a command".
Some other stuff where MC waits on the shell if an error occurred is
also simplified.
In feed_subshell(), the timeout time is changed from 10 seconds to
1 second. Ten seconds seemed like far too long to wait.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
Previous fix 443a8106f1
makes the command line inaccessible if mc runs with
disabled subshell (mc -u).
This commit fixes the command line.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
Sync with gnulib 9a38d499ca16f2f4304992eb1ab0894cd0b478e1.
Add "fuse.portal" as a dummy file system (used in flatpak
implementations).
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
Fix out-of-boundary access to gname if it's shorter than 255 bytes.
Found by Coverity.
Coverity id #331844.
Fix macro name that is used for array size.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
Fix out-of-boundary access to uname if it's shorter than 255 bytes.
Found by Coverity.
Coverity id #331835.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
syntax.c:523:25: warning: Value stored to 'found_right' is never read [deadcode.DeadStores]
found_right = TRUE;
^ ~~~~
Found by Clang-11 analyzer.
Signed-off-by: Andreas Mohr <and@gmx.li>
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
editsearch.c:915:13: warning: Value stored to 'i' is never read [deadcode.DeadStores]
i = edit->found_len = len;
^ ~~~~~~~~~~~~~~~~~~~~~
Found by Clang-11 analyzer.
Signed-off-by: Andreas Mohr <and@gmx.li>
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
editdraw.c:536:5: warning: Value stored to 'color' is never read [deadcode.DeadStores]
color = edit_get_syntax_color (edit, b - 1);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Found by Clang-11 analyzer.
Signed-off-by: Andreas Mohr <and@gmx.li>
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
(edit_search_init): new function: initialization of search handler.
(edit_search_deinit): new function: deinitialization of search handler.
(edit_replace_cmd): use edit_search_init().
(edit_search_cmd): likewise.
(editcmd_dialog_search_show): use edit_search_init() and
edit_search_deinit().
(edit_search_options): move definition from editcmd_dialogs.c to editsearch.c.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
(mcview_search_init): new function: initialization of search handler.
(mcview_search_deinit): new function: deinitialization of search handler.
(mcview_dialog_search): use mcview_search_init() and mcview_search_deinit().
(mcview_continue_search_cmd): use mcview_search_init().
(mcview_dialog_search): use mcview_search_deinit().
(mcview_search_options) move definition from dialogs.c to search.c.
Signed-off-by: Andrew Borodin <aborodin@vmail.ru>