git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@118 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2003/11/17 17:14:46... | ... |
@@ -1,6 +1,7 @@ |
1 | 1 |
Mon Nov 17 13:28:16 IST 2003 (njh) |
2 | 2 |
---------------------------------- |
3 |
- * libclamav: Prevent buffer overflow in broken uuencoded files |
|
3 |
+ * libclamav: Prevent buffer overflow in broken uuencoded files |
|
4 |
+ Handle spaces at the end of lines of MIME headers |
|
4 | 5 |
|
5 | 6 |
Mon Nov 17 10:20:05 IST 2003 (njh) |
6 | 7 |
---------------------------------- |
... | ... |
@@ -17,6 +17,9 @@ |
17 | 17 |
* |
18 | 18 |
* Change History: |
19 | 19 |
* $Log: mbox.c,v $ |
20 |
+ * Revision 1.18 2003/11/17 08:13:21 nigelhorne |
|
21 |
+ * Handle spaces at the end of lines of MIME headers |
|
22 |
+ * |
|
20 | 23 |
* Revision 1.17 2003/11/06 05:06:42 nigelhorne |
21 | 24 |
* Some applications weren't being scanned |
22 | 25 |
* |
... | ... |
@@ -42,7 +45,7 @@ |
42 | 42 |
* Compilable under SCO; removed duplicate code with message.c |
43 | 43 |
* |
44 | 44 |
*/ |
45 |
-static char const rcsid[] = "$Id: mbox.c,v 1.17 2003/11/06 05:06:42 nigelhorne Exp $"; |
|
45 |
+static char const rcsid[] = "$Id: mbox.c,v 1.18 2003/11/17 08:13:21 nigelhorne Exp $"; |
|
46 | 46 |
|
47 | 47 |
#ifndef CL_DEBUG |
48 | 48 |
/*#define NDEBUG /* map CLAMAV debug onto standard */ |
... | ... |
@@ -1396,6 +1399,7 @@ parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const c |
1396 | 1396 |
char *ptr = copy; |
1397 | 1397 |
|
1398 | 1398 |
cli_dbgmsg("parseMimeHeader: cmd='%s', arg='%s'\n", cmd, arg); |
1399 |
+ strstrip(copy); |
|
1399 | 1400 |
|
1400 | 1401 |
switch(type) { |
1401 | 1402 |
case CONTENT_TYPE: |
... | ... |
@@ -1451,6 +1455,7 @@ static bool |
1451 | 1451 |
saveFile(const blob *b, const char *dir) |
1452 | 1452 |
{ |
1453 | 1453 |
unsigned long nbytes = blobGetDataSize(b); |
1454 |
+ size_t len = 0; |
|
1454 | 1455 |
int fd; |
1455 | 1456 |
const char *cptr, *suffix; |
1456 | 1457 |
char filename[NAME_MAX + 1]; |
... | ... |
@@ -1475,17 +1480,19 @@ saveFile(const blob *b, const char *dir) |
1475 | 1475 |
suffix = strrchr(cptr, '.'); |
1476 | 1476 |
if(suffix == NULL) |
1477 | 1477 |
suffix = ""; |
1478 |
+ else |
|
1479 |
+ len = strlen(suffix); |
|
1478 | 1480 |
} |
1479 | 1481 |
cli_dbgmsg("Saving attachment in %s/%s\n", dir, cptr); |
1480 | 1482 |
|
1481 | 1483 |
/* |
1482 | 1484 |
* Allow for very long filenames. We have to truncate them to fit |
1483 | 1485 |
*/ |
1484 |
- snprintf(filename, sizeof(filename) - 7 - strlen(suffix), "%s/%s", dir, cptr); |
|
1485 |
- strcat(filename, "XXXXXX"); |
|
1486 |
+ snprintf(filename, sizeof(filename) - 1 - len, "%s/%.*sXXXXXX", dir, |
|
1487 |
+ sizeof(filename) - 9 - len - strlen(dir), cptr); |
|
1486 | 1488 |
|
1487 | 1489 |
/* |
1488 |
- * TODO: add a HAS_MKSTEMP property |
|
1490 |
+ * TODO: add a HAVE_MKSTEMP property |
|
1489 | 1491 |
*/ |
1490 | 1492 |
#if defined(C_LINUX) || defined(C_BSD) || defined(HAVE_MKSTEMP) |
1491 | 1493 |
fd = mkstemp(filename); |
... | ... |
@@ -1495,7 +1502,7 @@ saveFile(const blob *b, const char *dir) |
1495 | 1495 |
#endif |
1496 | 1496 |
|
1497 | 1497 |
if(fd < 0) { |
1498 |
- cli_errmsg("%s: %s\n", filename, strerror(errno)); |
|
1498 |
+ cli_errmsg("Can't create temporary file %s: %s\n", filename, strerror(errno)); |
|
1499 | 1499 |
return FALSE; |
1500 | 1500 |
} |
1501 | 1501 |
|
... | ... |
@@ -1503,11 +1510,10 @@ saveFile(const blob *b, const char *dir) |
1503 | 1503 |
* Add the suffix back to the end of the filename. Tut-tut, filenames |
1504 | 1504 |
* should be independant of their usage on UNIX type systems. |
1505 | 1505 |
*/ |
1506 |
- if(strlen(suffix) > 1) { |
|
1506 |
+ if(len > 1) { |
|
1507 | 1507 |
char stub[NAME_MAX + 1]; |
1508 | 1508 |
|
1509 |
- strcpy(stub, filename); |
|
1510 |
- strcat(filename, suffix); |
|
1509 |
+ snprintf(stub, sizeof(stub), "%s%s", filename, suffix); |
|
1511 | 1510 |
#ifdef C_LINUX |
1512 | 1511 |
rename(stub, filename); |
1513 | 1512 |
#else |