Browse code
always check return value of cli_gentemp()
- ChangeLog
- libclamav/cvd.c
- libclamav/htmlnorm.c
- libclamav/rtf.c
- libclamav/scanners.c
- libclamav/tnef.c
| ... | ... |
@@ -514,7 +514,9 @@ int cli_cvdload(FILE *fs, struct cl_engine **engine, unsigned int *signo, short |
| 514 | 514 |
|
| 515 | 515 |
} else {
|
| 516 | 516 |
|
| 517 |
- dir = cli_gentemp(NULL); |
|
| 517 |
+ if(!(dir = cli_gentemp(NULL))) |
|
| 518 |
+ return CL_EMEM; |
|
| 519 |
+ |
|
| 518 | 520 |
if(mkdir(dir, 0700)) {
|
| 519 | 521 |
cli_errmsg("cli_cvdload(): Can't create temporary directory %s\n", dir);
|
| 520 | 522 |
free(dir); |
| ... | ... |
@@ -1377,6 +1377,10 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag |
| 1377 | 1377 |
} |
| 1378 | 1378 |
snprintf(filename, 1024, "%s/rfc2397", dirname); |
| 1379 | 1379 |
tmp_file = cli_gentemp(filename); |
| 1380 |
+ if(!tmp_file) {
|
|
| 1381 |
+ free(file_tmp_o1); |
|
| 1382 |
+ goto abort; |
|
| 1383 |
+ } |
|
| 1380 | 1384 |
cli_dbgmsg("RFC2397 data file: %s\n", tmp_file);
|
| 1381 | 1385 |
file_tmp_o1->fd = open(tmp_file, O_WRONLY|O_CREAT|O_TRUNC, S_IWUSR|S_IRUSR); |
| 1382 | 1386 |
free(tmp_file); |
| ... | ... |
@@ -533,7 +533,8 @@ int cli_scanrtf(int desc, cli_ctx *ctx) |
| 533 | 533 |
return CL_EMEM; |
| 534 | 534 |
} |
| 535 | 535 |
|
| 536 |
- tempname = cli_gentemp(NULL); |
|
| 536 |
+ if(!(tempname = cli_gentemp(NULL))) |
|
| 537 |
+ return CL_EMEM; |
|
| 537 | 538 |
|
| 538 | 539 |
if(mkdir(tempname, 0700)) {
|
| 539 | 540 |
cli_dbgmsg("ScanRTF -> Can't create temporary directory %s\n", tempname);
|
| ... | ... |
@@ -275,7 +275,9 @@ static int cli_scanrar(int desc, cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_c |
| 275 | 275 |
return CL_EIO; |
| 276 | 276 |
|
| 277 | 277 |
/* generate the temporary directory */ |
| 278 |
- dir = cli_gentemp(NULL); |
|
| 278 |
+ if(!(dir = cli_gentemp(NULL))) |
|
| 279 |
+ return CL_EMEM; |
|
| 280 |
+ |
|
| 279 | 281 |
if(mkdir(dir, 0700)) {
|
| 280 | 282 |
cli_dbgmsg("RAR: Can't create temporary directory %s\n", dir);
|
| 281 | 283 |
free(dir); |
| ... | ... |
@@ -374,7 +376,9 @@ static int cli_scanarj(int desc, cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_c |
| 374 | 374 |
cli_dbgmsg("in cli_scanarj()\n");
|
| 375 | 375 |
|
| 376 | 376 |
/* generate the temporary directory */ |
| 377 |
- dir = cli_gentemp(NULL); |
|
| 377 |
+ if(!(dir = cli_gentemp(NULL))) |
|
| 378 |
+ return CL_EMEM; |
|
| 379 |
+ |
|
| 378 | 380 |
if(mkdir(dir, 0700)) {
|
| 379 | 381 |
cli_dbgmsg("ARJ: Can't create temporary directory %s\n", dir);
|
| 380 | 382 |
free(dir); |
| ... | ... |
@@ -686,7 +690,10 @@ static int cli_scanmscab(int desc, cli_ctx *ctx, off_t sfx_offset) |
| 686 | 686 |
if(cli_checklimits("CAB", ctx, file->length, 0, 0)!=CL_CLEAN)
|
| 687 | 687 |
continue; |
| 688 | 688 |
|
| 689 |
- tempname = cli_gentemp(NULL); |
|
| 689 |
+ if(!(tempname = cli_gentemp(NULL))) {
|
|
| 690 |
+ ret = CL_EMEM; |
|
| 691 |
+ break; |
|
| 692 |
+ } |
|
| 690 | 693 |
cli_dbgmsg("CAB: Extracting file %s to %s, size %u\n", file->name, tempname, file->length);
|
| 691 | 694 |
if((ret = cab_extract(file, tempname))) |
| 692 | 695 |
cli_dbgmsg("CAB: Failed to extract file: %s\n", cl_strerror(ret));
|
| ... | ... |
@@ -902,7 +909,9 @@ static int cli_scanhtml(int desc, cli_ctx *ctx) |
| 902 | 902 |
return CL_CLEAN; |
| 903 | 903 |
} |
| 904 | 904 |
|
| 905 |
- tempname = cli_gentemp(NULL); |
|
| 905 |
+ if(!(tempname = cli_gentemp(NULL))) |
|
| 906 |
+ return CL_EMEM; |
|
| 907 |
+ |
|
| 906 | 908 |
if(mkdir(tempname, 0700)) {
|
| 907 | 909 |
cli_errmsg("cli_scanhtml: Can't create temporary directory %s\n", tempname);
|
| 908 | 910 |
free(tempname); |
| ... | ... |
@@ -1021,7 +1030,9 @@ static int cli_scanhtml_utf16(int desc, cli_ctx *ctx) |
| 1021 | 1021 |
|
| 1022 | 1022 |
cli_dbgmsg("in cli_scanhtml_utf16()\n");
|
| 1023 | 1023 |
|
| 1024 |
- tempname = cli_gentemp(NULL); |
|
| 1024 |
+ if(!(tempname = cli_gentemp(NULL))) |
|
| 1025 |
+ return CL_EMEM; |
|
| 1026 |
+ |
|
| 1025 | 1027 |
if((fd = open(tempname, O_RDWR|O_CREAT|O_TRUNC|O_BINARY, S_IRWXU)) < 0) {
|
| 1026 | 1028 |
cli_errmsg("cli_scanhtml_utf16: Can't create file %s\n", tempname);
|
| 1027 | 1029 |
free(tempname); |
| ... | ... |
@@ -1069,7 +1080,9 @@ static int cli_scanole2(int desc, cli_ctx *ctx) |
| 1069 | 1069 |
return CL_EMAXREC; |
| 1070 | 1070 |
|
| 1071 | 1071 |
/* generate the temporary directory */ |
| 1072 |
- dir = cli_gentemp(NULL); |
|
| 1072 |
+ if(!(dir = cli_gentemp(NULL))) |
|
| 1073 |
+ return CL_EMEM; |
|
| 1074 |
+ |
|
| 1073 | 1075 |
if(mkdir(dir, 0700)) {
|
| 1074 | 1076 |
cli_dbgmsg("OLE2: Can't create temporary directory %s\n", dir);
|
| 1075 | 1077 |
free(dir); |
| ... | ... |
@@ -1110,7 +1123,9 @@ static int cli_scantar(int desc, cli_ctx *ctx, unsigned int posix) |
| 1110 | 1110 |
cli_dbgmsg("in cli_scantar()\n");
|
| 1111 | 1111 |
|
| 1112 | 1112 |
/* generate temporary directory */ |
| 1113 |
- dir = cli_gentemp(NULL); |
|
| 1113 |
+ if(!(dir = cli_gentemp(NULL))) |
|
| 1114 |
+ return CL_EMEM; |
|
| 1115 |
+ |
|
| 1114 | 1116 |
if(mkdir(dir, 0700)) {
|
| 1115 | 1117 |
cli_errmsg("Tar: Can't create temporary directory %s\n", dir);
|
| 1116 | 1118 |
free(dir); |
| ... | ... |
@@ -1135,7 +1150,8 @@ static int cli_scanbinhex(int desc, cli_ctx *ctx) |
| 1135 | 1135 |
cli_dbgmsg("in cli_scanbinhex()\n");
|
| 1136 | 1136 |
|
| 1137 | 1137 |
/* generate temporary directory */ |
| 1138 |
- dir = cli_gentemp(NULL); |
|
| 1138 |
+ if(!(dir = cli_gentemp(NULL))) |
|
| 1139 |
+ return CL_EMEM; |
|
| 1139 | 1140 |
|
| 1140 | 1141 |
if(mkdir(dir, 0700)) {
|
| 1141 | 1142 |
cli_errmsg("Binhex: Can't create temporary directory %s\n", dir);
|
| ... | ... |
@@ -1164,7 +1180,9 @@ static int cli_scanmschm(int desc, cli_ctx *ctx) |
| 1164 | 1164 |
cli_dbgmsg("in cli_scanmschm()\n");
|
| 1165 | 1165 |
|
| 1166 | 1166 |
/* generate the temporary directory */ |
| 1167 |
- dir = cli_gentemp(NULL); |
|
| 1167 |
+ if(!(dir = cli_gentemp(NULL))) |
|
| 1168 |
+ return CL_EMEM; |
|
| 1169 |
+ |
|
| 1168 | 1170 |
if(mkdir(dir, 0700)) {
|
| 1169 | 1171 |
cli_dbgmsg("CHM: Can't create temporary directory %s\n", dir);
|
| 1170 | 1172 |
free(dir); |
| ... | ... |
@@ -1220,7 +1238,9 @@ static int cli_scanscrenc(int desc, cli_ctx *ctx) |
| 1220 | 1220 |
|
| 1221 | 1221 |
cli_dbgmsg("in cli_scanscrenc()\n");
|
| 1222 | 1222 |
|
| 1223 |
- tempname = cli_gentemp(NULL); |
|
| 1223 |
+ if(!(tempname = cli_gentemp(NULL))) |
|
| 1224 |
+ return CL_EMEM; |
|
| 1225 |
+ |
|
| 1224 | 1226 |
if(mkdir(tempname, 0700)) {
|
| 1225 | 1227 |
cli_dbgmsg("CHM: Can't create temporary directory %s\n", tempname);
|
| 1226 | 1228 |
free(tempname); |
| ... | ... |
@@ -1306,7 +1326,11 @@ static int cli_scancryptff(int desc, cli_ctx *ctx) |
| 1306 | 1306 |
|
| 1307 | 1307 |
free(src); |
| 1308 | 1308 |
|
| 1309 |
- tempfile = cli_gentemp(NULL); |
|
| 1309 |
+ if(!(tempfile = cli_gentemp(NULL))) {
|
|
| 1310 |
+ free(dest); |
|
| 1311 |
+ return CL_EMEM; |
|
| 1312 |
+ } |
|
| 1313 |
+ |
|
| 1310 | 1314 |
if((ndesc = open(tempfile, O_RDWR|O_CREAT|O_TRUNC|O_BINARY, S_IRWXU)) < 0) {
|
| 1311 | 1315 |
cli_errmsg("CryptFF: Can't create file %s\n", tempfile);
|
| 1312 | 1316 |
free(dest); |
| ... | ... |
@@ -1354,6 +1378,8 @@ static int cli_scanpdf(int desc, cli_ctx *ctx) |
| 1354 | 1354 |
int ret; |
| 1355 | 1355 |
char *dir = cli_gentemp(NULL); |
| 1356 | 1356 |
|
| 1357 |
+ if(!dir) |
|
| 1358 |
+ return CL_EMEM; |
|
| 1357 | 1359 |
|
| 1358 | 1360 |
if(mkdir(dir, 0700)) {
|
| 1359 | 1361 |
cli_dbgmsg("Can't create temporary directory for PDF file %s\n", dir);
|
| ... | ... |
@@ -1375,6 +1401,8 @@ static int cli_scantnef(int desc, cli_ctx *ctx) |
| 1375 | 1375 |
int ret; |
| 1376 | 1376 |
char *dir = cli_gentemp(NULL); |
| 1377 | 1377 |
|
| 1378 |
+ if(!dir) |
|
| 1379 |
+ return CL_EMEM; |
|
| 1378 | 1380 |
|
| 1379 | 1381 |
if(mkdir(dir, 0700)) {
|
| 1380 | 1382 |
cli_dbgmsg("Can't create temporary directory for tnef file %s\n", dir);
|
| ... | ... |
@@ -1399,6 +1427,9 @@ static int cli_scanuuencoded(int desc, cli_ctx *ctx) |
| 1399 | 1399 |
int ret; |
| 1400 | 1400 |
char *dir = cli_gentemp(NULL); |
| 1401 | 1401 |
|
| 1402 |
+ if(!dir) |
|
| 1403 |
+ return CL_EMEM; |
|
| 1404 |
+ |
|
| 1402 | 1405 |
if(mkdir(dir, 0700)) {
|
| 1403 | 1406 |
cli_dbgmsg("Can't create temporary directory for uuencoded file %s\n", dir);
|
| 1404 | 1407 |
free(dir); |
| ... | ... |
@@ -1426,7 +1457,9 @@ static int cli_scanmail(int desc, cli_ctx *ctx) |
| 1426 | 1426 |
cli_dbgmsg("Starting cli_scanmail(), recursion = %u\n", ctx->recursion);
|
| 1427 | 1427 |
|
| 1428 | 1428 |
/* generate the temporary directory */ |
| 1429 |
- dir = cli_gentemp(NULL); |
|
| 1429 |
+ if(!(dir = cli_gentemp(NULL))) |
|
| 1430 |
+ return CL_EMEM; |
|
| 1431 |
+ |
|
| 1430 | 1432 |
if(mkdir(dir, 0700)) {
|
| 1431 | 1433 |
cli_dbgmsg("Mail: Can't create temporary directory %s\n", dir);
|
| 1432 | 1434 |
free(dir); |
| ... | ... |
@@ -181,14 +181,15 @@ cli_tnef(const char *dir, int desc) |
| 181 | 181 |
* email that's about to be deleted |
| 182 | 182 |
*/ |
| 183 | 183 |
if(cli_debug_flag) {
|
| 184 |
- int fout; |
|
| 184 |
+ int fout = -1; |
|
| 185 | 185 |
char *filename = cli_gentemp(NULL); |
| 186 | 186 |
char buffer[BUFSIZ]; |
| 187 | 187 |
|
| 188 |
+ if(filename) |
|
| 188 | 189 |
#ifdef O_BINARY |
| 189 |
- fout = open(filename, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC|O_BINARY, 0600); |
|
| 190 |
+ fout = open(filename, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC|O_BINARY, 0600); |
|
| 190 | 191 |
#else |
| 191 |
- fout = open(filename, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600); |
|
| 192 |
+ fout = open(filename, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC, 0600); |
|
| 192 | 193 |
#endif |
| 193 | 194 |
|
| 194 | 195 |
if(fout >= 0) {
|