Rocco Rutte:

- make mutt_adv_mktemp() also accept directory suggestion (only use $tmpdir if no other given)
- use different mutt_adv_mktemp() to replace highly insecure temporary filename handling for vvv.nntp's list files (not sure if following symlinks for rename(2) by default is fully secure, but (1) filenames now aren't 100% predictable any longer and (2) I can have ~/.newsrc be a symlink)

git-svn-id: svn://svn.berlios.de/mutt-ng/trunk@415 e385b8ad-14ed-0310-8656-cc95a2468c6d

diff --git a/attach.c b/attach.c
index c32eb79..a644784 100644 (file)
--- a/attach.c
+++ b/attach.c
@@ -463,7 +463,7 @@ int mutt_view_attachment (FILE * fp, BODY * a, int flag, HEADER * hdr,
     if (fp && !use_mailcap && a->filename) {
       /* recv case */
       strfcpy (pagerfile, a->filename, sizeof (pagerfile));
-      mutt_adv_mktemp (pagerfile, sizeof (pagerfile));
+      mutt_adv_mktemp (NULL, pagerfile, sizeof (pagerfile));
     }
     else
       mutt_mktemp (pagerfile);

diff --git a/muttlib.c b/muttlib.c
index de3a41b..7b291a1 100644 (file)
--- a/muttlib.c
+++ b/muttlib.c
@@ -64,7 +64,7 @@ BODY *mutt_new_body (void)
  * Renamed to mutt_adv_mktemp so I only have to change where it's
  * called, and not all possible cases.
  */
-void mutt_adv_mktemp (char *s, size_t l)
+void mutt_adv_mktemp (const char* dir, char *s, size_t l)
 {
   char buf[_POSIX_PATH_MAX];
   char tmp[_POSIX_PATH_MAX];
@@ -72,7 +72,7 @@ void mutt_adv_mktemp (char *s, size_t l)
   size_t sl;
   struct stat sb;
 
-  strfcpy (buf, NONULL (Tempdir), sizeof (buf));
+  strfcpy (buf, dir && *dir ? dir : NONULL (Tempdir), sizeof (buf));
   mutt_expand_path (buf, sizeof (buf));
   if (s[0] == '\0') {
     snprintf (s, l, "%s/muttXXXXXX", buf);
@@ -116,7 +116,7 @@ int mutt_copy_body (FILE * fp, BODY ** tgt, BODY * src)
     tmp[0] = '\0';
   }
 
-  mutt_adv_mktemp (tmp, sizeof (tmp));
+  mutt_adv_mktemp (NULL, tmp, sizeof (tmp));
   if (mutt_save_attachment (fp, src, tmp, 0, NULL) == -1)
     return -1;
 

diff --git a/nntp/newsrc.c b/nntp/newsrc.c
index e58c9dc..28a6d8b 100644 (file)
--- a/nntp/newsrc.c
+++ b/nntp/newsrc.c
@@ -32,6 +32,7 @@
 #include <string.h>
 #include <ctype.h>
 #include <stdlib.h>
+#include <libgen.h>
 #include <sys/stat.h>
 
 void nntp_add_to_list (NNTP_SERVER * s, NNTP_DATA * d)
@@ -634,9 +635,9 @@ static int mutt_update_list_file (char *filename, char *section,
   FILE *ifp;
   FILE *ofp;
   char buf[HUGE_STRING];
-  char tmpfile[_POSIX_PATH_MAX];
+  char tmpfile[_POSIX_PATH_MAX], link[_POSIX_PATH_MAX];
   char *c;
-  int ext = 0, done = 0, r = 0;
+  int ext = 0, done = 0, r = 0, l = 0;
 
   /* if file not exist, create it */
   if ((ifp = safe_fopen (filename, "a")))
@@ -651,7 +652,14 @@ static int mutt_update_list_file (char *filename, char *section,
     mutt_error (_("Unable to lock %s"), filename);
     return -1;
   }
-  snprintf (tmpfile, sizeof(tmpfile), "%s.tmp", filename);
+  /* use mutt_adv_mktemp() to get a tempfile in the same
+   * directory as filename is so that we can follow symlinks
+   * via rename(2); as dirname(2) may modify its argument,
+   * temporarily use buf as copy of it
+   */
+  strncpy (buf, filename, sizeof (buf));
+  strncpy (tmpfile, basename (filename), sizeof (tmpfile));
+  mutt_adv_mktemp ((const char*) dirname (buf), tmpfile, sizeof (tmpfile));
   debug_print (1, ("Opening %s\n", tmpfile));
   if (!(ofp = fopen (tmpfile, "w"))) {
     fclose (ifp);
@@ -723,9 +731,13 @@ static int mutt_update_list_file (char *filename, char *section,
     mutt_error (_("Can't write %s"), tmpfile);
     return -1;
   }
-  if (rename (tmpfile, filename) < 0) {
+  link[0] = '\0';
+  if ((l = readlink (filename, link, sizeof (link)-1)) > 0)
+    link[l] = '\0';
+  debug_print (1, ("Renaming %s to %s\n",tmpfile, l > 0 ? link : filename));
+  if (rename (tmpfile, l > 0 ? link : filename) < 0) {
     unlink (tmpfile);
-    mutt_error (_("Can't rename %s to %s"), tmpfile, filename);
+    mutt_error (_("Can't rename %s to %s"), tmpfile, l > 0 ? link : filename);
     return -1;
   }
   return 0;

diff --git a/postpone.c b/postpone.c
index a3d7289..ddd3fd5 100644 (file)
--- a/postpone.c
+++ b/postpone.c
@@ -633,7 +633,7 @@ int mutt_prepare_template (FILE * fp, CONTEXT * ctx, HEADER * newhdr,
       mutt_delete_parameter ("x-mutt-noconv", &b->parameter);
     }
 
-    mutt_adv_mktemp (file, sizeof (file));
+    mutt_adv_mktemp (NULL, file, sizeof (file));
     if ((s.fpout = safe_fopen (file, "w")) == NULL)
       goto bail;
 

diff --git a/protos.h b/protos.h
index 9dd0480..b11b462 100644 (file)
--- a/protos.h
+++ b/protos.h
@@ -105,7 +105,7 @@ const char *mutt_fqdn (short);
 void mutt_account_hook (const char *url);
 void mutt_add_to_reference_headers (ENVELOPE * env, ENVELOPE * curenv,
                                     LIST *** pp, LIST *** qq);
-void mutt_adv_mktemp (char *, size_t);
+void mutt_adv_mktemp (const char*, char*, size_t);
 void mutt_allow_interrupt (int);
 void mutt_block_signals (void);
 void mutt_block_signals_system (void);

diff --git a/rfc1524.c b/rfc1524.c
index 86ffc06..b02ab4d 100644 (file)
--- a/rfc1524.c
+++ b/rfc1524.c
@@ -507,7 +507,7 @@ int rfc1524_expand_filename (char *nametemplate,
     }
   }
 
-  mutt_adv_mktemp (newfile, nflen);
+  mutt_adv_mktemp (NULL, newfile, nflen);
 
   if (rmatch && lmatch)
     return 0;