git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@748 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2004/08/13 19:21:38... | ... |
@@ -468,6 +468,8 @@ Changes |
468 | 468 |
0.75i 11/8/04 Added David Champion <dgc@uchicago.edu> isLocalAddr routine |
469 | 469 |
0.75j 11/8/04 Fix --from=EMAIL option which often didn't work |
470 | 470 |
reported by "Sergey Y. Afonin" <asy@kraft-s.ru> |
471 |
+0.75k 13/8/04 Single thread through tcp_wrappers, reported by |
|
472 |
+ David Champion <dgc@uchicago.edu> |
|
471 | 473 |
|
472 | 474 |
BUG REPORTS |
473 | 475 |
|
... | ... |
@@ -26,6 +26,9 @@ |
26 | 26 |
* |
27 | 27 |
* Change History: |
28 | 28 |
* $Log: clamav-milter.c,v $ |
29 |
+ * Revision 1.119 2004/08/13 10:21:38 nigelhorne |
|
30 |
+ * Single thread through tcp_wrappers |
|
31 |
+ * |
|
29 | 32 |
* Revision 1.118 2004/08/12 12:18:45 nigelhorne |
30 | 33 |
* Fixed from |
31 | 34 |
* |
... | ... |
@@ -365,9 +368,9 @@ |
365 | 365 |
* Revision 1.6 2003/09/28 16:37:23 nigelhorne |
366 | 366 |
* Added -f flag use MaxThreads if --max-children not set |
367 | 367 |
*/ |
368 |
-static char const rcsid[] = "$Id: clamav-milter.c,v 1.118 2004/08/12 12:18:45 nigelhorne Exp $"; |
|
368 |
+static char const rcsid[] = "$Id: clamav-milter.c,v 1.119 2004/08/13 10:21:38 nigelhorne Exp $"; |
|
369 | 369 |
|
370 |
-#define CM_VERSION "0.75j" |
|
370 |
+#define CM_VERSION "0.75k" |
|
371 | 371 |
|
372 | 372 |
/*#define CONFDIR "/usr/local/etc"*/ |
373 | 373 |
|
... | ... |
@@ -1230,7 +1233,7 @@ main(int argc, char **argv) |
1230 | 1230 |
if(logVerbose) |
1231 | 1231 |
syslog(LOG_INFO, "Starting: %s", clamav_version); |
1232 | 1232 |
else |
1233 |
- syslog(LOG_INFO, clamav_version); |
|
1233 |
+ syslog(LOG_INFO, "%s", clamav_version); |
|
1234 | 1234 |
#ifdef CL_DEBUG |
1235 | 1235 |
if(debug_level > 0) |
1236 | 1236 |
syslog(LOG_DEBUG, "Debugging is on"); |
... | ... |
@@ -1510,11 +1513,11 @@ findServer(void) |
1510 | 1510 |
|
1511 | 1511 |
for(i = 0; i < numServers; i++) |
1512 | 1512 |
if((socks[i] >= 0) && (FD_ISSET(socks[i], &rfds))) { |
1513 |
- const int server = (i + j) % numServers; |
|
1513 |
+ const int s = (i + j) % numServers; |
|
1514 | 1514 |
|
1515 | 1515 |
free(socks); |
1516 |
- cli_dbgmsg("findServer: using server %d\n", server); |
|
1517 |
- return server; |
|
1516 |
+ cli_dbgmsg("findServer: using server %d\n", s); |
|
1517 |
+ return s; |
|
1518 | 1518 |
} |
1519 | 1519 |
|
1520 | 1520 |
free(socks); |
... | ... |
@@ -1584,6 +1587,7 @@ clamfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr) |
1584 | 1584 |
const char *hostmail; |
1585 | 1585 |
struct hostent hostent; |
1586 | 1586 |
char buf[BUFSIZ]; |
1587 |
+ static pthread_mutex_t wrap_mutex = PTHREAD_MUTEX_INITIALIZER; |
|
1587 | 1588 |
|
1588 | 1589 |
/* |
1589 | 1590 |
* Using TCP/IP for the sendmail->clamav-milter connection |
... | ... |
@@ -1603,9 +1607,7 @@ clamfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr) |
1603 | 1603 |
if(hostent.h_addr && |
1604 | 1604 |
(inet_ntop(AF_INET, (struct in_addr *)hostent.h_addr, ip, sizeof(ip)) == NULL)) { |
1605 | 1605 |
perror(hostent.h_name); |
1606 |
- /*if(use_syslog) |
|
1607 |
- syslog(LOG_WARNING, "Can't get IP address for (%s)", hostent.h_name); |
|
1608 |
- strcpy(ip, (char *)inet_ntoa(*(struct in_addr *)hostent.h_addr));*/ |
|
1606 |
+ /*strcpy(ip, (char *)inet_ntoa(*(struct in_addr *)hostent.h_addr));*/ |
|
1609 | 1607 |
if(use_syslog) |
1610 | 1608 |
syslog(LOG_WARNING, "Access Denied: Can't get IP address for (%s)", hostent.h_name); |
1611 | 1609 |
return cl_error; |
... | ... |
@@ -1616,12 +1618,18 @@ clamfi_connect(SMFICTX *ctx, char *hostname, _SOCK_ADDR *hostaddr) |
1616 | 1616 |
|
1617 | 1617 |
/* |
1618 | 1618 |
* Ask is this is a allowed name or IP number |
1619 |
+ * |
|
1620 |
+ * hosts_ctl uses strtok so it is not thread safe, see |
|
1621 |
+ * hosts_access(3) |
|
1619 | 1622 |
*/ |
1623 |
+ pthread_mutex_lock(&wrap_mutex); |
|
1620 | 1624 |
if(!hosts_ctl("clamav-milter", hostent.h_name, ip, STRING_UNKNOWN)) { |
1625 |
+ pthread_mutex_unlock(&wrap_mutex); |
|
1621 | 1626 |
if(use_syslog) |
1622 | 1627 |
syslog(LOG_WARNING, "Access Denied for %s[%s]", hostent.h_name, ip); |
1623 | 1628 |
return SMFIS_TEMPFAIL; |
1624 | 1629 |
} |
1630 |
+ pthread_mutex_unlock(&wrap_mutex); |
|
1625 | 1631 |
} |
1626 | 1632 |
#endif |
1627 | 1633 |
|
... | ... |
@@ -2063,10 +2071,10 @@ clamfi_eom(SMFICTX *ctx) |
2063 | 2063 |
char hostname[32]; |
2064 | 2064 |
|
2065 | 2065 |
if(gethostname(hostname, sizeof(hostname)) < 0) { |
2066 |
- const char *ptr = smfi_getsymval(ctx, "{j}"); |
|
2066 |
+ const char *j = smfi_getsymval(ctx, "{j}"); |
|
2067 | 2067 |
|
2068 |
- if(ptr) |
|
2069 |
- strncpy(hostname, ptr, |
|
2068 |
+ if(j) |
|
2069 |
+ strncpy(hostname, j, |
|
2070 | 2070 |
sizeof(hostname) - 1); |
2071 | 2071 |
else |
2072 | 2072 |
strcpy(buf, "Error determining host"); |
... | ... |
@@ -2075,7 +2083,6 @@ clamfi_eom(SMFICTX *ctx) |
2075 | 2075 |
* Determine fully qualified name |
2076 | 2076 |
*/ |
2077 | 2077 |
struct hostent hostent; |
2078 |
- char buf[BUFSIZ]; |
|
2079 | 2078 |
|
2080 | 2079 |
if(clamfi_gethostbyname(hostname, &hostent, buf, sizeof(buf)) == 0) |
2081 | 2080 |
strncpy(hostname, hostent.h_name, sizeof(hostname)); |
... | ... |
@@ -2880,7 +2887,7 @@ connect2clamd(struct privdata *privdata) |
2880 | 2880 |
} else { |
2881 | 2881 |
int freeServer, nbytes; |
2882 | 2882 |
struct sockaddr_in reply; |
2883 |
- unsigned short port; |
|
2883 |
+ unsigned short p; |
|
2884 | 2884 |
char buf[64]; |
2885 | 2885 |
|
2886 | 2886 |
assert(privdata->cmdSocket == -1); |
... | ... |
@@ -2965,7 +2972,7 @@ connect2clamd(struct privdata *privdata) |
2965 | 2965 |
if(debug_level >= 4) |
2966 | 2966 |
cli_dbgmsg("Received: %s", buf); |
2967 | 2967 |
#endif |
2968 |
- if(sscanf(buf, "PORT %hu\n", &port) != 1) { |
|
2968 |
+ if(sscanf(buf, "PORT %hu\n", &p) != 1) { |
|
2969 | 2969 |
if(use_syslog) |
2970 | 2970 |
syslog(LOG_ERR, "Expected port information from clamd, got '%s'", |
2971 | 2971 |
buf); |
... | ... |
@@ -2977,7 +2984,7 @@ connect2clamd(struct privdata *privdata) |
2977 | 2977 |
|
2978 | 2978 |
memset((char *)&reply, 0, sizeof(struct sockaddr_in)); |
2979 | 2979 |
reply.sin_family = AF_INET; |
2980 |
- reply.sin_port = (in_port_t)htons(port); |
|
2980 |
+ reply.sin_port = (in_port_t)htons(p); |
|
2981 | 2981 |
|
2982 | 2982 |
assert(serverIPs != NULL); |
2983 | 2983 |
|
... | ... |
@@ -2985,7 +2992,7 @@ connect2clamd(struct privdata *privdata) |
2985 | 2985 |
|
2986 | 2986 |
#ifdef CL_DEBUG |
2987 | 2987 |
if(debug_level >= 4) |
2988 |
- cli_dbgmsg("Connecting to local port %d\n", port); |
|
2988 |
+ cli_dbgmsg("Connecting to local port %d\n", p); |
|
2989 | 2989 |
#endif |
2990 | 2990 |
|
2991 | 2991 |
if(connect(privdata->dataSocket, (struct sockaddr *)&reply, sizeof(struct sockaddr_in)) < 0) { |
... | ... |
@@ -2997,9 +3004,9 @@ connect2clamd(struct privdata *privdata) |
2997 | 2997 |
strerror_r(errno, buf, sizeof(buf)); |
2998 | 2998 |
syslog(LOG_ERR, |
2999 | 2999 |
"Failed to connect to port %d given by clamd: %s", |
3000 |
- port, buf); |
|
3000 |
+ p, buf); |
|
3001 | 3001 |
#else |
3002 |
- syslog(LOG_ERR, "Failed to connect to port %d given by clamd: %s", port, strerror(errno)); |
|
3002 |
+ syslog(LOG_ERR, "Failed to connect to port %d given by clamd: %s", p, strerror(errno)); |
|
3003 | 3003 |
#endif |
3004 | 3004 |
} |
3005 | 3005 |
return 0; |