git-svn: trunk@4158
Tomasz Kojm authored on 2008/09/02 02:35:12... | ... |
@@ -1,3 +1,9 @@ |
1 |
+Mon Sep 1 19:31:08 CEST 2008 (tk) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav/message.c, mbox.c: fix out-of-memory null dereference in |
|
4 |
+ mbox/message (bb#1141) |
|
5 |
+ Patch from Edwin |
|
6 |
+ |
|
1 | 7 |
Mon Sep 1 19:27:55 CEST 2008 (tk) |
2 | 8 |
---------------------------------- |
3 | 9 |
* libclamav/chmunpack.c: fix possible invalid memory access (bb#1089) |
... | ... |
@@ -1455,6 +1455,8 @@ cli_parse_mbox(const char *dir, int desc, cli_ctx *ctx) |
1455 | 1455 |
} |
1456 | 1456 |
} |
1457 | 1457 |
|
1458 |
+ if(body->isTruncated && retcode == CL_SUCCESS) |
|
1459 |
+ retcode = CL_EMEM; |
|
1458 | 1460 |
/* |
1459 | 1461 |
* Tidy up and quit |
1460 | 1462 |
*/ |
... | ... |
@@ -1617,6 +1619,11 @@ parseEmailFile(FILE *fin, const table_t *rfc821, const char *firstLine, const ch |
1617 | 1617 |
} |
1618 | 1618 |
fullline = cli_strdup(line); |
1619 | 1619 |
fulllinelength = strlen(line) + 1; |
1620 |
+ if(!fullline) { |
|
1621 |
+ if(ret) |
|
1622 |
+ ret->isTruncated = TRUE; |
|
1623 |
+ break; |
|
1624 |
+ } |
|
1620 | 1625 |
} else if(line != NULL) { |
1621 | 1626 |
fulllinelength += strlen(line); |
1622 | 1627 |
ptr = cli_realloc(fullline, fulllinelength); |
... | ... |
@@ -1843,14 +1843,13 @@ messageToText(message *m) |
1843 | 1843 |
for(t_line = messageGetBody(m); t_line; t_line = t_line->t_next) { |
1844 | 1844 |
if(first == NULL) |
1845 | 1845 |
first = last = cli_malloc(sizeof(text)); |
1846 |
- else { |
|
1846 |
+ else if (last) { |
|
1847 | 1847 |
last->t_next = cli_malloc(sizeof(text)); |
1848 | 1848 |
last = last->t_next; |
1849 | 1849 |
} |
1850 | 1850 |
|
1851 | 1851 |
if(last == NULL) { |
1852 | 1852 |
if(first) { |
1853 |
- last->t_next = NULL; |
|
1854 | 1853 |
textDestroy(first); |
1855 | 1854 |
} |
1856 | 1855 |
return NULL; |
... | ... |
@@ -1864,7 +1863,8 @@ messageToText(message *m) |
1864 | 1864 |
case UUENCODE: |
1865 | 1865 |
cli_errmsg("messageToText: Unexpected attempt to handle uuencoded file - report to http://bugs.clamav.net\n"); |
1866 | 1866 |
if(first) { |
1867 |
- last->t_next = NULL; |
|
1867 |
+ if(last) |
|
1868 |
+ last->t_next = NULL; |
|
1868 | 1869 |
textDestroy(first); |
1869 | 1870 |
} |
1870 | 1871 |
return NULL; |
... | ... |
@@ -1874,7 +1874,8 @@ messageToText(message *m) |
1874 | 1874 |
if(t_line == NULL) { |
1875 | 1875 |
/*cli_warnmsg("YENCODED attachment is missing begin statement\n");*/ |
1876 | 1876 |
if(first) { |
1877 |
- last->t_next = NULL; |
|
1877 |
+ if(last) |
|
1878 |
+ last->t_next = NULL; |
|
1878 | 1879 |
textDestroy(first); |
1879 | 1880 |
} |
1880 | 1881 |
return NULL; |
... | ... |
@@ -1910,7 +1911,7 @@ messageToText(message *m) |
1910 | 1910 |
|
1911 | 1911 |
if(first == NULL) |
1912 | 1912 |
first = last = cli_malloc(sizeof(text)); |
1913 |
- else { |
|
1913 |
+ else if (last) { |
|
1914 | 1914 |
last->t_next = cli_malloc(sizeof(text)); |
1915 | 1915 |
last = last->t_next; |
1916 | 1916 |
} |
... | ... |
@@ -1948,7 +1949,7 @@ messageToText(message *m) |
1948 | 1948 |
if(decode(m, NULL, data, base64, FALSE) && data[0]) { |
1949 | 1949 |
if(first == NULL) |
1950 | 1950 |
first = last = cli_malloc(sizeof(text)); |
1951 |
- else { |
|
1951 |
+ else if (last) { |
|
1952 | 1952 |
last->t_next = cli_malloc(sizeof(text)); |
1953 | 1953 |
last = last->t_next; |
1954 | 1954 |
} |