git-svn: trunk@1777
Nigel Horne authored on 2005/12/10 02:19:10... | ... |
@@ -15,7 +15,7 @@ |
15 | 15 |
* along with this program; if not, write to the Free Software |
16 | 16 |
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
17 | 17 |
*/ |
18 |
-static char const rcsid[] = "$Id: mbox.c,v 1.262 2005/11/23 11:19:40 nigelhorne Exp $"; |
|
18 |
+static char const rcsid[] = "$Id: mbox.c,v 1.263 2005/12/09 17:19:10 nigelhorne Exp $"; |
|
19 | 19 |
|
20 | 20 |
#if HAVE_CONFIG_H |
21 | 21 |
#include "clamav-config.h" |
... | ... |
@@ -98,6 +98,10 @@ static void print_trace(int use_syslog); |
98 | 98 |
|
99 | 99 |
typedef enum { FALSE = 0, TRUE = 1 } bool; |
100 | 100 |
|
101 |
+#ifndef isblank |
|
102 |
+#define isblank(c) (((c) == ' ') || ((c) == '\t')) |
|
103 |
+#endif |
|
104 |
+ |
|
101 | 105 |
#define SAVE_TO_DISC /* multipart/message are saved in a temporary file */ |
102 | 106 |
|
103 | 107 |
/* |
... | ... |
@@ -735,6 +739,8 @@ cli_mbox(const char *dir, int desc, unsigned int options) |
735 | 735 |
* TODO: ensure parseEmailHeaders is always called before parseEmailBody |
736 | 736 |
* TODO: create parseEmail which calls parseEmailHeaders then parseEmailBody |
737 | 737 |
* TODO: Look into TNEF. Is there anything that needs to be done here? |
738 |
+ * TODO: Handle unepected NUL bytes in header lines which stop strcmp()s: |
|
739 |
+ * e.g. \0Content-Type: application/binary; |
|
738 | 740 |
*/ |
739 | 741 |
static int |
740 | 742 |
cli_parse_mbox(const char *dir, int desc, unsigned int options) |
... | ... |
@@ -1089,7 +1095,7 @@ parseEmailFile(FILE *fin, const table_t *rfc821, const char *firstLine, const ch |
1089 | 1089 |
/* |
1090 | 1090 |
* Continuation of line we're ignoring? |
1091 | 1091 |
*/ |
1092 |
- if((line[0] == '\t') || (line[0] == ' ') || contMarker) { |
|
1092 |
+ if(isblank(line[0])) { |
|
1093 | 1093 |
contMarker = continuationMarker(line); |
1094 | 1094 |
continue; |
1095 | 1095 |
} |
... | ... |
@@ -1150,7 +1156,7 @@ parseEmailFile(FILE *fin, const table_t *rfc821, const char *firstLine, const ch |
1150 | 1150 |
* |
1151 | 1151 |
* Add all the arguments on the line |
1152 | 1152 |
*/ |
1153 |
- if((lookahead == '\t') || (lookahead == ' ')) |
|
1153 |
+ if(isblank(lookahead)) |
|
1154 | 1154 |
continue; |
1155 | 1155 |
} |
1156 | 1156 |
|
... | ... |
@@ -1278,7 +1284,7 @@ parseEmailHeaders(const message *m, const table_t *rfc821) |
1278 | 1278 |
/* |
1279 | 1279 |
* Continuation of line we're ignoring? |
1280 | 1280 |
*/ |
1281 |
- if((buffer[0] == '\t') || (buffer[0] == ' ')) |
|
1281 |
+ if(isblank(buffer[0])) |
|
1282 | 1282 |
continue; |
1283 | 1283 |
|
1284 | 1284 |
/* |
... | ... |
@@ -1328,11 +1334,8 @@ parseEmailHeaders(const message *m, const table_t *rfc821) |
1328 | 1328 |
* |
1329 | 1329 |
* Add all the arguments on the line |
1330 | 1330 |
*/ |
1331 |
- switch(lineGetData(t->t_next->t_line)[0]) { |
|
1332 |
- case ' ': |
|
1333 |
- case '\t': |
|
1334 |
- continue; |
|
1335 |
- } |
|
1331 |
+ if(isblank(lineGetData(t->t_next->t_line)[0])) |
|
1332 |
+ continue; |
|
1336 | 1333 |
|
1337 | 1334 |
quotes = 0; |
1338 | 1335 |
for(qptr = fullline; *qptr; qptr++) |
... | ... |
@@ -3482,7 +3485,7 @@ rfc1341(message *m, const char *dir) |
3482 | 3482 |
return -1; |
3483 | 3483 |
} |
3484 | 3484 |
nblanks = 0; |
3485 |
- while(fgets(buffer, sizeof(buffer), fin) != NULL) |
|
3485 |
+ while(fgets(buffer, sizeof(buffer) - 1, fin) != NULL) |
|
3486 | 3486 |
/* |
3487 | 3487 |
* Ensure that trailing newlines |
3488 | 3488 |
* aren't copied |
... | ... |
@@ -3597,11 +3600,6 @@ checkURLs(message *m, const char *dir) |
3597 | 3597 |
cli_dbgmsg("URL %s already downloaded\n", url); |
3598 | 3598 |
continue; |
3599 | 3599 |
} |
3600 |
- if(n == FOLLOWURLS) { |
|
3601 |
- cli_warnmsg("URL %s will not be scanned\n", url); |
|
3602 |
- break; |
|
3603 |
- } |
|
3604 |
- |
|
3605 | 3600 |
/* |
3606 | 3601 |
* What about foreign character spoofing? |
3607 | 3602 |
* It would be useful be able to check if url |
... | ... |
@@ -3612,6 +3610,11 @@ checkURLs(message *m, const char *dir) |
3612 | 3612 |
if(strchr(url, '%') && strchr(url, '@')) |
3613 | 3613 |
cli_warnmsg("Possible URL spoofing attempt noticed, but not yet handled (%s)\n", url); |
3614 | 3614 |
|
3615 |
+ if(n == FOLLOWURLS) { |
|
3616 |
+ cli_warnmsg("URL %s will not be scanned\n", url); |
|
3617 |
+ break; |
|
3618 |
+ } |
|
3619 |
+ |
|
3615 | 3620 |
(void)tableInsert(t, url, 1); |
3616 | 3621 |
cli_dbgmsg("Downloading URL %s to be scanned\n", url); |
3617 | 3622 |
strncpy(name, url, sizeof(name) - 1); |