git-svn: trunk@3185
Tomasz Kojm authored on 2007/08/22 05:30:15... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Tue Aug 21 21:35:10 CEST 2007 (tk) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav/htmlnorm.c: fix possible NULL dereference (bb#582), |
|
4 |
+ thanks to Stefanos Stamatis |
|
5 |
+ |
|
1 | 6 |
Tue Aug 21 21:32:30 CEST 2007 (tk) |
2 | 7 |
---------------------------------- |
3 | 8 |
* libclamav/htmlnorm.c: fix possible NULL dereference (bb#582) |
... | ... |
@@ -1360,33 +1360,37 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag |
1360 | 1360 |
} |
1361 | 1361 |
break; |
1362 | 1362 |
case HTML_RFC2397_INIT: |
1363 |
- file_tmp_o1 = (file_buff_t *) cli_malloc(sizeof(file_buff_t)); |
|
1364 |
- if (!file_tmp_o1) { |
|
1365 |
- goto abort; |
|
1366 |
- } |
|
1367 |
- snprintf(filename, 1024, "%s/rfc2397", dirname); |
|
1368 |
- tmp_file = cli_gentemp(filename); |
|
1369 |
- cli_dbgmsg("RFC2397 data file: %s\n", tmp_file); |
|
1370 |
- file_tmp_o1->fd = open(tmp_file, O_WRONLY|O_CREAT|O_TRUNC, S_IWUSR|S_IRUSR); |
|
1371 |
- free(tmp_file); |
|
1372 |
- if (!file_tmp_o1->fd) { |
|
1373 |
- cli_dbgmsg("open failed: %s\n", filename); |
|
1374 |
- free(file_tmp_o1); |
|
1375 |
- goto abort; |
|
1376 |
- } |
|
1377 |
- file_tmp_o1->length = 0; |
|
1363 |
+ if (dirname) { |
|
1364 |
+ file_tmp_o1 = (file_buff_t *) cli_malloc(sizeof(file_buff_t)); |
|
1365 |
+ if (!file_tmp_o1) { |
|
1366 |
+ goto abort; |
|
1367 |
+ } |
|
1368 |
+ snprintf(filename, 1024, "%s/rfc2397", dirname); |
|
1369 |
+ tmp_file = cli_gentemp(filename); |
|
1370 |
+ cli_dbgmsg("RFC2397 data file: %s\n", tmp_file); |
|
1371 |
+ file_tmp_o1->fd = open(tmp_file, O_WRONLY|O_CREAT|O_TRUNC, S_IWUSR|S_IRUSR); |
|
1372 |
+ free(tmp_file); |
|
1373 |
+ if (!file_tmp_o1->fd) { |
|
1374 |
+ cli_dbgmsg("open failed: %s\n", filename); |
|
1375 |
+ free(file_tmp_o1); |
|
1376 |
+ goto abort; |
|
1377 |
+ } |
|
1378 |
+ file_tmp_o1->length = 0; |
|
1378 | 1379 |
|
1379 |
- html_output_str(file_tmp_o1, "From html-normalise\n", 20); |
|
1380 |
- html_output_str(file_tmp_o1, "Content-type: ", 14); |
|
1381 |
- if ((tag_val_length == 0) && (*tag_val == ';')) { |
|
1380 |
+ html_output_str(file_tmp_o1, "From html-normalise\n", 20); |
|
1381 |
+ html_output_str(file_tmp_o1, "Content-type: ", 14); |
|
1382 |
+ if ((tag_val_length == 0) && (*tag_val == ';')) { |
|
1382 | 1383 |
html_output_str(file_tmp_o1, "text/plain\n", 11); |
1384 |
+ } |
|
1385 |
+ html_output_str(file_tmp_o1, tag_val, tag_val_length); |
|
1386 |
+ html_output_c(file_tmp_o1, NULL, '\n'); |
|
1387 |
+ if (strstr(tag_val, ";base64") != NULL) { |
|
1388 |
+ html_output_str(file_tmp_o1, "Content-transfer-encoding: base64\n", 34); |
|
1389 |
+ } |
|
1390 |
+ html_output_c(file_tmp_o1, NULL, '\n'); |
|
1391 |
+ } else { |
|
1392 |
+ file_tmp_o1 = NULL; |
|
1383 | 1393 |
} |
1384 |
- html_output_str(file_tmp_o1, tag_val, tag_val_length); |
|
1385 |
- html_output_c(file_tmp_o1, NULL, '\n'); |
|
1386 |
- if (strstr(tag_val, ";base64") != NULL) { |
|
1387 |
- html_output_str(file_tmp_o1, "Content-transfer-encoding: base64\n", 34); |
|
1388 |
- } |
|
1389 |
- html_output_c(file_tmp_o1, NULL, '\n'); |
|
1390 | 1394 |
state = HTML_RFC2397_DATA; |
1391 | 1395 |
binary = TRUE; |
1392 | 1396 |
break; |
... | ... |
@@ -1436,9 +1440,11 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag |
1436 | 1436 |
} |
1437 | 1437 |
break; |
1438 | 1438 |
case HTML_RFC2397_FINISH: |
1439 |
- html_output_flush(file_tmp_o1); |
|
1440 |
- close(file_tmp_o1->fd); |
|
1441 |
- free(file_tmp_o1); |
|
1439 |
+ if(file_tmp_o1) { |
|
1440 |
+ html_output_flush(file_tmp_o1); |
|
1441 |
+ close(file_tmp_o1->fd); |
|
1442 |
+ free(file_tmp_o1); |
|
1443 |
+ } |
|
1442 | 1444 |
state = HTML_SKIP_WS; |
1443 | 1445 |
escape = FALSE; |
1444 | 1446 |
quoted = NOT_QUOTED; |