Browse code
Fixed potential buffer overrun with long filenames with DOS style suffixes.
git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@44 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2003/09/15 22:09:42Showing 1 changed files
| ... | ... |
@@ -1328,7 +1328,7 @@ parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const c |
| 1328 | 1328 |
* of content-type: Text/Plain, or |
| 1329 | 1329 |
* just simply "Content-Type:" |
| 1330 | 1330 |
*/ |
| 1331 |
- if(copy == NULL) |
|
| 1331 |
+ if(arg == NULL) |
|
| 1332 | 1332 |
cli_warnmsg("Empty content-type received, no subtype specified, assuming text/plain; charset=us-ascii\n");
|
| 1333 | 1333 |
else if(strchr(copy, '/') == NULL) |
| 1334 | 1334 |
cli_warnmsg("Invalid content-type '%s' received, no subtype specified, assuming text/plain; charset=us-ascii\n", copy);
|
| ... | ... |
@@ -1410,7 +1410,7 @@ saveFile(const blob *b, const char *dir) |
| 1410 | 1410 |
/* |
| 1411 | 1411 |
* Allow for very long filenames. We have to truncate them to fit |
| 1412 | 1412 |
*/ |
| 1413 |
- snprintf(filename, sizeof(filename) - 7, "%s/%s", dir, cptr); |
|
| 1413 |
+ snprintf(filename, sizeof(filename) - 7 - strlen(suffix), "%s/%s", dir, cptr); |
|
| 1414 | 1414 |
strcat(filename, "XXXXXX"); |
| 1415 | 1415 |
|
| 1416 | 1416 |
/* |
| ... | ... |
@@ -1436,8 +1436,12 @@ saveFile(const blob *b, const char *dir) |
| 1436 | 1436 |
char *stub = strdup(filename); |
| 1437 | 1437 |
|
| 1438 | 1438 |
strcat(filename, suffix); |
| 1439 |
+#ifdef C_LINUX |
|
| 1440 |
+ rename(stub, filename); |
|
| 1441 |
+#else |
|
| 1439 | 1442 |
link(stub, filename); |
| 1440 | 1443 |
unlink(stub); |
| 1444 |
+#endif |
|
| 1441 | 1445 |
free(stub); |
| 1442 | 1446 |
} |
| 1443 | 1447 |
|