git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@889 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2004/09/17 19:57:56... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Fri Sep 17 11:56:58 BST 2004 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav: Handle even more attempts to falsify the mime type |
|
4 |
+ |
|
1 | 5 |
Fri Sep 17 11:06:42 BST 2004 (trog) |
2 | 6 |
----------------------------------- |
3 | 7 |
* libclamav/htmlnorm.c: fix breakage resulting from yesterdays change |
... | ... |
@@ -17,6 +17,9 @@ |
17 | 17 |
* |
18 | 18 |
* Change History: |
19 | 19 |
* $Log: mbox.c,v $ |
20 |
+ * Revision 1.130 2004/09/17 10:56:29 nigelhorne |
|
21 |
+ * Handle multiple content-type headers and use the most likely |
|
22 |
+ * |
|
20 | 23 |
* Revision 1.129 2004/09/17 09:48:53 nigelhorne |
21 | 24 |
* Handle attempts to hide mime type |
22 | 25 |
* |
... | ... |
@@ -375,7 +378,7 @@ |
375 | 375 |
* Compilable under SCO; removed duplicate code with message.c |
376 | 376 |
* |
377 | 377 |
*/ |
378 |
-static char const rcsid[] = "$Id: mbox.c,v 1.129 2004/09/17 09:48:53 nigelhorne Exp $"; |
|
378 |
+static char const rcsid[] = "$Id: mbox.c,v 1.130 2004/09/17 10:56:29 nigelhorne Exp $"; |
|
379 | 379 |
|
380 | 380 |
#if HAVE_CONFIG_H |
381 | 381 |
#include "clamav-config.h" |
... | ... |
@@ -2123,6 +2126,9 @@ parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const c |
2123 | 2123 |
*/ |
2124 | 2124 |
cli_dbgmsg("Invalid content-type '%s' received, no subtype specified, assuming text/plain; charset=us-ascii\n", copy); |
2125 | 2125 |
else { |
2126 |
+ char *mimeArgs; /* RHS of the ; */ |
|
2127 |
+ |
|
2128 |
+ mimeArgs = cli_strtok(copy, 1, ";"); |
|
2126 | 2129 |
/* |
2127 | 2130 |
* Some clients are broken and |
2128 | 2131 |
* put white space after the ; |
... | ... |
@@ -2131,11 +2137,12 @@ parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const c |
2131 | 2131 |
cli_warnmsg("Content-type '/' received, assuming application/octet-stream\n"); |
2132 | 2132 |
messageSetMimeType(m, "application"); |
2133 | 2133 |
messageSetMimeSubtype(m, "octet-stream"); |
2134 |
- strtok_r(copy, ";", &strptr); |
|
2135 | 2134 |
} else { |
2136 | 2135 |
char *s; |
2136 |
+ char *mimeType; /* LHS of the ; */ |
|
2137 | 2137 |
size_t len; |
2138 | 2138 |
|
2139 |
+ s = mimeType = cli_strtok(copy, 0, ";"); |
|
2139 | 2140 |
/* |
2140 | 2141 |
* The content type could be in quotes: |
2141 | 2142 |
* Content-Type: "multipart/mixed" |
... | ... |
@@ -2143,31 +2150,53 @@ parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const c |
2143 | 2143 |
* the quotes, it doesn't handle |
2144 | 2144 |
* them properly |
2145 | 2145 |
*/ |
2146 |
- while(isspace(*copy)) |
|
2147 |
- copy++; |
|
2148 |
- if(copy[0] == '\"') |
|
2149 |
- copy++; |
|
2150 |
- if(copy[0] != '/') { |
|
2151 |
- int set = messageSetMimeType(m, strtok_r(copy, "/", &strptr)); |
|
2146 |
+ while(isspace(*s)) |
|
2147 |
+ s++; |
|
2148 |
+ if(s[0] == '\"') |
|
2149 |
+ s++; |
|
2152 | 2150 |
|
2151 |
+ if(s[0] != '/') |
|
2153 | 2152 |
/* |
2154 |
- * Stephen White <stephen@earth.li> |
|
2155 |
- * Some clients put space after |
|
2156 |
- * the mime type but before |
|
2157 |
- * the ; |
|
2153 |
+ * Handle |
|
2154 |
+ * Content-Type: foo/bar multipart/mixed |
|
2155 |
+ * and |
|
2156 |
+ * Content-Type: multipart/mixed foo/bar |
|
2158 | 2157 |
*/ |
2159 |
- s = strtok_r(NULL, ";", &strptr); |
|
2160 |
- if(s && set) { |
|
2161 |
- len = strstrip(s) - 1; |
|
2162 |
- if(s[len] == '\"') { |
|
2163 |
- s[len] = '\0'; |
|
2164 |
- len = strstrip(s); |
|
2158 |
+ for(;;) { |
|
2159 |
+ int set = messageSetMimeType(m, strtok_r(s, "/", &strptr)); |
|
2160 |
+ |
|
2161 |
+ |
|
2162 |
+ /* |
|
2163 |
+ * Stephen White <stephen@earth.li> |
|
2164 |
+ * Some clients put space after |
|
2165 |
+ * the mime type but before |
|
2166 |
+ * the ; |
|
2167 |
+ */ |
|
2168 |
+ s = strtok_r(NULL, ";", &strptr); |
|
2169 |
+ if(s == NULL) |
|
2170 |
+ break; |
|
2171 |
+ if(set) { |
|
2172 |
+ len = strstrip(s) - 1; |
|
2173 |
+ if(s[len] == '\"') { |
|
2174 |
+ s[len] = '\0'; |
|
2175 |
+ len = strstrip(s); |
|
2176 |
+ } |
|
2177 |
+ if(len) { |
|
2178 |
+ char *t = cli_strtok(s, 0, " "); |
|
2179 |
+ |
|
2180 |
+ messageSetMimeSubtype(m, t); |
|
2181 |
+ free(t); |
|
2182 |
+ } |
|
2165 | 2183 |
} |
2166 |
- if(len) |
|
2167 |
- messageSetMimeSubtype(m, s); |
|
2184 |
+ |
|
2185 |
+ while(*s && !isspace(*s)) |
|
2186 |
+ s++; |
|
2187 |
+ if(*s++ == '\0') |
|
2188 |
+ break; |
|
2189 |
+ if(*s == '\0') |
|
2190 |
+ break; |
|
2168 | 2191 |
} |
2169 |
- } else |
|
2170 |
- (void)strtok_r(copy, ";", &strptr); |
|
2192 |
+ free(mimeType); |
|
2171 | 2193 |
} |
2172 | 2194 |
|
2173 | 2195 |
/* |
... | ... |
@@ -2176,9 +2205,10 @@ parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const c |
2176 | 2176 |
* Content-Type:', arg='multipart/mixed; boundary=foo |
2177 | 2177 |
* we find the boundary argument set it |
2178 | 2178 |
*/ |
2179 |
- copy = strtok_r(NULL, "", &strptr); |
|
2180 |
- if(copy) |
|
2181 |
- messageAddArguments(m, copy); |
|
2179 |
+ if(mimeArgs) { |
|
2180 |
+ messageAddArguments(m, mimeArgs); |
|
2181 |
+ free(mimeArgs); |
|
2182 |
+ } |
|
2182 | 2183 |
} |
2183 | 2184 |
break; |
2184 | 2185 |
case CONTENT_TRANSFER_ENCODING: |