ariadne
/
smol
2
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Okay, so if the .save file is a symlink, don't write to it, abort 

git-svn-id: svn://svn.savannah.gnu.org/nano/trunk/nano@361 35c25a1d-7b9e-4130-9fde-d3aeb78583b8
master
Chris Allegretta 2000-12-02 04:36:50 +00:00
parent 331fc7a6f4
commit 3dbb2783d3
4 changed files with 124 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -23,6 +23,7 @@ CVS code -
- files.c: - files.c:
write_file() write_file()
- Unsetting modified on temp files bug fixed (Rocco Corsi). - Unsetting modified on temp files bug fixed (Rocco Corsi).
- Okay, if tmp == 1 and the file is a symlink, we return -1.
do_insertfile() do_insertfile()
- Added call to real_name_from tilde, oops. Added check for - Added call to real_name_from tilde, oops. Added check for
DISABLE_TABCOMP. DISABLE_TABCOMP.
@ -60,7 +61,7 @@ CVS code -
die() die()
- Now creates .save file using variable-length strings. Also - Now creates .save file using variable-length strings. Also
calls write_file with tmp == 1, which happens to do exactly what calls write_file with tmp == 1, which happens to do exactly what
we want (ignore symlinks and use mode 0600). we want (abort on save file is a symlink and use mode 0600).
handle_sighup() handle_sighup()
- Now calls die instead of writing on its own and exiting normally. - Now calls die instead of writing on its own and exiting normally.
- search.c: - search.c:

12
files.c
View File

@ -293,8 +293,8 @@ int do_insertfile(void)
* we don't set the global variable filename to it's name, and don't * we don't set the global variable filename to it's name, and don't
* print out how many lines we wrote on the statusbar. * print out how many lines we wrote on the statusbar.
* *
* Note that tmp is only set to 1 for storing temporary files internal * tmp means we are writing a tmp file in a secute fashion. We use
* to the editor, and is completely different from TEMP_OPT. * it when spell checking or dumping the file on an error.
*/ */
int write_file(char *name, int tmp) int write_file(char *name, int tmp)
{ {
@ -326,9 +326,13 @@ int write_file(char *name, int tmp)
cause unexpected behavior */ cause unexpected behavior */
lstat(realname, &st); lstat(realname, &st);
/* Open the file and truncate it. Trust the symlink. */ /* New case: if it's a symlink and tmp is set, abort. It could be
if (!tmp && (ISSET(FOLLOW_SYMLINKS) || !S_ISLNK(st.st_mode))) { a symlink attack */
if (tmp && S_ISLNK(st.st_mode))
return -1;
else if (!tmp && (ISSET(FOLLOW_SYMLINKS) || !S_ISLNK(st.st_mode))) {
/* Open the file and truncate it. Trust the symlink. */
if ((fd = open(realname, O_WRONLY | O_CREAT | O_TRUNC, if ((fd = open(realname, O_WRONLY | O_CREAT | O_TRUNC,
S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH |
S_IWOTH)) == -1) { S_IWOTH)) == -1) {

21
nano.c
View File

@ -104,24 +104,25 @@ RETSIGTYPE finish(int sigage)
void die(char *msg, ...) void die(char *msg, ...)
{ {
va_list ap; va_list ap;
char *name;
int i;
va_start(ap, msg); va_start(ap, msg);
vfprintf(stderr, msg, ap); vfprintf(stderr, msg, ap);
va_end(ap); va_end(ap);
/* No following symlinks when we dump the file contents */
UNSET(FOLLOW_SYMLINKS);
/* if we can't save we have REAL bad problems, /* if we can't save we have REAL bad problems,
* but we might as well TRY. */ * but we might as well TRY. */
if (filename[0] == '\0') { if (filename[0] == '\0') {
write_file("nano.save", 1); name = "nano.save";
i = write_file(name, 1);
} else { } else {
char *buf = nmalloc(strlen(filename) + 6); char *buf = nmalloc(strlen(filename) + 6);
strcpy(buf, filename); strcpy(buf, filename);
strcat(buf, ".save"); strcat(buf, ".save");
write_file(buf, 1); i = write_file(buf, 1);
name = buf;
} }
/* Restore the old term settings */ /* Restore the old term settings */
tcsetattr(0, TCSANOW, &oldterm); tcsetattr(0, TCSANOW, &oldterm);
@ -132,7 +133,11 @@ void die(char *msg, ...)
endwin(); endwin();
fprintf(stderr, msg); fprintf(stderr, msg);
fprintf(stderr, _("\nBuffer written to 'nano.save'\n")); fprintf(stderr, "\n");
if (i != -1)
fprintf(stderr, _("\nBuffer written to %s\n"), name);
else
fprintf(stderr, _("No .save file written (symlink encountered?)\n"));
exit(1); /* We have a problem: exit w/ errorlevel(1) */ exit(1); /* We have a problem: exit w/ errorlevel(1) */
} }
@ -1364,8 +1369,10 @@ int do_spell(void)
return 0; return 0;
} }
if (write_file(temp, 1) == -1) if (write_file(temp, 1) == -1) {
statusbar(_("Spell checking failed: unable to write temp file!"));
return 0; return 0;
}
if (alt_speller) if (alt_speller)
spell_res = do_alt_speller(temp); spell_res = do_alt_speller(temp);

191
po/nano.pot
View File

@ -6,7 +6,7 @@
msgid "" msgid ""
msgstr "" msgstr ""
"Project-Id-Version: PACKAGE VERSION\n" "Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2000-12-01 22:06-0500\n" "POT-Creation-Date: 2000-12-01 23:31-0500\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@ -55,59 +55,59 @@ msgstr ""
msgid "File to insert [from ./] " msgid "File to insert [from ./] "
msgstr "" msgstr ""
#: files.c:284 files.c:309 files.c:517 nano.c:1413 #: files.c:284 files.c:309 files.c:521 nano.c:1420
msgid "Cancelled" msgid "Cancelled"
msgstr "" msgstr ""
#: files.c:339 files.c:360 files.c:374 files.c:391 files.c:397 #: files.c:343 files.c:364 files.c:378 files.c:395 files.c:401
#, c-format #, c-format
msgid "Could not open file for writing: %s" msgid "Could not open file for writing: %s"
msgstr "" msgstr ""
#: files.c:348 #: files.c:352
msgid "Could not open file: Path length exceeded." msgid "Could not open file: Path length exceeded."
msgstr "" msgstr ""
#: files.c:379 #: files.c:383
#, c-format #, c-format
msgid "Wrote >%s\n" msgid "Wrote >%s\n"
msgstr "" msgstr ""
#: files.c:406 #: files.c:410
#, c-format #, c-format
msgid "Could not close %s: %s" msgid "Could not close %s: %s"
msgstr "" msgstr ""
#. Try a rename?? #. Try a rename??
#: files.c:427 files.c:438 files.c:443 #: files.c:431 files.c:442 files.c:447
#, c-format #, c-format
msgid "Could not open %s for writing: %s" msgid "Could not open %s for writing: %s"
msgstr "" msgstr ""
#: files.c:449 #: files.c:453
#, c-format #, c-format
msgid "Could not set permissions %o on %s: %s" msgid "Could not set permissions %o on %s: %s"
msgstr "" msgstr ""
#: files.c:456 #: files.c:460
#, c-format #, c-format
msgid "Wrote %d lines" msgid "Wrote %d lines"
msgstr "" msgstr ""
#: files.c:488 #: files.c:492
msgid "File Name to write" msgid "File Name to write"
msgstr "" msgstr ""
#: files.c:493 #: files.c:497
#, c-format #, c-format
msgid "filename is %s" msgid "filename is %s"
msgstr "" msgstr ""
#: files.c:506 #: files.c:510
msgid "File exists, OVERWRITE ?" msgid "File exists, OVERWRITE ?"
msgstr "" msgstr ""
#: files.c:995 #: files.c:999
msgid "(more)" msgid "(more)"
msgstr "" msgstr ""
@ -400,17 +400,22 @@ msgstr ""
msgid "No Replace" msgid "No Replace"
msgstr "" msgstr ""
#: nano.c:135 #: nano.c:138
#, c-format
msgid "" msgid ""
"\n" "\n"
"Buffer written to 'nano.save'\n" "Buffer written to %s\n"
msgstr "" msgstr ""
#: nano.c:142 #: nano.c:140
msgid "No .save file written (symlink encountered?)\n"
msgstr ""
#: nano.c:147
msgid "Key illegal in VIEW mode" msgid "Key illegal in VIEW mode"
msgstr "" msgstr ""
#: nano.c:179 #: nano.c:184
msgid "" msgid ""
" nano help text\n" " nano help text\n"
"\n" "\n"
@ -431,316 +436,320 @@ msgid ""
"\n" "\n"
msgstr "" msgstr ""
#: nano.c:282 #: nano.c:287
msgid "free_node(): free'd a node, YAY!\n" msgid "free_node(): free'd a node, YAY!\n"
msgstr "" msgstr ""
#: nano.c:287 #: nano.c:292
msgid "free_node(): free'd last node.\n" msgid "free_node(): free'd last node.\n"
msgstr "" msgstr ""
#: nano.c:339 #: nano.c:344
msgid "" msgid ""
"Usage: nano [GNU long option] [option] +LINE <file>\n" "Usage: nano [GNU long option] [option] +LINE <file>\n"
"\n" "\n"
msgstr "" msgstr ""
#: nano.c:340 #: nano.c:345
msgid "Option\t\tLong option\t\tMeaning\n" msgid "Option\t\tLong option\t\tMeaning\n"
msgstr "" msgstr ""
#: nano.c:342 #: nano.c:347
msgid " -T \t\t--tabsize=[num]\t\tSet width of a tab to num\n" msgid " -T \t\t--tabsize=[num]\t\tSet width of a tab to num\n"
msgstr "" msgstr ""
#: nano.c:345 #: nano.c:350
msgid " -R\t\t--regexp\t\tUse regular expressions for search\n" msgid " -R\t\t--regexp\t\tUse regular expressions for search\n"
msgstr "" msgstr ""
#: nano.c:349 #: nano.c:354
msgid " -V \t\t--version\t\tPrint version information and exit\n" msgid " -V \t\t--version\t\tPrint version information and exit\n"
msgstr "" msgstr ""
#: nano.c:351 #: nano.c:356
msgid " -c \t\t--const\t\t\tConstantly show cursor position\n" msgid " -c \t\t--const\t\t\tConstantly show cursor position\n"
msgstr "" msgstr ""
#: nano.c:353 #: nano.c:358
msgid " -h \t\t--help\t\t\tShow this message\n" msgid " -h \t\t--help\t\t\tShow this message\n"
msgstr "" msgstr ""
#: nano.c:356 #: nano.c:361
msgid " -k \t\t--cut\t\t\tLet ^K cut from cursor to end of line\n" msgid " -k \t\t--cut\t\t\tLet ^K cut from cursor to end of line\n"
msgstr "" msgstr ""
#: nano.c:359 #: nano.c:364
msgid " -i \t\t--autoindent\t\tAutomatically indent new lines\n" msgid " -i \t\t--autoindent\t\tAutomatically indent new lines\n"
msgstr "" msgstr ""
#: nano.c:361 #: nano.c:366
msgid " -l \t\t--nofollow\t\tDon't follow symbolic links, overwrite\n" msgid " -l \t\t--nofollow\t\tDon't follow symbolic links, overwrite\n"
msgstr "" msgstr ""
#: nano.c:364 #: nano.c:369
msgid " -m \t\t--mouse\t\t\tEnable mouse\n" msgid " -m \t\t--mouse\t\t\tEnable mouse\n"
msgstr "" msgstr ""
#: nano.c:369 #: nano.c:374
msgid "" msgid ""
" -r [#cols] \t--fill=[#cols]\t\tSet fill cols to (wrap lines at) #cols\n" " -r [#cols] \t--fill=[#cols]\t\tSet fill cols to (wrap lines at) #cols\n"
msgstr "" msgstr ""
#: nano.c:371 #: nano.c:376
msgid " -p\t \t--pico\t\t\tEmulate Pico as closely as possible\n" msgid " -p\t \t--pico\t\t\tEmulate Pico as closely as possible\n"
msgstr "" msgstr ""
#: nano.c:373 #: nano.c:378
msgid " -s [prog] \t--speller=[prog]\tEnable alternate speller\n" msgid " -s [prog] \t--speller=[prog]\tEnable alternate speller\n"
msgstr "" msgstr ""
#: nano.c:375 #: nano.c:380
msgid " -t \t\t--tempfile\t\tAuto save on exit, don't prompt\n" msgid " -t \t\t--tempfile\t\tAuto save on exit, don't prompt\n"
msgstr "" msgstr ""
#: nano.c:377 #: nano.c:382
msgid " -v \t\t--view\t\t\tView (read only) mode\n" msgid " -v \t\t--view\t\t\tView (read only) mode\n"
msgstr "" msgstr ""
#: nano.c:379 #: nano.c:384
msgid " -w \t\t--nowrap\t\tDon't wrap long lines\n" msgid " -w \t\t--nowrap\t\tDon't wrap long lines\n"
msgstr "" msgstr ""
#: nano.c:381 #: nano.c:386
msgid " -x \t\t--nohelp\t\tDon't show help window\n" msgid " -x \t\t--nohelp\t\tDon't show help window\n"
msgstr "" msgstr ""
#: nano.c:383 #: nano.c:388
msgid " -z \t\t--suspend\t\tEnable suspend\n" msgid " -z \t\t--suspend\t\tEnable suspend\n"
msgstr "" msgstr ""
#: nano.c:385 #: nano.c:390
msgid " +LINE\t\t\t\t\tStart at line number LINE\n" msgid " +LINE\t\t\t\t\tStart at line number LINE\n"
msgstr "" msgstr ""
#: nano.c:387 #: nano.c:392
msgid "" msgid ""
"Usage: nano [option] +LINE <file>\n" "Usage: nano [option] +LINE <file>\n"
"\n" "\n"
msgstr "" msgstr ""
#: nano.c:388 #: nano.c:393
msgid "Option\t\tMeaning\n" msgid "Option\t\tMeaning\n"
msgstr "" msgstr ""
#: nano.c:389 #: nano.c:394
msgid " -T [num]\tSet width of a tab to num\n" msgid " -T [num]\tSet width of a tab to num\n"
msgstr "" msgstr ""
#: nano.c:390 #: nano.c:395
msgid " -R\t\tUse regular expressions for search\n" msgid " -R\t\tUse regular expressions for search\n"
msgstr "" msgstr ""
#: nano.c:391 #: nano.c:396
msgid " -V \t\tPrint version information and exit\n" msgid " -V \t\tPrint version information and exit\n"
msgstr "" msgstr ""
#: nano.c:392 #: nano.c:397
msgid " -c \t\tConstantly show cursor position\n" msgid " -c \t\tConstantly show cursor position\n"
msgstr "" msgstr ""
#: nano.c:393 #: nano.c:398
msgid " -h \t\tShow this message\n" msgid " -h \t\tShow this message\n"
msgstr "" msgstr ""
#: nano.c:395 #: nano.c:400
msgid " -k \t\tLet ^K cut from cursor to end of line\n" msgid " -k \t\tLet ^K cut from cursor to end of line\n"
msgstr "" msgstr ""
#: nano.c:397 #: nano.c:402
msgid " -i \t\tAutomatically indent new lines\n" msgid " -i \t\tAutomatically indent new lines\n"
msgstr "" msgstr ""
#: nano.c:399 #: nano.c:404
msgid " -l \t\tDon't follow symbolic links, overwrite\n" msgid " -l \t\tDon't follow symbolic links, overwrite\n"
msgstr "" msgstr ""
#: nano.c:402 #: nano.c:407
msgid " -m \t\tEnable mouse\n" msgid " -m \t\tEnable mouse\n"
msgstr "" msgstr ""
#: nano.c:406 #: nano.c:411
msgid " -r [#cols] \tSet fill cols to (wrap lines at) #cols\n" msgid " -r [#cols] \tSet fill cols to (wrap lines at) #cols\n"
msgstr "" msgstr ""
#: nano.c:407 #: nano.c:412
msgid " -s [prog] \tEnable alternate speller\n" msgid " -s [prog] \tEnable alternate speller\n"
msgstr "" msgstr ""
#: nano.c:408 #: nano.c:413
msgid " -p \t\tEmulate Pico as closely as possible\n" msgid " -p \t\tEmulate Pico as closely as possible\n"
msgstr "" msgstr ""
#: nano.c:409 #: nano.c:414
msgid " -t \t\tAuto save on exit, don't prompt\n" msgid " -t \t\tAuto save on exit, don't prompt\n"
msgstr "" msgstr ""
#: nano.c:410 #: nano.c:415
msgid " -v \t\tView (read only) mode\n" msgid " -v \t\tView (read only) mode\n"
msgstr "" msgstr ""
#: nano.c:411 #: nano.c:416
msgid " -w \t\tDon't wrap long lines\n" msgid " -w \t\tDon't wrap long lines\n"
msgstr "" msgstr ""
#: nano.c:412 #: nano.c:417
msgid " -x \t\tDon't show help window\n" msgid " -x \t\tDon't show help window\n"
msgstr "" msgstr ""
#: nano.c:413 #: nano.c:418
msgid " -z \t\tEnable suspend\n" msgid " -z \t\tEnable suspend\n"
msgstr "" msgstr ""
#: nano.c:414 #: nano.c:419
msgid " +LINE\t\tStart at line number LINE\n" msgid " +LINE\t\tStart at line number LINE\n"
msgstr "" msgstr ""
#: nano.c:421 #: nano.c:426
#, c-format #, c-format
msgid " nano version %s by Chris Allegretta (compiled %s, %s)\n" msgid " nano version %s by Chris Allegretta (compiled %s, %s)\n"
msgstr "" msgstr ""
#: nano.c:424 #: nano.c:429
msgid " Email: nano@nano-editor.org\tWeb: http://www.nano-editor.org" msgid " Email: nano@nano-editor.org\tWeb: http://www.nano-editor.org"
msgstr "" msgstr ""
#: nano.c:425 #: nano.c:430
msgid "" msgid ""
"\n" "\n"
" Compiled options:" " Compiled options:"
msgstr "" msgstr ""
#: nano.c:481 #: nano.c:486
msgid "Mark Set" msgid "Mark Set"
msgstr "" msgstr ""
#: nano.c:486 #: nano.c:491
msgid "Mark UNset" msgid "Mark UNset"
msgstr "" msgstr ""
#: nano.c:934 #: nano.c:939
#, c-format #, c-format
msgid "check_wrap called with inptr->data=\"%s\"\n" msgid "check_wrap called with inptr->data=\"%s\"\n"
msgstr "" msgstr ""
#: nano.c:985 #: nano.c:990
#, c-format #, c-format
msgid "current->data now = \"%s\"\n" msgid "current->data now = \"%s\"\n"
msgstr "" msgstr ""
#: nano.c:1038 #: nano.c:1043
#, c-format #, c-format
msgid "After, data = \"%s\"\n" msgid "After, data = \"%s\"\n"
msgstr "" msgstr ""
#: nano.c:1138 #: nano.c:1143
msgid "Edit a replacement" msgid "Edit a replacement"
msgstr "" msgstr ""
#: nano.c:1362 #: nano.c:1367
#, c-format #, c-format
msgid "Could not create a temporary filename: %s" msgid "Could not create a temporary filename: %s"
msgstr "" msgstr ""
#: nano.c:1378 #: nano.c:1373
msgid "Spell checking failed: unable to write temp file!"
msgstr ""
#: nano.c:1385
msgid "Finished checking spelling" msgid "Finished checking spelling"
msgstr "" msgstr ""
#: nano.c:1380 #: nano.c:1387
msgid "Spell checking failed" msgid "Spell checking failed"
msgstr "" msgstr ""
#: nano.c:1400 #: nano.c:1407
msgid "Save modified buffer (ANSWERING \"No\" WILL DESTROY CHANGES) ? " msgid "Save modified buffer (ANSWERING \"No\" WILL DESTROY CHANGES) ? "
msgstr "" msgstr ""
#: nano.c:1496 #: nano.c:1503
msgid "Received SIGHUP" msgid "Received SIGHUP"
msgstr "" msgstr ""
#: nano.c:1562 #: nano.c:1569
msgid "Cannot resize top win" msgid "Cannot resize top win"
msgstr "" msgstr ""
#: nano.c:1564 #: nano.c:1571
msgid "Cannot move top win" msgid "Cannot move top win"
msgstr "" msgstr ""
#: nano.c:1566 #: nano.c:1573
msgid "Cannot resize edit win" msgid "Cannot resize edit win"
msgstr "" msgstr ""
#: nano.c:1568 #: nano.c:1575
msgid "Cannot move edit win" msgid "Cannot move edit win"
msgstr "" msgstr ""
#: nano.c:1570 #: nano.c:1577
msgid "Cannot resize bottom win" msgid "Cannot resize bottom win"
msgstr "" msgstr ""
#: nano.c:1572 #: nano.c:1579
msgid "Cannot move bottom win" msgid "Cannot move bottom win"
msgstr "" msgstr ""
#: nano.c:1860 #: nano.c:1867
msgid "Can now UnJustify!" msgid "Can now UnJustify!"
msgstr "" msgstr ""
#: nano.c:1955 #: nano.c:1962
#, c-format #, c-format
msgid "%s enable/disable" msgid "%s enable/disable"
msgstr "" msgstr ""
#: nano.c:1967 #: nano.c:1974
msgid "enabled" msgid "enabled"
msgstr "" msgstr ""
#: nano.c:1968 #: nano.c:1975
msgid "disabled" msgid "disabled"
msgstr "" msgstr ""
#: nano.c:2198 #: nano.c:2205
msgid "Main: set up windows\n" msgid "Main: set up windows\n"
msgstr "" msgstr ""
#: nano.c:2211 #: nano.c:2218
msgid "Main: bottom win\n" msgid "Main: bottom win\n"
msgstr "" msgstr ""
#: nano.c:2217 #: nano.c:2224
msgid "Main: open file\n" msgid "Main: open file\n"
msgstr "" msgstr ""
#: nano.c:2254 #: nano.c:2261
#, c-format #, c-format
msgid "I got Alt-O-%c! (%d)\n" msgid "I got Alt-O-%c! (%d)\n"
msgstr "" msgstr ""
#: nano.c:2276 #: nano.c:2283
#, c-format #, c-format
msgid "I got Alt-[-1-%c! (%d)\n" msgid "I got Alt-[-1-%c! (%d)\n"
msgstr "" msgstr ""
#: nano.c:2309 #: nano.c:2316
#, c-format #, c-format
msgid "I got Alt-[-2-%c! (%d)\n" msgid "I got Alt-[-2-%c! (%d)\n"
msgstr "" msgstr ""
#: nano.c:2357 #: nano.c:2364
#, c-format #, c-format
msgid "I got Alt-[-%c! (%d)\n" msgid "I got Alt-[-%c! (%d)\n"
msgstr "" msgstr ""
#: nano.c:2383 #: nano.c:2390
#, c-format #, c-format
msgid "I got Alt-%c! (%d)\n" msgid "I got Alt-%c! (%d)\n"
msgstr "" msgstr ""