Browse code
Fixed a buffer overflow in clamscan --move.
git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@152 77e5149b-7576-45b1-b177-96237e5ba77b
Tomasz Kojm authored on 2003/12/13 05:09:44Showing 4 changed files
| ... | ... |
@@ -46,6 +46,7 @@ Robbert Kouprie <robbert*exx.nl> |
| 46 | 46 |
Thomas Lamy <Thomas.Lamy*in-online.net> |
| 47 | 47 |
Peter N Lewis <peter*stairways.com.au> |
| 48 | 48 |
David S. Madole <david*madole.net> |
| 49 |
+Denis De Messemacker <ddm*clamav.net> |
|
| 49 | 50 |
Mark Mielke <mark*mark.mielke.cc> |
| 50 | 51 |
Arkadiusz Miskiewicz <misiek*pld.org.pl> |
| 51 | 52 |
Hendrik Muhs <Hendrik.Muhs*student.uni-magdeburg.de> |
| ... | ... |
@@ -1,3 +1,9 @@ |
| 1 |
+Fri Dec 12 21:07:49 CET 2003 (tk) |
|
| 2 |
+--------------------------------- |
|
| 3 |
+ * libclamav: new cl_chomp() from Nigel |
|
| 4 |
+ * clamscan: fixed a buffer overflow in --move (patch by Denis De Messemacker |
|
| 5 |
+ <ddm*clamav.net>) |
|
| 6 |
+ |
|
| 1 | 7 |
Fri Dec 12 18:47:10 CET 2003 (tk) |
| 2 | 8 |
--------------------------------- |
| 3 | 9 |
* clamd: clamuko - fixed a segmentation fault after database update. Problem |
| ... | ... |
@@ -921,7 +921,7 @@ void move_infected(const char *filename, const struct optstruct *opt) |
| 921 | 921 |
return; |
| 922 | 922 |
} |
| 923 | 923 |
|
| 924 |
- if(!(movefilename = malloc(sizeof(char) * (strlen(movedir) + strlen(tmp))))) |
|
| 924 |
+ if(!(movefilename = malloc(sizeof(char) * (strlen(movedir) + strlen(tmp) + 1)))) |
|
| 925 | 925 |
{
|
| 926 | 926 |
mprintf("@error moving file '%s'.\n", filename);
|
| 927 | 927 |
mprintf("clamscan: malloc() returned NULL.\n");
|
| ... | ... |
@@ -118,16 +118,25 @@ int cli_strbcasestr(const char *haystack, const char *needle) |
| 118 | 118 |
|
| 119 | 119 |
void cli_chomp(char *string) |
| 120 | 120 |
{
|
| 121 |
- int l = strlen(string); |
|
| 121 |
+ size_t l = strlen(string); |
|
| 122 | 122 |
|
| 123 |
- if(string[l - 1] == 10 || string[l - 1] == 13) |
|
| 124 |
- string[l - 1] = 0; |
|
| 125 | 123 |
|
| 126 |
- l = strlen(string); |
|
| 127 |
- if(string[l - 1] == '\r') |
|
| 128 |
- string[l - 1] = 0; |
|
| 124 |
+ if(l == 0) |
|
| 125 |
+ return; |
|
| 126 |
+ |
|
| 127 |
+ --l; |
|
| 128 |
+ if((string[l] == '\n') || (string[l] == '\r')) {
|
|
| 129 |
+ string[l] = '\0'; |
|
| 130 |
+ |
|
| 131 |
+ if(l > 0) {
|
|
| 132 |
+ --l; |
|
| 133 |
+ if(string[l] == '\r') |
|
| 134 |
+ string[l] = '\0'; |
|
| 135 |
+ } |
|
| 136 |
+ } |
|
| 129 | 137 |
} |
| 130 | 138 |
|
| 139 |
+ |
|
| 131 | 140 |
/* |
| 132 | 141 |
* char *cli_strok(const char *line, int fieldno, char *delim) |
| 133 | 142 |
* Return a copy of field <fieldno> from the string <line>, where |