Browse code
libclamav/message.c, mbox.c: fix out-of-memory null dereference in mbox/message (bb#1141)
| ... | ... |
@@ -1,3 +1,9 @@ |
| 1 |
+Mon Sep 1 19:31:08 CEST 2008 (tk) |
|
| 2 |
+---------------------------------- |
|
| 3 |
+ * libclamav/message.c, mbox.c: fix out-of-memory null dereference in |
|
| 4 |
+ mbox/message (bb#1141) |
|
| 5 |
+ Patch from Edwin |
|
| 6 |
+ |
|
| 1 | 7 |
Mon Sep 1 19:27:55 CEST 2008 (tk) |
| 2 | 8 |
---------------------------------- |
| 3 | 9 |
* libclamav/chmunpack.c: fix possible invalid memory access (bb#1089) |
| ... | ... |
@@ -1455,6 +1455,8 @@ cli_parse_mbox(const char *dir, int desc, cli_ctx *ctx) |
| 1455 | 1455 |
} |
| 1456 | 1456 |
} |
| 1457 | 1457 |
|
| 1458 |
+ if(body->isTruncated && retcode == CL_SUCCESS) |
|
| 1459 |
+ retcode = CL_EMEM; |
|
| 1458 | 1460 |
/* |
| 1459 | 1461 |
* Tidy up and quit |
| 1460 | 1462 |
*/ |
| ... | ... |
@@ -1617,6 +1619,11 @@ parseEmailFile(FILE *fin, const table_t *rfc821, const char *firstLine, const ch |
| 1617 | 1617 |
} |
| 1618 | 1618 |
fullline = cli_strdup(line); |
| 1619 | 1619 |
fulllinelength = strlen(line) + 1; |
| 1620 |
+ if(!fullline) {
|
|
| 1621 |
+ if(ret) |
|
| 1622 |
+ ret->isTruncated = TRUE; |
|
| 1623 |
+ break; |
|
| 1624 |
+ } |
|
| 1620 | 1625 |
} else if(line != NULL) {
|
| 1621 | 1626 |
fulllinelength += strlen(line); |
| 1622 | 1627 |
ptr = cli_realloc(fullline, fulllinelength); |
| ... | ... |
@@ -1843,14 +1843,13 @@ messageToText(message *m) |
| 1843 | 1843 |
for(t_line = messageGetBody(m); t_line; t_line = t_line->t_next) {
|
| 1844 | 1844 |
if(first == NULL) |
| 1845 | 1845 |
first = last = cli_malloc(sizeof(text)); |
| 1846 |
- else {
|
|
| 1846 |
+ else if (last) {
|
|
| 1847 | 1847 |
last->t_next = cli_malloc(sizeof(text)); |
| 1848 | 1848 |
last = last->t_next; |
| 1849 | 1849 |
} |
| 1850 | 1850 |
|
| 1851 | 1851 |
if(last == NULL) {
|
| 1852 | 1852 |
if(first) {
|
| 1853 |
- last->t_next = NULL; |
|
| 1854 | 1853 |
textDestroy(first); |
| 1855 | 1854 |
} |
| 1856 | 1855 |
return NULL; |
| ... | ... |
@@ -1864,7 +1863,8 @@ messageToText(message *m) |
| 1864 | 1864 |
case UUENCODE: |
| 1865 | 1865 |
cli_errmsg("messageToText: Unexpected attempt to handle uuencoded file - report to http://bugs.clamav.net\n");
|
| 1866 | 1866 |
if(first) {
|
| 1867 |
- last->t_next = NULL; |
|
| 1867 |
+ if(last) |
|
| 1868 |
+ last->t_next = NULL; |
|
| 1868 | 1869 |
textDestroy(first); |
| 1869 | 1870 |
} |
| 1870 | 1871 |
return NULL; |
| ... | ... |
@@ -1874,7 +1874,8 @@ messageToText(message *m) |
| 1874 | 1874 |
if(t_line == NULL) {
|
| 1875 | 1875 |
/*cli_warnmsg("YENCODED attachment is missing begin statement\n");*/
|
| 1876 | 1876 |
if(first) {
|
| 1877 |
- last->t_next = NULL; |
|
| 1877 |
+ if(last) |
|
| 1878 |
+ last->t_next = NULL; |
|
| 1878 | 1879 |
textDestroy(first); |
| 1879 | 1880 |
} |
| 1880 | 1881 |
return NULL; |
| ... | ... |
@@ -1910,7 +1911,7 @@ messageToText(message *m) |
| 1910 | 1910 |
|
| 1911 | 1911 |
if(first == NULL) |
| 1912 | 1912 |
first = last = cli_malloc(sizeof(text)); |
| 1913 |
- else {
|
|
| 1913 |
+ else if (last) {
|
|
| 1914 | 1914 |
last->t_next = cli_malloc(sizeof(text)); |
| 1915 | 1915 |
last = last->t_next; |
| 1916 | 1916 |
} |
| ... | ... |
@@ -1948,7 +1949,7 @@ messageToText(message *m) |
| 1948 | 1948 |
if(decode(m, NULL, data, base64, FALSE) && data[0]) {
|
| 1949 | 1949 |
if(first == NULL) |
| 1950 | 1950 |
first = last = cli_malloc(sizeof(text)); |
| 1951 |
- else {
|
|
| 1951 |
+ else if (last) {
|
|
| 1952 | 1952 |
last->t_next = cli_malloc(sizeof(text)); |
| 1953 | 1953 |
last = last->t_next; |
| 1954 | 1954 |
} |