git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@1025 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2004/10/20 19:39:15... | ... |
@@ -1,8 +1,14 @@ |
1 |
+Wed Oct 20 11:37:40 BST 2004 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav/mbox.c: PARTIAL MODE ONLY: fixed possible stack corruption |
|
4 |
+ under Solaris, patch from Andy Fiddaman |
|
5 |
+ <clam@fiddaman.net> |
|
6 |
+ |
|
1 | 7 |
Tue Oct 19 14:56:27 BST 2004 (njh) |
2 | 8 |
---------------------------------- |
3 | 9 |
* libclamav/message.c: Some base64 encoders encode extra NUL bytes |
4 | 10 |
at the end - ensure that they aren't added when |
5 |
- decoding |
|
11 |
+ decoding, reported by James Lick <jlick@drivel.com> |
|
6 | 12 |
|
7 | 13 |
Tue Oct 19 02:53:46 CEST 2004 (tk) |
8 | 14 |
---------------------------------- |
... | ... |
@@ -17,6 +17,9 @@ |
17 | 17 |
* |
18 | 18 |
* Change History: |
19 | 19 |
* $Log: mbox.c,v $ |
20 |
+ * Revision 1.159 2004/10/20 10:35:41 nigelhorne |
|
21 |
+ * Partial mode: fix possible stack corruption with Solaris |
|
22 |
+ * |
|
20 | 23 |
* Revision 1.158 2004/10/17 09:29:21 nigelhorne |
21 | 24 |
* Advise to report broken emails |
22 | 25 |
* |
... | ... |
@@ -462,7 +465,7 @@ |
462 | 462 |
* Compilable under SCO; removed duplicate code with message.c |
463 | 463 |
* |
464 | 464 |
*/ |
465 |
-static char const rcsid[] = "$Id: mbox.c,v 1.158 2004/10/17 09:29:21 nigelhorne Exp $"; |
|
465 |
+static char const rcsid[] = "$Id: mbox.c,v 1.159 2004/10/20 10:35:41 nigelhorne Exp $"; |
|
466 | 466 |
|
467 | 467 |
#if HAVE_CONFIG_H |
468 | 468 |
#include "clamav-config.h" |
... | ... |
@@ -974,9 +977,11 @@ parseEmailHeaders(const message *m, const table_t *rfc821) |
974 | 974 |
char *ptr; |
975 | 975 |
char copy[LINE_LENGTH + 1]; |
976 | 976 |
bool inquotes = FALSE; |
977 |
+ bool arequotes = FALSE; |
|
977 | 978 |
#ifdef CL_THREAD_SAFE |
978 | 979 |
char *strptr; |
979 | 980 |
#endif |
981 |
+ |
|
980 | 982 |
contMarker = continuationMarker(buffer); |
981 | 983 |
switch(commandNumber) { |
982 | 984 |
case CONTENT_TRANSFER_ENCODING: |
... | ... |
@@ -999,23 +1004,29 @@ parseEmailHeaders(const message *m, const table_t *rfc821) |
999 | 999 |
for(ptr = copy; *ptr; ptr++) |
1000 | 1000 |
if(*ptr == '\"') |
1001 | 1001 |
inquotes = !inquotes; |
1002 |
- else if(inquotes) |
|
1002 |
+ else if(inquotes) { |
|
1003 | 1003 |
*ptr |= '\200'; |
1004 |
+ arequotes = TRUE; |
|
1005 |
+ } |
|
1004 | 1006 |
|
1005 | 1007 |
#ifdef CL_THREAD_SAFE |
1006 | 1008 |
for(ptr = strtok_r(copy, ";", &strptr); ptr; ptr = strtok_r(NULL, ":", &strptr)) |
1007 | 1009 |
if(strchr(ptr, '=')) { |
1008 |
- char *p2; |
|
1009 |
- for(p2 = ptr; *p2; p2++) |
|
1010 |
- *p2 &= '\177'; |
|
1010 |
+ if(arequotes) { |
|
1011 |
+ char *p2; |
|
1012 |
+ for(p2 = ptr; *p2; p2++) |
|
1013 |
+ *p2 &= '\177'; |
|
1014 |
+ } |
|
1011 | 1015 |
messageAddArguments(ret, ptr); |
1012 | 1016 |
} |
1013 | 1017 |
#else |
1014 | 1018 |
for(ptr = strtok(copy, ";"); ptr; ptr = strtok(NULL, ":")) |
1015 | 1019 |
if(strchr(ptr, '=')) { |
1016 |
- char *p2; |
|
1017 |
- for(p2 = ptr; *p2; p2++) |
|
1018 |
- *p2 &= '\177'; |
|
1020 |
+ if(arequotes) { |
|
1021 |
+ char *p2; |
|
1022 |
+ for(p2 = ptr; *p2; p2++) |
|
1023 |
+ *p2 &= '\177'; |
|
1024 |
+ } |
|
1019 | 1025 |
messageAddArguments(ret, ptr); |
1020 | 1026 |
} |
1021 | 1027 |
#endif |
... | ... |
@@ -2707,15 +2718,21 @@ static int |
2707 | 2707 |
rfc1341(message *m, const char *dir) |
2708 | 2708 |
{ |
2709 | 2709 |
fileblob *fb; |
2710 |
- char *arg; |
|
2711 |
- char *id; |
|
2712 |
- char *number; |
|
2713 |
- char *total; |
|
2714 |
- char *oldfilename; |
|
2710 |
+ char *arg, *id, *number, *total, *oldfilename; |
|
2715 | 2711 |
|
2716 | 2712 |
if((mkdir(PARTIAL_DIR, 0700) < 0) && (errno != EEXIST)) { |
2717 |
- cli_errmsg("Can't create the directory '%s'", PARTIAL_DIR); |
|
2713 |
+ cli_errmsg("Can't create the directory '%s'\n", PARTIAL_DIR); |
|
2718 | 2714 |
return -1; |
2715 |
+ } else { |
|
2716 |
+ struct stat statb; |
|
2717 |
+ |
|
2718 |
+ if(stat(PARTIAL_DIR, &statb) < 0) { |
|
2719 |
+ cli_errmsg("Can't stat the directory '%s'\n", PARTIAL_DIR); |
|
2720 |
+ return -1; |
|
2721 |
+ } |
|
2722 |
+ if(statb.st_mode & 077) |
|
2723 |
+ cli_warnmsg("Insecure partial directory %s (mode 0%o)\n", |
|
2724 |
+ PARTIAL_DIR, statb.st_mode & 0777); |
|
2719 | 2725 |
} |
2720 | 2726 |
|
2721 | 2727 |
id = (char *)messageFindArgument(m, "id"); |
... | ... |
@@ -2755,10 +2772,6 @@ rfc1341(message *m, const char *dir) |
2755 | 2755 |
int n = atoi(number); |
2756 | 2756 |
int t = atoi(total); |
2757 | 2757 |
DIR *dd = NULL; |
2758 |
- struct dirent *dent; |
|
2759 |
-#if defined(HAVE_READDIR_R_3) || defined(HAVE_READDIR_R_2) |
|
2760 |
- struct dirent result; |
|
2761 |
-#endif |
|
2762 | 2758 |
|
2763 | 2759 |
/* |
2764 | 2760 |
* If it's the last one - reassemble it |
... | ... |
@@ -2784,12 +2797,20 @@ rfc1341(message *m, const char *dir) |
2784 | 2784 |
|
2785 | 2785 |
for(n = 1; n <= t; n++) { |
2786 | 2786 |
char filename[NAME_MAX + 1]; |
2787 |
+ const struct dirent *dent; |
|
2788 |
+#if defined(HAVE_READDIR_R_3) || defined(HAVE_READDIR_R_2) |
|
2789 |
+#ifdef C_SOLARIS |
|
2790 |
+ char result[sizeof(struct dirent) + MAX_PATH + 1]; |
|
2791 |
+#else |
|
2792 |
+ struct dirent result; |
|
2793 |
+#endif |
|
2794 |
+#endif |
|
2787 | 2795 |
|
2788 | 2796 |
snprintf(filename, sizeof(filename), "%s%d", id, n); |
2789 | 2797 |
#ifdef HAVE_READDIR_R_3 |
2790 |
- while((readdir_r(dd, &result, &dent) == 0) && dent) { |
|
2798 |
+ while((readdir_r(dd, (struct dirent *)&result, &dent) == 0) && dent) { |
|
2791 | 2799 |
#elif defined(HAVE_READDIR_R_2) |
2792 |
- while((dent = (struct dirent *)readdir_r(dd, &result))) { |
|
2800 |
+ while((dent = (struct dirent *)readdir_r(dd, (struct dirent *)&result))) { |
|
2793 | 2801 |
#else |
2794 | 2802 |
while((dent = readdir(dd))) { |
2795 | 2803 |
#endif |