git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@469 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2004/04/05 18:37:13... | ... |
@@ -1,3 +1,11 @@ |
1 |
+Mon Apr 5 10:47:43 BST 2004 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav/mbox.c: Added SAVE_TO_DISC #define which, when activated, |
|
4 |
+ scans embedded RFC822 messages from disc rather than in memory. It |
|
5 |
+ is recommended that this option is always enabled unless ClamAV is |
|
6 |
+ to be installed on a system where many nested levels of RFC822 messages |
|
7 |
+ cannot occur |
|
8 |
+ |
|
1 | 9 |
Mon Apr 5 10:16:29 BST 2004 (trog) |
2 | 10 |
----------------------------------- |
3 | 11 |
* libclamav/vba_extract.c: minor code update |
... | ... |
@@ -17,6 +17,9 @@ |
17 | 17 |
* |
18 | 18 |
* Change History: |
19 | 19 |
* $Log: mbox.c,v $ |
20 |
+ * Revision 1.64 2004/04/05 09:32:20 nigelhorne |
|
21 |
+ * Added SCAN_TO_DISC define |
|
22 |
+ * |
|
20 | 23 |
* Revision 1.63 2004/04/01 15:32:34 nigelhorne |
21 | 24 |
* Graceful exit if messageAddLine fails in strdup |
22 | 25 |
* |
... | ... |
@@ -180,7 +183,7 @@ |
180 | 180 |
* Compilable under SCO; removed duplicate code with message.c |
181 | 181 |
* |
182 | 182 |
*/ |
183 |
-static char const rcsid[] = "$Id: mbox.c,v 1.63 2004/04/01 15:32:34 nigelhorne Exp $"; |
|
183 |
+static char const rcsid[] = "$Id: mbox.c,v 1.64 2004/04/05 09:32:20 nigelhorne Exp $"; |
|
184 | 184 |
|
185 | 185 |
#if HAVE_CONFIG_H |
186 | 186 |
#include "clamav-config.h" |
... | ... |
@@ -321,6 +324,8 @@ static const struct tableinit { |
321 | 321 |
#define O_BINARY 0 |
322 | 322 |
#endif |
323 | 323 |
|
324 |
+#define SAVE_TO_DISC /* multipart/message are saved in a temporary file */ |
|
325 |
+ |
|
324 | 326 |
/* |
325 | 327 |
* TODO: when signal handling is added, need to remove temp files when a |
326 | 328 |
* signal is received |
... | ... |
@@ -388,7 +393,6 @@ cl_mbox(const char *dir, int desc) |
388 | 388 |
*/ |
389 | 389 |
body = parseEmailHeaders(m, rfc821Table); |
390 | 390 |
messageDestroy(m); |
391 |
- messageClean(body); |
|
392 | 391 |
if(messageGetBody(body)) |
393 | 392 |
if(!parseEmailBody(body, NULL, 0, NULL, dir, rfc821Table, subtypeTable)) { |
394 | 393 |
messageReset(body); |
... | ... |
@@ -416,6 +420,12 @@ cl_mbox(const char *dir, int desc) |
416 | 416 |
/* |
417 | 417 |
* No need to preprocess such as cli_chomp() since |
418 | 418 |
* that'll be done by parseEmailHeaders() |
419 |
+ * |
|
420 |
+ * TODO: this needlessly creates a message object, |
|
421 |
+ * it'd be better if parseEmailHeaders could also |
|
422 |
+ * read in from a file. I do not want to lump the |
|
423 |
+ * parseEmailHeaders code here, that'd be a duplication |
|
424 |
+ * of code I want to avoid |
|
419 | 425 |
*/ |
420 | 426 |
if(messageAddLine(m, buffer, 1) < 0) |
421 | 427 |
break; |
... | ... |
@@ -430,7 +440,6 @@ cl_mbox(const char *dir, int desc) |
430 | 430 |
/* |
431 | 431 |
* Write out the last entry in the mailbox |
432 | 432 |
*/ |
433 |
- messageClean(body); |
|
434 | 433 |
if(messageGetBody(body)) |
435 | 434 |
if(!parseEmailBody(body, NULL, 0, NULL, dir, rfc821Table, subtypeTable)) |
436 | 435 |
retcode = -1; |
... | ... |
@@ -458,7 +467,7 @@ cl_mbox(const char *dir, int desc) |
458 | 458 |
static message * |
459 | 459 |
parseEmailHeaders(const message *m, const table_t *rfc821Table) |
460 | 460 |
{ |
461 |
- bool inContinuationHeader = FALSE; |
|
461 |
+ bool inContinuationHeader = FALSE; /* state machine: ugh */ |
|
462 | 462 |
bool inHeader = TRUE; |
463 | 463 |
const text *t; |
464 | 464 |
message *ret; |
... | ... |
@@ -517,6 +526,8 @@ parseEmailHeaders(const message *m, const table_t *rfc821Table) |
517 | 517 |
} |
518 | 518 |
} |
519 | 519 |
|
520 |
+ messageClean(ret); |
|
521 |
+ |
|
520 | 522 |
cli_dbgmsg("parseEmailHeaders: return\n"); |
521 | 523 |
|
522 | 524 |
return ret; |
... | ... |
@@ -1023,6 +1034,22 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con |
1023 | 1023 |
messages[i] = NULL; |
1024 | 1024 |
continue; |
1025 | 1025 |
} |
1026 |
+#ifdef SAVE_TO_DISC |
|
1027 |
+ /* |
|
1028 |
+ * Save this embedded message |
|
1029 |
+ * to a temporary file |
|
1030 |
+ */ |
|
1031 |
+ saveTextPart(aMessage, dir); |
|
1032 |
+ assert(aMessage == messages[i]); |
|
1033 |
+ messageDestroy(messages[i]); |
|
1034 |
+ messages[i] = NULL; |
|
1035 |
+#else |
|
1036 |
+ /* |
|
1037 |
+ * Scan in memory, faster but |
|
1038 |
+ * is open to DoS attacks when |
|
1039 |
+ * many nested levels are |
|
1040 |
+ * involved. |
|
1041 |
+ */ |
|
1026 | 1042 |
body = parseEmailHeaders(aMessage, rfc821Table); |
1027 | 1043 |
/* |
1028 | 1044 |
* We've fininished with the |
... | ... |
@@ -1039,7 +1066,7 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con |
1039 | 1039 |
rc = parseEmailBody(body, blobs, nBlobs, NULL, dir, rfc821Table, subtypeTable); |
1040 | 1040 |
messageDestroy(body); |
1041 | 1041 |
} |
1042 |
- |
|
1042 |
+#endif |
|
1043 | 1043 |
continue; |
1044 | 1044 |
case MULTIPART: |
1045 | 1045 |
/* |
... | ... |
@@ -1244,8 +1271,10 @@ parseEmailBody(message *messageIn, blob **blobsIn, int nBlobs, text *textIn, con |
1244 | 1244 |
if(m) { |
1245 | 1245 |
cli_dbgmsg("Decode rfc822"); |
1246 | 1246 |
|
1247 |
- messageClean(m); |
|
1248 |
- |
|
1247 |
+ if(mainMessage && (mainMessage != messageIn)) { |
|
1248 |
+ messageDestroy(mainMessage); |
|
1249 |
+ mainMessage = NULL; |
|
1250 |
+ } |
|
1249 | 1251 |
if(messageGetBody(m)) |
1250 | 1252 |
rc = parseEmailBody(m, NULL, 0, NULL, dir, rfc821Table, subtypeTable); |
1251 | 1253 |
|