git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@1049 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2004/10/31 18:32:05... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Sun Oct 31 09:31:06 GMT 2004 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav: Improve the handling of blank filenames for attachments |
|
4 |
+ Handle unbalanced quotes in multipart headers |
|
5 |
+ |
|
1 | 6 |
Sat Oct 30 07:50:33 BST 2004 (njh) |
2 | 7 |
---------------------------------- |
3 | 8 |
* clamav-milter: Fix possible crash when one or more servers can't be |
... | ... |
@@ -17,6 +17,9 @@ |
17 | 17 |
* |
18 | 18 |
* Change History: |
19 | 19 |
* $Log: mbox.c,v $ |
20 |
+ * Revision 1.163 2004/10/31 09:28:56 nigelhorne |
|
21 |
+ * Handle unbalanced quotes in multipart headers |
|
22 |
+ * |
|
20 | 23 |
* Revision 1.162 2004/10/24 04:35:15 nigelhorne |
21 | 24 |
* Handle multipart/knowbot as multipart/mixed |
22 | 25 |
* |
... | ... |
@@ -474,7 +477,7 @@ |
474 | 474 |
* Compilable under SCO; removed duplicate code with message.c |
475 | 475 |
* |
476 | 476 |
*/ |
477 |
-static char const rcsid[] = "$Id: mbox.c,v 1.162 2004/10/24 04:35:15 nigelhorne Exp $"; |
|
477 |
+static char const rcsid[] = "$Id: mbox.c,v 1.163 2004/10/31 09:28:56 nigelhorne Exp $"; |
|
478 | 478 |
|
479 | 479 |
#if HAVE_CONFIG_H |
480 | 480 |
#include "clamav-config.h" |
... | ... |
@@ -1339,7 +1342,7 @@ parseEmailBody(message *messageIn, text *textIn, const char *dir, const table_t |
1339 | 1339 |
/*cli_dbgmsg("inMimeHead %d inhead %d boundary %s line '%s' next '%s'\n", |
1340 | 1340 |
inMimeHead, inhead, boundary, line, t_line->t_next ? t_line->t_next->t_text : "(null)");*/ |
1341 | 1341 |
|
1342 |
- if(inMimeHead) { |
|
1342 |
+ if(inMimeHead) { /* continuation line */ |
|
1343 | 1343 |
if(line == NULL) { |
1344 | 1344 |
inhead = inMimeHead = 0; |
1345 | 1345 |
continue; |
... | ... |
@@ -1375,7 +1378,7 @@ parseEmailBody(message *messageIn, text *textIn, const char *dir, const table_t |
1375 | 1375 |
*/ |
1376 | 1376 |
inMimeHead = continuationMarker(line); |
1377 | 1377 |
messageAddArgument(aMessage, line); |
1378 |
- } else if(inhead) { |
|
1378 |
+ } else if(inhead) { /* handling normal headers */ |
|
1379 | 1379 |
if(line == NULL) { |
1380 | 1380 |
/* empty line */ |
1381 | 1381 |
inhead = 0; |
... | ... |
@@ -1415,17 +1418,28 @@ parseEmailBody(message *messageIn, text *textIn, const char *dir, const table_t |
1415 | 1415 |
if(!inMimeHead) { |
1416 | 1416 |
const text *next = t_line->t_next; |
1417 | 1417 |
char *fullline = strdup(line); |
1418 |
+ int quotes = 0; |
|
1419 |
+ const char *qptr; |
|
1418 | 1420 |
|
1419 | 1421 |
assert(strlen(line) <= LINE_LENGTH); |
1422 |
+ |
|
1423 |
+ for(qptr = line; *qptr; qptr++) |
|
1424 |
+ if(*qptr == '\"') |
|
1425 |
+ quotes++; |
|
1426 |
+ |
|
1420 | 1427 |
/* |
1421 | 1428 |
* Fold next lines to the end of this |
1422 | 1429 |
* if they start with a white space |
1430 |
+ * or if this line has an odd number of quotes: |
|
1431 |
+ * Content-Type: application/octet-stream; name="foo |
|
1432 |
+ * " |
|
1423 | 1433 |
*/ |
1424 | 1434 |
while(next && next->t_line) { |
1425 | 1435 |
const char *data = lineGetData(next->t_line); |
1426 | 1436 |
char *ptr; |
1427 | 1437 |
|
1428 |
- if(!isspace(data[0])) |
|
1438 |
+ if((!isspace(data[0])) && |
|
1439 |
+ ((quotes & 1) == 0)) |
|
1429 | 1440 |
break; |
1430 | 1441 |
|
1431 | 1442 |
ptr = cli_realloc(fullline, |
... | ... |
@@ -1437,6 +1451,10 @@ parseEmailBody(message *messageIn, text *textIn, const char *dir, const table_t |
1437 | 1437 |
fullline = ptr; |
1438 | 1438 |
strcat(fullline, data); |
1439 | 1439 |
|
1440 |
+ for(qptr = data; *qptr; qptr++) |
|
1441 |
+ if(*qptr == '\"') |
|
1442 |
+ quotes++; |
|
1443 |
+ |
|
1440 | 1444 |
t_line = next; |
1441 | 1445 |
next = next->t_next; |
1442 | 1446 |
} |