git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@586 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2004/06/01 18:12:14... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Tue Jun 1 10:09:02 BST 2004 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav/message.c: Corrupted BinHex could still cause crash on |
|
4 |
+ some non Linux systems (thanks to Trog for spotting this one) |
|
5 |
+ |
|
1 | 6 |
Sun May 30 03:35:38 CEST 2004 (tk) |
2 | 7 |
---------------------------------- |
3 | 8 |
* libclamav: cli_findpos: do not use modulo inside the loop; inline |
... | ... |
@@ -17,6 +17,9 @@ |
17 | 17 |
* |
18 | 18 |
* Change History: |
19 | 19 |
* $Log: message.c,v $ |
20 |
+ * Revision 1.58 2004/06/01 09:07:19 nigelhorne |
|
21 |
+ * Corrupted binHex could crash on non Linux systems |
|
22 |
+ * |
|
20 | 23 |
* Revision 1.57 2004/05/27 16:52:47 nigelhorne |
21 | 24 |
* Short binhex data could confuse things |
22 | 25 |
* |
... | ... |
@@ -168,7 +171,7 @@ |
168 | 168 |
* uuencodebegin() no longer static |
169 | 169 |
* |
170 | 170 |
*/ |
171 |
-static char const rcsid[] = "$Id: message.c,v 1.57 2004/05/27 16:52:47 nigelhorne Exp $"; |
|
171 |
+static char const rcsid[] = "$Id: message.c,v 1.58 2004/06/01 09:07:19 nigelhorne Exp $"; |
|
172 | 172 |
|
173 | 173 |
#if HAVE_CONFIG_H |
174 | 174 |
#include "clamav-config.h" |
... | ... |
@@ -195,6 +198,7 @@ static char const rcsid[] = "$Id: message.c,v 1.57 2004/05/27 16:52:47 nigelhorn |
195 | 195 |
#include <stdio.h> |
196 | 196 |
|
197 | 197 |
#include "mbox.h" |
198 |
+#include "table.h" |
|
198 | 199 |
#include "blob.h" |
199 | 200 |
#include "text.h" |
200 | 201 |
#include "strrcpy.h" |
... | ... |
@@ -303,7 +307,8 @@ messageReset(message *m) |
303 | 303 |
void |
304 | 304 |
messageSetMimeType(message *mess, const char *type) |
305 | 305 |
{ |
306 |
- const struct mime_map *m; |
|
306 |
+ static table_t *mime_table; |
|
307 |
+ int typeval; |
|
307 | 308 |
|
308 | 309 |
assert(mess != NULL); |
309 | 310 |
assert(type != NULL); |
... | ... |
@@ -317,11 +322,23 @@ messageSetMimeType(message *mess, const char *type) |
317 | 317 |
if(*type++ == '\0') |
318 | 318 |
return; |
319 | 319 |
|
320 |
- for(m = mime_map; m->string; m++) |
|
321 |
- if(strcasecmp(type, m->string) == 0) { |
|
322 |
- mess->mimeType = m->type; |
|
323 |
- break; |
|
324 |
- } |
|
320 |
+ if(mime_table == NULL) { |
|
321 |
+ const struct mime_map *m; |
|
322 |
+ |
|
323 |
+ mime_table = tableCreate(); |
|
324 |
+ if(mime_table == NULL) |
|
325 |
+ return; |
|
326 |
+ |
|
327 |
+ for(m = mime_map; m->string; m++) |
|
328 |
+ if(!tableInsert(mime_table, m->string, m->type)) { |
|
329 |
+ tableDestroy(mime_table); |
|
330 |
+ return; |
|
331 |
+ } |
|
332 |
+ } |
|
333 |
+ |
|
334 |
+ typeval = tableFind(mime_table, type); |
|
335 |
+ |
|
336 |
+ mess->mimeType = (mime_type)((typeval == -1) ? (int)NOMIME : typeval); |
|
325 | 337 |
|
326 | 338 |
if(mess->mimeType == NOMIME) { |
327 | 339 |
if(strncasecmp(type, "x-", 2) == 0) |
... | ... |
@@ -641,18 +658,19 @@ const char * |
641 | 641 |
messageFindArgument(const message *m, const char *variable) |
642 | 642 |
{ |
643 | 643 |
int i; |
644 |
+ size_t len; |
|
644 | 645 |
|
645 | 646 |
assert(m != NULL); |
646 | 647 |
assert(variable != NULL); |
647 | 648 |
|
649 |
+ len = strlen(variable); |
|
650 |
+ |
|
648 | 651 |
for(i = 0; i < m->numberOfArguments; i++) { |
649 | 652 |
const char *ptr; |
650 |
- size_t len; |
|
651 | 653 |
|
652 | 654 |
ptr = messageGetArgument(m, i); |
653 | 655 |
if((ptr == NULL) || (*ptr == '\0')) |
654 |
- return(NULL); |
|
655 |
- len = strlen(variable); |
|
656 |
+ continue; |
|
656 | 657 |
#ifdef CL_DEBUG |
657 | 658 |
cli_dbgmsg("messageFindArgument: compare %d bytes of %s with %s\n", |
658 | 659 |
len, variable, ptr); |
... | ... |
@@ -1070,6 +1088,12 @@ messageToBlob(message *m) |
1070 | 1070 |
cli_dbgmsg("HQX7 message (%lu bytes) is not compressed\n", |
1071 | 1071 |
len); |
1072 | 1072 |
} |
1073 |
+ if(len == 0) { |
|
1074 |
+ cli_warnmsg("Discarding empty binHex attachment\n"); |
|
1075 |
+ blobDestroy(b); |
|
1076 |
+ blobDestroy(tmp); |
|
1077 |
+ return NULL; |
|
1078 |
+ } |
|
1073 | 1079 |
|
1074 | 1080 |
/* |
1075 | 1081 |
* The blob tmp now contains the uncompressed data |
... | ... |
@@ -1091,7 +1115,8 @@ messageToBlob(message *m) |
1091 | 1091 |
memcpy(filename, &data[1], byte); |
1092 | 1092 |
filename[byte] = '\0'; |
1093 | 1093 |
blobSetFilename(b, filename); |
1094 |
- ptr = cli_malloc(strlen(filename) + 6); |
|
1094 |
+ /*ptr = cli_malloc(strlen(filename) + 6);*/ |
|
1095 |
+ ptr = cli_malloc(byte + 6); |
|
1095 | 1096 |
if(ptr) { |
1096 | 1097 |
sprintf(ptr, "name=%s", filename); |
1097 | 1098 |
messageAddArgument(m, ptr); |
... | ... |
@@ -1121,7 +1146,7 @@ messageToBlob(message *m) |
1121 | 1121 |
*/ |
1122 | 1122 |
byte += 10; |
1123 | 1123 |
|
1124 |
- l = blobGetDataSize(tmp); |
|
1124 |
+ l = blobGetDataSize(tmp) - byte; |
|
1125 | 1125 |
|
1126 | 1126 |
if(l < len) { |
1127 | 1127 |
cli_warnmsg("Corrupt BinHex file, claims it is %lu bytes long in a message of %lu bytes\n", |
... | ... |
@@ -1532,7 +1557,6 @@ static unsigned char * |
1532 | 1532 |
decode(const char *in, unsigned char *out, unsigned char (*decoder)(char), bool isFast) |
1533 | 1533 |
{ |
1534 | 1534 |
unsigned char b1, b2, b3, b4; |
1535 |
- int nbytes; |
|
1536 | 1535 |
|
1537 | 1536 |
if(isFast) |
1538 | 1537 |
/* Fast decoding if not last line */ |
... | ... |
@@ -1540,14 +1564,24 @@ decode(const char *in, unsigned char *out, unsigned char (*decoder)(char), bool |
1540 | 1540 |
b1 = (*decoder)(*in++); |
1541 | 1541 |
b2 = (*decoder)(*in++); |
1542 | 1542 |
b3 = (*decoder)(*in++); |
1543 |
- b4 = (*decoder)(*in++); |
|
1543 |
+ /* |
|
1544 |
+ * Put this line here to help on some compilers which |
|
1545 |
+ * can make use of some architecure's ability to |
|
1546 |
+ * multiprocess when different variables can be |
|
1547 |
+ * updated at the same time - here b3 is used in |
|
1548 |
+ * one line, b1/b2 in the next and b4 in the next after |
|
1549 |
+ * that, b3 and b4 rely on in but b1/b2 don't |
|
1550 |
+ */ |
|
1544 | 1551 |
*out++ = (b1 << 2) | ((b2 >> 4) & 0x3); |
1552 |
+ b4 = (*decoder)(*in++); |
|
1545 | 1553 |
*out++ = (b2 << 4) | ((b3 >> 2) & 0xF); |
1546 | 1554 |
*out++ = (b3 << 6) | (b4 & 0x3F); |
1547 | 1555 |
} |
1548 | 1556 |
else |
1549 | 1557 |
/* Slower decoding for last line */ |
1550 | 1558 |
while(*in) { |
1559 |
+ int nbytes; |
|
1560 |
+ |
|
1551 | 1561 |
b1 = (*decoder)(*in++); |
1552 | 1562 |
if(*in == '\0') { |
1553 | 1563 |
b2 = '\0'; |