1. clamav-devel
  2. Commit 3a0946f516097238a02ce011c0676931973753c3
Browse code

Partial mode: fix possible stack corruption with Solaris

git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@1025 77e5149b-7576-45b1-b177-96237e5ba77b

Nigel Horne authored on 2004/10/20 19:39:15
Showing 2 changed files
ChangeLog
History View file @ 3a0946f
... ... 
@@ -1,8 +1,14 @@
1 
+Wed Oct 20 11:37:40 BST 2004 (njh)
2 
+----------------------------------
3 
+  * libclamav/mbox.c:	PARTIAL MODE ONLY: fixed possible stack corruption
4 
+  				under Solaris, patch from Andy Fiddaman
5 
+				<clam@fiddaman.net>
6 
+
1 7 
 Tue Oct 19 14:56:27 BST 2004 (njh)
2 8 
 ----------------------------------
3 9 
   * libclamav/message.c:	Some base64 encoders encode extra NUL bytes
4 10 
 			at the end - ensure that they aren't added when
5 
-			decoding
11 
+			decoding, reported by James Lick <jlick@drivel.com>
6 12
7 13 
 Tue Oct 19 02:53:46 CEST 2004 (tk)
8 14 
 ----------------------------------
libclamav/mbox.c
History View file @ 3a0946f
... ... 
@@ -17,6 +17,9 @@
17 17 
  *
18 18 
  * Change History:
19 19 
  * $Log: mbox.c,v $
20 
+ * Revision 1.159  2004/10/20 10:35:41  nigelhorne
21 
+ * Partial mode: fix possible stack corruption with Solaris
22 
+ *
20 23 
  * Revision 1.158  2004/10/17 09:29:21  nigelhorne
21 24 
  * Advise to report broken emails
22 25 
  *
... ... 
@@ -462,7 +465,7 @@
462 462 
  * Compilable under SCO; removed duplicate code with message.c
463 463 
  *
464 464 
  */
465 
-static	char	const	rcsid[] = "$Id: mbox.c,v 1.158 2004/10/17 09:29:21 nigelhorne Exp $";
465 
+static	char	const	rcsid[] = "$Id: mbox.c,v 1.159 2004/10/20 10:35:41 nigelhorne Exp $";
466 466
467 467 
 #if HAVE_CONFIG_H
468 468 
 #include "clamav-config.h"
... ... 
@@ -974,9 +977,11 @@ parseEmailHeaders(const message *m, const table_t *rfc821)
974 974 
 				char *ptr;
975 975 
 				char copy[LINE_LENGTH + 1];
976 976 
 				bool inquotes = FALSE;
977 
+				bool arequotes = FALSE;
977 978 
 #ifdef CL_THREAD_SAFE
978 979 
 				char *strptr;
979 980 
 #endif
981 
+
980 982 
 				contMarker = continuationMarker(buffer);
981 983 
 				switch(commandNumber) {
982 984 
 					case CONTENT_TRANSFER_ENCODING:
... ... 
@@ -999,23 +1004,29 @@ parseEmailHeaders(const message *m, const table_t *rfc821)
999 999 
 				for(ptr = copy; *ptr; ptr++)
1000 1000 
 					if(*ptr == '\"')
1001 1001 
 						inquotes = !inquotes;
1002 
-					else if(inquotes)
1002 
+					else if(inquotes) {
1003 1003 
 						*ptr |= '\200';
1004 
+						arequotes = TRUE;
1005 
+					}
1004 1006
1005 1007 
 #ifdef	CL_THREAD_SAFE
1006 1008 
 				for(ptr = strtok_r(copy, ";", &strptr); ptr; ptr = strtok_r(NULL, ":", &strptr))
1007 1009 
 					if(strchr(ptr, '=')) {
1008 
-						char *p2;
1009 
-						for(p2 = ptr; *p2; p2++)
1010 
-							*p2 &= '\177';
1010 
+						if(arequotes) {
1011 
+							char *p2;
1012 
+							for(p2 = ptr; *p2; p2++)
1013 
+								*p2 &= '\177';
1014 
+						}
1011 1015 
 						messageAddArguments(ret, ptr);
1012 1016 
 					}
1013 1017 
 #else
1014 1018 
 				for(ptr = strtok(copy, ";"); ptr; ptr = strtok(NULL, ":"))
1015 1019 
 					if(strchr(ptr, '=')) {
1016 
-						char *p2;
1017 
-						for(p2 = ptr; *p2; p2++)
1018 
-							*p2 &= '\177';
1020 
+						if(arequotes) {
1021 
+							char *p2;
1022 
+							for(p2 = ptr; *p2; p2++)
1023 
+								*p2 &= '\177';
1024 
+						}
1019 1025 
 						messageAddArguments(ret, ptr);
1020 1026 
 					}
1021 1027 
 #endif
... ... 
@@ -2707,15 +2718,21 @@ static int
2707 2707 
 rfc1341(message *m, const char *dir)
2708 2708 
 {
2709 2709 
 	fileblob *fb;
2710 
-	char *arg;
2711 
-	char *id;
2712 
-	char *number;
2713 
-	char *total;
2714 
-	char *oldfilename;
2710 
+	char *arg, *id, *number, *total, *oldfilename;
2715 2711
2716 2712 
 	if((mkdir(PARTIAL_DIR, 0700) < 0) && (errno != EEXIST)) {
2717 
-		cli_errmsg("Can't create the directory '%s'", PARTIAL_DIR);
2713 
+		cli_errmsg("Can't create the directory '%s'\n", PARTIAL_DIR);
2718 2714 
 		return -1;
2715 
+	} else {
2716 
+		struct stat statb;
2717 
+
2718 
+		if(stat(PARTIAL_DIR, &statb) < 0) {
2719 
+			cli_errmsg("Can't stat the directory '%s'\n", PARTIAL_DIR);
2720 
+			return -1;
2721 
+		}
2722 
+		if(statb.st_mode & 077)
2723 
+			cli_warnmsg("Insecure partial directory %s (mode 0%o)\n",
2724 
+				PARTIAL_DIR, statb.st_mode & 0777);
2719 2725 
 	}
2720 2726
2721 2727 
 	id = (char *)messageFindArgument(m, "id");
... ... 
@@ -2755,10 +2772,6 @@ rfc1341(message *m, const char *dir)
2755 2755 
 		int n = atoi(number);
2756 2756 
 		int t = atoi(total);
2757 2757 
 		DIR *dd = NULL;
2758 
-		struct dirent *dent;
2759 
-#if defined(HAVE_READDIR_R_3) || defined(HAVE_READDIR_R_2)
2760 
-		struct dirent result;
2761 
-#endif
2762 2758
2763 2759 
 		/*
2764 2760 
 		 * If it's the last one - reassemble it
... ... 
@@ -2784,12 +2797,20 @@ rfc1341(message *m, const char *dir)
2784 2784
2785 2785 
 			for(n = 1; n <= t; n++) {
2786 2786 
 				char filename[NAME_MAX + 1];
2787 
+				const struct dirent *dent;
2788 
+#if defined(HAVE_READDIR_R_3) || defined(HAVE_READDIR_R_2)
2789 
+#ifdef	C_SOLARIS
2790 
+				char result[sizeof(struct dirent) + MAX_PATH + 1];
2791 
+#else
2792 
+				struct dirent result;
2793 
+#endif
2794 
+#endif
2787 2795
2788 2796 
 				snprintf(filename, sizeof(filename), "%s%d", id, n);
2789 2797 
 #ifdef HAVE_READDIR_R_3
2790 
-				while((readdir_r(dd, &result, &dent) == 0) && dent) {
2798 
+				while((readdir_r(dd, (struct dirent *)&result, &dent) == 0) && dent) {
2791 2799 
 #elif defined(HAVE_READDIR_R_2)
2792 
-				while((dent = (struct dirent *)readdir_r(dd, &result))) {
2800 
+				while((dent = (struct dirent *)readdir_r(dd, (struct dirent *)&result))) {
2793 2801 
 #else
2794 2802 
 				while((dent = readdir(dd))) {
2795 2803 
 #endif