aboutsummaryrefslogtreecommitdiff
path: root/ftp
diff options
context:
space:
mode:
authorAndrey Slusar <anray@FreeBSD.org>2006-02-06 19:14:54 +0000
committerAndrey Slusar <anray@FreeBSD.org>2006-02-06 19:14:54 +0000
commitd9fb332eb93fb721565d5b831a37a1457b26ed4a (patch)
treec5aa7c20cfe33e10a587e14c5074a9087aba80f0 /ftp
parent56c9f4947b5332092b2e451064aeee98b6b96115 (diff)
- Fix "chunk already allocated" error
- Add sanity checking to avoid GTK assertion errors due to missing pixmaps. - Resolve two known vulnerabilities: http://secunia.com/advisories/13536/ - Replace tmpnam with mkstemp - Disallow server-provided absolute filenames Hopefully that's enough to get the port back in action. PR: ports/92787 Submitted by: Shaun Amott <shaun@inerd.com>
Notes
Notes: svn path=/head/; revision=155363
Diffstat (limited to 'ftp')
-rw-r--r--ftp/IglooFTP/Makefile6
-rw-r--r--ftp/IglooFTP/files/patch-FTP.c (renamed from ftp/IglooFTP/files/patch-aa)0
-rw-r--r--ftp/IglooFTP/files/patch-FTPcommands.h272
-rw-r--r--ftp/IglooFTP/files/patch-Makefile (renamed from ftp/IglooFTP/files/patch-ab)0
-rw-r--r--ftp/IglooFTP/files/patch-dialog.c70
-rw-r--r--ftp/IglooFTP/files/patch-dir_tree.c10
-rw-r--r--ftp/IglooFTP/files/patch-main.c (renamed from ftp/IglooFTP/files/patch-ac)0
7 files changed, 353 insertions, 5 deletions
diff --git a/ftp/IglooFTP/Makefile b/ftp/IglooFTP/Makefile
index 3682989beba3..b9b673aa52be 100644
--- a/ftp/IglooFTP/Makefile
+++ b/ftp/IglooFTP/Makefile
@@ -7,7 +7,7 @@
PORTNAME= IglooFTP
PORTVERSION= 0.6.1
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= ftp
MASTER_SITES= ${MASTER_SITE_SUNSITE} \
ftp://littleigloo.org/pub/iglooftp/
@@ -17,10 +17,6 @@ DISTNAME= ${PORTNAME}-${PORTVERSION}.src
MAINTAINER= ports@FreeBSD.org
COMMENT= Easy to use FTP client for X Window System
-IGNORE= crashes at startup
-DEPRECATED= ${IGNORE}
-EXPIRATION_DATE=2006-02-04
-
WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}/src
USE_X_PREFIX= yes
diff --git a/ftp/IglooFTP/files/patch-aa b/ftp/IglooFTP/files/patch-FTP.c
index fa17c07fb535..fa17c07fb535 100644
--- a/ftp/IglooFTP/files/patch-aa
+++ b/ftp/IglooFTP/files/patch-FTP.c
diff --git a/ftp/IglooFTP/files/patch-FTPcommands.h b/ftp/IglooFTP/files/patch-FTPcommands.h
new file mode 100644
index 000000000000..b18e9aed01cb
--- /dev/null
+++ b/ftp/IglooFTP/files/patch-FTPcommands.h
@@ -0,0 +1,272 @@
+--- FTPcommands.h.orig Thu Apr 15 17:05:15 1999
++++ FTPcommands.h Sat Feb 4 01:12:52 2006
+@@ -14,8 +14,12 @@
+ *
+ */
+
++#include "defines.h"
++
+ #define ERROR_REPLY_CODE (FTPctrl->reply[0] == '5' || FTPctrl->reply[0] == '4')
+
++extern char tmpfile_template[];
++
+
+
+ /* LOGIN */
+@@ -282,11 +286,14 @@
+ char
+ FTP_LIST (FTP * FTPctrl, char *filename)
+ {
++ int fd = -1;
+ char tmp_filename[256];
+ char list_command[10];
+ int data_socket = FTP_open_data_connection (FTPctrl);
+ FILE *local;
+
++ sprintf(tmp_filename, tmpfile_template);
++
+ if (FTPctrl->host_type == HOST_VMS)
+ strcpy (list_command, "LIST");
+ else
+@@ -296,11 +303,18 @@
+
+ FTP_TYPE_ASCII (FTPctrl);
+
+- tmpnam (tmp_filename);
+ if (!FTP_exec_command (FTPctrl, list_command) || ERROR_REPLY_CODE)
+ return FTP_error (FALSE, "LIST command failed.", "", data_socket);
+
+- local = fopen (tmp_filename, "w");
++ if ((fd = mkstemp (tmp_filename)) == -1 || (local = fdopen (fd, "w")) == NULL)
++ {
++ if (fd != -1) {
++ unlink(tmp_filename);
++ close(fd);
++ }
++ return FTP_error (FALSE, "Unable to create temporary file.", "", 0);
++ }
++
+ if (!FTP_download (FTPctrl, data_socket, local))
+ return FTP_error (FALSE, "Unable to retreive directory listing. ", "", data_socket);
+
+--- custom_profiles.h.orig Thu Apr 15 17:05:15 1999
++++ custom_profiles.h Sat Feb 4 00:59:51 2006
+@@ -169,6 +169,7 @@
+ static void
+ delete_user_prof_from_file (GtkWidget * widget, gpointer data)
+ {
++ int fd = -1;
+ const int remove_this_one = (int) GTK_CLIST (clist)->selection->data;
+ char tmp_filename[256];
+ char prof_path[1024];
+@@ -180,9 +181,21 @@
+
+ gtk_widget_destroy (gtk_widget_get_toplevel (widget));
+ sprintf (prof_path, "%s/%s/%s", home_path, PREFERENCES_PATH, USER_PROF);
+- tmpnam (tmp_filename);
++ sprintf (tmp_filename, "%s.%s", prof_path, "tmp.XXXXXXXX");
++
++ if ((fd = mkstemp (tmp_filename)) == -1) {
++ DEBUG("Unable to create temporary file.");
++ return;
++ }
++
++ close (fd);
++
+ rename (prof_path, tmp_filename);
+- file_handle = open (tmp_filename, O_RDONLY, RC_PERM);
++
++ if ((file_handle = open (tmp_filename, O_RDONLY|O_EXCL, RC_PERM)) == -1) {
++ DEBUG("Unable to create temporary file.");
++ return;
++ }
+
+ for (index = 0; index < index_total; index++)
+ {
+--- defines.h.orig Thu Apr 15 17:05:15 1999
++++ defines.h Sat Feb 4 01:10:47 2006
+@@ -47,6 +47,9 @@
+ #define SHARE_PATH "/usr/local/src/IglooFTP"
+ #endif
+
++#define TMPFILE_FILE "IglooFTP.tmp.XXXXXXXX"
++char tmpfile_template[256];
++
+
+ #define PREFERENCES_PATH ".IglooFTP"
+ #define USER_LAYOUT "user.layout"
+--- dirlist.c.orig Thu Apr 15 17:05:14 1999
++++ dirlist.c Fri Feb 3 23:20:24 2006
+@@ -1619,6 +1619,7 @@
+ upload_selection_recursive (void)
+ {
+
++ int fd = -1;
+ GdkColor done_color = GREYCYAN;
+ GdkColormap *colormap;
+ GList *selection = GTK_CLIST (clist)->selection;
+@@ -1635,8 +1636,15 @@
+
+ getcwd (current_local_dir, sizeof (current_local_dir));
+
+- tmpnam (tmp_filename);
+- tmp = fopen (tmp_filename, "w");
++ if ((fd = mkstemp (tmp_filename)) == -1 || (tmp = fdopen (fd, "w")) == NULL)
++ {
++ if (fd != -1) {
++ unlink(tmp_filename);
++ close(fd);
++ }
++ DEBUG("Unable to create temporary file.");
++ return;
++ }
+
+ colormap = gtk_widget_get_colormap (window);
+ gdk_color_alloc (colormap, &done_color);
+--- ftplist.c.orig Thu Apr 15 17:05:15 1999
++++ ftplist.c Sat Feb 4 01:15:59 2006
+@@ -1189,6 +1189,15 @@
+ IDLE_END;
+ CHECK_CONNEXION_VOID;
+
++ /* Is it worth trying to handle this better? */
++
++ char msg_buf[1024];
++ if ((strchr(filename, '/') != NULL) || (strstr(filename, "..") != NULL)) {
++ snprintf (msg_buf, sizeof(msg_buf), "Skipping non-relative filename: %s", filename);
++ error_message (msg_buf);
++ return;
++ }
++
+ if (IGLOO_download (filename, filesize, filedate, NULL))
+ {
+ char that_path[1024];
+@@ -1255,6 +1264,7 @@
+ static void
+ perfom_recursive_command_on_selection (char recursive_command, char *optionnal_arg, char IS_TOP_DIR)
+ {
++ int fd = -1;
+ GList *selection = GTK_CLIST (clist)->selection;
+ gchar *filename;
+ gchar *fileperm;
+@@ -1265,9 +1275,17 @@
+ char DIR_FOUND_IN_SELECTION = FALSE;
+ char *current_remote_dir = strdup (this_session.cwd_dir);
+
+- tmpnam (tmp_filename);
+- tmp = fopen (tmp_filename, "w");
++ sprintf(tmp_filename, tmpfile_template);
+
++ if ((fd = mkstemp (tmp_filename)) == -1 || (tmp = fdopen (fd, "w")) == NULL)
++ {
++ if (fd != -1) {
++ unlink(tmp_filename);
++ close(fd);
++ }
++ DEBUG("Unable to create temporary file.");
++ return;
++ }
+
+ while (selection && (!want_abort))
+ {
+@@ -1710,6 +1728,7 @@
+ static char
+ download_selection_recursive (void)
+ {
++ int fd = -1;
+ GdkColor done_color = GREYCYAN;
+ GdkColormap *colormap;
+ GList *selection = GTK_CLIST (clist)->selection;
+@@ -1725,10 +1744,19 @@
+ char *current_remote_dir = strdup (this_session.cwd_dir);
+ char current_local_dir[1024];
+
++ sprintf(tmp_filename, tmpfile_template);
++
+ getcwd (current_local_dir, sizeof (current_local_dir));
+
+- tmpnam (tmp_filename);
+- tmp = fopen (tmp_filename, "w");
++ if ((fd = mkstemp (tmp_filename)) == -1 || (tmp = fdopen (fd, "w")) == NULL)
++ {
++ if (fd != -1) {
++ unlink(tmp_filename);
++ close(fd);
++ }
++ DEBUG("Unable to create temporary file.");
++ return FALSE;
++ }
+
+ colormap = gtk_widget_get_colormap (window);
+ gdk_color_alloc (colormap, &done_color);
+@@ -1748,6 +1776,18 @@
+ gtk_clist_get_text (GTK_CLIST (clist), index, 2, &filesize);
+ gtk_clist_get_text (GTK_CLIST (clist), index, 3, &filedate);
+ gtk_clist_get_text (GTK_CLIST (clist), index, 4, &fileperm);
++
++ /* Basic sanity checks */
++
++ char msg_buf[1024];
++ if ((strchr(filename, '/') != NULL) || (strstr(filename, "..") != NULL)) {
++ snprintf (msg_buf, sizeof(msg_buf), "Skipping non-relative filename: %s", filename);
++ error_message (msg_buf);
++ selection = selection->next;
++ gtk_clist_unselect_row (GTK_CLIST (clist), index, 0);
++ gtk_clist_moveto (GTK_CLIST (clist), index, 0, 0.5, 0);
++ continue;
++ }
+
+ if (fileperm[0] != 'd')
+ {
+--- main.c.orig Fri Feb 3 23:52:15 2006
++++ main.c Sat Feb 4 01:23:16 2006
+@@ -109,6 +109,18 @@
+ fpsetmask(0);
+ #endif
+
++ char *td;
++ if ((td = getenv("TMPDIR")) != NULL && strlen(td) != 0) {
++ if (td[strlen(td)-1] == '/')
++ strncpy(tmpfile_template, td, strlen(td)-1);
++ else
++ strncpy(tmpfile_template, td, strlen(td));
++ } else {
++ strcpy(tmpfile_template, "/tmp");
++ }
++ strncat(tmpfile_template, "/", sizeof(tmpfile_template));
++ strncat(tmpfile_template, TMPFILE_FILE, sizeof(tmpfile_template));
++
+ gtk_set_locale ();
+ gtk_init (&argc, &argv);
+
+--- session.c.orig Thu Apr 15 17:05:15 1999
++++ session.c Fri Feb 3 23:20:24 2006
+@@ -32,7 +32,8 @@
+ {
+ FILE *out = NULL;
+ FTPsession that_session;
+- int file_handle;
++ int fd = -1;
++ FILE *file_handle = NULL;
+ char tmp_filename[MPLEN];
+ char spawn_tmp[MPLEN];
+
+@@ -41,8 +42,16 @@
+
+ strcpy (that_session.start_dir, this_session.cwd_dir);
+
+- tmpnam (tmp_filename);
+- file_handle = open (tmp_filename, O_CREAT | O_RDWR, RC_PERM);
++ if ((fd = mkstemp (tmp_filename)) == -1 || (file_handle = fdopen (fd, "w")) == NULL)
++ {
++ if (fd != -1) {
++ unlink(tmp_filename);
++ close(fd);
++ }
++ DEBUG("Unable to create temporary file.");
++ return;
++ }
++
+ write (file_handle, &that_session, sizeof (FTPsession));
+ close (file_handle);
+
diff --git a/ftp/IglooFTP/files/patch-ab b/ftp/IglooFTP/files/patch-Makefile
index f2fb956b61fc..f2fb956b61fc 100644
--- a/ftp/IglooFTP/files/patch-ab
+++ b/ftp/IglooFTP/files/patch-Makefile
diff --git a/ftp/IglooFTP/files/patch-dialog.c b/ftp/IglooFTP/files/patch-dialog.c
new file mode 100644
index 000000000000..7b40677bbe87
--- /dev/null
+++ b/ftp/IglooFTP/files/patch-dialog.c
@@ -0,0 +1,70 @@
+--- dialog.c.orig Thu Apr 15 17:05:14 1999
++++ dialog.c Thu Feb 2 16:40:36 2006
+@@ -112,10 +112,15 @@
+ gtk_widget_set_usize (fixed_top, 353, 225);
+
+ sprintf (pixmap_path, "%s/xpm/iglooftp.xpm", SHARE_PATH);
+- pixmap = gdk_pixmap_create_from_xpm (startup_window->window, &mask, &startup_window->style->bg[GTK_STATE_NORMAL], pixmap_path);
+- igloo_pixmap = gtk_pixmap_new (pixmap, mask);
+
+- gtk_fixed_put (GTK_FIXED (fixed_top), igloo_pixmap, 0, 0);
++ if (eaccess(pixmap_path, R_OK) == 0) {
++ pixmap = gdk_pixmap_create_from_xpm (startup_window->window, &mask, &startup_window->style->bg[GTK_STATE_NORMAL], pixmap_path);
++ igloo_pixmap = gtk_pixmap_new (pixmap, mask);
++
++ gtk_fixed_put (GTK_FIXED (fixed_top), igloo_pixmap, 0, 0);
++ } else {
++ mask = pixmap = NULL;
++ }
+
+ startup_label = fixed_label (fixed_top, 10, 205, " ");
+ gtk_widget_set_usize (startup_label, 300, 24);
+@@ -126,8 +131,8 @@
+ gtk_widget_show_all (startup_window);
+
+ PROCESS_EVENTS;
+- gdk_pixmap_unref (pixmap);
+- gdk_pixmap_unref (mask);
++ if (pixmap) gdk_pixmap_unref (pixmap);
++ if (mask) gdk_pixmap_unref (mask);
+ }
+
+
+@@ -173,14 +178,22 @@
+ alert_hbox = h_box (alert_vbox, FALSE, 0, 0);
+
+ sprintf (pixmap_path, "%s/xpm/little_igloo.xpm", SHARE_PATH);
+- pixmap = gdk_pixmap_create_from_xpm (alert_window->window, &mask, &alert_window->style->bg[GTK_STATE_NORMAL], pixmap_path);
+- igloo_pixmap = gtk_pixmap_new (pixmap, mask);
++
++ if (eaccess(pixmap_path, R_OK) == 0) {
++ pixmap = gdk_pixmap_create_from_xpm (alert_window->window, &mask, &alert_window->style->bg[GTK_STATE_NORMAL], pixmap_path);
++ igloo_pixmap = gtk_pixmap_new (pixmap, mask);
++ } else {
++ pixmap = mask = NULL;
++ }
+
+ alert_button = gtk_button_new ();
+ gtk_button_set_relief (GTK_BUTTON (alert_button), GTK_RELIEF_NONE);
+
+- gtk_container_add (GTK_CONTAINER (alert_button), igloo_pixmap);
+- gtk_widget_show (igloo_pixmap);
++ if (pixmap) {
++ gtk_container_add (GTK_CONTAINER (alert_button), igloo_pixmap);
++ gtk_widget_show (igloo_pixmap);
++ }
++
+ gtk_box_pack_start (GTK_BOX (alert_hbox), alert_button, TRUE, TRUE, 0);
+ gtk_widget_show (alert_button);
+ gtk_signal_connect (GTK_OBJECT (alert_button), "clicked", GTK_SIGNAL_FUNC (open_URL_from_widget), strdup (HOME_URL));
+@@ -198,8 +211,8 @@
+
+ gtk_widget_show (alert_window);
+
+- gdk_pixmap_unref (pixmap);
+- gdk_pixmap_unref (mask);
++ if (pixmap) gdk_pixmap_unref (pixmap);
++ if (mask) gdk_pixmap_unref (mask);
+ }
+
+
diff --git a/ftp/IglooFTP/files/patch-dir_tree.c b/ftp/IglooFTP/files/patch-dir_tree.c
new file mode 100644
index 000000000000..a36e7f944b5e
--- /dev/null
+++ b/ftp/IglooFTP/files/patch-dir_tree.c
@@ -0,0 +1,10 @@
+--- dir_tree.c.orig Thu Apr 15 17:05:14 1999
++++ dir_tree.c Thu Feb 2 02:26:20 2006
+@@ -153,7 +153,6 @@
+ new_ptr[0] = 'B';
+ gtk_ctree_node_set_row_data_full (ctree, parent, strdup (new_ptr), (GtkDestroyNotify) free);
+ free (new_ptr);
+- free (ptr); // verify that this is a good thing to do
+
+ PARENT_BROWSED_FLAG = TRUE;
+ }
diff --git a/ftp/IglooFTP/files/patch-ac b/ftp/IglooFTP/files/patch-main.c
index dddf22599db0..dddf22599db0 100644
--- a/ftp/IglooFTP/files/patch-ac
+++ b/ftp/IglooFTP/files/patch-main.c