... | ... |
@@ -649,8 +649,8 @@ static char *cabd_read_string(struct mspack_system *sys, |
649 | 649 |
return NULL; |
650 | 650 |
} |
651 | 651 |
|
652 |
- /* search for a null terminator in the buffer. accept empty strings */ |
|
653 |
- for (i = 0, ok = 0; i < len; i++) if (!buf[i]) { ok = 1; break; } |
|
652 |
+ /* search for a null terminator in the buffer. reject empty strings */ |
|
653 |
+ for (i = 1, ok = 0; i < len; i++) if (!buf[i]) { ok = 1; break; } |
|
654 | 654 |
if (!ok) { |
655 | 655 |
*error = MSPACK_ERR_DATAFORMAT; |
656 | 656 |
sys->message(NULL, "Unable to find null terminator for string read in buffer of len %d", len); |
... | ... |
@@ -2351,8 +2351,9 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re |
2351 | 2351 |
/* |
2352 | 2352 |
* Look for uu-encoded main file |
2353 | 2353 |
*/ |
2354 |
- if((encodingLine(mainMessage) != NULL) && |
|
2355 |
- ((t_line = bounceBegin(mainMessage)) != NULL)) |
|
2354 |
+ if(mainMessage->body_first != NULL && |
|
2355 |
+ (encodingLine(mainMessage) != NULL) && |
|
2356 |
+ ((t_line = bounceBegin(mainMessage)) != NULL)) |
|
2356 | 2357 |
rc = (exportBounceMessage(mctx, t_line) == CL_VIRUS) ? VIRUS : OK; |
2357 | 2358 |
else { |
2358 | 2359 |
bool saveIt; |
... | ... |
@@ -2365,7 +2366,7 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re |
2365 | 2365 |
* bother saving to scan, it's safe |
2366 | 2366 |
*/ |
2367 | 2367 |
saveIt = (bool)(encodingLine(mainMessage) != NULL); |
2368 |
- else if((t_line = encodingLine(mainMessage)) != NULL) { |
|
2368 |
+ else if(mainMessage->body_last != NULL && (t_line = encodingLine(mainMessage)) != NULL) { |
|
2369 | 2369 |
/* |
2370 | 2370 |
* Some bounces include the message |
2371 | 2371 |
* body without the headers. |
... | ... |
@@ -3138,13 +3139,17 @@ rfc2047(const char *in) |
3138 | 3138 |
break; |
3139 | 3139 |
} |
3140 | 3140 |
b = messageToBlob(m, 1); |
3141 |
+ if (b == NULL) { |
|
3142 |
+ messageDestroy(m); |
|
3143 |
+ break; |
|
3144 |
+ } |
|
3141 | 3145 |
len = blobGetDataSize(b); |
3142 | 3146 |
cli_dbgmsg("Decoded as '%*.*s'\n", (int)len, (int)len, |
3143 | 3147 |
(const char *)blobGetData(b)); |
3144 | 3148 |
memcpy(pout, blobGetData(b), len); |
3145 | 3149 |
blobDestroy(b); |
3146 | 3150 |
messageDestroy(m); |
3147 |
- if(pout[len - 1] == '\n') |
|
3151 |
+ if(len > 0 && pout[len - 1] == '\n') |
|
3148 | 3152 |
pout += len - 1; |
3149 | 3153 |
else |
3150 | 3154 |
pout += len; |
... | ... |
@@ -1075,8 +1075,10 @@ messageMoveText(message *m, text *t, message *old_message) |
1075 | 1075 |
for(u = old_message->body_first; u != t;) { |
1076 | 1076 |
text *next; |
1077 | 1077 |
|
1078 |
- if(u->t_line) |
|
1078 |
+ if(u->t_line) { |
|
1079 | 1079 |
lineUnlink(u->t_line); |
1080 |
+ u->t_line = NULL; |
|
1081 |
+ } |
|
1080 | 1082 |
next = u->t_next; |
1081 | 1083 |
|
1082 | 1084 |
free(u); |
... | ... |
@@ -1237,7 +1237,7 @@ static void handle_pdfname(struct pdf_struct *pdf, struct pdf_obj *obj, const ch |
1237 | 1237 |
} |
1238 | 1238 |
|
1239 | 1239 |
/* record filter order */ |
1240 |
- if ((*state == STATE_FILTER) && ((1 << act->set_objflag) & KNOWN_FILTERS)) |
|
1240 |
+ if (obj->numfilters < PDF_FILTERLIST_MAX && (*state == STATE_FILTER) && ((1 << act->set_objflag) & KNOWN_FILTERS)) |
|
1241 | 1241 |
obj->filterlist[obj->numfilters++] = act->set_objflag; |
1242 | 1242 |
|
1243 | 1243 |
if ((act->nameflags & NAMEFLAG_HEURISTIC) && escapes) { |
... | ... |
@@ -1255,7 +1255,7 @@ static void handle_pdfname(struct pdf_struct *pdf, struct pdf_obj *obj, const ch |
1255 | 1255 |
if (act->from_state == *state || act->from_state == STATE_ANY) { |
1256 | 1256 |
*state = act->to_state; |
1257 | 1257 |
|
1258 |
- if (*state == STATE_FILTER && act->set_objflag !=OBJ_DICT && (obj->flags & (1 << act->set_objflag))) { |
|
1258 |
+ if (*state == STATE_FILTER && act->set_objflag != OBJ_DICT && (obj->flags & (1 << act->set_objflag))) { |
|
1259 | 1259 |
cli_dbgmsg("cli_pdf: duplicate stream filter %s\n", pdfname); |
1260 | 1260 |
pdfobj_flag(pdf, obj, BAD_STREAM_FILTERS); |
1261 | 1261 |
} |
... | ... |
@@ -124,8 +124,10 @@ textDestroy(text *t_head) |
124 | 124 |
{ |
125 | 125 |
while(t_head) { |
126 | 126 |
text *t_next = t_head->t_next; |
127 |
- if(t_head->t_line) |
|
128 |
- (void)lineUnlink(t_head->t_line); |
|
127 |
+ if(t_head->t_line) { |
|
128 |
+ lineUnlink(t_head->t_line); |
|
129 |
+ t_head->t_line = NULL; |
|
130 |
+ } |
|
129 | 131 |
free(t_head); |
130 | 132 |
t_head = t_next; |
131 | 133 |
} |
... | ... |
@@ -146,12 +148,14 @@ textCopy(const text *t_head) |
146 | 146 |
} |
147 | 147 |
|
148 | 148 |
if(last == NULL) { |
149 |
- cli_errmsg("textCopy: Unable to allocate memory to clone object\n"); |
|
149 |
+ cli_errmsg("textCopy: Unable to allocate memory to clone object\n"); |
|
150 | 150 |
if(first) |
151 | 151 |
textDestroy(first); |
152 | 152 |
return NULL; |
153 | 153 |
} |
154 | 154 |
|
155 |
+ last->t_next = NULL; |
|
156 |
+ |
|
155 | 157 |
if(t_head->t_line) |
156 | 158 |
last->t_line = lineLink(t_head->t_line); |
157 | 159 |
else |