From 84336b1f31f4acefd0bf8500b8571c33669fd99f Mon Sep 17 00:00:00 2001
From: pdmef <pdmef@e385b8ad-14ed-0310-8656-cc95a2468c6d>
Date: Sun, 21 Aug 2005 16:08:40 +0000
Subject: [PATCH] Rocco Rutte: - make mutt_adv_mktemp() also accept directory
 suggestion (only use $tmpdir if no other given) - use different
 mutt_adv_mktemp() to replace highly insecure temporary filename handling for
 vvv.nntp's list files (not sure if following symlinks for rename(2) by
 default is fully secure, but (1) filenames now aren't 100% predictable any
 longer and (2) I can have ~/.newsrc be a symlink)

git-svn-id: svn://svn.berlios.de/mutt-ng/trunk@415 e385b8ad-14ed-0310-8656-cc95a2468c6d
---
 attach.c      |  2 +-
 muttlib.c     |  6 +++---
 nntp/newsrc.c | 22 +++++++++++++++++-----
 postpone.c    |  2 +-
 protos.h      |  2 +-
 rfc1524.c     |  2 +-
 6 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/attach.c b/attach.c
index c32eb79..a644784 100644
--- a/attach.c
+++ b/attach.c
@@ -463,7 +463,7 @@ int mutt_view_attachment (FILE * fp, BODY * a, int flag, HEADER * hdr,
     if (fp && !use_mailcap && a->filename) {
       /* recv case */
       strfcpy (pagerfile, a->filename, sizeof (pagerfile));
-      mutt_adv_mktemp (pagerfile, sizeof (pagerfile));
+      mutt_adv_mktemp (NULL, pagerfile, sizeof (pagerfile));
     }
     else
       mutt_mktemp (pagerfile);
diff --git a/muttlib.c b/muttlib.c
index de3a41b..7b291a1 100644
--- a/muttlib.c
+++ b/muttlib.c
@@ -64,7 +64,7 @@ BODY *mutt_new_body (void)
  * Renamed to mutt_adv_mktemp so I only have to change where it's
  * called, and not all possible cases.
  */
-void mutt_adv_mktemp (char *s, size_t l)
+void mutt_adv_mktemp (const char* dir, char *s, size_t l)
 {
   char buf[_POSIX_PATH_MAX];
   char tmp[_POSIX_PATH_MAX];
@@ -72,7 +72,7 @@ void mutt_adv_mktemp (char *s, size_t l)
   size_t sl;
   struct stat sb;
 
-  strfcpy (buf, NONULL (Tempdir), sizeof (buf));
+  strfcpy (buf, dir && *dir ? dir : NONULL (Tempdir), sizeof (buf));
   mutt_expand_path (buf, sizeof (buf));
   if (s[0] == '\0') {
     snprintf (s, l, "%s/muttXXXXXX", buf);
@@ -116,7 +116,7 @@ int mutt_copy_body (FILE * fp, BODY ** tgt, BODY * src)
     tmp[0] = '\0';
   }
 
-  mutt_adv_mktemp (tmp, sizeof (tmp));
+  mutt_adv_mktemp (NULL, tmp, sizeof (tmp));
   if (mutt_save_attachment (fp, src, tmp, 0, NULL) == -1)
     return -1;
 
diff --git a/nntp/newsrc.c b/nntp/newsrc.c
index e58c9dc..28a6d8b 100644
--- a/nntp/newsrc.c
+++ b/nntp/newsrc.c
@@ -32,6 +32,7 @@
 #include <string.h>
 #include <ctype.h>
 #include <stdlib.h>
+#include <libgen.h>
 #include <sys/stat.h>
 
 void nntp_add_to_list (NNTP_SERVER * s, NNTP_DATA * d)
@@ -634,9 +635,9 @@ static int mutt_update_list_file (char *filename, char *section,
   FILE *ifp;
   FILE *ofp;
   char buf[HUGE_STRING];
-  char tmpfile[_POSIX_PATH_MAX];
+  char tmpfile[_POSIX_PATH_MAX], link[_POSIX_PATH_MAX];
   char *c;
-  int ext = 0, done = 0, r = 0;
+  int ext = 0, done = 0, r = 0, l = 0;
 
   /* if file not exist, create it */
   if ((ifp = safe_fopen (filename, "a")))
@@ -651,7 +652,14 @@ static int mutt_update_list_file (char *filename, char *section,
     mutt_error (_("Unable to lock %s"), filename);
     return -1;
   }
-  snprintf (tmpfile, sizeof(tmpfile), "%s.tmp", filename);
+  /* use mutt_adv_mktemp() to get a tempfile in the same
+   * directory as filename is so that we can follow symlinks
+   * via rename(2); as dirname(2) may modify its argument,
+   * temporarily use buf as copy of it
+   */
+  strncpy (buf, filename, sizeof (buf));
+  strncpy (tmpfile, basename (filename), sizeof (tmpfile));
+  mutt_adv_mktemp ((const char*) dirname (buf), tmpfile, sizeof (tmpfile));
   debug_print (1, ("Opening %s\n", tmpfile));
   if (!(ofp = fopen (tmpfile, "w"))) {
     fclose (ifp);
@@ -723,9 +731,13 @@ static int mutt_update_list_file (char *filename, char *section,
     mutt_error (_("Can't write %s"), tmpfile);
     return -1;
   }
-  if (rename (tmpfile, filename) < 0) {
+  link[0] = '\0';
+  if ((l = readlink (filename, link, sizeof (link)-1)) > 0)
+    link[l] = '\0';
+  debug_print (1, ("Renaming %s to %s\n",tmpfile, l > 0 ? link : filename));
+  if (rename (tmpfile, l > 0 ? link : filename) < 0) {
     unlink (tmpfile);
-    mutt_error (_("Can't rename %s to %s"), tmpfile, filename);
+    mutt_error (_("Can't rename %s to %s"), tmpfile, l > 0 ? link : filename);
     return -1;
   }
   return 0;
diff --git a/postpone.c b/postpone.c
index a3d7289..ddd3fd5 100644
--- a/postpone.c
+++ b/postpone.c
@@ -633,7 +633,7 @@ int mutt_prepare_template (FILE * fp, CONTEXT * ctx, HEADER * newhdr,
       mutt_delete_parameter ("x-mutt-noconv", &b->parameter);
     }
 
-    mutt_adv_mktemp (file, sizeof (file));
+    mutt_adv_mktemp (NULL, file, sizeof (file));
     if ((s.fpout = safe_fopen (file, "w")) == NULL)
       goto bail;
 
diff --git a/protos.h b/protos.h
index 9dd0480..b11b462 100644
--- a/protos.h
+++ b/protos.h
@@ -105,7 +105,7 @@ const char *mutt_fqdn (short);
 void mutt_account_hook (const char *url);
 void mutt_add_to_reference_headers (ENVELOPE * env, ENVELOPE * curenv,
                                     LIST *** pp, LIST *** qq);
-void mutt_adv_mktemp (char *, size_t);
+void mutt_adv_mktemp (const char*, char*, size_t);
 void mutt_allow_interrupt (int);
 void mutt_block_signals (void);
 void mutt_block_signals_system (void);
diff --git a/rfc1524.c b/rfc1524.c
index 86ffc06..b02ab4d 100644
--- a/rfc1524.c
+++ b/rfc1524.c
@@ -507,7 +507,7 @@ int rfc1524_expand_filename (char *nametemplate,
     }
   }
 
-  mutt_adv_mktemp (newfile, nflen);
+  mutt_adv_mktemp (NULL, newfile, nflen);
 
   if (rmatch && lmatch)
     return 0;
-- 
2.20.1