1. clamav-devel
  2. Commit 181c75482ccb593341b6cc48a6aadbd5d85d6696
Browse code

Handle spaces at the end of lines of MIME headers

git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@118 77e5149b-7576-45b1-b177-96237e5ba77b

Nigel Horne authored on 2003/11/17 17:14:46
Showing 2 changed files
ChangeLog
History View file @ 181c754
... ... 
@@ -1,6 +1,7 @@
1 1 
 Mon Nov 17 13:28:16 IST 2003 (njh)
2 2 
 ----------------------------------
3 
-  * libclamav: Prevent buffer overflow in broken uuencoded files
3 
+  * libclamav:	Prevent buffer overflow in broken uuencoded files
4 
+		Handle spaces at the end of lines of MIME headers
4 5
5 6 
 Mon Nov 17 10:20:05 IST 2003 (njh)
6 7 
 ----------------------------------
libclamav/mbox.c
History View file @ 181c754
... ... 
@@ -17,6 +17,9 @@
17 17 
  *
18 18 
  * Change History:
19 19 
  * $Log: mbox.c,v $
20 
+ * Revision 1.18  2003/11/17 08:13:21  nigelhorne
21 
+ * Handle spaces at the end of lines of MIME headers
22 
+ *
20 23 
  * Revision 1.17  2003/11/06 05:06:42  nigelhorne
21 24 
  * Some applications weren't being scanned
22 25 
  *
... ... 
@@ -42,7 +45,7 @@
42 42 
  * Compilable under SCO; removed duplicate code with message.c
43 43 
  *
44 44 
  */
45 
-static	char	const	rcsid[] = "$Id: mbox.c,v 1.17 2003/11/06 05:06:42 nigelhorne Exp $";
45 
+static	char	const	rcsid[] = "$Id: mbox.c,v 1.18 2003/11/17 08:13:21 nigelhorne Exp $";
46 46
47 47 
 #ifndef	CL_DEBUG
48 48 
 /*#define	NDEBUG	/* map CLAMAV debug onto standard */
... ... 
@@ -1396,6 +1399,7 @@ parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const c
1396 1396 
 	char *ptr = copy;
1397 1397
1398 1398 
 	cli_dbgmsg("parseMimeHeader: cmd='%s', arg='%s'\n", cmd, arg);
1399 
+	strstrip(copy);
1399 1400
1400 1401 
 	switch(type) {
1401 1402 
 		case CONTENT_TYPE:
... ... 
@@ -1451,6 +1455,7 @@ static bool
1451 1451 
 saveFile(const blob *b, const char *dir)
1452 1452 
 {
1453 1453 
 	unsigned long nbytes = blobGetDataSize(b);
1454 
+	size_t len = 0;
1454 1455 
 	int fd;
1455 1456 
 	const char *cptr, *suffix;
1456 1457 
 	char filename[NAME_MAX + 1];
... ... 
@@ -1475,17 +1480,19 @@ saveFile(const blob *b, const char *dir)
1475 1475 
 		suffix = strrchr(cptr, '.');
1476 1476 
 		if(suffix == NULL)
1477 1477 
 			suffix = "";
1478 
+		else
1479 
+			len = strlen(suffix);
1478 1480 
 	}
1479 1481 
 	cli_dbgmsg("Saving attachment in %s/%s\n", dir, cptr);
1480 1482
1481 1483 
 	/*
1482 1484 
 	 * Allow for very long filenames. We have to truncate them to fit
1483 1485 
 	 */
1484 
-	snprintf(filename, sizeof(filename) - 7 - strlen(suffix), "%s/%s", dir, cptr);
1485 
-	strcat(filename, "XXXXXX");
1486 
+	snprintf(filename, sizeof(filename) - 1 - len, "%s/%.*sXXXXXX", dir,
1487 
+		sizeof(filename) - 9 - len - strlen(dir), cptr);
1486 1488
1487 1489 
 	/*
1488 
-	 * TODO: add a HAS_MKSTEMP property
1490 
+	 * TODO: add a HAVE_MKSTEMP property
1489 1491 
 	 */
1490 1492 
 #if	defined(C_LINUX) || defined(C_BSD) || defined(HAVE_MKSTEMP)
1491 1493 
 	fd = mkstemp(filename);
... ... 
@@ -1495,7 +1502,7 @@ saveFile(const blob *b, const char *dir)
1495 1495 
 #endif
1496 1496
1497 1497 
 	if(fd < 0) {
1498 
-		cli_errmsg("%s: %s\n", filename, strerror(errno));
1498 
+		cli_errmsg("Can't create temporary file %s: %s\n", filename, strerror(errno));
1499 1499 
 		return FALSE;
1500 1500 
 	}
1501 1501
... ... 
@@ -1503,11 +1510,10 @@ saveFile(const blob *b, const char *dir)
1503 1503 
 	 * Add the suffix back to the end of the filename. Tut-tut, filenames
1504 1504 
 	 * should be independant of their usage on UNIX type systems.
1505 1505 
 	 */
1506 
-	if(strlen(suffix) > 1) {
1506 
+	if(len > 1) {
1507 1507 
 		char stub[NAME_MAX + 1];
1508 1508
1509 
-		strcpy(stub, filename);
1510 
-		strcat(filename, suffix);
1509 
+		snprintf(stub, sizeof(stub), "%s%s", filename, suffix);
1511 1510 
 #ifdef	C_LINUX
1512 1511 
 		rename(stub, filename);
1513 1512 
 #else