git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@1418 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2005/03/22 20:28:42... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Tue Mar 22 11:27:58 GMT 2005 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav/mbox.c: Not all Worm.Bagle.AC were being caught |
|
4 |
+ |
|
1 | 5 |
Tue Mar 22 00:23:43 CET 2005 (tk) |
2 | 6 |
--------------------------------- |
3 | 7 |
* libclamav/matcher.c: add support for SL+n (last section + offset); requested |
... | ... |
@@ -15,7 +15,7 @@ |
15 | 15 |
* along with this program; if not, write to the Free Software |
16 | 16 |
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
17 | 17 |
*/ |
18 |
-static char const rcsid[] = "$Id: mbox.c,v 1.230 2005/03/20 09:09:25 nigelhorne Exp $"; |
|
18 |
+static char const rcsid[] = "$Id: mbox.c,v 1.231 2005/03/22 11:26:33 nigelhorne Exp $"; |
|
19 | 19 |
|
20 | 20 |
#if HAVE_CONFIG_H |
21 | 21 |
#include "clamav-config.h" |
... | ... |
@@ -942,10 +942,11 @@ parseEmailFile(FILE *fin, const table_t *rfc821, const char *firstLine) |
942 | 942 |
{ |
943 | 943 |
bool inHeader = TRUE; |
944 | 944 |
bool contMarker = FALSE; |
945 |
+ bool lastWasBlank = FALSE; |
|
945 | 946 |
message *ret; |
946 | 947 |
bool anyHeadersFound = FALSE; |
947 | 948 |
int commandNumber = -1; |
948 |
- char *fullline = NULL; |
|
949 |
+ char *fullline = NULL, *boundary = NULL; |
|
949 | 950 |
size_t fulllinelength = 0; |
950 | 951 |
char buffer[LINE_LENGTH+1]; |
951 | 952 |
|
... | ... |
@@ -974,9 +975,51 @@ parseEmailFile(FILE *fin, const table_t *rfc821, const char *firstLine) |
974 | 974 |
* Don't blank lines which are only spaces from headers, |
975 | 975 |
* otherwise they'll be treated as the end of header marker |
976 | 976 |
*/ |
977 |
+ if(lastWasBlank) { |
|
978 |
+ lastWasBlank = FALSE; |
|
979 |
+ if(boundaryStart(buffer, boundary)) { |
|
980 |
+ cli_dbgmsg("Found a header line with space that should be blank\n"); |
|
981 |
+ inHeader = FALSE; |
|
982 |
+ } |
|
983 |
+ } |
|
984 |
+ if(boundary) { |
|
985 |
+ free(boundary); |
|
986 |
+ boundary = NULL; |
|
987 |
+ } |
|
977 | 988 |
if(inHeader) { |
978 |
- cli_dbgmsg("parseEmailFile: check '%s' contMarker %d\n", |
|
979 |
- buffer ? buffer : "", (int)contMarker); |
|
989 |
+ cli_dbgmsg("parseEmailFile: check '%s' contMarker %d fullline 0x%p\n", |
|
990 |
+ buffer ? buffer : "", (int)contMarker, fullline); |
|
991 |
+ if(start && isspace(start[0])) { |
|
992 |
+ char copy[sizeof(buffer)]; |
|
993 |
+ |
|
994 |
+ strcpy(copy, buffer); |
|
995 |
+ strstrip(copy); |
|
996 |
+ if(copy[0] == '\0') { |
|
997 |
+ /* |
|
998 |
+ * The header line contains only white space. This |
|
999 |
+ * is not the end of the headers according to |
|
1000 |
+ * RFC2822, but some MUAs will handle it |
|
1001 |
+ * as though it were, and virus writers exploit |
|
1002 |
+ * this bug. We can't just break from the |
|
1003 |
+ * loop here since that would allow other |
|
1004 |
+ * exploits such as inserting a white space |
|
1005 |
+ * line before the content-type line. So we |
|
1006 |
+ * just have to make a best guess. Sigh. |
|
1007 |
+ */ |
|
1008 |
+ if(fullline) { |
|
1009 |
+ if(parseEmailHeader(ret, fullline, rfc821) < 0) |
|
1010 |
+ continue; |
|
1011 |
+ |
|
1012 |
+ free(fullline); |
|
1013 |
+ fullline = NULL; |
|
1014 |
+ } |
|
1015 |
+ if((boundary = messageFindArgument(ret, "boundary")) != NULL) { |
|
1016 |
+ lastWasBlank = TRUE; |
|
1017 |
+ continue; |
|
1018 |
+ } |
|
1019 |
+ } |
|
1020 |
+ } |
|
1021 |
+ lastWasBlank = FALSE; |
|
980 | 1022 |
if((start == NULL) && (fullline == NULL)) { /* empty line */ |
981 | 1023 |
if(!contMarker) { |
982 | 1024 |
/* |