git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@569 77e5149b-7576-45b1-b177-96237e5ba77b
Trog authored on 2004/05/20 19:23:40... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Thu May 20 11:23:23 BST 2004 (trog) |
|
2 |
+----------------------------------- |
|
3 |
+ * libclamav ole2_extract.c,vba_extract.c: more malloc checks |
|
4 |
+ |
|
1 | 5 |
Wed May 19 11:02:53 BST 2004 (njh) |
2 | 6 |
--------------------------------- |
3 | 7 |
* libclamav/message.c: Assume attachments which don't declare how |
... | ... |
@@ -575,10 +575,14 @@ static int handler_writefile(int fd, ole2_header_t *hdr, property_t *prop, const |
575 | 575 |
if (!name) { |
576 | 576 |
return FALSE; |
577 | 577 |
} |
578 |
- snprintf(name, 10, "%.10d", i + (int) prop); |
|
578 |
+ snprintf(name, 11, "%.10d", i + (int) prop); |
|
579 | 579 |
} |
580 | 580 |
|
581 | 581 |
newname = (char *) cli_malloc(strlen(name) + strlen(dir) + 2); |
582 |
+ if (!newname) { |
|
583 |
+ free(name); |
|
584 |
+ return FALSE; |
|
585 |
+ } |
|
582 | 586 |
sprintf(newname, "%s/%s", dir, name); |
583 | 587 |
free(name); |
584 | 588 |
|
... | ... |
@@ -219,6 +219,11 @@ static int vba_read_project_strings(int fd, int is_mac) |
219 | 219 |
continue; |
220 | 220 |
} |
221 | 221 |
buff = (unsigned char *) cli_malloc(10); |
222 |
+ if (!buff) { |
|
223 |
+ free(name); |
|
224 |
+ close(fd); |
|
225 |
+ return FALSE; |
|
226 |
+ } |
|
222 | 227 |
if (cli_readn(fd, buff, 10) != 10) { |
223 | 228 |
cli_errmsg("failed to read blob\n"); |
224 | 229 |
free(buff); |
... | ... |
@@ -268,7 +273,10 @@ vba_project_t *vba56_dir_read(const char *dir) |
268 | 268 |
|
269 | 269 |
cli_dbgmsg("in vba56_dir_read()\n"); |
270 | 270 |
|
271 |
- fullname = (char *) cli_malloc(strlen(dir) + 15); |
|
271 |
+ fullname = (char *) cli_malloc(strlen(dir) + 14); |
|
272 |
+ if (!fullname) { |
|
273 |
+ return NULL; |
|
274 |
+ } |
|
272 | 275 |
sprintf(fullname, "%s/_VBA_PROJECT", dir); |
273 | 276 |
fd = open(fullname, O_RDONLY); |
274 | 277 |
|
... | ... |
@@ -424,10 +432,26 @@ vba_project_t *vba56_dir_read(const char *dir) |
424 | 424 |
cli_dbgmsg("\nVBA Record count: %d\n", record_count); |
425 | 425 |
|
426 | 426 |
vba_project = (vba_project_t *) cli_malloc(sizeof(struct vba_project_tag)); |
427 |
+ if (!vba_project) { |
|
428 |
+ close(fd); |
|
429 |
+ return NULL; |
|
430 |
+ } |
|
427 | 431 |
vba_project->name = (char **) cli_malloc(sizeof(char *) * record_count); |
432 |
+ if (!vba_project->name) { |
|
433 |
+ free(vba_project); |
|
434 |
+ close(fd); |
|
435 |
+ return NULL; |
|
436 |
+ } |
|
428 | 437 |
vba_project->dir = strdup(dir); |
429 | 438 |
vba_project->offset = (uint32_t *) cli_malloc (sizeof(uint32_t) * |
430 | 439 |
record_count); |
440 |
+ if (!vba_project->offset) { |
|
441 |
+ free(vba_project->dir); |
|
442 |
+ free(vba_project->name); |
|
443 |
+ free(vba_project); |
|
444 |
+ close(fd); |
|
445 |
+ return NULL; |
|
446 |
+ } |
|
431 | 447 |
vba_project->count = record_count; |
432 | 448 |
for (i=0 ; i < record_count ; i++) { |
433 | 449 |
if (cli_readn(fd, &length, 2) != 2) { |
... | ... |
@@ -524,10 +548,16 @@ static void byte_array_append(byte_array_t *array, unsigned char *src, unsigned |
524 | 524 |
{ |
525 | 525 |
if (array->length == 0) { |
526 | 526 |
array->data = (unsigned char *) cli_malloc(len); |
527 |
+ if (!array->data) { |
|
528 |
+ return; |
|
529 |
+ } |
|
527 | 530 |
array->length = len; |
528 | 531 |
memcpy(array->data, src, len); |
529 | 532 |
} else { |
530 | 533 |
array->data = realloc(array->data, array->length+len); |
534 |
+ if (!array->data) { |
|
535 |
+ return; |
|
536 |
+ } |
|
531 | 537 |
memcpy(array->data+array->length, src, len); |
532 | 538 |
array->length += len; |
533 | 539 |
} |
... | ... |
@@ -1187,7 +1217,10 @@ vba_project_t *wm_dir_read(const char *dir) |
1187 | 1187 |
vba_project_t *vba_project=NULL; |
1188 | 1188 |
char *fullname; |
1189 | 1189 |
|
1190 |
- fullname = (char *) cli_malloc(strlen(dir) + 15); |
|
1190 |
+ fullname = (char *) cli_malloc(strlen(dir) + 14); |
|
1191 |
+ if (!fullname) { |
|
1192 |
+ return NULL; |
|
1193 |
+ } |
|
1191 | 1194 |
sprintf(fullname, "%s/WordDocument", dir); |
1192 | 1195 |
fd = open(fullname, O_RDONLY); |
1193 | 1196 |
free(fullname); |