1. clamav-devel
  2. Commit c86c794b9d677b9abed3bb3b9aff4002fae11fea
Browse code

Fix overflow looking for From

git-svn: trunk@2020

Nigel Horne authored on 2006/06/12 18:58:45
Showing 2 changed files
clamav-devel/ChangeLog
History View file @ c86c794
... ... 
@@ -1,3 +1,7 @@
1 
+Mon Jun 12 10:56:52 BST 2006 (njh)
2 
+----------------------------------
3 
+  * clamav-milter:	Fix bug in code from 5/5/06
4 
+
1 5 
 Fri Jun  9 12:29:15 CEST 2006 (tk)
2 6 
 ----------------------------------
3 7 
   * shared/misc.c: add cvd_unpack()
clamav-devel/clamav-milter/clamav-milter.c
History View file @ c86c794
... ... 
@@ -23,7 +23,7 @@
23 23 
  *
24 24 
  * For installation instructions see the file INSTALL that came with this file
25 25 
  */
26 
-static	char	const	rcsid[] = "$Id: clamav-milter.c,v 1.243 2006/06/06 15:36:17 njh Exp $";
26 
+static	char	const	rcsid[] = "$Id: clamav-milter.c,v 1.244 2006/06/12 09:56:07 njh Exp $";
27 27
28 28 
 #define	CM_VERSION	"devel-060606"
29 29
... ... 
@@ -80,7 +80,7 @@ static	char	const	rcsid[] = "$Id: clamav-milter.c,v 1.243 2006/06/06 15:36:17 nj
80 80 
 #endif
81 81
82 82 
 #ifdef	C_LINUX
83 
-#include <sys/sendfile.h>
83 
+#include <sys/sendfile.h>	/* FIXME: use sendfile on BSD not Linux */
84 84 
 #include <libintl.h>
85 85 
 #include <locale.h>
86 86
... ... 
@@ -2579,7 +2579,7 @@ clamfi_body(SMFICTX *ctx, u_char *bodyp, size_t len)
2579 2579 
 		 * FIXME: sending one byte at a time down a socket is
2580 2580 
 		 *	inefficient
2581 2581 
 		 */
2582 
-		do
2582 
+		do {
2583 2583 
 			if(*ptr == '\n') {
2584 2584 
 				if(strncmp(ptr, "\nFrom ", 6) == 0) {
2585 2585 
 					nbytes += clamfi_send(privdata, 7, "\n>From ");
... ... 
@@ -2594,7 +2594,11 @@ clamfi_body(SMFICTX *ctx, u_char *bodyp, size_t len)
2594 2594 
 				nbytes += clamfi_send(privdata, 1, ptr++);
2595 2595 
 				left--;
2596 2596 
 			}
2597 
-		while(left > 0);
2597 
+			if(left < 6) {
2598 
+				nbytes += clamfi_send(privdata, left, ptr);
2599 
+				break;
2600 
+			}
2601 
+		} while(left > 0);
2598 2602 
 	} else
2599 2603 
 		nbytes = clamfi_send(privdata, len, (char *)bodyp);
2600 2604
... ... 
@@ -4290,6 +4294,9 @@ sendtemplate(SMFICTX *ctx, const char *filename, FILE *sendmail, const char *vir
4290 4290
4291 4291 
 /*
4292 4292 
  * Keep the infected file in quarantine, return success (0) or failure
4293 
+ *
4294 
+ * It's quicker if the quarantine directory is on the same filesystem
4295 
+ *	as the temporary directory
4293 4296 
  */
4294 4297 
 static int
4295 4298 
 qfile(struct privdata *privdata, const char *sendmailId, const char *virusname)
... ... 
@@ -4415,7 +4422,6 @@ move(const char *oldfile, const char *newfile)
4415 4415 
 	close(in);
4416 4416 
 	if(ret < 0) {
4417 4417 
 		/* fall back if sendfile fails, which shouldn't happen */
4418 
-		perror(newfile);
4419 4418 
 		close(out);
4420 4419 
 		unlink(newfile);
4421 4420
... ... 
@@ -5181,6 +5187,10 @@ print_trace(void)
5181 5181 
  * Return:	<0 invalid
5182 5182 
  *		=0 valid
5183 5183 
  *		>0 unknown
5184 
+ *
5185 
+ * You wouldn't believe the amount of time I used to waste chasing bug reports
5186 
+ *	from people who's sendmail.cf didn't tally with the arguments given to
5187 
+ *	clamav-milter before I put this check in!
5184 5188 
  */
5185 5189 
 static int
5186 5190 
 verifyIncomingSocketName(const char *sockName)