git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@306 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2004/02/18 22:32:34... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Wed Feb 18 13:35:59 GMT 2004 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav: Handle buffer overflows on files with long suffixes |
|
4 |
+ * clamav-milter: Added --dont-log-clean argument |
|
5 |
+ |
|
1 | 6 |
Wed Feb 18 10:12:54 GMT 2004 (njh) |
2 | 7 |
---------------------------------- |
3 | 8 |
* libclamav: Found some occurances of Yaha |
... | ... |
@@ -17,6 +17,9 @@ |
17 | 17 |
* |
18 | 18 |
* Change History: |
19 | 19 |
* $Log: mbox.c,v $ |
20 |
+ * Revision 1.46 2004/02/18 13:29:19 nigelhorne |
|
21 |
+ * Stop buffer overflows for files with very long suffixes |
|
22 |
+ * |
|
20 | 23 |
* Revision 1.45 2004/02/18 10:07:40 nigelhorne |
21 | 24 |
* Find some Yaha |
22 | 25 |
* |
... | ... |
@@ -126,7 +129,7 @@ |
126 | 126 |
* Compilable under SCO; removed duplicate code with message.c |
127 | 127 |
* |
128 | 128 |
*/ |
129 |
-static char const rcsid[] = "$Id: mbox.c,v 1.45 2004/02/18 10:07:40 nigelhorne Exp $"; |
|
129 |
+static char const rcsid[] = "$Id: mbox.c,v 1.46 2004/02/18 13:29:19 nigelhorne Exp $"; |
|
130 | 130 |
|
131 | 131 |
#if HAVE_CONFIG_H |
132 | 132 |
#include "clamav-config.h" |
... | ... |
@@ -1677,7 +1680,7 @@ static bool |
1677 | 1677 |
saveFile(const blob *b, const char *dir) |
1678 | 1678 |
{ |
1679 | 1679 |
unsigned long nbytes = blobGetDataSize(b); |
1680 |
- size_t len = 0; |
|
1680 |
+ size_t suffixLen = 0; |
|
1681 | 1681 |
int fd; |
1682 | 1682 |
const char *cptr, *suffix; |
1683 | 1683 |
unsigned char *data; |
... | ... |
@@ -1703,16 +1706,22 @@ saveFile(const blob *b, const char *dir) |
1703 | 1703 |
suffix = strrchr(cptr, '.'); |
1704 | 1704 |
if(suffix == NULL) |
1705 | 1705 |
suffix = ""; |
1706 |
- else |
|
1707 |
- len = strlen(suffix); |
|
1706 |
+ else { |
|
1707 |
+ suffixLen = strlen(suffix); |
|
1708 |
+ if(suffixLen > 4) { |
|
1709 |
+ /* Found a full stop which isn't a suffix */ |
|
1710 |
+ suffix = ""; |
|
1711 |
+ suffixLen = 0; |
|
1712 |
+ } |
|
1713 |
+ } |
|
1708 | 1714 |
} |
1709 | 1715 |
cli_dbgmsg("Saving attachment in %s/%s\n", dir, cptr); |
1710 | 1716 |
|
1711 | 1717 |
/* |
1712 | 1718 |
* Allow for very long filenames. We have to truncate them to fit |
1713 | 1719 |
*/ |
1714 |
- snprintf(filename, sizeof(filename) - 1 - len, "%s/%.*sXXXXXX", dir, |
|
1715 |
- (int)(sizeof(filename) - 9 - len - strlen(dir)), cptr); |
|
1720 |
+ snprintf(filename, sizeof(filename) - 1 - suffixLen, "%s/%.*sXXXXXX", dir, |
|
1721 |
+ (int)(sizeof(filename) - 9 - suffixLen - strlen(dir)), cptr); |
|
1716 | 1722 |
|
1717 | 1723 |
/* |
1718 | 1724 |
* TODO: add a HAVE_MKSTEMP property |
... | ... |
@@ -1726,6 +1735,7 @@ saveFile(const blob *b, const char *dir) |
1726 | 1726 |
|
1727 | 1727 |
if(fd < 0) { |
1728 | 1728 |
cli_errmsg("Can't create temporary file %s: %s\n", filename, strerror(errno)); |
1729 |
+ printf("%d %d %d\n", suffixLen, sizeof(filename), strlen(filename)); |
|
1729 | 1730 |
return FALSE; |
1730 | 1731 |
} |
1731 | 1732 |
|
... | ... |
@@ -1733,7 +1743,7 @@ saveFile(const blob *b, const char *dir) |
1733 | 1733 |
* Add the suffix back to the end of the filename. Tut-tut, filenames |
1734 | 1734 |
* should be independant of their usage on UNIX type systems. |
1735 | 1735 |
*/ |
1736 |
- if(len > 1) { |
|
1736 |
+ if(suffixLen > 1) { |
|
1737 | 1737 |
char stub[NAME_MAX + 1]; |
1738 | 1738 |
|
1739 | 1739 |
snprintf(stub, sizeof(stub), "%s%s", filename, suffix); |