... | ... |
@@ -29,8 +29,8 @@ |
29 | 29 |
#endif |
30 | 30 |
|
31 | 31 |
#ifdef CL_THREAD_SAFE |
32 |
-#ifndef _REENTRANT |
|
33 |
-#define _REENTRANT /* for Solaris 2.8 */ |
|
32 |
+#ifndef _REENTRANT |
|
33 |
+#define _REENTRANT /* for Solaris 2.8 */ |
|
34 | 34 |
#endif |
35 | 35 |
#endif |
36 | 36 |
|
... | ... |
@@ -39,23 +39,23 @@ |
39 | 39 |
#include <errno.h> |
40 | 40 |
#include <assert.h> |
41 | 41 |
#include <string.h> |
42 |
-#ifdef HAVE_STRINGS_H |
|
42 |
+#ifdef HAVE_STRINGS_H |
|
43 | 43 |
#include <strings.h> |
44 | 44 |
#endif |
45 |
-#ifdef HAVE_STRING_H |
|
45 |
+#ifdef HAVE_STRING_H |
|
46 | 46 |
#include <string.h> |
47 | 47 |
#endif |
48 | 48 |
#include <ctype.h> |
49 | 49 |
#include <time.h> |
50 | 50 |
#include <fcntl.h> |
51 |
-#ifdef HAVE_SYS_PARAM_H |
|
51 |
+#ifdef HAVE_SYS_PARAM_H |
|
52 | 52 |
#include <sys/param.h> |
53 | 53 |
#endif |
54 | 54 |
#include <dirent.h> |
55 | 55 |
#include <limits.h> |
56 | 56 |
#include <signal.h> |
57 | 57 |
|
58 |
-#ifdef HAVE_UNISTD_H |
|
58 |
+#ifdef HAVE_UNISTD_H |
|
59 | 59 |
#include <unistd.h> |
60 | 60 |
#endif |
61 | 61 |
|
... | ... |
@@ -63,7 +63,7 @@ |
63 | 63 |
#include <stddef.h> |
64 | 64 |
#endif |
65 | 65 |
|
66 |
-#ifdef CL_THREAD_SAFE |
|
66 |
+#ifdef CL_THREAD_SAFE |
|
67 | 67 |
#include <pthread.h> |
68 | 68 |
#endif |
69 | 69 |
|
... | ... |
@@ -86,9 +86,9 @@ |
86 | 86 |
|
87 | 87 |
#define DCONF_PHISHING mctx->ctx->dconf->phishing |
88 | 88 |
|
89 |
-#ifdef CL_DEBUG |
|
89 |
+#ifdef CL_DEBUG |
|
90 | 90 |
|
91 |
-#if defined(C_LINUX) |
|
91 |
+#if defined(C_LINUX) |
|
92 | 92 |
#include <features.h> |
93 | 93 |
#endif |
94 | 94 |
|
... | ... |
@@ -101,52 +101,53 @@ |
101 | 101 |
#include <execinfo.h> |
102 | 102 |
#include <syslog.h> |
103 | 103 |
|
104 |
-static void sigsegv(int sig); |
|
105 |
-static void print_trace(int use_syslog); |
|
104 |
+static void sigsegv(int sig); |
|
105 |
+static void print_trace(int use_syslog); |
|
106 | 106 |
|
107 |
-/*#define SAVE_TMP */ /* Save the file being worked on in tmp */ |
|
107 |
+/*#define SAVE_TMP */ /* Save the file being worked on in tmp */ |
|
108 | 108 |
#endif |
109 | 109 |
|
110 |
-#if defined(NO_STRTOK_R) || !defined(CL_THREAD_SAFE) |
|
110 |
+#if defined(NO_STRTOK_R) || !defined(CL_THREAD_SAFE) |
|
111 | 111 |
#undef strtok_r |
112 | 112 |
#undef __strtok_r |
113 |
-#define strtok_r(a,b,c) strtok(a,b) |
|
113 |
+#define strtok_r(a, b, c) strtok(a, b) |
|
114 | 114 |
#endif |
115 | 115 |
|
116 |
-#ifdef HAVE_STDBOOL_H |
|
117 |
-#ifdef C_BEOS |
|
116 |
+#ifdef HAVE_STDBOOL_H |
|
117 |
+#ifdef C_BEOS |
|
118 | 118 |
#include "SupportDefs.h" |
119 | 119 |
#else |
120 | 120 |
#include <stdbool.h> |
121 | 121 |
#endif |
122 | 122 |
#else |
123 |
-#ifdef FALSE |
|
124 |
-typedef unsigned char bool; |
|
123 |
+#ifdef FALSE |
|
124 |
+typedef unsigned char bool; |
|
125 | 125 |
#else |
126 |
-typedef enum { FALSE = 0, TRUE = 1 } bool; |
|
126 |
+typedef enum { FALSE = 0, |
|
127 |
+ TRUE = 1 } bool; |
|
127 | 128 |
#endif |
128 | 129 |
#endif |
129 | 130 |
|
130 |
-typedef enum { |
|
131 |
- FAIL, |
|
132 |
- OK, |
|
133 |
- OK_ATTACHMENTS_NOT_SAVED, |
|
134 |
- VIRUS, |
|
135 |
- MAXREC, |
|
136 |
- MAXFILES |
|
131 |
+typedef enum { |
|
132 |
+ FAIL, |
|
133 |
+ OK, |
|
134 |
+ OK_ATTACHMENTS_NOT_SAVED, |
|
135 |
+ VIRUS, |
|
136 |
+ MAXREC, |
|
137 |
+ MAXFILES |
|
137 | 138 |
} mbox_status; |
138 | 139 |
|
139 | 140 |
#ifndef isblank |
140 |
-#define isblank(c) (((c) == ' ') || ((c) == '\t')) |
|
141 |
+#define isblank(c) (((c) == ' ') || ((c) == '\t')) |
|
141 | 142 |
#endif |
142 | 143 |
|
143 |
-#define SAVE_TO_DISC /* multipart/message are saved in a temporary file */ |
|
144 |
+#define SAVE_TO_DISC /* multipart/message are saved in a temporary file */ |
|
144 | 145 |
|
145 | 146 |
#include "htmlnorm.h" |
146 | 147 |
|
147 | 148 |
#include "phishcheck.h" |
148 | 149 |
|
149 |
-#ifndef _WIN32 |
|
150 |
+#ifndef _WIN32 |
|
150 | 151 |
#include <sys/time.h> |
151 | 152 |
#include <netdb.h> |
152 | 153 |
#include <sys/socket.h> |
... | ... |
@@ -170,19 +171,19 @@ typedef enum { |
170 | 170 |
*/ |
171 | 171 |
/*#define NEW_WORLD*/ |
172 | 172 |
|
173 |
-/*#define SCAN_UNENCODED_BOUNCES *//* |
|
173 |
+/*#define SCAN_UNENCODED_BOUNCES */ /* |
|
174 | 174 |
* Slows things down a lot and only catches unencoded copies |
175 | 175 |
* of EICAR within bounces, which don't matter |
176 | 176 |
*/ |
177 | 177 |
|
178 |
-typedef struct mbox_ctx { |
|
179 |
- const char *dir; |
|
180 |
- const table_t *rfc821Table; |
|
181 |
- const table_t *subtypeTable; |
|
182 |
- cli_ctx *ctx; |
|
183 |
- unsigned int files; /* number of files extracted */ |
|
178 |
+typedef struct mbox_ctx { |
|
179 |
+ const char *dir; |
|
180 |
+ const table_t *rfc821Table; |
|
181 |
+ const table_t *subtypeTable; |
|
182 |
+ cli_ctx *ctx; |
|
183 |
+ unsigned int files; /* number of files extracted */ |
|
184 | 184 |
#if HAVE_JSON |
185 |
- json_object *wrkobj; |
|
185 |
+ json_object *wrkobj; |
|
186 | 186 |
#endif |
187 | 187 |
} mbox_ctx; |
188 | 188 |
|
... | ... |
@@ -199,157 +200,134 @@ typedef struct mbox_ctx { |
199 | 199 |
#define UNLOCKFILE(fp) |
200 | 200 |
#endif |
201 | 201 |
|
202 |
-static int cli_parse_mbox(const char *dir, cli_ctx *ctx); |
|
203 |
-static message *parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821Table, const char *firstLine, const char *dir); |
|
204 |
-static message *parseEmailHeaders(message *m, const table_t *rfc821Table); |
|
205 |
-static int parseEmailHeader(message *m, const char *line, const table_t *rfc821Table); |
|
206 |
-static int parseMHTMLComment(const char *comment, cli_ctx *ctx, void *wrkjobj, void *cbdata); |
|
207 |
-static mbox_status parseRootMHTML(mbox_ctx *mctx, message *m, text *t); |
|
208 |
-static mbox_status parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int recursion_level); |
|
209 |
-static int boundaryStart(const char *line, const char *boundary); |
|
210 |
-static int boundaryEnd(const char *line, const char *boundary); |
|
211 |
-static int initialiseTables(table_t **rfc821Table, table_t **subtypeTable); |
|
212 |
-static int getTextPart(message *const messages[], size_t size); |
|
213 |
-static size_t strip(char *buf, int len); |
|
214 |
-static int parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const char *arg); |
|
215 |
-static int saveTextPart(mbox_ctx *mctx, message *m, int destroy_text); |
|
216 |
-static char *rfc2047(const char *in); |
|
217 |
-static char *rfc822comments(const char *in, char *out); |
|
218 |
-static int rfc1341(message *m, const char *dir); |
|
219 |
-static bool usefulHeader(int commandNumber, const char *cmd); |
|
220 |
-static char *getline_from_mbox(char *buffer, size_t len, fmap_t *map, size_t *at); |
|
221 |
-static bool isBounceStart(mbox_ctx *mctx, const char *line); |
|
222 |
-static bool exportBinhexMessage(mbox_ctx *mctx, message *m); |
|
223 |
-static int exportBounceMessage(mbox_ctx *ctx, text *start); |
|
224 |
-static const char *getMimeTypeStr(mime_type mimetype); |
|
225 |
-static const char *getEncTypeStr(encoding_type enctype); |
|
226 |
-static message *do_multipart(message *mainMessage, message **messages, int i, mbox_status *rc, mbox_ctx *mctx, message *messageIn, text **tptr, unsigned int recursion_level); |
|
227 |
-static int count_quotes(const char *buf); |
|
228 |
-static bool next_is_folded_header(const text *t); |
|
229 |
-static bool newline_in_header(const char *line); |
|
230 |
- |
|
231 |
-static blob *getHrefs(message *m, tag_arguments_t *hrefs); |
|
232 |
-static void hrefs_done(blob *b, tag_arguments_t *hrefs); |
|
233 |
-static void checkURLs(message *m, mbox_ctx *mctx, mbox_status *rc, int is_html); |
|
202 |
+static int cli_parse_mbox(const char *dir, cli_ctx *ctx); |
|
203 |
+static message *parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821Table, const char *firstLine, const char *dir); |
|
204 |
+static message *parseEmailHeaders(message *m, const table_t *rfc821Table); |
|
205 |
+static int parseEmailHeader(message *m, const char *line, const table_t *rfc821Table); |
|
206 |
+static int parseMHTMLComment(const char *comment, cli_ctx *ctx, void *wrkjobj, void *cbdata); |
|
207 |
+static mbox_status parseRootMHTML(mbox_ctx *mctx, message *m, text *t); |
|
208 |
+static mbox_status parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int recursion_level); |
|
209 |
+static int boundaryStart(const char *line, const char *boundary); |
|
210 |
+static int boundaryEnd(const char *line, const char *boundary); |
|
211 |
+static int initialiseTables(table_t **rfc821Table, table_t **subtypeTable); |
|
212 |
+static int getTextPart(message *const messages[], size_t size); |
|
213 |
+static size_t strip(char *buf, int len); |
|
214 |
+static int parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const char *arg); |
|
215 |
+static int saveTextPart(mbox_ctx *mctx, message *m, int destroy_text); |
|
216 |
+static char *rfc2047(const char *in); |
|
217 |
+static char *rfc822comments(const char *in, char *out); |
|
218 |
+static int rfc1341(message *m, const char *dir); |
|
219 |
+static bool usefulHeader(int commandNumber, const char *cmd); |
|
220 |
+static char *getline_from_mbox(char *buffer, size_t len, fmap_t *map, size_t *at); |
|
221 |
+static bool isBounceStart(mbox_ctx *mctx, const char *line); |
|
222 |
+static bool exportBinhexMessage(mbox_ctx *mctx, message *m); |
|
223 |
+static int exportBounceMessage(mbox_ctx *ctx, text *start); |
|
224 |
+static const char *getMimeTypeStr(mime_type mimetype); |
|
225 |
+static const char *getEncTypeStr(encoding_type enctype); |
|
226 |
+static message *do_multipart(message *mainMessage, message **messages, int i, mbox_status *rc, mbox_ctx *mctx, message *messageIn, text **tptr, unsigned int recursion_level); |
|
227 |
+static int count_quotes(const char *buf); |
|
228 |
+static bool next_is_folded_header(const text *t); |
|
229 |
+static bool newline_in_header(const char *line); |
|
230 |
+ |
|
231 |
+static blob *getHrefs(message *m, tag_arguments_t *hrefs); |
|
232 |
+static void hrefs_done(blob *b, tag_arguments_t *hrefs); |
|
233 |
+static void checkURLs(message *m, mbox_ctx *mctx, mbox_status *rc, int is_html); |
|
234 | 234 |
|
235 | 235 |
/* Maximum line length according to RFC2821 */ |
236 |
-#define RFC2821LENGTH 1000 |
|
236 |
+#define RFC2821LENGTH 1000 |
|
237 | 237 |
|
238 | 238 |
/* Hashcodes for our hash tables */ |
239 |
-#define CONTENT_TYPE 1 |
|
240 |
-#define CONTENT_TRANSFER_ENCODING 2 |
|
241 |
-#define CONTENT_DISPOSITION 3 |
|
239 |
+#define CONTENT_TYPE 1 |
|
240 |
+#define CONTENT_TRANSFER_ENCODING 2 |
|
241 |
+#define CONTENT_DISPOSITION 3 |
|
242 | 242 |
|
243 | 243 |
/* Mime sub types */ |
244 |
-#define PLAIN 1 |
|
245 |
-#define ENRICHED 2 |
|
246 |
-#define HTML 3 |
|
247 |
-#define RICHTEXT 4 |
|
248 |
-#define MIXED 5 |
|
249 |
-#define ALTERNATIVE 6 /* RFC1521*/ |
|
250 |
-#define DIGEST 7 |
|
251 |
-#define SIGNED 8 |
|
252 |
-#define PARALLEL 9 |
|
253 |
-#define RELATED 10 /* RFC2387 */ |
|
254 |
-#define REPORT 11 /* RFC1892 */ |
|
255 |
-#define APPLEDOUBLE 12 /* Handling of this in only noddy for now */ |
|
256 |
-#define FAX MIXED /* |
|
257 |
- * RFC3458 |
|
258 |
- * Drafts stated to treat is as mixed if it is |
|
259 |
- * not known. This disappeared in the final |
|
260 |
- * version (except when talking about |
|
261 |
- * voice-message), but it is good enough for us |
|
262 |
- * since we do no validation of coversheet |
|
263 |
- * presence etc. (which also has disappeared |
|
264 |
- * in the final version) |
|
265 |
- */ |
|
266 |
-#define ENCRYPTED 13 /* |
|
267 |
- * e.g. RFC2015 |
|
268 |
- * Content-Type: multipart/encrypted; |
|
269 |
- * boundary="nextPart1383049.XCRrrar2yq"; |
|
270 |
- * protocol="application/pgp-encrypted" |
|
271 |
- */ |
|
272 |
-#define X_BFILE RELATED /* |
|
273 |
- * BeOS, expert two parts: the file and it's |
|
274 |
- * attributes. The attributes part comes as |
|
275 |
- * Content-Type: application/x-be_attribute |
|
276 |
- * name="foo" |
|
277 |
- * I can't find where it is defined, any |
|
278 |
- * pointers would be appreciated. For now |
|
279 |
- * we treat it as multipart/related |
|
280 |
- */ |
|
281 |
-#define KNOWBOT 14 /* Unknown and undocumented format? */ |
|
282 |
- |
|
283 |
-static const struct tableinit { |
|
284 |
- const char *key; |
|
285 |
- int value; |
|
244 |
+#define PLAIN 1 |
|
245 |
+#define ENRICHED 2 |
|
246 |
+#define HTML 3 |
|
247 |
+#define RICHTEXT 4 |
|
248 |
+#define MIXED 5 |
|
249 |
+#define ALTERNATIVE 6 /* RFC1521*/ |
|
250 |
+#define DIGEST 7 |
|
251 |
+#define SIGNED 8 |
|
252 |
+#define PARALLEL 9 |
|
253 |
+#define RELATED 10 /* RFC2387 */ |
|
254 |
+#define REPORT 11 /* RFC1892 */ |
|
255 |
+#define APPLEDOUBLE 12 /* Handling of this in only noddy for now */ |
|
256 |
+#define FAX MIXED /* \ |
|
257 |
+ * RFC3458 \ |
|
258 |
+ * Drafts stated to treat is as mixed if it is \ |
|
259 |
+ * not known. This disappeared in the final \ |
|
260 |
+ * version (except when talking about \ |
|
261 |
+ * voice-message), but it is good enough for us \ |
|
262 |
+ * since we do no validation of coversheet \ |
|
263 |
+ * presence etc. (which also has disappeared \ |
|
264 |
+ * in the final version) \ |
|
265 |
+ */ |
|
266 |
+#define ENCRYPTED 13 /* \ |
|
267 |
+ * e.g. RFC2015 \ |
|
268 |
+ * Content-Type: multipart/encrypted; \ |
|
269 |
+ * boundary="nextPart1383049.XCRrrar2yq"; \ |
|
270 |
+ * protocol="application/pgp-encrypted" \ |
|
271 |
+ */ |
|
272 |
+#define X_BFILE RELATED /* \ |
|
273 |
+ * BeOS, expert two parts: the file and it's \ |
|
274 |
+ * attributes. The attributes part comes as \ |
|
275 |
+ * Content-Type: application/x-be_attribute \ |
|
276 |
+ * name="foo" \ |
|
277 |
+ * I can't find where it is defined, any \ |
|
278 |
+ * pointers would be appreciated. For now \ |
|
279 |
+ * we treat it as multipart/related \ |
|
280 |
+ */ |
|
281 |
+#define KNOWBOT 14 /* Unknown and undocumented format? */ |
|
282 |
+ |
|
283 |
+static const struct tableinit { |
|
284 |
+ const char *key; |
|
285 |
+ int value; |
|
286 | 286 |
} rfc821headers[] = { |
287 |
- /* TODO: make these regular expressions */ |
|
288 |
- { "Content-Type", CONTENT_TYPE }, |
|
289 |
- { "Content-Transfer-Encoding", CONTENT_TRANSFER_ENCODING }, |
|
290 |
- { "Content-Disposition", CONTENT_DISPOSITION }, |
|
291 |
- { NULL, 0 } |
|
292 |
-}, mimeSubtypes[] = { /* see RFC2045 */ |
|
293 |
- /* subtypes of Text */ |
|
294 |
- { "plain", PLAIN }, |
|
295 |
- { "enriched", ENRICHED }, |
|
296 |
- { "html", HTML }, |
|
297 |
- { "richtext", RICHTEXT }, |
|
298 |
- /* subtypes of Multipart */ |
|
299 |
- { "mixed", MIXED }, |
|
300 |
- { "alternative", ALTERNATIVE }, |
|
301 |
- { "digest", DIGEST }, |
|
302 |
- { "signed", SIGNED }, |
|
303 |
- { "parallel", PARALLEL }, |
|
304 |
- { "related", RELATED }, |
|
305 |
- { "report", REPORT }, |
|
306 |
- { "appledouble", APPLEDOUBLE }, |
|
307 |
- { "fax-message", FAX }, |
|
308 |
- { "encrypted", ENCRYPTED }, |
|
309 |
- { "x-bfile", X_BFILE }, /* BeOS */ |
|
310 |
- { "knowbot", KNOWBOT }, /* ??? */ |
|
311 |
- { "knowbot-metadata", KNOWBOT }, /* ??? */ |
|
312 |
- { "knowbot-code", KNOWBOT }, /* ??? */ |
|
313 |
- { "knowbot-state", KNOWBOT }, /* ??? */ |
|
314 |
- { NULL, 0 } |
|
315 |
-}, mimeTypeStr[] = { |
|
316 |
- { "NOMIME", NOMIME }, |
|
317 |
- { "APPLICATION", APPLICATION }, |
|
318 |
- { "AUDIO", AUDIO }, |
|
319 |
- { "IMAGE", IMAGE }, |
|
320 |
- { "MESSAGE", MESSAGE }, |
|
321 |
- { "MULTIPART", MULTIPART }, |
|
322 |
- { "TEXT", TEXT }, |
|
323 |
- { "VIDEO", VIDEO }, |
|
324 |
- { "MEXTENSION", MEXTENSION }, |
|
325 |
- { NULL, 0 } |
|
326 |
-}, encTypeStr[] = { |
|
327 |
- { "NOENCODING", NOENCODING }, |
|
328 |
- { "QUOTEDPRINTABLE", QUOTEDPRINTABLE }, |
|
329 |
- { "BASE64", BASE64 }, |
|
330 |
- { "EIGHTBIT", EIGHTBIT }, |
|
331 |
- { "BINARY", BINARY }, |
|
332 |
- { "UUENCODE", UUENCODE }, |
|
333 |
- { "YENCODE", YENCODE }, |
|
334 |
- { "EEXTENSION", EEXTENSION }, |
|
335 |
- { "BINHEX", BINHEX }, |
|
336 |
- { NULL, 0 } |
|
337 |
-}; |
|
338 |
- |
|
339 |
-#ifdef CL_THREAD_SAFE |
|
340 |
-static pthread_mutex_t tables_mutex = PTHREAD_MUTEX_INITIALIZER; |
|
287 |
+ /* TODO: make these regular expressions */ |
|
288 |
+ {"Content-Type", CONTENT_TYPE}, |
|
289 |
+ {"Content-Transfer-Encoding", CONTENT_TRANSFER_ENCODING}, |
|
290 |
+ {"Content-Disposition", CONTENT_DISPOSITION}, |
|
291 |
+ {NULL, 0}}, |
|
292 |
+ mimeSubtypes[] = {/* see RFC2045 */ |
|
293 |
+ /* subtypes of Text */ |
|
294 |
+ {"plain", PLAIN}, |
|
295 |
+ {"enriched", ENRICHED}, |
|
296 |
+ {"html", HTML}, |
|
297 |
+ {"richtext", RICHTEXT}, |
|
298 |
+ /* subtypes of Multipart */ |
|
299 |
+ {"mixed", MIXED}, |
|
300 |
+ {"alternative", ALTERNATIVE}, |
|
301 |
+ {"digest", DIGEST}, |
|
302 |
+ {"signed", SIGNED}, |
|
303 |
+ {"parallel", PARALLEL}, |
|
304 |
+ {"related", RELATED}, |
|
305 |
+ {"report", REPORT}, |
|
306 |
+ {"appledouble", APPLEDOUBLE}, |
|
307 |
+ {"fax-message", FAX}, |
|
308 |
+ {"encrypted", ENCRYPTED}, |
|
309 |
+ {"x-bfile", X_BFILE}, /* BeOS */ |
|
310 |
+ {"knowbot", KNOWBOT}, /* ??? */ |
|
311 |
+ {"knowbot-metadata", KNOWBOT}, /* ??? */ |
|
312 |
+ {"knowbot-code", KNOWBOT}, /* ??? */ |
|
313 |
+ {"knowbot-state", KNOWBOT}, /* ??? */ |
|
314 |
+ {NULL, 0}}, |
|
315 |
+ mimeTypeStr[] = {{"NOMIME", NOMIME}, {"APPLICATION", APPLICATION}, {"AUDIO", AUDIO}, {"IMAGE", IMAGE}, {"MESSAGE", MESSAGE}, {"MULTIPART", MULTIPART}, {"TEXT", TEXT}, {"VIDEO", VIDEO}, {"MEXTENSION", MEXTENSION}, {NULL, 0}}, encTypeStr[] = {{"NOENCODING", NOENCODING}, {"QUOTEDPRINTABLE", QUOTEDPRINTABLE}, {"BASE64", BASE64}, {"EIGHTBIT", EIGHTBIT}, {"BINARY", BINARY}, {"UUENCODE", UUENCODE}, {"YENCODE", YENCODE}, {"EEXTENSION", EEXTENSION}, {"BINHEX", BINHEX}, {NULL, 0}}; |
|
316 |
+ |
|
317 |
+#ifdef CL_THREAD_SAFE |
|
318 |
+static pthread_mutex_t tables_mutex = PTHREAD_MUTEX_INITIALIZER; |
|
341 | 319 |
#endif |
342 |
-static table_t *rfc821 = NULL; |
|
343 |
-static table_t *subtype = NULL; |
|
320 |
+static table_t *rfc821 = NULL; |
|
321 |
+static table_t *subtype = NULL; |
|
344 | 322 |
|
345 |
-int |
|
346 |
-cli_mbox(const char *dir, cli_ctx *ctx) |
|
323 |
+int cli_mbox(const char *dir, cli_ctx *ctx) |
|
347 | 324 |
{ |
348 |
- if(dir == NULL) { |
|
349 |
- cli_dbgmsg("cli_mbox called with NULL dir\n"); |
|
350 |
- return CL_ENULLARG; |
|
351 |
- } |
|
352 |
- return cli_parse_mbox(dir, ctx); |
|
325 |
+ if (dir == NULL) { |
|
326 |
+ cli_dbgmsg("cli_mbox called with NULL dir\n"); |
|
327 |
+ return CL_ENULLARG; |
|
328 |
+ } |
|
329 |
+ return cli_parse_mbox(dir, ctx); |
|
353 | 330 |
} |
354 | 331 |
|
355 | 332 |
/* |
... | ... |
@@ -370,51 +348,51 @@ cli_mbox(const char *dir, cli_ctx *ctx) |
370 | 370 |
static int |
371 | 371 |
cli_parse_mbox(const char *dir, cli_ctx *ctx) |
372 | 372 |
{ |
373 |
- int retcode; |
|
374 |
- message *body; |
|
375 |
- char buffer[RFC2821LENGTH + 1]; |
|
376 |
- mbox_ctx mctx; |
|
377 |
- size_t at = 0; |
|
378 |
- fmap_t *map = *ctx->fmap; |
|
379 |
- |
|
380 |
- cli_dbgmsg("in mbox()\n"); |
|
381 |
- |
|
382 |
- if(!fmap_gets(map, buffer, &at, sizeof(buffer) - 1)) { |
|
383 |
- /* empty message */ |
|
384 |
- return CL_CLEAN; |
|
385 |
- } |
|
386 |
-#ifdef CL_THREAD_SAFE |
|
387 |
- pthread_mutex_lock(&tables_mutex); |
|
373 |
+ int retcode; |
|
374 |
+ message *body; |
|
375 |
+ char buffer[RFC2821LENGTH + 1]; |
|
376 |
+ mbox_ctx mctx; |
|
377 |
+ size_t at = 0; |
|
378 |
+ fmap_t *map = *ctx->fmap; |
|
379 |
+ |
|
380 |
+ cli_dbgmsg("in mbox()\n"); |
|
381 |
+ |
|
382 |
+ if (!fmap_gets(map, buffer, &at, sizeof(buffer) - 1)) { |
|
383 |
+ /* empty message */ |
|
384 |
+ return CL_CLEAN; |
|
385 |
+ } |
|
386 |
+#ifdef CL_THREAD_SAFE |
|
387 |
+ pthread_mutex_lock(&tables_mutex); |
|
388 | 388 |
#endif |
389 |
- if(rfc821 == NULL) { |
|
390 |
- assert(subtype == NULL); |
|
391 |
- |
|
392 |
- if(initialiseTables(&rfc821, &subtype) < 0) { |
|
393 |
- rfc821 = NULL; |
|
394 |
- subtype = NULL; |
|
395 |
-#ifdef CL_THREAD_SAFE |
|
396 |
- pthread_mutex_unlock(&tables_mutex); |
|
389 |
+ if (rfc821 == NULL) { |
|
390 |
+ assert(subtype == NULL); |
|
391 |
+ |
|
392 |
+ if (initialiseTables(&rfc821, &subtype) < 0) { |
|
393 |
+ rfc821 = NULL; |
|
394 |
+ subtype = NULL; |
|
395 |
+#ifdef CL_THREAD_SAFE |
|
396 |
+ pthread_mutex_unlock(&tables_mutex); |
|
397 | 397 |
#endif |
398 |
- return CL_EMEM; |
|
399 |
- } |
|
400 |
- } |
|
401 |
-#ifdef CL_THREAD_SAFE |
|
402 |
- pthread_mutex_unlock(&tables_mutex); |
|
398 |
+ return CL_EMEM; |
|
399 |
+ } |
|
400 |
+ } |
|
401 |
+#ifdef CL_THREAD_SAFE |
|
402 |
+ pthread_mutex_unlock(&tables_mutex); |
|
403 | 403 |
#endif |
404 | 404 |
|
405 |
- retcode = CL_SUCCESS; |
|
406 |
- body = NULL; |
|
405 |
+ retcode = CL_SUCCESS; |
|
406 |
+ body = NULL; |
|
407 | 407 |
|
408 |
- mctx.dir = dir; |
|
409 |
- mctx.rfc821Table = rfc821; |
|
410 |
- mctx.subtypeTable = subtype; |
|
411 |
- mctx.ctx = ctx; |
|
412 |
- mctx.files = 0; |
|
408 |
+ mctx.dir = dir; |
|
409 |
+ mctx.rfc821Table = rfc821; |
|
410 |
+ mctx.subtypeTable = subtype; |
|
411 |
+ mctx.ctx = ctx; |
|
412 |
+ mctx.files = 0; |
|
413 | 413 |
#if HAVE_JSON |
414 |
- mctx.wrkobj = ctx->wrkproperty; |
|
414 |
+ mctx.wrkobj = ctx->wrkproperty; |
|
415 | 415 |
#endif |
416 | 416 |
|
417 |
- /* |
|
417 |
+ /* |
|
418 | 418 |
* Is it a UNIX style mbox with more than one |
419 | 419 |
* mail message, or just a single mail message? |
420 | 420 |
* |
... | ... |
@@ -423,9 +401,9 @@ cli_parse_mbox(const char *dir, cli_ctx *ctx) |
423 | 423 |
* than one message is handled, e.g. giving a better indication of |
424 | 424 |
* which message within the mailbox is infected |
425 | 425 |
*/ |
426 |
- /*if((strncmp(buffer, "From ", 5) == 0) && isalnum(buffer[5])) {*/ |
|
427 |
- if(strncmp(buffer, "From ", 5) == 0) { |
|
428 |
- /* |
|
426 |
+ /*if((strncmp(buffer, "From ", 5) == 0) && isalnum(buffer[5])) {*/ |
|
427 |
+ if (strncmp(buffer, "From ", 5) == 0) { |
|
428 |
+ /* |
|
429 | 429 |
* Have been asked to check a UNIX style mbox file, which |
430 | 430 |
* may contain more than one e-mail message to decode |
431 | 431 |
* |
... | ... |
@@ -443,47 +421,47 @@ cli_parse_mbox(const char *dir, cli_ctx *ctx) |
443 | 443 |
* This would remove a problem with this code that it can |
444 | 444 |
* fill up the tmp directory before it starts scanning |
445 | 445 |
*/ |
446 |
- bool lastLineWasEmpty; |
|
447 |
- int messagenumber; |
|
448 |
- message *m = messageCreate(); |
|
449 |
- |
|
450 |
- if(m == NULL) |
|
451 |
- return CL_EMEM; |
|
452 |
- |
|
453 |
- lastLineWasEmpty = FALSE; |
|
454 |
- messagenumber = 1; |
|
455 |
- messageSetCTX(m, ctx); |
|
456 |
- |
|
457 |
- do { |
|
458 |
- cli_chomp(buffer); |
|
459 |
- /*if(lastLineWasEmpty && (strncmp(buffer, "From ", 5) == 0) && isalnum(buffer[5])) {*/ |
|
460 |
- if(lastLineWasEmpty && (strncmp(buffer, "From ", 5) == 0)) { |
|
461 |
- cli_dbgmsg("Deal with message number %d\n", messagenumber++); |
|
462 |
- /* |
|
446 |
+ bool lastLineWasEmpty; |
|
447 |
+ int messagenumber; |
|
448 |
+ message *m = messageCreate(); |
|
449 |
+ |
|
450 |
+ if (m == NULL) |
|
451 |
+ return CL_EMEM; |
|
452 |
+ |
|
453 |
+ lastLineWasEmpty = FALSE; |
|
454 |
+ messagenumber = 1; |
|
455 |
+ messageSetCTX(m, ctx); |
|
456 |
+ |
|
457 |
+ do { |
|
458 |
+ cli_chomp(buffer); |
|
459 |
+ /*if(lastLineWasEmpty && (strncmp(buffer, "From ", 5) == 0) && isalnum(buffer[5])) {*/ |
|
460 |
+ if (lastLineWasEmpty && (strncmp(buffer, "From ", 5) == 0)) { |
|
461 |
+ cli_dbgmsg("Deal with message number %d\n", messagenumber++); |
|
462 |
+ /* |
|
463 | 463 |
* End of a message in the mail box |
464 | 464 |
*/ |
465 |
- body = parseEmailHeaders(m, rfc821); |
|
466 |
- if(body == NULL) { |
|
467 |
- messageReset(m); |
|
468 |
- continue; |
|
469 |
- } |
|
470 |
- messageSetCTX(body, ctx); |
|
471 |
- messageDestroy(m); |
|
472 |
- if(messageGetBody(body)) { |
|
473 |
- mbox_status rc = parseEmailBody(body, NULL, &mctx, 0); |
|
474 |
- if(rc == FAIL) { |
|
475 |
- messageReset(body); |
|
476 |
- m = body; |
|
477 |
- continue; |
|
478 |
- } else if(rc == VIRUS) { |
|
479 |
- cli_dbgmsg("Message number %d is infected\n", |
|
480 |
- messagenumber-1); |
|
481 |
- retcode = CL_VIRUS; |
|
482 |
- m = NULL; |
|
483 |
- break; |
|
484 |
- } |
|
485 |
- } |
|
486 |
- /* |
|
465 |
+ body = parseEmailHeaders(m, rfc821); |
|
466 |
+ if (body == NULL) { |
|
467 |
+ messageReset(m); |
|
468 |
+ continue; |
|
469 |
+ } |
|
470 |
+ messageSetCTX(body, ctx); |
|
471 |
+ messageDestroy(m); |
|
472 |
+ if (messageGetBody(body)) { |
|
473 |
+ mbox_status rc = parseEmailBody(body, NULL, &mctx, 0); |
|
474 |
+ if (rc == FAIL) { |
|
475 |
+ messageReset(body); |
|
476 |
+ m = body; |
|
477 |
+ continue; |
|
478 |
+ } else if (rc == VIRUS) { |
|
479 |
+ cli_dbgmsg("Message number %d is infected\n", |
|
480 |
+ messagenumber - 1); |
|
481 |
+ retcode = CL_VIRUS; |
|
482 |
+ m = NULL; |
|
483 |
+ break; |
|
484 |
+ } |
|
485 |
+ } |
|
486 |
+ /* |
|
487 | 487 |
* Starting a new message, throw away all the |
488 | 488 |
* information about the old one. It would |
489 | 489 |
* be best to be able to scan this message |
... | ... |
@@ -491,72 +469,72 @@ cli_parse_mbox(const char *dir, cli_ctx *ctx) |
491 | 491 |
* that haven't been passed here so it can't be |
492 | 492 |
* called |
493 | 493 |
*/ |
494 |
- m = body; |
|
495 |
- messageReset(body); |
|
496 |
- messageSetCTX(body, ctx); |
|
494 |
+ m = body; |
|
495 |
+ messageReset(body); |
|
496 |
+ messageSetCTX(body, ctx); |
|
497 | 497 |
|
498 |
- cli_dbgmsg("Finished processing message\n"); |
|
499 |
- } else |
|
500 |
- lastLineWasEmpty = (bool)(buffer[0] == '\0'); |
|
498 |
+ cli_dbgmsg("Finished processing message\n"); |
|
499 |
+ } else |
|
500 |
+ lastLineWasEmpty = (bool)(buffer[0] == '\0'); |
|
501 | 501 |
|
502 |
- if(isuuencodebegin(buffer)) { |
|
503 |
- /* |
|
502 |
+ if (isuuencodebegin(buffer)) { |
|
503 |
+ /* |
|
504 | 504 |
* Fast track visa to uudecode. |
505 | 505 |
* TODO: binhex, yenc |
506 | 506 |
*/ |
507 |
- if(uudecodeFile(m, buffer, dir, map, &at) < 0) |
|
508 |
- if(messageAddStr(m, buffer) < 0) |
|
509 |
- break; |
|
510 |
- } else |
|
511 |
- /* at this point, the \n has been removed */ |
|
512 |
- if(messageAddStr(m, buffer) < 0) |
|
513 |
- break; |
|
514 |
- } while(fmap_gets(map, buffer, &at, sizeof(buffer) - 1)); |
|
515 |
- |
|
516 |
- if(retcode == CL_SUCCESS) { |
|
517 |
- cli_dbgmsg("Extract attachments from email %d\n", messagenumber); |
|
518 |
- body = parseEmailHeaders(m, rfc821); |
|
519 |
- } |
|
520 |
- if(m) |
|
521 |
- messageDestroy(m); |
|
522 |
- } else { |
|
523 |
- /* |
|
507 |
+ if (uudecodeFile(m, buffer, dir, map, &at) < 0) |
|
508 |
+ if (messageAddStr(m, buffer) < 0) |
|
509 |
+ break; |
|
510 |
+ } else |
|
511 |
+ /* at this point, the \n has been removed */ |
|
512 |
+ if (messageAddStr(m, buffer) < 0) |
|
513 |
+ break; |
|
514 |
+ } while (fmap_gets(map, buffer, &at, sizeof(buffer) - 1)); |
|
515 |
+ |
|
516 |
+ if (retcode == CL_SUCCESS) { |
|
517 |
+ cli_dbgmsg("Extract attachments from email %d\n", messagenumber); |
|
518 |
+ body = parseEmailHeaders(m, rfc821); |
|
519 |
+ } |
|
520 |
+ if (m) |
|
521 |
+ messageDestroy(m); |
|
522 |
+ } else { |
|
523 |
+ /* |
|
524 | 524 |
* It's a single message, parse the headers then the body |
525 | 525 |
*/ |
526 |
- if(strncmp(buffer, "P I ", 4) == 0) |
|
527 |
- /* |
|
526 |
+ if (strncmp(buffer, "P I ", 4) == 0) |
|
527 |
+ /* |
|
528 | 528 |
* CommuniGate Pro format: ignore headers until |
529 | 529 |
* blank line |
530 | 530 |
*/ |
531 |
- while(fmap_gets(map, buffer, &at, sizeof(buffer) - 1) && |
|
532 |
- (strchr("\r\n", buffer[0]) == NULL)) |
|
533 |
- ; |
|
534 |
- /* getline_from_mbox could be using unlocked_stdio(3), |
|
531 |
+ while (fmap_gets(map, buffer, &at, sizeof(buffer) - 1) && |
|
532 |
+ (strchr("\r\n", buffer[0]) == NULL)) |
|
533 |
+ ; |
|
534 |
+ /* getline_from_mbox could be using unlocked_stdio(3), |
|
535 | 535 |
* so lock file here */ |
536 |
- /* |
|
536 |
+ /* |
|
537 | 537 |
* Ignore any blank lines at the top of the message |
538 | 538 |
*/ |
539 |
- while(strchr("\r\n", buffer[0]) && |
|
540 |
- (getline_from_mbox(buffer, sizeof(buffer) - 1, map, &at) != NULL)) |
|
541 |
- ; |
|
539 |
+ while (strchr("\r\n", buffer[0]) && |
|
540 |
+ (getline_from_mbox(buffer, sizeof(buffer) - 1, map, &at) != NULL)) |
|
541 |
+ ; |
|
542 | 542 |
|
543 |
- buffer[sizeof(buffer) - 1] = '\0'; |
|
543 |
+ buffer[sizeof(buffer) - 1] = '\0'; |
|
544 | 544 |
|
545 |
- body = parseEmailFile(map, &at, rfc821, buffer, dir); |
|
546 |
- } |
|
545 |
+ body = parseEmailFile(map, &at, rfc821, buffer, dir); |
|
546 |
+ } |
|
547 | 547 |
|
548 |
- if(body) { |
|
549 |
- /* |
|
548 |
+ if (body) { |
|
549 |
+ /* |
|
550 | 550 |
* Write out the last entry in the mailbox |
551 | 551 |
*/ |
552 |
- if((retcode == CL_SUCCESS) && messageGetBody(body)) { |
|
553 |
- messageSetCTX(body, ctx); |
|
554 |
- switch(parseEmailBody(body, NULL, &mctx, 0)) { |
|
555 |
- case OK: |
|
556 |
- case OK_ATTACHMENTS_NOT_SAVED: |
|
557 |
- break; |
|
558 |
- case FAIL: |
|
559 |
- /* |
|
552 |
+ if ((retcode == CL_SUCCESS) && messageGetBody(body)) { |
|
553 |
+ messageSetCTX(body, ctx); |
|
554 |
+ switch (parseEmailBody(body, NULL, &mctx, 0)) { |
|
555 |
+ case OK: |
|
556 |
+ case OK_ATTACHMENTS_NOT_SAVED: |
|
557 |
+ break; |
|
558 |
+ case FAIL: |
|
559 |
+ /* |
|
560 | 560 |
* beware: cli_magic_scandesc(), |
561 | 561 |
* changes this into CL_CLEAN, so only |
562 | 562 |
* use it to inform the higher levels |
... | ... |
@@ -565,37 +543,37 @@ cli_parse_mbox(const char *dir, cli_ctx *ctx) |
565 | 565 |
* decoding errors on what *is* a valid |
566 | 566 |
* mbox |
567 | 567 |
*/ |
568 |
- retcode = CL_EFORMAT; |
|
569 |
- break; |
|
570 |
- case MAXREC: |
|
571 |
- retcode = CL_EMAXREC; |
|
572 |
- break; |
|
573 |
- case MAXFILES: |
|
574 |
- retcode = CL_EMAXFILES; |
|
575 |
- break; |
|
576 |
- case VIRUS: |
|
577 |
- retcode = CL_VIRUS; |
|
578 |
- break; |
|
579 |
- } |
|
580 |
- } |
|
581 |
- |
|
582 |
- if(body->isTruncated && retcode == CL_SUCCESS) |
|
583 |
- retcode = CL_EMEM; |
|
584 |
- /* |
|
568 |
+ retcode = CL_EFORMAT; |
|
569 |
+ break; |
|
570 |
+ case MAXREC: |
|
571 |
+ retcode = CL_EMAXREC; |
|
572 |
+ break; |
|
573 |
+ case MAXFILES: |
|
574 |
+ retcode = CL_EMAXFILES; |
|
575 |
+ break; |
|
576 |
+ case VIRUS: |
|
577 |
+ retcode = CL_VIRUS; |
|
578 |
+ break; |
|
579 |
+ } |
|
580 |
+ } |
|
581 |
+ |
|
582 |
+ if (body->isTruncated && retcode == CL_SUCCESS) |
|
583 |
+ retcode = CL_EMEM; |
|
584 |
+ /* |
|
585 | 585 |
* Tidy up and quit |
586 | 586 |
*/ |
587 |
- messageDestroy(body); |
|
588 |
- } |
|
587 |
+ messageDestroy(body); |
|
588 |
+ } |
|
589 | 589 |
|
590 |
- if((retcode == CL_CLEAN) && ctx->found_possibly_unwanted && |
|
591 |
- (*ctx->virname == NULL || SCAN_ALLMATCHES)) { |
|
592 |
- retcode = cli_append_virus(ctx, "Heuristics.Phishing.Email"); |
|
593 |
- ctx->found_possibly_unwanted = 0; |
|
594 |
- } |
|
590 |
+ if ((retcode == CL_CLEAN) && ctx->found_possibly_unwanted && |
|
591 |
+ (*ctx->virname == NULL || SCAN_ALLMATCHES)) { |
|
592 |
+ retcode = cli_append_virus(ctx, "Heuristics.Phishing.Email"); |
|
593 |
+ ctx->found_possibly_unwanted = 0; |
|
594 |
+ } |
|
595 | 595 |
|
596 |
- cli_dbgmsg("cli_mbox returning %d\n", retcode); |
|
596 |
+ cli_dbgmsg("cli_mbox returning %d\n", retcode); |
|
597 | 597 |
|
598 |
- return retcode; |
|
598 |
+ return retcode; |
|
599 | 599 |
} |
600 | 600 |
|
601 | 601 |
/* |
... | ... |
@@ -607,58 +585,58 @@ cli_parse_mbox(const char *dir, cli_ctx *ctx) |
607 | 607 |
static message * |
608 | 608 |
parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821, const char *firstLine, const char *dir) |
609 | 609 |
{ |
610 |
- bool inHeader = TRUE; |
|
611 |
- bool bodyIsEmpty = TRUE; |
|
612 |
- bool lastWasBlank = FALSE, lastBodyLineWasBlank = FALSE; |
|
613 |
- message *ret; |
|
614 |
- bool anyHeadersFound = FALSE; |
|
615 |
- int commandNumber = -1; |
|
616 |
- char *fullline = NULL, *boundary = NULL; |
|
617 |
- size_t fulllinelength = 0; |
|
618 |
- char buffer[RFC2821LENGTH + 1]; |
|
619 |
- |
|
620 |
- cli_dbgmsg("parseEmailFile\n"); |
|
621 |
- |
|
622 |
- ret = messageCreate(); |
|
623 |
- if(ret == NULL) |
|
624 |
- return NULL; |
|
625 |
- |
|
626 |
- strncpy(buffer, firstLine, sizeof(buffer)-1); |
|
627 |
- do { |
|
628 |
- const char *line; |
|
629 |
- |
|
630 |
- (void)cli_chomp(buffer); |
|
631 |
- |
|
632 |
- if(buffer[0] == '\0') |
|
633 |
- line = NULL; |
|
634 |
- else |
|
635 |
- line = buffer; |
|
636 |
- |
|
637 |
- /* |
|
610 |
+ bool inHeader = TRUE; |
|
611 |
+ bool bodyIsEmpty = TRUE; |
|
612 |
+ bool lastWasBlank = FALSE, lastBodyLineWasBlank = FALSE; |
|
613 |
+ message *ret; |
|
614 |
+ bool anyHeadersFound = FALSE; |
|
615 |
+ int commandNumber = -1; |
|
616 |
+ char *fullline = NULL, *boundary = NULL; |
|
617 |
+ size_t fulllinelength = 0; |
|
618 |
+ char buffer[RFC2821LENGTH + 1]; |
|
619 |
+ |
|
620 |
+ cli_dbgmsg("parseEmailFile\n"); |
|
621 |
+ |
|
622 |
+ ret = messageCreate(); |
|
623 |
+ if (ret == NULL) |
|
624 |
+ return NULL; |
|
625 |
+ |
|
626 |
+ strncpy(buffer, firstLine, sizeof(buffer) - 1); |
|
627 |
+ do { |
|
628 |
+ const char *line; |
|
629 |
+ |
|
630 |
+ (void)cli_chomp(buffer); |
|
631 |
+ |
|
632 |
+ if (buffer[0] == '\0') |
|
633 |
+ line = NULL; |
|
634 |
+ else |
|
635 |
+ line = buffer; |
|
636 |
+ |
|
637 |
+ /* |
|
638 | 638 |
* Don't blank lines which are only spaces from headers, |
639 | 639 |
* otherwise they'll be treated as the end of header marker |
640 | 640 |
*/ |
641 |
- if(lastWasBlank) { |
|
642 |
- lastWasBlank = FALSE; |
|
643 |
- if(boundaryStart(buffer, boundary)) { |
|
644 |
- cli_dbgmsg("Found a header line with space that should be blank\n"); |
|
645 |
- inHeader = FALSE; |
|
646 |
- } |
|
647 |
- } |
|
648 |
- if(inHeader) { |
|
649 |
- cli_dbgmsg("parseEmailFile: check '%s' fullline %p\n", |
|
650 |
- buffer, fullline); |
|
651 |
- /* |
|
641 |
+ if (lastWasBlank) { |
|
642 |
+ lastWasBlank = FALSE; |
|
643 |
+ if (boundaryStart(buffer, boundary)) { |
|
644 |
+ cli_dbgmsg("Found a header line with space that should be blank\n"); |
|
645 |
+ inHeader = FALSE; |
|
646 |
+ } |
|
647 |
+ } |
|
648 |
+ if (inHeader) { |
|
649 |
+ cli_dbgmsg("parseEmailFile: check '%s' fullline %p\n", |
|
650 |
+ buffer, fullline); |
|
651 |
+ /* |
|
652 | 652 |
* Ensure wide characters are handled where |
653 | 653 |
* sizeof(char) > 1 |
654 | 654 |
*/ |
655 |
- if(line && isspace(line[0] & 0xFF)) { |
|
656 |
- char copy[sizeof(buffer)]; |
|
655 |
+ if (line && isspace(line[0] & 0xFF)) { |
|
656 |
+ char copy[sizeof(buffer)]; |
|
657 | 657 |
|
658 |
- strcpy(copy, buffer); |
|
659 |
- strstrip(copy); |
|
660 |
- if(copy[0] == '\0') { |
|
661 |
- /* |
|
658 |
+ strcpy(copy, buffer); |
|
659 |
+ strstrip(copy); |
|
660 |
+ if (copy[0] == '\0') { |
|
661 |
+ /* |
|
662 | 662 |
* The header line contains only white |
663 | 663 |
* space. This is not the end of the |
664 | 664 |
* headers according to RFC2822, but |
... | ... |
@@ -671,189 +649,189 @@ parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821, const char *first |
671 | 671 |
* content-type line. So we just have |
672 | 672 |
* to make a best guess. Sigh. |
673 | 673 |
*/ |
674 |
- if(fullline) { |
|
675 |
- if(parseEmailHeader(ret, fullline, rfc821) < 0) |
|
676 |
- continue; |
|
677 |
- |
|
678 |
- free(fullline); |
|
679 |
- fullline = NULL; |
|
680 |
- } |
|
681 |
- if(boundary || |
|
682 |
- ((boundary = (char *)messageFindArgument(ret, "boundary")) != NULL)) { |
|
683 |
- lastWasBlank = TRUE; |
|
684 |
- continue; |
|
685 |
- } |
|
686 |
- } |
|
687 |
- } |
|
688 |
- if((line == NULL) && (fullline == NULL)) { /* empty line */ |
|
689 |
- /* |
|
674 |
+ if (fullline) { |
|
675 |
+ if (parseEmailHeader(ret, fullline, rfc821) < 0) |
|
676 |
+ continue; |
|
677 |
+ |
|
678 |
+ free(fullline); |
|
679 |
+ fullline = NULL; |
|
680 |
+ } |
|
681 |
+ if (boundary || |
|
682 |
+ ((boundary = (char *)messageFindArgument(ret, "boundary")) != NULL)) { |
|
683 |
+ lastWasBlank = TRUE; |
|
684 |
+ continue; |
|
685 |
+ } |
|
686 |
+ } |
|
687 |
+ } |
|
688 |
+ if ((line == NULL) && (fullline == NULL)) { /* empty line */ |
|
689 |
+ /* |
|
690 | 690 |
* A blank line signifies the end of |
691 | 691 |
* the header and the start of the text |
692 | 692 |
*/ |
693 |
- if(!anyHeadersFound) |
|
694 |
- /* Ignore the junk at the top */ |
|
695 |
- continue; |
|
693 |
+ if (!anyHeadersFound) |
|
694 |
+ /* Ignore the junk at the top */ |
|
695 |
+ continue; |
|
696 | 696 |
|
697 |
- cli_dbgmsg("End of header information\n"); |
|
698 |
- inHeader = FALSE; |
|
699 |
- bodyIsEmpty = TRUE; |
|
700 |
- } else { |
|
701 |
- char *ptr; |
|
702 |
- const char *lookahead; |
|
697 |
+ cli_dbgmsg("End of header information\n"); |
|
698 |
+ inHeader = FALSE; |
|
699 |
+ bodyIsEmpty = TRUE; |
|
700 |
+ } else { |
|
701 |
+ char *ptr; |
|
702 |
+ const char *lookahead; |
|
703 | 703 |
|
704 |
- if(fullline == NULL) { |
|
705 |
- char cmd[RFC2821LENGTH + 1], out[RFC2821LENGTH + 1]; |
|
704 |
+ if (fullline == NULL) { |
|
705 |
+ char cmd[RFC2821LENGTH + 1], out[RFC2821LENGTH + 1]; |
|
706 | 706 |
|
707 |
- /* |
|
707 |
+ /* |
|
708 | 708 |
* Continuation of line we're ignoring? |
709 | 709 |
*/ |
710 |
- if(isblank(line[0])) |
|
711 |
- continue; |
|
710 |
+ if (isblank(line[0])) |
|
711 |
+ continue; |
|
712 | 712 |
|
713 |
- /* |
|
713 |
+ /* |
|
714 | 714 |
* Is this a header we're interested in? |
715 | 715 |
*/ |
716 |
- if((strchr(line, ':') == NULL) || |
|
717 |
- (cli_strtokbuf(line, 0, ":", cmd) == NULL)) { |
|
718 |
- if(strncmp(line, "From ", 5) == 0) |
|
719 |
- anyHeadersFound = TRUE; |
|
720 |
- continue; |
|
721 |
- } |
|
722 |
- |
|
723 |
- ptr = rfc822comments(cmd, out); |
|
724 |
- commandNumber = tableFind(rfc821, ptr ? ptr : cmd); |
|
725 |
- |
|
726 |
- switch(commandNumber) { |
|
727 |
- case CONTENT_TRANSFER_ENCODING: |
|
728 |
- case CONTENT_DISPOSITION: |
|
729 |
- case CONTENT_TYPE: |
|
730 |
- anyHeadersFound = TRUE; |
|
731 |
- break; |
|
732 |
- default: |
|
733 |
- if(!anyHeadersFound) |
|
734 |
- anyHeadersFound = usefulHeader(commandNumber, cmd); |
|
735 |
- continue; |
|
736 |
- } |
|
737 |
- fullline = cli_strdup(line); |
|
738 |
- fulllinelength = strlen(line) + 1; |
|
739 |
- if(!fullline) { |
|
740 |
- if(ret) |
|
741 |
- ret->isTruncated = TRUE; |
|
742 |
- break; |
|
743 |
- } |
|
744 |
- } else if(line != NULL) { |
|
745 |
- fulllinelength += strlen(line) + 1; |
|
746 |
- ptr = cli_realloc(fullline, fulllinelength); |
|
747 |
- if(ptr == NULL) |
|
748 |
- continue; |
|
749 |
- fullline = ptr; |
|
750 |
- cli_strlcat(fullline, line, fulllinelength); |
|
751 |
- } |
|
752 |
- |
|
753 |
- assert(fullline != NULL); |
|
754 |
- |
|
755 |
- if((lookahead = fmap_need_off_once(map, *at, 1))) { |
|
756 |
- /* |
|
716 |
+ if ((strchr(line, ':') == NULL) || |
|
717 |
+ (cli_strtokbuf(line, 0, ":", cmd) == NULL)) { |
|
718 |
+ if (strncmp(line, "From ", 5) == 0) |
|
719 |
+ anyHeadersFound = TRUE; |
|
720 |
+ continue; |
|
721 |
+ } |
|
722 |
+ |
|
723 |
+ ptr = rfc822comments(cmd, out); |
|
724 |
+ commandNumber = tableFind(rfc821, ptr ? ptr : cmd); |
|
725 |
+ |
|
726 |
+ switch (commandNumber) { |
|
727 |
+ case CONTENT_TRANSFER_ENCODING: |
|
728 |
+ case CONTENT_DISPOSITION: |
|
729 |
+ case CONTENT_TYPE: |
|
730 |
+ anyHeadersFound = TRUE; |
|
731 |
+ break; |
|
732 |
+ default: |
|
733 |
+ if (!anyHeadersFound) |
|
734 |
+ anyHeadersFound = usefulHeader(commandNumber, cmd); |
|
735 |
+ continue; |
|
736 |
+ } |
|
737 |
+ fullline = cli_strdup(line); |
|
738 |
+ fulllinelength = strlen(line) + 1; |
|
739 |
+ if (!fullline) { |
|
740 |
+ if (ret) |
|
741 |
+ ret->isTruncated = TRUE; |
|
742 |
+ break; |
|
743 |
+ } |
|
744 |
+ } else if (line != NULL) { |
|
745 |
+ fulllinelength += strlen(line) + 1; |
|
746 |
+ ptr = cli_realloc(fullline, fulllinelength); |
|
747 |
+ if (ptr == NULL) |
|
748 |
+ continue; |
|
749 |
+ fullline = ptr; |
|
750 |
+ cli_strlcat(fullline, line, fulllinelength); |
|
751 |
+ } |
|
752 |
+ |
|
753 |
+ assert(fullline != NULL); |
|
754 |
+ |
|
755 |
+ if ((lookahead = fmap_need_off_once(map, *at, 1))) { |
|
756 |
+ /* |
|
757 | 757 |
* Section B.2 of RFC822 says TAB or |
758 | 758 |
* SPACE means a continuation of the |
759 | 759 |
* previous entry. |
760 | 760 |
* |
761 | 761 |
* Add all the arguments on the line |
762 | 762 |
*/ |
763 |
- if(isblank(*lookahead)) |
|
764 |
- continue; |
|
765 |
- } |
|
763 |
+ if (isblank(*lookahead)) |
|
764 |
+ continue; |
|
765 |
+ } |
|
766 | 766 |
|
767 |
- /* |
|
767 |
+ /* |
|
768 | 768 |
* Handle broken headers, where the next |
769 | 769 |
* line isn't indented by whitespace |
770 | 770 |
*/ |
771 |
- if(fullline[strlen(fullline) - 1] == ';') |
|
772 |
- /* Add arguments to this line */ |
|
773 |
- continue; |
|
774 |
- |
|
775 |
- if(line && (count_quotes(fullline) & 1)) |
|
776 |
- continue; |
|
777 |
- |
|
778 |
- ptr = rfc822comments(fullline, NULL); |
|
779 |
- if(ptr) { |
|
780 |
- free(fullline); |
|
781 |
- fullline = ptr; |
|
782 |
- } |
|
783 |
- |
|
784 |
- if(parseEmailHeader(ret, fullline, rfc821) < 0) |
|
785 |
- continue; |
|
786 |
- |
|
787 |
- free(fullline); |
|
788 |
- fullline = NULL; |
|
789 |
- } |
|
790 |
- } else if(line && isuuencodebegin(line)) { |
|
791 |
- /* |
|
771 |
+ if (fullline[strlen(fullline) - 1] == ';') |
|
772 |
+ /* Add arguments to this line */ |
|
773 |
+ continue; |
|
774 |
+ |
|
775 |
+ if (line && (count_quotes(fullline) & 1)) |
|
776 |
+ continue; |
|
777 |
+ |
|
778 |
+ ptr = rfc822comments(fullline, NULL); |
|
779 |
+ if (ptr) { |
|
780 |
+ free(fullline); |
|
781 |
+ fullline = ptr; |
|
782 |
+ } |
|
783 |
+ |
|
784 |
+ if (parseEmailHeader(ret, fullline, rfc821) < 0) |
|
785 |
+ continue; |
|
786 |
+ |
|
787 |
+ free(fullline); |
|
788 |
+ fullline = NULL; |
|
789 |
+ } |
|
790 |
+ } else if (line && isuuencodebegin(line)) { |
|
791 |
+ /* |
|
792 | 792 |
* Fast track visa to uudecode. |
793 | 793 |
* TODO: binhex, yenc |
794 | 794 |
*/ |
795 |
- bodyIsEmpty = FALSE; |
|
796 |
- if(uudecodeFile(ret, line, dir, map, at) < 0) |
|
797 |
- if(messageAddStr(ret, line) < 0) |
|
798 |
- break; |
|
799 |
- } else { |
|
800 |
- if(line == NULL) { |
|
801 |
- /* |
|
795 |
+ bodyIsEmpty = FALSE; |
|
796 |
+ if (uudecodeFile(ret, line, dir, map, at) < 0) |
|
797 |
+ if (messageAddStr(ret, line) < 0) |
|
798 |
+ break; |
|
799 |
+ } else { |
|
800 |
+ if (line == NULL) { |
|
801 |
+ /* |
|
802 | 802 |
* Although this would save time and RAM, some |
803 | 803 |
* phish signatures have been built which need |
804 | 804 |
* the blank lines |
805 | 805 |
*/ |
806 |
- if(lastBodyLineWasBlank && |
|
807 |
- (messageGetMimeType(ret) != TEXT)) { |
|
808 |
- cli_dbgmsg("Ignoring consecutive blank lines in the body\n"); |
|
809 |
- continue; |
|
810 |
- } |
|
811 |
- lastBodyLineWasBlank = TRUE; |
|
812 |
- } else { |
|
813 |
- if(bodyIsEmpty) { |
|
814 |
- /* |
|
806 |
+ if (lastBodyLineWasBlank && |
|
807 |
+ (messageGetMimeType(ret) != TEXT)) { |
|
808 |
+ cli_dbgmsg("Ignoring consecutive blank lines in the body\n"); |
|
809 |
+ continue; |
|
810 |
+ } |
|
811 |
+ lastBodyLineWasBlank = TRUE; |
|
812 |
+ } else { |
|
813 |
+ if (bodyIsEmpty) { |
|
814 |
+ /* |
|
815 | 815 |
* Broken message: new line in the |
816 | 816 |
* middle of the headers, so the first |
817 | 817 |
* line of the body is in fact |
818 | 818 |
* the last lines of the header |
819 | 819 |
*/ |
820 |
- if(newline_in_header(line)) |
|
821 |
- continue; |
|
822 |
- bodyIsEmpty = FALSE; |
|
823 |
- } |
|
824 |
- lastBodyLineWasBlank = FALSE; |
|
825 |
- } |
|
826 |
- |
|
827 |
- if(messageAddStr(ret, line) < 0) |
|
828 |
- break; |
|
829 |
- } |
|
830 |
- } while(getline_from_mbox(buffer, sizeof(buffer) - 1, map, at) != NULL); |
|
831 |
- |
|
832 |
- if(boundary) |
|
833 |
- free(boundary); |
|
834 |
- |
|
835 |
- if(fullline) { |
|
836 |
- if(*fullline) switch(commandNumber) { |
|
837 |
- case CONTENT_TRANSFER_ENCODING: |
|
838 |
- case CONTENT_DISPOSITION: |
|
839 |
- case CONTENT_TYPE: |
|
840 |
- cli_dbgmsg("parseEmailFile: Fullline unparsed '%s'\n", fullline); |
|
841 |
- } |
|
842 |
- free(fullline); |
|
843 |
- } |
|
844 |
- |
|
845 |
- if(!anyHeadersFound) { |
|
846 |
- /* |
|
820 |
+ if (newline_in_header(line)) |
|
821 |
+ continue; |
|
822 |
+ bodyIsEmpty = FALSE; |
|
823 |
+ } |
|
824 |
+ lastBodyLineWasBlank = FALSE; |
|
825 |
+ } |
|
826 |
+ |
|
827 |
+ if (messageAddStr(ret, line) < 0) |
|
828 |
+ break; |
|
829 |
+ } |
|
830 |
+ } while (getline_from_mbox(buffer, sizeof(buffer) - 1, map, at) != NULL); |
|
831 |
+ |
|
832 |
+ if (boundary) |
|
833 |
+ free(boundary); |
|
834 |
+ |
|
835 |
+ if (fullline) { |
|
836 |
+ if (*fullline) switch (commandNumber) { |
|
837 |
+ case CONTENT_TRANSFER_ENCODING: |
|
838 |
+ case CONTENT_DISPOSITION: |
|
839 |
+ case CONTENT_TYPE: |
|
840 |
+ cli_dbgmsg("parseEmailFile: Fullline unparsed '%s'\n", fullline); |
|
841 |
+ } |
|
842 |
+ free(fullline); |
|
843 |
+ } |
|
844 |
+ |
|
845 |
+ if (!anyHeadersFound) { |
|
846 |
+ /* |
|
847 | 847 |
* False positive in believing we have an e-mail when we don't |
848 | 848 |
*/ |
849 |
- messageDestroy(ret); |
|
850 |
- cli_dbgmsg("parseEmailFile: no headers found, assuming it isn't an email\n"); |
|
851 |
- return NULL; |
|
852 |
- } |
|
849 |
+ messageDestroy(ret); |
|
850 |
+ cli_dbgmsg("parseEmailFile: no headers found, assuming it isn't an email\n"); |
|
851 |
+ return NULL; |
|
852 |
+ } |
|
853 | 853 |
|
854 |
- cli_dbgmsg("parseEmailFile: return\n"); |
|
854 |
+ cli_dbgmsg("parseEmailFile: return\n"); |
|
855 | 855 |
|
856 |
- return ret; |
|
856 |
+ return ret; |
|
857 | 857 |
} |
858 | 858 |
|
859 | 859 |
/* |
... | ... |
@@ -867,162 +845,162 @@ parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821, const char *first |
867 | 867 |
static message * |
868 | 868 |
parseEmailHeaders(message *m, const table_t *rfc821) |
869 | 869 |
{ |
870 |
- bool inHeader = TRUE; |
|
871 |
- bool bodyIsEmpty = TRUE; |
|
872 |
- text *t; |
|
873 |
- message *ret; |
|
874 |
- bool anyHeadersFound = FALSE; |
|
875 |
- int commandNumber = -1; |
|
876 |
- char *fullline = NULL; |
|
877 |
- size_t fulllinelength = 0; |
|
878 |
- |
|
879 |
- cli_dbgmsg("parseEmailHeaders\n"); |
|
880 |
- |
|
881 |
- if(m == NULL) |
|
882 |
- return NULL; |
|
883 |
- |
|
884 |
- ret = messageCreate(); |
|
885 |
- |
|
886 |
- for(t = messageGetBody(m); t; t = t->t_next) { |
|
887 |
- const char *line; |
|
888 |
- |
|
889 |
- if(t->t_line) |
|
890 |
- line = lineGetData(t->t_line); |
|
891 |
- else |
|
892 |
- line = NULL; |
|
893 |
- |
|
894 |
- if(inHeader) { |
|
895 |
- cli_dbgmsg("parseEmailHeaders: check '%s'\n", |
|
896 |
- line ? line : ""); |
|
897 |
- if(line == NULL) { |
|
898 |
- /* |
|
870 |
+ bool inHeader = TRUE; |
|
871 |
+ bool bodyIsEmpty = TRUE; |
|
872 |
+ text *t; |
|
873 |
+ message *ret; |
|
874 |
+ bool anyHeadersFound = FALSE; |
|
875 |
+ int commandNumber = -1; |
|
876 |
+ char *fullline = NULL; |
|
877 |
+ size_t fulllinelength = 0; |
|
878 |
+ |
|
879 |
+ cli_dbgmsg("parseEmailHeaders\n"); |
|
880 |
+ |
|
881 |
+ if (m == NULL) |
|
882 |
+ return NULL; |
|
883 |
+ |
|
884 |
+ ret = messageCreate(); |
|
885 |
+ |
|
886 |
+ for (t = messageGetBody(m); t; t = t->t_next) { |
|
887 |
+ const char *line; |
|
888 |
+ |
|
889 |
+ if (t->t_line) |
|
890 |
+ line = lineGetData(t->t_line); |
|
891 |
+ else |
|
892 |
+ line = NULL; |
|
893 |
+ |
|
894 |
+ if (inHeader) { |
|
895 |
+ cli_dbgmsg("parseEmailHeaders: check '%s'\n", |
|
896 |
+ line ? line : ""); |
|
897 |
+ if (line == NULL) { |
|
898 |
+ /* |
|
899 | 899 |
* A blank line signifies the end of |
900 | 900 |
* the header and the start of the text |
901 | 901 |
*/ |
902 |
- cli_dbgmsg("End of header information\n"); |
|
903 |
- if(!anyHeadersFound) { |
|
904 |
- cli_dbgmsg("Nothing interesting in the header\n"); |
|
905 |
- break; |
|
906 |
- } |
|
907 |
- inHeader = FALSE; |
|
908 |
- bodyIsEmpty = TRUE; |
|
909 |
- } else { |
|
910 |
- char *ptr; |
|
911 |
- |
|
912 |
- if(fullline == NULL) { |
|
913 |
- char cmd[RFC2821LENGTH + 1]; |
|
914 |
- |
|
915 |
- /* |
|
902 |
+ cli_dbgmsg("End of header information\n"); |
|
903 |
+ if (!anyHeadersFound) { |
|
904 |
+ cli_dbgmsg("Nothing interesting in the header\n"); |
|
905 |
+ break; |
|
906 |
+ } |
|
907 |
+ inHeader = FALSE; |
|
908 |
+ bodyIsEmpty = TRUE; |
|
909 |
+ } else { |
|
910 |
+ char *ptr; |
|
911 |
+ |
|
912 |
+ if (fullline == NULL) { |
|
913 |
+ char cmd[RFC2821LENGTH + 1]; |
|
914 |
+ |
|
915 |
+ /* |
|
916 | 916 |
* Continuation of line we're ignoring? |
917 | 917 |
*/ |
918 |
- if(isblank(line[0])) |
|
919 |
- continue; |
|
918 |
+ if (isblank(line[0])) |
|
919 |
+ continue; |
|
920 | 920 |
|
921 |
- /* |
|
921 |
+ /* |
|
922 | 922 |
* Is this a header we're interested in? |
923 | 923 |
*/ |
924 |
- if((strchr(line, ':') == NULL) || |
|
925 |
- (cli_strtokbuf(line, 0, ":", cmd) == NULL)) { |
|
926 |
- if(strncmp(line, "From ", 5) == 0) |
|
927 |
- anyHeadersFound = TRUE; |
|
928 |
- continue; |
|
929 |
- } |
|
930 |
- |
|
931 |
- ptr = rfc822comments(cmd, NULL); |
|
932 |
- commandNumber = tableFind(rfc821, ptr ? ptr : cmd); |
|
933 |
- if(ptr) |
|
934 |
- free(ptr); |
|
935 |
- |
|
936 |
- switch(commandNumber) { |
|
937 |
- case CONTENT_TRANSFER_ENCODING: |
|
938 |
- case CONTENT_DISPOSITION: |
|
939 |
- case CONTENT_TYPE: |
|
940 |
- anyHeadersFound = TRUE; |
|
941 |
- break; |
|
942 |
- default: |
|
943 |
- if(!anyHeadersFound) |
|
944 |
- anyHeadersFound = usefulHeader(commandNumber, cmd); |
|
945 |
- continue; |
|
946 |
- } |
|
947 |
- fullline = cli_strdup(line); |
|
948 |
- fulllinelength = strlen(line) + 1; |
|
949 |
- } else if(line) { |
|
950 |
- fulllinelength += strlen(line) + 1; |
|
951 |
- ptr = cli_realloc(fullline, fulllinelength); |
|
952 |
- if(ptr == NULL) |
|
953 |
- continue; |
|
954 |
- fullline = ptr; |
|
955 |
- cli_strlcat(fullline, line, fulllinelength); |
|
956 |
- } |
|
957 |
- assert(fullline != NULL); |
|
958 |
- |
|
959 |
- if(next_is_folded_header(t)) |
|
960 |
- /* Add arguments to this line */ |
|
961 |
- continue; |
|
962 |
- |
|
963 |
- lineUnlink(t->t_line); |
|
964 |
- t->t_line = NULL; |
|
965 |
- |
|
966 |
- if(count_quotes(fullline) & 1) |
|
967 |
- continue; |
|
968 |
- |
|
969 |
- ptr = rfc822comments(fullline, NULL); |
|
970 |
- if(ptr) { |
|
971 |
- free(fullline); |
|
972 |
- fullline = ptr; |
|
973 |
- } |
|
974 |
- |
|
975 |
- if(parseEmailHeader(ret, fullline, rfc821) < 0) |
|
976 |
- continue; |
|
977 |
- |
|
978 |
- free(fullline); |
|
979 |
- fullline = NULL; |
|
980 |
- } |
|
981 |
- } else { |
|
982 |
- if(bodyIsEmpty) { |
|
983 |
- if(line == NULL) |
|
984 |
- /* throw away leading blank lines */ |
|
985 |
- continue; |
|
986 |
- /* |
|
924 |
+ if ((strchr(line, ':') == NULL) || |
|
925 |
+ (cli_strtokbuf(line, 0, ":", cmd) == NULL)) { |
|
926 |
+ if (strncmp(line, "From ", 5) == 0) |
|
927 |
+ anyHeadersFound = TRUE; |
|
928 |
+ continue; |
|
929 |
+ } |
|
930 |
+ |
|
931 |
+ ptr = rfc822comments(cmd, NULL); |
|
932 |
+ commandNumber = tableFind(rfc821, ptr ? ptr : cmd); |
|
933 |
+ if (ptr) |
|
934 |
+ free(ptr); |
|
935 |
+ |
|
936 |
+ switch (commandNumber) { |
|
937 |
+ case CONTENT_TRANSFER_ENCODING: |
|
938 |
+ case CONTENT_DISPOSITION: |
|
939 |
+ case CONTENT_TYPE: |
|
940 |
+ anyHeadersFound = TRUE; |
|
941 |
+ break; |
|
942 |
+ default: |
|
943 |
+ if (!anyHeadersFound) |
|
944 |
+ anyHeadersFound = usefulHeader(commandNumber, cmd); |
|
945 |
+ continue; |
|
946 |
+ } |
|
947 |
+ fullline = cli_strdup(line); |
|
948 |
+ fulllinelength = strlen(line) + 1; |
|
949 |
+ } else if (line) { |
|
950 |
+ fulllinelength += strlen(line) + 1; |
|
951 |
+ ptr = cli_realloc(fullline, fulllinelength); |
|
952 |
+ if (ptr == NULL) |
|
953 |
+ continue; |
|
954 |
+ fullline = ptr; |
|
955 |
+ cli_strlcat(fullline, line, fulllinelength); |
|
956 |
+ } |
|
957 |
+ assert(fullline != NULL); |
|
958 |
+ |
|
959 |
+ if (next_is_folded_header(t)) |
|
960 |
+ /* Add arguments to this line */ |
|
961 |
+ continue; |
|
962 |
+ |
|
963 |
+ lineUnlink(t->t_line); |
|
964 |
+ t->t_line = NULL; |
|
965 |
+ |
|
966 |
+ if (count_quotes(fullline) & 1) |
|
967 |
+ continue; |
|
968 |
+ |
|
969 |
+ ptr = rfc822comments(fullline, NULL); |
|
970 |
+ if (ptr) { |
|
971 |
+ free(fullline); |
|
972 |
+ fullline = ptr; |
|
973 |
+ } |
|
974 |
+ |
|
975 |
+ if (parseEmailHeader(ret, fullline, rfc821) < 0) |
|
976 |
+ continue; |
|
977 |
+ |
|
978 |
+ free(fullline); |
|
979 |
+ fullline = NULL; |
|
980 |
+ } |
|
981 |
+ } else { |
|
982 |
+ if (bodyIsEmpty) { |
|
983 |
+ if (line == NULL) |
|
984 |
+ /* throw away leading blank lines */ |
|
985 |
+ continue; |
|
986 |
+ /* |
|
987 | 987 |
* Broken message: new line in the |
988 | 988 |
* middle of the headers, so the first |
989 | 989 |
* line of the body is in fact |
990 | 990 |
* the last lines of the header |
991 | 991 |
*/ |
992 |
- if(newline_in_header(line)) |
|
993 |
- continue; |
|
994 |
- bodyIsEmpty = FALSE; |
|
995 |
- } |
|
996 |
- /*if(t->t_line && isuuencodebegin(t->t_line)) |
|
992 |
+ if (newline_in_header(line)) |
|
993 |
+ continue; |
|
994 |
+ bodyIsEmpty = FALSE; |
|
995 |
+ } |
|
996 |
+ /*if(t->t_line && isuuencodebegin(t->t_line)) |
|
997 | 997 |
puts("FIXME: add fast visa here");*/ |
998 |
- cli_dbgmsg("parseEmailHeaders: finished with headers, moving body\n"); |
|
999 |
- messageMoveText(ret, t, m); |
|
1000 |
- break; |
|
1001 |
- } |
|
1002 |
- } |
|
1003 |
- |
|
1004 |
- if(fullline) { |
|
1005 |
- if(*fullline) switch(commandNumber) { |
|
1006 |
- case CONTENT_TRANSFER_ENCODING: |
|
1007 |
- case CONTENT_DISPOSITION: |
|
1008 |
- case CONTENT_TYPE: |
|
1009 |
- cli_dbgmsg("parseEmailHeaders: Fullline unparsed '%s'\n", fullline); |
|
1010 |
- } |
|
1011 |
- free(fullline); |
|
1012 |
- } |
|
1013 |
- |
|
1014 |
- if(!anyHeadersFound) { |
|
1015 |
- /* |
|
998 |
+ cli_dbgmsg("parseEmailHeaders: finished with headers, moving body\n"); |
|
999 |
+ messageMoveText(ret, t, m); |
|
1000 |
+ break; |
|
1001 |
+ } |
|
1002 |
+ } |
|
1003 |
+ |
|
1004 |
+ if (fullline) { |
|
1005 |
+ if (*fullline) switch (commandNumber) { |
|
1006 |
+ case CONTENT_TRANSFER_ENCODING: |
|
1007 |
+ case CONTENT_DISPOSITION: |
|
1008 |
+ case CONTENT_TYPE: |
|
1009 |
+ cli_dbgmsg("parseEmailHeaders: Fullline unparsed '%s'\n", fullline); |
|
1010 |
+ } |
|
1011 |
+ free(fullline); |
|
1012 |
+ } |
|
1013 |
+ |
|
1014 |
+ if (!anyHeadersFound) { |
|
1015 |
+ /* |
|
1016 | 1016 |
* False positive in believing we have an e-mail when we don't |
1017 | 1017 |
*/ |
1018 |
- messageDestroy(ret); |
|
1019 |
- cli_dbgmsg("parseEmailHeaders: no headers found, assuming it isn't an email\n"); |
|
1020 |
- return NULL; |
|
1021 |
- } |
|
1018 |
+ messageDestroy(ret); |
|
1019 |
+ cli_dbgmsg("parseEmailHeaders: no headers found, assuming it isn't an email\n"); |
|
1020 |
+ return NULL; |
|
1021 |
+ } |
|
1022 | 1022 |
|
1023 |
- cli_dbgmsg("parseEmailHeaders: return\n"); |
|
1023 |
+ cli_dbgmsg("parseEmailHeaders: return\n"); |
|
1024 | 1024 |
|
1025 |
- return ret; |
|
1025 |
+ return ret; |
|
1026 | 1026 |
} |
1027 | 1027 |
|
1028 | 1028 |
/* |
... | ... |
@@ -1031,99 +1009,97 @@ parseEmailHeaders(message *m, const table_t *rfc821) |
1031 | 1031 |
static int |
1032 | 1032 |
parseEmailHeader(message *m, const char *line, const table_t *rfc821) |
1033 | 1033 |
{ |
1034 |
- int ret; |
|
1034 |
+ int ret; |
|
1035 | 1035 |
#ifdef CL_THREAD_SAFE |
1036 |
- char *strptr; |
|
1036 |
+ char *strptr; |
|
1037 | 1037 |
#endif |
1038 |
- const char *separator; |
|
1039 |
- char *cmd, *copy, tokenseparator[2]; |
|
1038 |
+ const char *separator; |
|
1039 |
+ char *cmd, *copy, tokenseparator[2]; |
|
1040 | 1040 |
|
1041 |
- cli_dbgmsg("parseEmailHeader '%s'\n", line); |
|
1041 |
+ cli_dbgmsg("parseEmailHeader '%s'\n", line); |
|
1042 | 1042 |
|
1043 |
- /* |
|
1043 |
+ /* |
|
1044 | 1044 |
* In RFC822 the separator between the key a value is a colon, |
1045 | 1045 |
* e.g. Content-Transfer-Encoding: base64 |
1046 | 1046 |
* However some MUA's are lapse about this and virus writers exploit |
1047 | 1047 |
* this hole, so we need to check all known possibilities |
1048 | 1048 |
*/ |
1049 |
- for(separator = ":= "; *separator; separator++) |
|
1050 |
- if(strchr(line, *separator) != NULL) |
|
1051 |
- break; |
|
1049 |
+ for (separator = ":= "; *separator; separator++) |
|
1050 |
+ if (strchr(line, *separator) != NULL) |
|
1051 |
+ break; |
|
1052 | 1052 |
|
1053 |
- if(*separator == '\0') |
|
1054 |
- return -1; |
|
1053 |
+ if (*separator == '\0') |
|
1054 |
+ return -1; |
|
1055 | 1055 |
|
1056 |
- copy = rfc2047(line); |
|
1057 |
- if(copy == NULL) |
|
1058 |
- /* an RFC checker would return -1 here */ |
|
1059 |
- copy = cli_strdup(line); |
|
1056 |
+ copy = rfc2047(line); |
|
1057 |
+ if (copy == NULL) |
|
1058 |
+ /* an RFC checker would return -1 here */ |
|
1059 |
+ copy = cli_strdup(line); |
|
1060 | 1060 |
|
1061 |
- tokenseparator[0] = *separator; |
|
1062 |
- tokenseparator[1] = '\0'; |
|
1061 |
+ tokenseparator[0] = *separator; |
|
1062 |
+ tokenseparator[1] = '\0'; |
|
1063 | 1063 |
|
1064 |
- ret = -1; |
|
1064 |
+ ret = -1; |
|
1065 | 1065 |
|
1066 |
-#ifdef CL_THREAD_SAFE |
|
1067 |
- cmd = strtok_r(copy, tokenseparator, &strptr); |
|
1066 |
+#ifdef CL_THREAD_SAFE |
|
1067 |
+ cmd = strtok_r(copy, tokenseparator, &strptr); |
|
1068 | 1068 |
#else |
1069 |
- cmd = strtok(copy, tokenseparator); |
|
1069 |
+ cmd = strtok(copy, tokenseparator); |
|
1070 | 1070 |
#endif |
1071 | 1071 |
|
1072 |
- if(cmd && (strstrip(cmd) > 0)) { |
|
1073 |
-#ifdef CL_THREAD_SAFE |
|
1074 |
- char *arg = strtok_r(NULL, "", &strptr); |
|
1072 |
+ if (cmd && (strstrip(cmd) > 0)) { |
|
1073 |
+#ifdef CL_THREAD_SAFE |
|
1074 |
+ char *arg = strtok_r(NULL, "", &strptr); |
|
1075 | 1075 |
#else |
1076 |
- char *arg = strtok(NULL, ""); |
|
1076 |
+ char *arg = strtok(NULL, ""); |
|
1077 | 1077 |
#endif |
1078 | 1078 |
|
1079 |
- if(arg) |
|
1080 |
- /* |
|
1079 |
+ if (arg) |
|
1080 |
+ /* |
|
1081 | 1081 |
* Found a header such as |
1082 | 1082 |
* Content-Type: multipart/mixed; |
1083 | 1083 |
* set arg to be |
1084 | 1084 |
* "multipart/mixed" and cmd to |
1085 | 1085 |
* be "Content-Type" |
1086 | 1086 |
*/ |
1087 |
- ret = parseMimeHeader(m, cmd, rfc821, arg); |
|
1088 |
- } |
|
1089 |
- free(copy); |
|
1090 |
- return ret; |
|
1087 |
+ ret = parseMimeHeader(m, cmd, rfc821, arg); |
|
1088 |
+ } |
|
1089 |
+ free(copy); |
|
1090 |
+ return ret; |
|
1091 | 1091 |
} |
1092 | 1092 |
|
1093 | 1093 |
#if HAVE_LIBXML2 |
1094 | 1094 |
static const struct key_entry mhtml_keys[] = { |
1095 |
- /* root html tags for microsoft office document */ |
|
1096 |
- { "html", "RootHTML", MSXML_JSON_ROOT | MSXML_JSON_ATTRIB }, |
|
1097 |
- |
|
1098 |
- { "head", "Head", MSXML_JSON_WRKPTR | MSXML_COMMENT_CB }, |
|
1099 |
- { "meta", "Meta", MSXML_JSON_WRKPTR | MSXML_JSON_MULTI | MSXML_JSON_ATTRIB }, |
|
1100 |
- { "link", "Link", MSXML_JSON_WRKPTR | MSXML_JSON_MULTI | MSXML_JSON_ATTRIB }, |
|
1101 |
- { "script", "Script", MSXML_JSON_WRKPTR | MSXML_JSON_MULTI | MSXML_JSON_VALUE } |
|
1102 |
-}; |
|
1095 |
+ /* root html tags for microsoft office document */ |
|
1096 |
+ {"html", "RootHTML", MSXML_JSON_ROOT | MSXML_JSON_ATTRIB}, |
|
1097 |
+ |
|
1098 |
+ {"head", "Head", MSXML_JSON_WRKPTR | MSXML_COMMENT_CB}, |
|
1099 |
+ {"meta", "Meta", MSXML_JSON_WRKPTR | MSXML_JSON_MULTI | MSXML_JSON_ATTRIB}, |
|
1100 |
+ {"link", "Link", MSXML_JSON_WRKPTR | MSXML_JSON_MULTI | MSXML_JSON_ATTRIB}, |
|
1101 |
+ {"script", "Script", MSXML_JSON_WRKPTR | MSXML_JSON_MULTI | MSXML_JSON_VALUE}}; |
|
1103 | 1102 |
static size_t num_mhtml_keys = sizeof(mhtml_keys) / sizeof(struct key_entry); |
1104 | 1103 |
|
1105 | 1104 |
static const struct key_entry mhtml_comment_keys[] = { |
1106 |
- /* embedded xml tags (comment) for microsoft office document */ |
|
1107 |
- { "o:documentproperties", "DocumentProperties", MSXML_JSON_ROOT | MSXML_JSON_ATTRIB }, |
|
1108 |
- { "o:author", "Author", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE }, |
|
1109 |
- { "o:lastauthor", "LastAuthor", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE }, |
|
1110 |
- { "o:revision", "Revision", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE }, |
|
1111 |
- { "o:totaltime", "TotalTime", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE }, |
|
1112 |
- { "o:created", "Created", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE }, |
|
1113 |
- { "o:lastsaved", "LastSaved", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE }, |
|
1114 |
- { "o:pages", "Pages", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE }, |
|
1115 |
- { "o:words", "Words", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE }, |
|
1116 |
- { "o:characters", "Characters", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE }, |
|
1117 |
- { "o:company", "Company", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE }, |
|
1118 |
- { "o:lines", "Lines", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE }, |
|
1119 |
- { "o:paragraphs", "Paragraphs", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE }, |
|
1120 |
- { "o:characterswithspaces", "CharactersWithSpaces", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE }, |
|
1121 |
- { "o:version", "Version", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE }, |
|
1122 |
- |
|
1123 |
- { "o:officedocumentsettings", "DocumentSettings", MSXML_IGNORE_ELEM }, |
|
1124 |
- { "w:worddocument", "WordDocument", MSXML_IGNORE_ELEM }, |
|
1125 |
- { "w:latentstyles", "LatentStyles", MSXML_IGNORE_ELEM } |
|
1126 |
-}; |
|
1105 |
+ /* embedded xml tags (comment) for microsoft office document */ |
|
1106 |
+ {"o:documentproperties", "DocumentProperties", MSXML_JSON_ROOT | MSXML_JSON_ATTRIB}, |
|
1107 |
+ {"o:author", "Author", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE}, |
|
1108 |
+ {"o:lastauthor", "LastAuthor", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE}, |
|
1109 |
+ {"o:revision", "Revision", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE}, |
|
1110 |
+ {"o:totaltime", "TotalTime", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE}, |
|
1111 |
+ {"o:created", "Created", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE}, |
|
1112 |
+ {"o:lastsaved", "LastSaved", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE}, |
|
1113 |
+ {"o:pages", "Pages", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE}, |
|
1114 |
+ {"o:words", "Words", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE}, |
|
1115 |
+ {"o:characters", "Characters", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE}, |
|
1116 |
+ {"o:company", "Company", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE}, |
|
1117 |
+ {"o:lines", "Lines", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE}, |
|
1118 |
+ {"o:paragraphs", "Paragraphs", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE}, |
|
1119 |
+ {"o:characterswithspaces", "CharactersWithSpaces", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE}, |
|
1120 |
+ {"o:version", "Version", MSXML_JSON_WRKPTR | MSXML_JSON_VALUE}, |
|
1121 |
+ |
|
1122 |
+ {"o:officedocumentsettings", "DocumentSettings", MSXML_IGNORE_ELEM}, |
|
1123 |
+ {"w:worddocument", "WordDocument", MSXML_IGNORE_ELEM}, |
|
1124 |
+ {"w:latentstyles", "LatentStyles", MSXML_IGNORE_ELEM}}; |
|
1127 | 1125 |
static size_t num_mhtml_comment_keys = sizeof(mhtml_comment_keys) / sizeof(struct key_entry); |
1128 | 1126 |
#endif |
1129 | 1127 |
|
... | ... |
@@ -1137,55 +1113,55 @@ static int |
1137 | 1137 |
parseMHTMLComment(const char *comment, cli_ctx *ctx, void *wrkjobj, void *cbdata) |
1138 | 1138 |
{ |
1139 | 1139 |
#if HAVE_LIBXML2 |
1140 |
- const char *xmlsrt, *xmlend; |
|
1141 |
- xmlTextReaderPtr reader; |
|
1140 |
+ const char *xmlsrt, *xmlend; |
|
1141 |
+ xmlTextReaderPtr reader; |
|
1142 | 1142 |
#if HAVE_JSON |
1143 |
- json_object *thisjobj = (json_object *)wrkjobj; |
|
1143 |
+ json_object *thisjobj = (json_object *)wrkjobj; |
|
1144 | 1144 |
#endif |
1145 |
- int ret = CL_SUCCESS; |
|
1145 |
+ int ret = CL_SUCCESS; |
|
1146 | 1146 |
|
1147 |
- UNUSEDPARAM(cbdata); |
|
1148 |
- UNUSEDPARAM(wrkjobj); |
|
1147 |
+ UNUSEDPARAM(cbdata); |
|
1148 |
+ UNUSEDPARAM(wrkjobj); |
|
1149 | 1149 |
|
1150 |
- xmlend = comment; |
|
1151 |
- while ((xmlsrt = strstr(xmlend, "<xml>"))) { |
|
1152 |
- xmlend = strstr(xmlsrt, "</xml>"); |
|
1153 |
- if (xmlend == NULL) { |
|
1154 |
- cli_dbgmsg("parseMHTMLComment: unbounded xml tag\n"); |
|
1155 |
- break; |
|
1156 |
- } |
|
1150 |
+ xmlend = comment; |
|
1151 |
+ while ((xmlsrt = strstr(xmlend, "<xml>"))) { |
|
1152 |
+ xmlend = strstr(xmlsrt, "</xml>"); |
|
1153 |
+ if (xmlend == NULL) { |
|
1154 |
+ cli_dbgmsg("parseMHTMLComment: unbounded xml tag\n"); |
|
1155 |
+ break; |
|
1156 |
+ } |
|
1157 | 1157 |
|
1158 |
- reader = xmlReaderForMemory(xmlsrt, xmlend-xmlsrt+6, "comment.xml", NULL, CLAMAV_MIN_XMLREADER_FLAGS); |
|
1159 |
- if (!reader) { |
|
1160 |
- cli_dbgmsg("parseMHTMLComment: cannot initialize xmlReader\n"); |
|
1158 |
+ reader = xmlReaderForMemory(xmlsrt, xmlend - xmlsrt + 6, "comment.xml", NULL, CLAMAV_MIN_XMLREADER_FLAGS); |
|
1159 |
+ if (!reader) { |
|
1160 |
+ cli_dbgmsg("parseMHTMLComment: cannot initialize xmlReader\n"); |
|
1161 | 1161 |
|
1162 | 1162 |
#if HAVE_JSON |
1163 |
- if (ctx->wrkproperty != NULL) |
|
1164 |
- ret = cli_json_parse_error(ctx->wrkproperty, "MHTML_ERROR_XML_READER_MEM"); |
|
1163 |
+ if (ctx->wrkproperty != NULL) |
|
1164 |
+ ret = cli_json_parse_error(ctx->wrkproperty, "MHTML_ERROR_XML_READER_MEM"); |
|
1165 | 1165 |
#endif |
1166 |
- return ret; // libxml2 failed! |
|
1167 |
- } |
|
1168 |
- |
|
1169 |
- /* comment callback is not set to prevent recursion */ |
|
1170 |
- /* TODO: should we separate the key dictionaries? */ |
|
1171 |
- /* TODO: should we use the json object pointer? */ |
|
1172 |
- ret = cli_msxml_parse_document(ctx, reader, mhtml_comment_keys, num_mhtml_comment_keys, MSXML_FLAG_JSON, NULL); |
|
1173 |
- |
|
1174 |
- xmlTextReaderClose(reader); |
|
1175 |
- xmlFreeTextReader(reader); |
|
1176 |
- if (ret != CL_SUCCESS) |
|
1177 |
- return ret; |
|
1178 |
- } |
|
1166 |
+ return ret; // libxml2 failed! |
|
1167 |
+ } |
|
1168 |
+ |
|
1169 |
+ /* comment callback is not set to prevent recursion */ |
|
1170 |
+ /* TODO: should we separate the key dictionaries? */ |
|
1171 |
+ /* TODO: should we use the json object pointer? */ |
|
1172 |
+ ret = cli_msxml_parse_document(ctx, reader, mhtml_comment_keys, num_mhtml_comment_keys, MSXML_FLAG_JSON, NULL); |
|
1173 |
+ |
|
1174 |
+ xmlTextReaderClose(reader); |
|
1175 |
+ xmlFreeTextReader(reader); |
|
1176 |
+ if (ret != CL_SUCCESS) |
|
1177 |
+ return ret; |
|
1178 |
+ } |
|
1179 | 1179 |
#else |
1180 |
- UNUSEDPARAM(comment); |
|
1181 |
- UNUSEDPARAM(ctx); |
|
1182 |
- UNUSEDPARAM(wrkjobj); |
|
1183 |
- UNUSEDPARAM(cbdata); |
|
1180 |
+ UNUSEDPARAM(comment); |
|
1181 |
+ UNUSEDPARAM(ctx); |
|
1182 |
+ UNUSEDPARAM(wrkjobj); |
|
1183 |
+ UNUSEDPARAM(cbdata); |
|
1184 | 1184 |
|
1185 |
- cli_dbgmsg("in parseMHTMLComment\n"); |
|
1186 |
- cli_dbgmsg("parseMHTMLComment: parsing html xml-comments requires libxml2!\n"); |
|
1185 |
+ cli_dbgmsg("in parseMHTMLComment\n"); |
|
1186 |
+ cli_dbgmsg("parseMHTMLComment: parsing html xml-comments requires libxml2!\n"); |
|
1187 | 1187 |
#endif |
1188 |
- return CL_SUCCESS; |
|
1188 |
+ return CL_SUCCESS; |
|
1189 | 1189 |
} |
1190 | 1190 |
|
1191 | 1191 |
/* |
... | ... |
@@ -1197,117 +1173,117 @@ parseMHTMLComment(const char *comment, cli_ctx *ctx, void *wrkjobj, void *cbdata |
1197 | 1197 |
static mbox_status |
1198 | 1198 |
parseRootMHTML(mbox_ctx *mctx, message *m, text *t) |
1199 | 1199 |
{ |
1200 |
- cli_ctx *ctx = mctx->ctx; |
|
1200 |
+ cli_ctx *ctx = mctx->ctx; |
|
1201 | 1201 |
#if HAVE_LIBXML2 |
1202 | 1202 |
#ifdef LIBXML_HTML_ENABLED |
1203 |
- struct msxml_ctx mxctx; |
|
1204 |
- blob *input = NULL; |
|
1205 |
- htmlDocPtr htmlDoc; |
|
1206 |
- xmlTextReaderPtr reader; |
|
1207 |
- int ret = CL_SUCCESS; |
|
1208 |
- mbox_status rc = OK; |
|
1203 |
+ struct msxml_ctx mxctx; |
|
1204 |
+ blob *input = NULL; |
|
1205 |
+ htmlDocPtr htmlDoc; |
|
1206 |
+ xmlTextReaderPtr reader; |
|
1207 |
+ int ret = CL_SUCCESS; |
|
1208 |
+ mbox_status rc = OK; |
|
1209 | 1209 |
#if HAVE_JSON |
1210 |
- json_object *rhtml; |
|
1210 |
+ json_object *rhtml; |
|
1211 | 1211 |
#endif |
1212 | 1212 |
|
1213 |
- cli_dbgmsg("in parseRootMHTML\n"); |
|
1213 |
+ cli_dbgmsg("in parseRootMHTML\n"); |
|
1214 | 1214 |
|
1215 |
- if (ctx == NULL) |
|
1216 |
- return OK; |
|
1215 |
+ if (ctx == NULL) |
|
1216 |
+ return OK; |
|
1217 | 1217 |
|
1218 |
- if (m == NULL && t == NULL) |
|
1219 |
- return OK; |
|
1218 |
+ if (m == NULL && t == NULL) |
|
1219 |
+ return OK; |
|
1220 | 1220 |
|
1221 |
- if (m != NULL) |
|
1222 |
- input = messageToBlob(m, 0); |
|
1223 |
- else /* t != NULL */ |
|
1224 |
- input = textToBlob(t, NULL, 0); |
|
1221 |
+ if (m != NULL) |
|
1222 |
+ input = messageToBlob(m, 0); |
|
1223 |
+ else /* t != NULL */ |
|
1224 |
+ input = textToBlob(t, NULL, 0); |
|
1225 | 1225 |
|
1226 |
- if (input == NULL) |
|
1227 |
- return OK; |
|
1226 |
+ if (input == NULL) |
|
1227 |
+ return OK; |
|
1228 | 1228 |
|
1229 |
- htmlDoc = htmlReadMemory((char*)input->data, input->len, "mhtml.html", NULL, CLAMAV_MIN_XMLREADER_FLAGS); |
|
1230 |
- if (htmlDoc == NULL) { |
|
1231 |
- cli_dbgmsg("parseRootMHTML: cannot initialize read html document\n"); |
|
1229 |
+ htmlDoc = htmlReadMemory((char *)input->data, input->len, "mhtml.html", NULL, CLAMAV_MIN_XMLREADER_FLAGS); |
|
1230 |
+ if (htmlDoc == NULL) { |
|
1231 |
+ cli_dbgmsg("parseRootMHTML: cannot initialize read html document\n"); |
|
1232 | 1232 |
#if HAVE_JSON |
1233 |
- if (ctx->wrkproperty != NULL) |
|
1234 |
- ret = cli_json_parse_error(ctx->wrkproperty, "MHTML_ERROR_HTML_READ"); |
|
1235 |
- if (ret != CL_SUCCESS) |
|
1236 |
- rc = FAIL; |
|
1233 |
+ if (ctx->wrkproperty != NULL) |
|
1234 |
+ ret = cli_json_parse_error(ctx->wrkproperty, "MHTML_ERROR_HTML_READ"); |
|
1235 |
+ if (ret != CL_SUCCESS) |
|
1236 |
+ rc = FAIL; |
|
1237 | 1237 |
#endif |
1238 |
- blobDestroy(input); |
|
1239 |
- return rc; |
|
1240 |
- } |
|
1238 |
+ blobDestroy(input); |
|
1239 |
+ return rc; |
|
1240 |
+ } |
|
1241 | 1241 |
|
1242 | 1242 |
#if HAVE_JSON |
1243 |
- if (mctx->wrkobj) { |
|
1244 |
- rhtml = cli_jsonobj(mctx->wrkobj, "RootHTML"); |
|
1245 |
- if (rhtml != NULL) { |
|
1246 |
- /* MHTML-specific properties */ |
|
1247 |
- cli_jsonstr(rhtml, "Encoding", (const char*)htmlGetMetaEncoding(htmlDoc)); |
|
1248 |
- cli_jsonint(rhtml, "CompressMode", xmlGetDocCompressMode(htmlDoc)); |
|
1249 |
- } |
|
1250 |
- } |
|
1243 |
+ if (mctx->wrkobj) { |
|
1244 |
+ rhtml = cli_jsonobj(mctx->wrkobj, "RootHTML"); |
|
1245 |
+ if (rhtml != NULL) { |
|
1246 |
+ /* MHTML-specific properties */ |
|
1247 |
+ cli_jsonstr(rhtml, "Encoding", (const char *)htmlGetMetaEncoding(htmlDoc)); |
|
1248 |
+ cli_jsonint(rhtml, "CompressMode", xmlGetDocCompressMode(htmlDoc)); |
|
1249 |
+ } |
|
1250 |
+ } |
|
1251 | 1251 |
#endif |
1252 | 1252 |
|
1253 |
- reader = xmlReaderWalker(htmlDoc); |
|
1254 |
- if (reader == NULL) { |
|
1255 |
- cli_dbgmsg("parseRootMHTML: cannot initialize xmlTextReader\n"); |
|
1253 |
+ reader = xmlReaderWalker(htmlDoc); |
|
1254 |
+ if (reader == NULL) { |
|
1255 |
+ cli_dbgmsg("parseRootMHTML: cannot initialize xmlTextReader\n"); |
|
1256 | 1256 |
#if HAVE_JSON |
1257 |
- if (ctx->wrkproperty != NULL) |
|
1258 |
- ret = cli_json_parse_error(ctx->wrkproperty, "MHTML_ERROR_XML_READER_IO"); |
|
1259 |
- if (ret != CL_SUCCESS) |
|
1260 |
- rc = FAIL; |
|
1257 |
+ if (ctx->wrkproperty != NULL) |
|
1258 |
+ ret = cli_json_parse_error(ctx->wrkproperty, "MHTML_ERROR_XML_READER_IO"); |
|
1259 |
+ if (ret != CL_SUCCESS) |
|
1260 |
+ rc = FAIL; |
|
1261 | 1261 |
#endif |
1262 |
- blobDestroy(input); |
|
1263 |
- return rc; |
|
1264 |
- } |
|
1265 |
- |
|
1266 |
- memset(&mxctx, 0, sizeof(mxctx)); |
|
1267 |
- /* no scanning callback set */ |
|
1268 |
- mxctx.comment_cb = parseMHTMLComment; |
|
1269 |
- ret = cli_msxml_parse_document(ctx, reader, mhtml_keys, num_mhtml_keys, MSXML_FLAG_JSON | MSXML_FLAG_WALK, &mxctx); |
|
1270 |
- switch (ret) { |
|
1271 |
- case CL_SUCCESS: |
|
1272 |
- case CL_ETIMEOUT: |
|
1273 |
- case CL_BREAK: |
|
1274 |
- rc = OK; |
|
1275 |
- break; |
|
1276 |
- |
|
1277 |
- case CL_EMAXREC: |
|
1278 |
- rc = MAXREC; |
|
1279 |
- break; |
|
1280 |
- |
|
1281 |
- case CL_EMAXFILES: |
|
1282 |
- rc = MAXFILES; |
|
1283 |
- break; |
|
1284 |
- |
|
1285 |
- case CL_VIRUS: |
|
1286 |
- rc = VIRUS; |
|
1287 |
- break; |
|
1288 |
- |
|
1289 |
- default: |
|
1290 |
- rc = FAIL; |
|
1291 |
- } |
|
1292 |
- |
|
1293 |
- xmlTextReaderClose(reader); |
|
1294 |
- xmlFreeTextReader(reader); |
|
1295 |
- xmlFreeDoc(htmlDoc); |
|
1296 |
- blobDestroy(input); |
|
1297 |
- return rc; |
|
1262 |
+ blobDestroy(input); |
|
1263 |
+ return rc; |
|
1264 |
+ } |
|
1265 |
+ |
|
1266 |
+ memset(&mxctx, 0, sizeof(mxctx)); |
|
1267 |
+ /* no scanning callback set */ |
|
1268 |
+ mxctx.comment_cb = parseMHTMLComment; |
|
1269 |
+ ret = cli_msxml_parse_document(ctx, reader, mhtml_keys, num_mhtml_keys, MSXML_FLAG_JSON | MSXML_FLAG_WALK, &mxctx); |
|
1270 |
+ switch (ret) { |
|
1271 |
+ case CL_SUCCESS: |
|
1272 |
+ case CL_ETIMEOUT: |
|
1273 |
+ case CL_BREAK: |
|
1274 |
+ rc = OK; |
|
1275 |
+ break; |
|
1276 |
+ |
|
1277 |
+ case CL_EMAXREC: |
|
1278 |
+ rc = MAXREC; |
|
1279 |
+ break; |
|
1280 |
+ |
|
1281 |
+ case CL_EMAXFILES: |
|
1282 |
+ rc = MAXFILES; |
|
1283 |
+ break; |
|
1284 |
+ |
|
1285 |
+ case CL_VIRUS: |
|
1286 |
+ rc = VIRUS; |
|
1287 |
+ break; |
|
1288 |
+ |
|
1289 |
+ default: |
|
1290 |
+ rc = FAIL; |
|
1291 |
+ } |
|
1292 |
+ |
|
1293 |
+ xmlTextReaderClose(reader); |
|
1294 |
+ xmlFreeTextReader(reader); |
|
1295 |
+ xmlFreeDoc(htmlDoc); |
|
1296 |
+ blobDestroy(input); |
|
1297 |
+ return rc; |
|
1298 | 1298 |
#else /* LIBXML_HTML_ENABLED */ |
1299 |
- UNUSEDPARAM(m); |
|
1300 |
- UNUSEDPARAM(t); |
|
1301 |
- cli_dbgmsg("in parseRootMHTML\n"); |
|
1302 |
- cli_dbgmsg("parseRootMHTML: parsing html documents disabled in libxml2!\n"); |
|
1299 |
+ UNUSEDPARAM(m); |
|
1300 |
+ UNUSEDPARAM(t); |
|
1301 |
+ cli_dbgmsg("in parseRootMHTML\n"); |
|
1302 |
+ cli_dbgmsg("parseRootMHTML: parsing html documents disabled in libxml2!\n"); |
|
1303 | 1303 |
#endif /* LIBXML_HTML_ENABLED */ |
1304 | 1304 |
#else /* HAVE_LIBXML2 */ |
1305 |
- UNUSEDPARAM(m); |
|
1306 |
- UNUSEDPARAM(t); |
|
1307 |
- cli_dbgmsg("in parseRootMHTML\n"); |
|
1308 |
- cli_dbgmsg("parseRootMHTML: parsing html documents requires libxml2!\n"); |
|
1305 |
+ UNUSEDPARAM(m); |
|
1306 |
+ UNUSEDPARAM(t); |
|
1307 |
+ cli_dbgmsg("in parseRootMHTML\n"); |
|
1308 |
+ cli_dbgmsg("parseRootMHTML: parsing html documents requires libxml2!\n"); |
|
1309 | 1309 |
|
1310 |
- return OK; |
|
1310 |
+ return OK; |
|
1311 | 1311 |
#endif /* HAVE_LIBXML2 */ |
1312 | 1312 |
} |
1313 | 1313 |
|
... | ... |
@@ -1324,182 +1300,181 @@ parseRootMHTML(mbox_ctx *mctx, message *m, text *t) |
1324 | 1324 |
static mbox_status |
1325 | 1325 |
parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int recursion_level) |
1326 | 1326 |
{ |
1327 |
- mbox_status rc; |
|
1328 |
- text *aText = textIn; |
|
1329 |
- message *mainMessage = messageIn; |
|
1330 |
- fileblob *fb; |
|
1331 |
- bool infected = FALSE; |
|
1332 |
- const struct cl_engine *engine = mctx->ctx->engine; |
|
1333 |
- const int doPhishingScan = engine->dboptions&CL_DB_PHISHING_URLS && (DCONF_PHISHING & PHISHING_CONF_ENGINE); |
|
1327 |
+ mbox_status rc; |
|
1328 |
+ text *aText = textIn; |
|
1329 |
+ message *mainMessage = messageIn; |
|
1330 |
+ fileblob *fb; |
|
1331 |
+ bool infected = FALSE; |
|
1332 |
+ const struct cl_engine *engine = mctx->ctx->engine; |
|
1333 |
+ const int doPhishingScan = engine->dboptions & CL_DB_PHISHING_URLS && (DCONF_PHISHING & PHISHING_CONF_ENGINE); |
|
1334 | 1334 |
#if HAVE_JSON |
1335 |
- json_object *saveobj = mctx->wrkobj; |
|
1335 |
+ json_object *saveobj = mctx->wrkobj; |
|
1336 | 1336 |
#endif |
1337 | 1337 |
|
1338 |
- cli_dbgmsg("in parseEmailBody, %u files saved so far\n", |
|
1339 |
- mctx->files); |
|
1338 |
+ cli_dbgmsg("in parseEmailBody, %u files saved so far\n", |
|
1339 |
+ mctx->files); |
|
1340 | 1340 |
|
1341 |
- /* FIXMELIMITS: this should be better integrated */ |
|
1342 |
- if(engine->maxreclevel) |
|
1343 |
- /* |
|
1341 |
+ /* FIXMELIMITS: this should be better integrated */ |
|
1342 |
+ if (engine->maxreclevel) |
|
1343 |
+ /* |
|
1344 | 1344 |
* This is approximate |
1345 | 1345 |
*/ |
1346 |
- if(recursion_level > engine->maxreclevel) { |
|
1346 |
+ if (recursion_level > engine->maxreclevel) { |
|
1347 | 1347 |
|
1348 |
- cli_dbgmsg("parseEmailBody: hit maximum recursion level (%u)\n", recursion_level); |
|
1349 |
- return MAXREC; |
|
1350 |
- } |
|
1351 |
- if(engine->maxfiles && (mctx->files >= engine->maxfiles)) { |
|
1352 |
- /* |
|
1348 |
+ cli_dbgmsg("parseEmailBody: hit maximum recursion level (%u)\n", recursion_level); |
|
1349 |
+ return MAXREC; |
|
1350 |
+ } |
|
1351 |
+ if (engine->maxfiles && (mctx->files >= engine->maxfiles)) { |
|
1352 |
+ /* |
|
1353 | 1353 |
* FIXME: This is only approx - it may have already |
1354 | 1354 |
* been exceeded |
1355 | 1355 |
*/ |
1356 |
- cli_dbgmsg("parseEmailBody: number of files exceeded %u\n", engine->maxfiles); |
|
1357 |
- return MAXFILES; |
|
1358 |
- } |
|
1359 |
- |
|
1360 |
- rc = OK; |
|
1361 |
- |
|
1362 |
- /* Anything left to be parsed? */ |
|
1363 |
- if(mainMessage && (messageGetBody(mainMessage) != NULL)) { |
|
1364 |
- mime_type mimeType; |
|
1365 |
- int subtype, inhead, htmltextPart, inMimeHead, i; |
|
1366 |
- const char *mimeSubtype; |
|
1367 |
- char *boundary; |
|
1368 |
- const text *t_line; |
|
1369 |
- /*bool isAlternative;*/ |
|
1370 |
- message *aMessage; |
|
1371 |
- int multiparts = 0; |
|
1372 |
- message **messages = NULL; /* parts of a multipart message */ |
|
1373 |
- |
|
1374 |
- cli_dbgmsg("Parsing mail file\n"); |
|
1375 |
- |
|
1376 |
- mimeType = messageGetMimeType(mainMessage); |
|
1377 |
- mimeSubtype = messageGetMimeSubtype(mainMessage); |
|
1356 |
+ cli_dbgmsg("parseEmailBody: number of files exceeded %u\n", engine->maxfiles); |
|
1357 |
+ return MAXFILES; |
|
1358 |
+ } |
|
1359 |
+ |
|
1360 |
+ rc = OK; |
|
1361 |
+ |
|
1362 |
+ /* Anything left to be parsed? */ |
|
1363 |
+ if (mainMessage && (messageGetBody(mainMessage) != NULL)) { |
|
1364 |
+ mime_type mimeType; |
|
1365 |
+ int subtype, inhead, htmltextPart, inMimeHead, i; |
|
1366 |
+ const char *mimeSubtype; |
|
1367 |
+ char *boundary; |
|
1368 |
+ const text *t_line; |
|
1369 |
+ /*bool isAlternative;*/ |
|
1370 |
+ message *aMessage; |
|
1371 |
+ int multiparts = 0; |
|
1372 |
+ message **messages = NULL; /* parts of a multipart message */ |
|
1373 |
+ |
|
1374 |
+ cli_dbgmsg("Parsing mail file\n"); |
|
1375 |
+ |
|
1376 |
+ mimeType = messageGetMimeType(mainMessage); |
|
1377 |
+ mimeSubtype = messageGetMimeSubtype(mainMessage); |
|
1378 | 1378 |
#if HAVE_JSON |
1379 |
- if (mctx->wrkobj != NULL) { |
|
1380 |
- mctx->wrkobj = cli_jsonobj(mctx->wrkobj, "Body"); |
|
1381 |
- cli_jsonstr(mctx->wrkobj, "MimeType", getMimeTypeStr(mimeType)); |
|
1382 |
- cli_jsonstr(mctx->wrkobj, "MimeSubtype", mimeSubtype); |
|
1383 |
- cli_jsonstr(mctx->wrkobj, "EncodingType", getEncTypeStr(messageGetEncoding(mainMessage))); |
|
1384 |
- cli_jsonstr(mctx->wrkobj, "Disposition", messageGetDispositionType(mainMessage)); |
|
1385 |
- cli_jsonstr(mctx->wrkobj, "Filename", messageHasFilename(mainMessage) ? |
|
1386 |
- messageGetFilename(mainMessage): "(inline)"); |
|
1387 |
- } |
|
1379 |
+ if (mctx->wrkobj != NULL) { |
|
1380 |
+ mctx->wrkobj = cli_jsonobj(mctx->wrkobj, "Body"); |
|
1381 |
+ cli_jsonstr(mctx->wrkobj, "MimeType", getMimeTypeStr(mimeType)); |
|
1382 |
+ cli_jsonstr(mctx->wrkobj, "MimeSubtype", mimeSubtype); |
|
1383 |
+ cli_jsonstr(mctx->wrkobj, "EncodingType", getEncTypeStr(messageGetEncoding(mainMessage))); |
|
1384 |
+ cli_jsonstr(mctx->wrkobj, "Disposition", messageGetDispositionType(mainMessage)); |
|
1385 |
+ cli_jsonstr(mctx->wrkobj, "Filename", messageHasFilename(mainMessage) ? messageGetFilename(mainMessage) : "(inline)"); |
|
1386 |
+ } |
|
1388 | 1387 |
#endif |
1389 | 1388 |
|
1390 |
- /* pre-process */ |
|
1391 |
- subtype = tableFind(mctx->subtypeTable, mimeSubtype); |
|
1392 |
- if((mimeType == TEXT) && (subtype == PLAIN)) { |
|
1393 |
- /* |
|
1389 |
+ /* pre-process */ |
|
1390 |
+ subtype = tableFind(mctx->subtypeTable, mimeSubtype); |
|
1391 |
+ if ((mimeType == TEXT) && (subtype == PLAIN)) { |
|
1392 |
+ /* |
|
1394 | 1393 |
* This is effectively no encoding, notice that we |
1395 | 1394 |
* don't check that charset is us-ascii |
1396 | 1395 |
*/ |
1397 |
- cli_dbgmsg("text/plain: Assume no attachments\n"); |
|
1398 |
- mimeType = NOMIME; |
|
1399 |
- messageSetMimeSubtype(mainMessage, ""); |
|
1400 |
- } else if((mimeType == MESSAGE) && |
|
1401 |
- (strcasecmp(mimeSubtype, "rfc822-headers") == 0)) { |
|
1402 |
- /* |
|
1396 |
+ cli_dbgmsg("text/plain: Assume no attachments\n"); |
|
1397 |
+ mimeType = NOMIME; |
|
1398 |
+ messageSetMimeSubtype(mainMessage, ""); |
|
1399 |
+ } else if ((mimeType == MESSAGE) && |
|
1400 |
+ (strcasecmp(mimeSubtype, "rfc822-headers") == 0)) { |
|
1401 |
+ /* |
|
1403 | 1402 |
* RFC1892/RFC3462: section 2 text/rfc822-headers |
1404 | 1403 |
* incorrectly sent as message/rfc822-headers |
1405 | 1404 |
* |
1406 | 1405 |
* Parse as text/plain, i.e. no mime |
1407 | 1406 |
*/ |
1408 |
- cli_dbgmsg("Changing message/rfc822-headers to text/rfc822-headers\n"); |
|
1409 |
- mimeType = NOMIME; |
|
1410 |
- messageSetMimeSubtype(mainMessage, ""); |
|
1411 |
- } else |
|
1412 |
- cli_dbgmsg("mimeType = %d\n", (int)mimeType); |
|
1413 |
- |
|
1414 |
- switch(mimeType) { |
|
1415 |
- case NOMIME: |
|
1416 |
- cli_dbgmsg("Not a mime encoded message\n"); |
|
1417 |
- aText = textAddMessage(aText, mainMessage); |
|
1418 |
- |
|
1419 |
- if(!doPhishingScan) |
|
1420 |
- break; |
|
1421 |
- /* |
|
1407 |
+ cli_dbgmsg("Changing message/rfc822-headers to text/rfc822-headers\n"); |
|
1408 |
+ mimeType = NOMIME; |
|
1409 |
+ messageSetMimeSubtype(mainMessage, ""); |
|
1410 |
+ } else |
|
1411 |
+ cli_dbgmsg("mimeType = %d\n", (int)mimeType); |
|
1412 |
+ |
|
1413 |
+ switch (mimeType) { |
|
1414 |
+ case NOMIME: |
|
1415 |
+ cli_dbgmsg("Not a mime encoded message\n"); |
|
1416 |
+ aText = textAddMessage(aText, mainMessage); |
|
1417 |
+ |
|
1418 |
+ if (!doPhishingScan) |
|
1419 |
+ break; |
|
1420 |
+ /* |
|
1422 | 1421 |
* Fall through: some phishing mails claim they are |
1423 | 1422 |
* text/plain, when they are in fact html |
1424 | 1423 |
*/ |
1425 |
- case TEXT: |
|
1426 |
- /* text/plain has been preprocessed as no encoding */ |
|
1427 |
- if(doPhishingScan) { |
|
1428 |
- /* |
|
1424 |
+ case TEXT: |
|
1425 |
+ /* text/plain has been preprocessed as no encoding */ |
|
1426 |
+ if (doPhishingScan) { |
|
1427 |
+ /* |
|
1429 | 1428 |
* It would be better to save and scan the |
1430 | 1429 |
* file and only checkURLs if it's found to be |
1431 | 1430 |
* clean |
1432 | 1431 |
*/ |
1433 |
- checkURLs(mainMessage, mctx, &rc, (subtype == HTML)); |
|
1434 |
- /* |
|
1432 |
+ checkURLs(mainMessage, mctx, &rc, (subtype == HTML)); |
|
1433 |
+ /* |
|
1435 | 1434 |
* There might be html sent without subtype |
1436 | 1435 |
* html too, so scan them for phishing |
1437 | 1436 |
*/ |
1438 |
- if(rc == VIRUS) |
|
1439 |
- infected = TRUE; |
|
1440 |
- } |
|
1441 |
- break; |
|
1442 |
- case MULTIPART: |
|
1443 |
- cli_dbgmsg("Content-type 'multipart' handler\n"); |
|
1444 |
- boundary = messageFindArgument(mainMessage, "boundary"); |
|
1437 |
+ if (rc == VIRUS) |
|
1438 |
+ infected = TRUE; |
|
1439 |
+ } |
|
1440 |
+ break; |
|
1441 |
+ case MULTIPART: |
|
1442 |
+ cli_dbgmsg("Content-type 'multipart' handler\n"); |
|
1443 |
+ boundary = messageFindArgument(mainMessage, "boundary"); |
|
1445 | 1444 |
|
1446 | 1445 |
#if HAVE_JSON |
1447 |
- if (mctx->wrkobj != NULL) |
|
1448 |
- cli_jsonstr(mctx->wrkobj, "Boundary", boundary); |
|
1446 |
+ if (mctx->wrkobj != NULL) |
|
1447 |
+ cli_jsonstr(mctx->wrkobj, "Boundary", boundary); |
|
1449 | 1448 |
#endif |
1450 | 1449 |
|
1451 |
- if(boundary == NULL) { |
|
1452 |
- cli_dbgmsg("Multipart/%s MIME message contains no boundary header\n", |
|
1453 |
- mimeSubtype); |
|
1454 |
- /* Broken e-mail message */ |
|
1455 |
- mimeType = NOMIME; |
|
1456 |
- /* |
|
1450 |
+ if (boundary == NULL) { |
|
1451 |
+ cli_dbgmsg("Multipart/%s MIME message contains no boundary header\n", |
|
1452 |
+ mimeSubtype); |
|
1453 |
+ /* Broken e-mail message */ |
|
1454 |
+ mimeType = NOMIME; |
|
1455 |
+ /* |
|
1457 | 1456 |
* The break means that we will still |
1458 | 1457 |
* check if the file contains a uuencoded file |
1459 | 1458 |
*/ |
1460 |
- break; |
|
1461 |
- } |
|
1459 |
+ break; |
|
1460 |
+ } |
|
1462 | 1461 |
|
1463 |
- cli_chomp(boundary); |
|
1462 |
+ cli_chomp(boundary); |
|
1464 | 1463 |
|
1465 |
- /* Perhaps it should assume mixed? */ |
|
1466 |
- if(mimeSubtype[0] == '\0') { |
|
1467 |
- cli_dbgmsg("Multipart has no subtype assuming alternative\n"); |
|
1468 |
- mimeSubtype = "alternative"; |
|
1469 |
- messageSetMimeSubtype(mainMessage, "alternative"); |
|
1470 |
- } |
|
1464 |
+ /* Perhaps it should assume mixed? */ |
|
1465 |
+ if (mimeSubtype[0] == '\0') { |
|
1466 |
+ cli_dbgmsg("Multipart has no subtype assuming alternative\n"); |
|
1467 |
+ mimeSubtype = "alternative"; |
|
1468 |
+ messageSetMimeSubtype(mainMessage, "alternative"); |
|
1469 |
+ } |
|
1471 | 1470 |
|
1472 |
- /* |
|
1471 |
+ /* |
|
1473 | 1472 |
* Get to the start of the first message |
1474 | 1473 |
*/ |
1475 |
- t_line = messageGetBody(mainMessage); |
|
1476 |
- |
|
1477 |
- if(t_line == NULL) { |
|
1478 |
- cli_dbgmsg("Multipart MIME message has no body\n"); |
|
1479 |
- free((char *)boundary); |
|
1480 |
- mimeType = NOMIME; |
|
1481 |
- break; |
|
1482 |
- } |
|
1483 |
- |
|
1484 |
- do |
|
1485 |
- if(t_line->t_line) { |
|
1486 |
- if(boundaryStart(lineGetData(t_line->t_line), boundary)) |
|
1487 |
- break; |
|
1488 |
- /* |
|
1474 |
+ t_line = messageGetBody(mainMessage); |
|
1475 |
+ |
|
1476 |
+ if (t_line == NULL) { |
|
1477 |
+ cli_dbgmsg("Multipart MIME message has no body\n"); |
|
1478 |
+ free((char *)boundary); |
|
1479 |
+ mimeType = NOMIME; |
|
1480 |
+ break; |
|
1481 |
+ } |
|
1482 |
+ |
|
1483 |
+ do |
|
1484 |
+ if (t_line->t_line) { |
|
1485 |
+ if (boundaryStart(lineGetData(t_line->t_line), boundary)) |
|
1486 |
+ break; |
|
1487 |
+ /* |
|
1489 | 1488 |
* Found a binhex file before |
1490 | 1489 |
* the first multipart |
1491 | 1490 |
* TODO: check yEnc |
1492 | 1491 |
*/ |
1493 |
- if(binhexBegin(mainMessage) == t_line) { |
|
1494 |
- if(exportBinhexMessage(mctx, mainMessage)) { |
|
1495 |
- /* virus found */ |
|
1496 |
- rc = VIRUS; |
|
1497 |
- infected = TRUE; |
|
1498 |
- break; |
|
1499 |
- } |
|
1500 |
- } else if(t_line->t_next && |
|
1501 |
- (encodingLine(mainMessage) == t_line->t_next)) { |
|
1502 |
- /* |
|
1492 |
+ if (binhexBegin(mainMessage) == t_line) { |
|
1493 |
+ if (exportBinhexMessage(mctx, mainMessage)) { |
|
1494 |
+ /* virus found */ |
|
1495 |
+ rc = VIRUS; |
|
1496 |
+ infected = TRUE; |
|
1497 |
+ break; |
|
1498 |
+ } |
|
1499 |
+ } else if (t_line->t_next && |
|
1500 |
+ (encodingLine(mainMessage) == t_line->t_next)) { |
|
1501 |
+ /* |
|
1503 | 1502 |
* We look for the next line |
1504 | 1503 |
* since later on we'll skip |
1505 | 1504 |
* over the important line when |
... | ... |
@@ -1508,39 +1483,39 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re |
1508 | 1508 |
* which it would have been in |
1509 | 1509 |
* an RFC compliant world |
1510 | 1510 |
*/ |
1511 |
- cli_dbgmsg("Found MIME attachment before the first MIME section \"%s\"\n", |
|
1512 |
- lineGetData(t_line->t_next->t_line)); |
|
1513 |
- if(messageGetEncoding(mainMessage) == NOENCODING) |
|
1514 |
- break; |
|
1515 |
- } |
|
1516 |
- } |
|
1517 |
- while((t_line = t_line->t_next) != NULL); |
|
1518 |
- |
|
1519 |
- if(t_line == NULL) { |
|
1520 |
- cli_dbgmsg("Multipart MIME message contains no boundary lines (%s)\n", |
|
1521 |
- boundary); |
|
1522 |
- free((char *)boundary); |
|
1523 |
- mimeType = NOMIME; |
|
1524 |
- /* |
|
1511 |
+ cli_dbgmsg("Found MIME attachment before the first MIME section \"%s\"\n", |
|
1512 |
+ lineGetData(t_line->t_next->t_line)); |
|
1513 |
+ if (messageGetEncoding(mainMessage) == NOENCODING) |
|
1514 |
+ break; |
|
1515 |
+ } |
|
1516 |
+ } |
|
1517 |
+ while ((t_line = t_line->t_next) != NULL); |
|
1518 |
+ |
|
1519 |
+ if (t_line == NULL) { |
|
1520 |
+ cli_dbgmsg("Multipart MIME message contains no boundary lines (%s)\n", |
|
1521 |
+ boundary); |
|
1522 |
+ free((char *)boundary); |
|
1523 |
+ mimeType = NOMIME; |
|
1524 |
+ /* |
|
1525 | 1525 |
* The break means that we will still |
1526 | 1526 |
* check if the file contains a yEnc/binhex file |
1527 | 1527 |
*/ |
1528 |
- break; |
|
1529 |
- } |
|
1530 |
- /* |
|
1528 |
+ break; |
|
1529 |
+ } |
|
1530 |
+ /* |
|
1531 | 1531 |
* Build up a table of all of the parts of this |
1532 | 1532 |
* multipart message. Remember, each part may itself |
1533 | 1533 |
* be a multipart message. |
1534 | 1534 |
*/ |
1535 |
- inhead = 1; |
|
1536 |
- inMimeHead = 0; |
|
1535 |
+ inhead = 1; |
|
1536 |
+ inMimeHead = 0; |
|
1537 | 1537 |
|
1538 |
- /* |
|
1538 |
+ /* |
|
1539 | 1539 |
* Re-read this variable in case mimeSubtype has changed |
1540 | 1540 |
*/ |
1541 |
- subtype = tableFind(mctx->subtypeTable, mimeSubtype); |
|
1541 |
+ subtype = tableFind(mctx->subtypeTable, mimeSubtype); |
|
1542 | 1542 |
|
1543 |
- /* |
|
1543 |
+ /* |
|
1544 | 1544 |
* Parse the mainMessage object and create an array |
1545 | 1545 |
* of objects called messages, one for each of the |
1546 | 1546 |
* multiparts that mainMessage contains. |
... | ... |
@@ -1554,99 +1529,99 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re |
1554 | 1554 |
* which of those elements it will be, except in |
1555 | 1555 |
* the case of mixed, when all parts need to be scanned. |
1556 | 1556 |
*/ |
1557 |
- for(multiparts = 0; t_line && !infected; multiparts++) { |
|
1558 |
- int lines = 0; |
|
1559 |
- message **m; |
|
1560 |
- mbox_status old_rc; |
|
1561 |
- |
|
1562 |
- m = cli_realloc(messages, ((multiparts + 1) * sizeof(message *))); |
|
1563 |
- if(m == NULL) |
|
1564 |
- break; |
|
1565 |
- messages = m; |
|
1566 |
- |
|
1567 |
- aMessage = messages[multiparts] = messageCreate(); |
|
1568 |
- if(aMessage == NULL) { |
|
1569 |
- multiparts--; |
|
1570 |
- /* if allocation failed the first time, |
|
1557 |
+ for (multiparts = 0; t_line && !infected; multiparts++) { |
|
1558 |
+ int lines = 0; |
|
1559 |
+ message **m; |
|
1560 |
+ mbox_status old_rc; |
|
1561 |
+ |
|
1562 |
+ m = cli_realloc(messages, ((multiparts + 1) * sizeof(message *))); |
|
1563 |
+ if (m == NULL) |
|
1564 |
+ break; |
|
1565 |
+ messages = m; |
|
1566 |
+ |
|
1567 |
+ aMessage = messages[multiparts] = messageCreate(); |
|
1568 |
+ if (aMessage == NULL) { |
|
1569 |
+ multiparts--; |
|
1570 |
+ /* if allocation failed the first time, |
|
1571 | 1571 |
* there's no point in retrying, just |
1572 | 1572 |
* break out */ |
1573 |
- break; |
|
1574 |
- } |
|
1575 |
- messageSetCTX(aMessage, mctx->ctx); |
|
1573 |
+ break; |
|
1574 |
+ } |
|
1575 |
+ messageSetCTX(aMessage, mctx->ctx); |
|
1576 | 1576 |
|
1577 |
- cli_dbgmsg("Now read in part %d\n", multiparts); |
|
1577 |
+ cli_dbgmsg("Now read in part %d\n", multiparts); |
|
1578 | 1578 |
|
1579 |
- /* |
|
1579 |
+ /* |
|
1580 | 1580 |
* Ignore blank lines. There shouldn't be ANY |
1581 | 1581 |
* but some viruses insert them |
1582 | 1582 |
*/ |
1583 |
- while((t_line = t_line->t_next) != NULL) |
|
1584 |
- if(t_line->t_line && |
|
1585 |
- /*(cli_chomp(t_line->t_text) > 0))*/ |
|
1586 |
- (strlen(lineGetData(t_line->t_line)) > 0)) |
|
1587 |
- break; |
|
1588 |
- |
|
1589 |
- if(t_line == NULL) { |
|
1590 |
- cli_dbgmsg("Empty part\n"); |
|
1591 |
- /* |
|
1583 |
+ while ((t_line = t_line->t_next) != NULL) |
|
1584 |
+ if (t_line->t_line && |
|
1585 |
+ /*(cli_chomp(t_line->t_text) > 0))*/ |
|
1586 |
+ (strlen(lineGetData(t_line->t_line)) > 0)) |
|
1587 |
+ break; |
|
1588 |
+ |
|
1589 |
+ if (t_line == NULL) { |
|
1590 |
+ cli_dbgmsg("Empty part\n"); |
|
1591 |
+ /* |
|
1592 | 1592 |
* Remove this part unless there's |
1593 | 1593 |
* a binhex portion somewhere in |
1594 | 1594 |
* the complete message that we may |
1595 | 1595 |
* throw away by mistake if the MIME |
1596 | 1596 |
* encoding information is incorrect |
1597 | 1597 |
*/ |
1598 |
- if(mainMessage && |
|
1599 |
- (binhexBegin(mainMessage) == NULL)) { |
|
1600 |
- messageDestroy(aMessage); |
|
1601 |
- --multiparts; |
|
1602 |
- } |
|
1603 |
- continue; |
|
1604 |
- } |
|
1605 |
- |
|
1606 |
- do { |
|
1607 |
- const char *line = lineGetData(t_line->t_line); |
|
1608 |
- |
|
1609 |
- /*cli_dbgmsg("multipart %d: inMimeHead %d inhead %d boundary '%s' line '%s' next '%s'\n", |
|
1598 |
+ if (mainMessage && |
|
1599 |
+ (binhexBegin(mainMessage) == NULL)) { |
|
1600 |
+ messageDestroy(aMessage); |
|
1601 |
+ --multiparts; |
|
1602 |
+ } |
|
1603 |
+ continue; |
|
1604 |
+ } |
|
1605 |
+ |
|
1606 |
+ do { |
|
1607 |
+ const char *line = lineGetData(t_line->t_line); |
|
1608 |
+ |
|
1609 |
+ /*cli_dbgmsg("multipart %d: inMimeHead %d inhead %d boundary '%s' line '%s' next '%s'\n", |
|
1610 | 1610 |
multiparts, inMimeHead, inhead, boundary, line, |
1611 | 1611 |
t_line->t_next && t_line->t_next->t_line ? lineGetData(t_line->t_next->t_line) : "(null)");*/ |
1612 | 1612 |
|
1613 |
- if(inMimeHead) { /* continuation line */ |
|
1614 |
- if(line == NULL) { |
|
1615 |
- /*inhead =*/ inMimeHead = 0; |
|
1616 |
- continue; |
|
1617 |
- } |
|
1618 |
- /* |
|
1613 |
+ if (inMimeHead) { /* continuation line */ |
|
1614 |
+ if (line == NULL) { |
|
1615 |
+ /*inhead =*/inMimeHead = 0; |
|
1616 |
+ continue; |
|
1617 |
+ } |
|
1618 |
+ /* |
|
1619 | 1619 |
* Handle continuation lines |
1620 | 1620 |
* because the previous line |
1621 | 1621 |
* ended with a ; or this line |
1622 | 1622 |
* starts with a white space |
1623 | 1623 |
*/ |
1624 |
- cli_dbgmsg("Multipart %d: About to add mime Argument '%s'\n", |
|
1625 |
- multiparts, line); |
|
1626 |
- /* |
|
1624 |
+ cli_dbgmsg("Multipart %d: About to add mime Argument '%s'\n", |
|
1625 |
+ multiparts, line); |
|
1626 |
+ /* |
|
1627 | 1627 |
* Handle the case when it |
1628 | 1628 |
* isn't really a continuation |
1629 | 1629 |
* line: |
1630 | 1630 |
* Content-Type: application/octet-stream; |
1631 | 1631 |
* Content-Transfer-Encoding: base64 |
1632 | 1632 |
*/ |
1633 |
- parseEmailHeader(aMessage, line, mctx->rfc821Table); |
|
1634 |
- |
|
1635 |
- while(isspace((int)*line)) |
|
1636 |
- line++; |
|
1637 |
- |
|
1638 |
- if(*line == '\0') { |
|
1639 |
- inhead = inMimeHead = 0; |
|
1640 |
- continue; |
|
1641 |
- } |
|
1642 |
- inMimeHead = FALSE; |
|
1643 |
- messageAddArgument(aMessage, line); |
|
1644 |
- } else if(inhead) { /* handling normal headers */ |
|
1645 |
- /*int quotes;*/ |
|
1646 |
- char *fullline, *ptr; |
|
1647 |
- |
|
1648 |
- if(line == NULL) { |
|
1649 |
- /* |
|
1633 |
+ parseEmailHeader(aMessage, line, mctx->rfc821Table); |
|
1634 |
+ |
|
1635 |
+ while (isspace((int)*line)) |
|
1636 |
+ line++; |
|
1637 |
+ |
|
1638 |
+ if (*line == '\0') { |
|
1639 |
+ inhead = inMimeHead = 0; |
|
1640 |
+ continue; |
|
1641 |
+ } |
|
1642 |
+ inMimeHead = FALSE; |
|
1643 |
+ messageAddArgument(aMessage, line); |
|
1644 |
+ } else if (inhead) { /* handling normal headers */ |
|
1645 |
+ /*int quotes;*/ |
|
1646 |
+ char *fullline, *ptr; |
|
1647 |
+ |
|
1648 |
+ if (line == NULL) { |
|
1649 |
+ /* |
|
1650 | 1650 |
* empty line, should the end of the headers, |
1651 | 1651 |
* but some base64 decoders, e.g. uudeview, are broken |
1652 | 1652 |
* and will handle this type of entry, decoding the |
... | ... |
@@ -1663,15 +1638,15 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re |
1663 | 1663 |
* |
1664 | 1664 |
* UEsDBAoAAAAAAACgPjJ2RHw676gAAO+oAABEAAAAbWFpbF90ZXh0LWluZm8udHh0ICAgICAgICAg |
1665 | 1665 |
*/ |
1666 |
- const text *next = t_line->t_next; |
|
1666 |
+ const text *next = t_line->t_next; |
|
1667 | 1667 |
|
1668 |
- if(next && next->t_line) { |
|
1669 |
- const char *data = lineGetData(next->t_line); |
|
1668 |
+ if (next && next->t_line) { |
|
1669 |
+ const char *data = lineGetData(next->t_line); |
|
1670 | 1670 |
|
1671 |
- if((messageGetEncoding(aMessage) == NOENCODING) && |
|
1672 |
- (messageGetMimeType(aMessage) == APPLICATION) && |
|
1673 |
- data && strstr(data, "base64")) { |
|
1674 |
- /* |
|
1671 |
+ if ((messageGetEncoding(aMessage) == NOENCODING) && |
|
1672 |
+ (messageGetMimeType(aMessage) == APPLICATION) && |
|
1673 |
+ data && strstr(data, "base64")) { |
|
1674 |
+ /* |
|
1675 | 1675 |
* Handle this nightmare (note the blank |
1676 | 1676 |
* line in the header and the incorrect |
1677 | 1677 |
* content-transfer-encoding header) |
... | ... |
@@ -1681,23 +1656,23 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re |
1681 | 1681 |
* r-Encoding: base64 |
1682 | 1682 |
* Content-Disposition: attachment; filename="zipped_files.EXE" |
1683 | 1683 |
*/ |
1684 |
- messageSetEncoding(aMessage, "base64"); |
|
1685 |
- cli_dbgmsg("Ignoring fake end of headers\n"); |
|
1686 |
- continue; |
|
1687 |
- } |
|
1688 |
- if((strncmp(data, "Content", 7) == 0) || |
|
1689 |
- (strncmp(data, "filename=", 9) == 0)) { |
|
1690 |
- cli_dbgmsg("Ignoring fake end of headers\n"); |
|
1691 |
- continue; |
|
1692 |
- } |
|
1693 |
- } |
|
1694 |
- cli_dbgmsg("Multipart %d: End of header information\n", |
|
1695 |
- multiparts); |
|
1696 |
- inhead = 0; |
|
1697 |
- continue; |
|
1698 |
- } |
|
1699 |
- if(isspace((int)*line)) { |
|
1700 |
- /* |
|
1684 |
+ messageSetEncoding(aMessage, "base64"); |
|
1685 |
+ cli_dbgmsg("Ignoring fake end of headers\n"); |
|
1686 |
+ continue; |
|
1687 |
+ } |
|
1688 |
+ if ((strncmp(data, "Content", 7) == 0) || |
|
1689 |
+ (strncmp(data, "filename=", 9) == 0)) { |
|
1690 |
+ cli_dbgmsg("Ignoring fake end of headers\n"); |
|
1691 |
+ continue; |
|
1692 |
+ } |
|
1693 |
+ } |
|
1694 |
+ cli_dbgmsg("Multipart %d: End of header information\n", |
|
1695 |
+ multiparts); |
|
1696 |
+ inhead = 0; |
|
1697 |
+ continue; |
|
1698 |
+ } |
|
1699 |
+ if (isspace((int)*line)) { |
|
1700 |
+ /* |
|
1701 | 1701 |
* The first line is |
1702 | 1702 |
* continuation line. |
1703 | 1703 |
* This is tricky |
... | ... |
@@ -1705,10 +1680,10 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re |
1705 | 1705 |
* all we can do is our |
1706 | 1706 |
* best |
1707 | 1707 |
*/ |
1708 |
- cli_dbgmsg("Part %d starts with a continuation line\n", |
|
1709 |
- multiparts); |
|
1710 |
- messageAddArgument(aMessage, line); |
|
1711 |
- /* |
|
1708 |
+ cli_dbgmsg("Part %d starts with a continuation line\n", |
|
1709 |
+ multiparts); |
|
1710 |
+ messageAddArgument(aMessage, line); |
|
1711 |
+ /* |
|
1712 | 1712 |
* Give it a default |
1713 | 1713 |
* MIME type since |
1714 | 1714 |
* that may be the |
... | ... |
@@ -1717,68 +1692,68 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re |
1717 | 1717 |
* Choose application to |
1718 | 1718 |
* force a save |
1719 | 1719 |
*/ |
1720 |
- if(messageGetMimeType(aMessage) == NOMIME) |
|
1721 |
- messageSetMimeType(aMessage, "application"); |
|
1722 |
- continue; |
|
1723 |
- } |
|
1720 |
+ if (messageGetMimeType(aMessage) == NOMIME) |
|
1721 |
+ messageSetMimeType(aMessage, "application"); |
|
1722 |
+ continue; |
|
1723 |
+ } |
|
1724 | 1724 |
|
1725 |
- inMimeHead = FALSE; |
|
1725 |
+ inMimeHead = FALSE; |
|
1726 | 1726 |
|
1727 |
- assert(strlen(line) <= RFC2821LENGTH); |
|
1727 |
+ assert(strlen(line) <= RFC2821LENGTH); |
|
1728 | 1728 |
|
1729 |
- fullline = rfc822comments(line, NULL); |
|
1730 |
- if(fullline == NULL) |
|
1731 |
- fullline = cli_strdup(line); |
|
1729 |
+ fullline = rfc822comments(line, NULL); |
|
1730 |
+ if (fullline == NULL) |
|
1731 |
+ fullline = cli_strdup(line); |
|
1732 | 1732 |
|
1733 |
- /*quotes = count_quotes(fullline);*/ |
|
1733 |
+ /*quotes = count_quotes(fullline);*/ |
|
1734 | 1734 |
|
1735 |
- /* |
|
1735 |
+ /* |
|
1736 | 1736 |
* Fold next lines to the end of this |
1737 | 1737 |
* if they start with a white space |
1738 | 1738 |
* or if this line has an odd number of quotes: |
1739 | 1739 |
* Content-Type: application/octet-stream; name="foo |
1740 | 1740 |
* " |
1741 | 1741 |
*/ |
1742 |
- while(t_line && next_is_folded_header(t_line)) { |
|
1743 |
- const char *data; |
|
1744 |
- size_t datasz; |
|
1742 |
+ while (t_line && next_is_folded_header(t_line)) { |
|
1743 |
+ const char *data; |
|
1744 |
+ size_t datasz; |
|
1745 | 1745 |
|
1746 |
- t_line = t_line->t_next; |
|
1746 |
+ t_line = t_line->t_next; |
|
1747 | 1747 |
|
1748 |
- data = lineGetData(t_line->t_line); |
|
1748 |
+ data = lineGetData(t_line->t_line); |
|
1749 | 1749 |
|
1750 |
- if(data[1] == '\0') { |
|
1751 |
- /* |
|
1750 |
+ if (data[1] == '\0') { |
|
1751 |
+ /* |
|
1752 | 1752 |
* Broken message: the |
1753 | 1753 |
* blank line at the end |
1754 | 1754 |
* of the headers isn't blank - |
1755 | 1755 |
* it contains a space |
1756 | 1756 |
*/ |
1757 |
- cli_dbgmsg("Multipart %d: headers not terminated by blank line\n", |
|
1758 |
- multiparts); |
|
1759 |
- inhead = FALSE; |
|
1760 |
- break; |
|
1761 |
- } |
|
1757 |
+ cli_dbgmsg("Multipart %d: headers not terminated by blank line\n", |
|
1758 |
+ multiparts); |
|
1759 |
+ inhead = FALSE; |
|
1760 |
+ break; |
|
1761 |
+ } |
|
1762 | 1762 |
|
1763 |
- datasz = strlen(fullline) + strlen(data) + 1; |
|
1764 |
- ptr = cli_realloc(fullline, datasz); |
|
1763 |
+ datasz = strlen(fullline) + strlen(data) + 1; |
|
1764 |
+ ptr = cli_realloc(fullline, datasz); |
|
1765 | 1765 |
|
1766 |
- if(ptr == NULL) |
|
1767 |
- break; |
|
1766 |
+ if (ptr == NULL) |
|
1767 |
+ break; |
|
1768 | 1768 |
|
1769 |
- fullline = ptr; |
|
1770 |
- cli_strlcat(fullline, data, datasz); |
|
1769 |
+ fullline = ptr; |
|
1770 |
+ cli_strlcat(fullline, data, datasz); |
|
1771 | 1771 |
|
1772 |
- /*quotes = count_quotes(data);*/ |
|
1773 |
- } |
|
1772 |
+ /*quotes = count_quotes(data);*/ |
|
1773 |
+ } |
|
1774 | 1774 |
|
1775 |
- cli_dbgmsg("Multipart %d: About to parse folded header '%s'\n", |
|
1776 |
- multiparts, fullline); |
|
1775 |
+ cli_dbgmsg("Multipart %d: About to parse folded header '%s'\n", |
|
1776 |
+ multiparts, fullline); |
|
1777 | 1777 |
|
1778 |
- parseEmailHeader(aMessage, fullline, mctx->rfc821Table); |
|
1779 |
- free(fullline); |
|
1780 |
- } else if(boundaryEnd(line, boundary)) { |
|
1781 |
- /* |
|
1778 |
+ parseEmailHeader(aMessage, fullline, mctx->rfc821Table); |
|
1779 |
+ free(fullline); |
|
1780 |
+ } else if (boundaryEnd(line, boundary)) { |
|
1781 |
+ /* |
|
1782 | 1782 |
* Some viruses put information |
1783 | 1783 |
* *after* the end of message, |
1784 | 1784 |
* which presumably some broken |
... | ... |
@@ -1786,184 +1761,187 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re |
1786 | 1786 |
* can't assume that this |
1787 | 1787 |
* is the end of the message |
1788 | 1788 |
*/ |
1789 |
- /* t_line = NULL;*/ |
|
1790 |
- break; |
|
1791 |
- } else if(boundaryStart(line, boundary)) { |
|
1792 |
- inhead = 1; |
|
1793 |
- break; |
|
1794 |
- } else { |
|
1795 |
- if(messageAddLine(aMessage, t_line->t_line) < 0) |
|
1796 |
- break; |
|
1797 |
- lines++; |
|
1798 |
- } |
|
1799 |
- } while((t_line = t_line->t_next) != NULL); |
|
1800 |
- |
|
1801 |
- cli_dbgmsg("Part %d has %d lines, rc = %d\n", |
|
1802 |
- multiparts, lines, (int)rc); |
|
1803 |
- |
|
1804 |
- /* |
|
1789 |
+ /* t_line = NULL;*/ |
|
1790 |
+ break; |
|
1791 |
+ } else if (boundaryStart(line, boundary)) { |
|
1792 |
+ inhead = 1; |
|
1793 |
+ break; |
|
1794 |
+ } else { |
|
1795 |
+ if (messageAddLine(aMessage, t_line->t_line) < 0) |
|
1796 |
+ break; |
|
1797 |
+ lines++; |
|
1798 |
+ } |
|
1799 |
+ } while ((t_line = t_line->t_next) != NULL); |
|
1800 |
+ |
|
1801 |
+ cli_dbgmsg("Part %d has %d lines, rc = %d\n", |
|
1802 |
+ multiparts, lines, (int)rc); |
|
1803 |
+ |
|
1804 |
+ /* |
|
1805 | 1805 |
* Only save in the array of messages if some |
1806 | 1806 |
* decision will be taken on whether to scan. |
1807 | 1807 |
* If all parts will be scanned then save to |
1808 | 1808 |
* file straight away |
1809 | 1809 |
*/ |
1810 |
- switch(subtype) { |
|
1811 |
- case MIXED: |
|
1812 |
- case ALTERNATIVE: |
|
1813 |
- case REPORT: |
|
1814 |
- case DIGEST: |
|
1815 |
- case APPLEDOUBLE: |
|
1816 |
- case KNOWBOT: |
|
1817 |
- case -1: |
|
1818 |
- old_rc = rc; |
|
1819 |
- mainMessage = do_multipart(mainMessage, |
|
1820 |
- messages, multiparts, |
|
1821 |
- &rc, mctx, messageIn, |
|
1822 |
- &aText, recursion_level); |
|
1823 |
- if((rc == OK_ATTACHMENTS_NOT_SAVED) && (old_rc == OK)) |
|
1824 |
- rc = OK; |
|
1825 |
- if(messages[multiparts]) { |
|
1826 |
- messageDestroy(messages[multiparts]); |
|
1827 |
- messages[multiparts] = NULL; |
|
1828 |
- } |
|
1829 |
- --multiparts; |
|
1830 |
- if(rc == VIRUS) |
|
1831 |
- infected = TRUE; |
|
1832 |
- break; |
|
1833 |
- |
|
1834 |
- case RELATED: |
|
1835 |
- case ENCRYPTED: |
|
1836 |
- case SIGNED: |
|
1837 |
- case PARALLEL: |
|
1838 |
- /* all the subtypes that we handle |
|
1810 |
+ switch (subtype) { |
|
1811 |
+ case MIXED: |
|
1812 |
+ case ALTERNATIVE: |
|
1813 |
+ case REPORT: |
|
1814 |
+ case DIGEST: |
|
1815 |
+ case APPLEDOUBLE: |
|
1816 |
+ case KNOWBOT: |
|
1817 |
+ case -1: |
|
1818 |
+ old_rc = rc; |
|
1819 |
+ mainMessage = do_multipart(mainMessage, |
|
1820 |
+ messages, multiparts, |
|
1821 |
+ &rc, mctx, messageIn, |
|
1822 |
+ &aText, recursion_level); |
|
1823 |
+ if ((rc == OK_ATTACHMENTS_NOT_SAVED) && (old_rc == OK)) |
|
1824 |
+ rc = OK; |
|
1825 |
+ if (messages[multiparts]) { |
|
1826 |
+ messageDestroy(messages[multiparts]); |
|
1827 |
+ messages[multiparts] = NULL; |
|
1828 |
+ } |
|
1829 |
+ --multiparts; |
|
1830 |
+ if (rc == VIRUS) |
|
1831 |
+ infected = TRUE; |
|
1832 |
+ break; |
|
1833 |
+ |
|
1834 |
+ case RELATED: |
|
1835 |
+ case ENCRYPTED: |
|
1836 |
+ case SIGNED: |
|
1837 |
+ case PARALLEL: |
|
1838 |
+ /* all the subtypes that we handle |
|
1839 | 1839 |
* (all from the switch(tableFind...) below) |
1840 | 1840 |
* must be listed here */ |
1841 |
- break; |
|
1842 |
- default: |
|
1843 |
- /* this is a subtype that we |
|
1841 |
+ break; |
|
1842 |
+ default: |
|
1843 |
+ /* this is a subtype that we |
|
1844 | 1844 |
* don't handle anyway, |
1845 | 1845 |
* don't store */ |
1846 |
- if(messages[multiparts]) { |
|
1847 |
- messageDestroy(messages[multiparts]); |
|
1848 |
- messages[multiparts] = NULL; |
|
1849 |
- } |
|
1850 |
- --multiparts; |
|
1851 |
- } |
|
1852 |
- } |
|
1846 |
+ if (messages[multiparts]) { |
|
1847 |
+ messageDestroy(messages[multiparts]); |
|
1848 |
+ messages[multiparts] = NULL; |
|
1849 |
+ } |
|
1850 |
+ --multiparts; |
|
1851 |
+ } |
|
1852 |
+ } |
|
1853 | 1853 |
|
1854 |
- free((char *)boundary); |
|
1854 |
+ free((char *)boundary); |
|
1855 | 1855 |
|
1856 |
- /* |
|
1856 |
+ /* |
|
1857 | 1857 |
* Preprocess. Anything special to be done before |
1858 | 1858 |
* we handle the multiparts? |
1859 | 1859 |
*/ |
1860 |
- switch(subtype) { |
|
1861 |
- case KNOWBOT: |
|
1862 |
- /* TODO */ |
|
1863 |
- cli_dbgmsg("multipart/knowbot parsed as multipart/mixed for now\n"); |
|
1864 |
- mimeSubtype = "mixed"; |
|
1865 |
- break; |
|
1866 |
- case -1: |
|
1867 |
- /* |
|
1860 |
+ switch (subtype) { |
|
1861 |
+ case KNOWBOT: |
|
1862 |
+ /* TODO */ |
|
1863 |
+ cli_dbgmsg("multipart/knowbot parsed as multipart/mixed for now\n"); |
|
1864 |
+ mimeSubtype = "mixed"; |
|
1865 |
+ break; |
|
1866 |
+ case -1: |
|
1867 |
+ /* |
|
1868 | 1868 |
* According to section 7.2.6 of |
1869 | 1869 |
* RFC1521, unrecognized multiparts |
1870 | 1870 |
* should be treated as multipart/mixed. |
1871 | 1871 |
*/ |
1872 |
- cli_dbgmsg("Unsupported multipart format `%s', parsed as mixed\n", mimeSubtype); |
|
1873 |
- mimeSubtype = "mixed"; |
|
1874 |
- break; |
|
1875 |
- } |
|
1872 |
+ cli_dbgmsg("Unsupported multipart format `%s', parsed as mixed\n", mimeSubtype); |
|
1873 |
+ mimeSubtype = "mixed"; |
|
1874 |
+ break; |
|
1875 |
+ } |
|
1876 | 1876 |
|
1877 |
- /* |
|
1877 |
+ /* |
|
1878 | 1878 |
* We've finished message we're parsing |
1879 | 1879 |
*/ |
1880 |
- if(mainMessage && (mainMessage != messageIn)) { |
|
1881 |
- messageDestroy(mainMessage); |
|
1882 |
- mainMessage = NULL; |
|
1883 |
- } |
|
1884 |
- |
|
1885 |
- cli_dbgmsg("The message has %d parts\n", multiparts); |
|
1886 |
- |
|
1887 |
- if(infected || ((multiparts == 0) && (aText == NULL))) { |
|
1888 |
- if(messages) { |
|
1889 |
- for(i = 0; i < multiparts; i++) |
|
1890 |
- if(messages[i]) |
|
1891 |
- messageDestroy(messages[i]); |
|
1892 |
- free(messages); |
|
1893 |
- } |
|
1894 |
- if(aText && (textIn == NULL)) |
|
1895 |
- textDestroy(aText); |
|
1880 |
+ if (mainMessage && (mainMessage != messageIn)) { |
|
1881 |
+ messageDestroy(mainMessage); |
|
1882 |
+ mainMessage = NULL; |
|
1883 |
+ } |
|
1884 |
+ |
|
1885 |
+ cli_dbgmsg("The message has %d parts\n", multiparts); |
|
1886 |
+ |
|
1887 |
+ if (infected || ((multiparts == 0) && (aText == NULL))) { |
|
1888 |
+ if (messages) { |
|
1889 |
+ for (i = 0; i < multiparts; i++) |
|
1890 |
+ if (messages[i]) |
|
1891 |
+ messageDestroy(messages[i]); |
|
1892 |
+ free(messages); |
|
1893 |
+ } |
|
1894 |
+ if (aText && (textIn == NULL)) |
|
1895 |
+ textDestroy(aText); |
|
1896 | 1896 |
|
1897 | 1897 |
#if HAVE_JSON |
1898 |
- mctx->wrkobj = saveobj; |
|
1898 |
+ mctx->wrkobj = saveobj; |
|
1899 | 1899 |
#endif |
1900 |
- /* |
|
1900 |
+ /* |
|
1901 | 1901 |
* Nothing to do |
1902 | 1902 |
*/ |
1903 |
- switch(rc) { |
|
1904 |
- case VIRUS: return VIRUS; |
|
1905 |
- case MAXREC: return MAXREC; |
|
1906 |
- default: return OK_ATTACHMENTS_NOT_SAVED; |
|
1907 |
- } |
|
1908 |
- } |
|
1903 |
+ switch (rc) { |
|
1904 |
+ case VIRUS: |
|
1905 |
+ return VIRUS; |
|
1906 |
+ case MAXREC: |
|
1907 |
+ return MAXREC; |
|
1908 |
+ default: |
|
1909 |
+ return OK_ATTACHMENTS_NOT_SAVED; |
|
1910 |
+ } |
|
1911 |
+ } |
|
1909 | 1912 |
|
1910 |
- cli_dbgmsg("Find out the multipart type (%s)\n", mimeSubtype); |
|
1913 |
+ cli_dbgmsg("Find out the multipart type (%s)\n", mimeSubtype); |
|
1911 | 1914 |
|
1912 |
- /* |
|
1915 |
+ /* |
|
1913 | 1916 |
* We now have all the parts of the multipart message |
1914 | 1917 |
* in the messages array: |
1915 | 1918 |
* message *messages[multiparts] |
1916 | 1919 |
* Let's decide what to do with them all |
1917 | 1920 |
*/ |
1918 |
- switch(tableFind(mctx->subtypeTable, mimeSubtype)) { |
|
1919 |
- case RELATED: |
|
1920 |
- cli_dbgmsg("Multipart related handler\n"); |
|
1921 |
- /* |
|
1921 |
+ switch (tableFind(mctx->subtypeTable, mimeSubtype)) { |
|
1922 |
+ case RELATED: |
|
1923 |
+ cli_dbgmsg("Multipart related handler\n"); |
|
1924 |
+ /* |
|
1922 | 1925 |
* Have a look to see if there's HTML code |
1923 | 1926 |
* which will need scanning |
1924 | 1927 |
*/ |
1925 |
- aMessage = NULL; |
|
1926 |
- assert(multiparts > 0); |
|
1928 |
+ aMessage = NULL; |
|
1929 |
+ assert(multiparts > 0); |
|
1927 | 1930 |
|
1928 |
- htmltextPart = getTextPart(messages, multiparts); |
|
1931 |
+ htmltextPart = getTextPart(messages, multiparts); |
|
1929 | 1932 |
|
1930 |
- if(htmltextPart >= 0 && messages) { |
|
1931 |
- if(messageGetBody(messages[htmltextPart])) |
|
1933 |
+ if (htmltextPart >= 0 && messages) { |
|
1934 |
+ if (messageGetBody(messages[htmltextPart])) |
|
1932 | 1935 |
|
1933 |
- aText = textAddMessage(aText, messages[htmltextPart]); |
|
1934 |
- } else |
|
1935 |
- /* |
|
1936 |
+ aText = textAddMessage(aText, messages[htmltextPart]); |
|
1937 |
+ } else |
|
1938 |
+ /* |
|
1936 | 1939 |
* There isn't an HTML bit. If there's a |
1937 | 1940 |
* multipart bit, it'll may be in there |
1938 | 1941 |
* somewhere |
1939 | 1942 |
*/ |
1940 |
- for(i = 0; i < multiparts; i++) |
|
1941 |
- if(messageGetMimeType(messages[i]) == MULTIPART) { |
|
1942 |
- aMessage = messages[i]; |
|
1943 |
- htmltextPart = i; |
|
1944 |
- break; |
|
1945 |
- } |
|
1946 |
- |
|
1947 |
- if(htmltextPart == -1) |
|
1948 |
- cli_dbgmsg("No HTML code found to be scanned\n"); |
|
1949 |
- else { |
|
1943 |
+ for (i = 0; i < multiparts; i++) |
|
1944 |
+ if (messageGetMimeType(messages[i]) == MULTIPART) { |
|
1945 |
+ aMessage = messages[i]; |
|
1946 |
+ htmltextPart = i; |
|
1947 |
+ break; |
|
1948 |
+ } |
|
1949 |
+ |
|
1950 |
+ if (htmltextPart == -1) |
|
1951 |
+ cli_dbgmsg("No HTML code found to be scanned\n"); |
|
1952 |
+ else { |
|
1950 | 1953 |
#if HAVE_JSON |
1951 |
- /* Send root HTML file for preclassification */ |
|
1952 |
- if (mctx->ctx->wrkproperty) |
|
1953 |
- parseRootMHTML(mctx, aMessage, aText); |
|
1954 |
+ /* Send root HTML file for preclassification */ |
|
1955 |
+ if (mctx->ctx->wrkproperty) |
|
1956 |
+ parseRootMHTML(mctx, aMessage, aText); |
|
1954 | 1957 |
#endif |
1955 |
- rc = parseEmailBody(aMessage, aText, mctx, recursion_level + 1); |
|
1956 |
- if((rc == OK) && aMessage) { |
|
1957 |
- assert(aMessage == messages[htmltextPart]); |
|
1958 |
- messageDestroy(aMessage); |
|
1959 |
- messages[htmltextPart] = NULL; |
|
1960 |
- } else if(rc == VIRUS) { |
|
1961 |
- infected = TRUE; |
|
1962 |
- break; |
|
1963 |
- } |
|
1964 |
- } |
|
1965 |
- |
|
1966 |
- /* |
|
1958 |
+ rc = parseEmailBody(aMessage, aText, mctx, recursion_level + 1); |
|
1959 |
+ if ((rc == OK) && aMessage) { |
|
1960 |
+ assert(aMessage == messages[htmltextPart]); |
|
1961 |
+ messageDestroy(aMessage); |
|
1962 |
+ messages[htmltextPart] = NULL; |
|
1963 |
+ } else if (rc == VIRUS) { |
|
1964 |
+ infected = TRUE; |
|
1965 |
+ break; |
|
1966 |
+ } |
|
1967 |
+ } |
|
1968 |
+ |
|
1969 |
+ /* |
|
1967 | 1970 |
* The message is confused about the difference |
1968 | 1971 |
* between alternative and related. Badtrans.B |
1969 | 1972 |
* suffers from this problem. |
... | ... |
@@ -1972,8 +1950,8 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re |
1972 | 1972 |
* Content-Type: multipart/related; |
1973 | 1973 |
* type="multipart/alternative" |
1974 | 1974 |
*/ |
1975 |
- case DIGEST: |
|
1976 |
- /* |
|
1975 |
+ case DIGEST: |
|
1976 |
+ /* |
|
1977 | 1977 |
* According to section 5.1.5 RFC2046, the |
1978 | 1978 |
* default mime type of multipart/digest parts |
1979 | 1979 |
* is message/rfc822 |
... | ... |
@@ -1984,29 +1962,29 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re |
1984 | 1984 |
* OK for our needs since it means each part |
1985 | 1985 |
* will be scanned |
1986 | 1986 |
*/ |
1987 |
- case ALTERNATIVE: |
|
1988 |
- cli_dbgmsg("Multipart alternative handler\n"); |
|
1987 |
+ case ALTERNATIVE: |
|
1988 |
+ cli_dbgmsg("Multipart alternative handler\n"); |
|
1989 | 1989 |
|
1990 |
- /* |
|
1990 |
+ /* |
|
1991 | 1991 |
* Fall through - some clients are broken and |
1992 | 1992 |
* say alternative instead of mixed. The Klez |
1993 | 1993 |
* virus is broken that way, and anyway we |
1994 | 1994 |
* wish to scan all of the alternatives |
1995 | 1995 |
*/ |
1996 |
- case REPORT: |
|
1997 |
- /* |
|
1996 |
+ case REPORT: |
|
1997 |
+ /* |
|
1998 | 1998 |
* According to section 1 of RFC1892, the |
1999 | 1999 |
* syntax of multipart/report is the same |
2000 | 2000 |
* as multipart/mixed. There are some required |
2001 | 2001 |
* parameters, but there's no need for us to |
2002 | 2002 |
* verify that they exist |
2003 | 2003 |
*/ |
2004 |
- case ENCRYPTED: |
|
2005 |
- /* MUAs without encryption plugins can display as multipart/mixed, |
|
2004 |
+ case ENCRYPTED: |
|
2005 |
+ /* MUAs without encryption plugins can display as multipart/mixed, |
|
2006 | 2006 |
* just scan it*/ |
2007 |
- case MIXED: |
|
2008 |
- case APPLEDOUBLE: /* not really supported */ |
|
2009 |
- /* |
|
2007 |
+ case MIXED: |
|
2008 |
+ case APPLEDOUBLE: /* not really supported */ |
|
2009 |
+ /* |
|
2010 | 2010 |
* Look for attachments |
2011 | 2011 |
* |
2012 | 2012 |
* Not all formats are supported. If an |
... | ... |
@@ -2014,32 +1992,32 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re |
2014 | 2014 |
* common enough to implement, it is a simple |
2015 | 2015 |
* matter to add it |
2016 | 2016 |
*/ |
2017 |
- if(aText) { |
|
2018 |
- if(mainMessage && (mainMessage != messageIn)) |
|
2019 |
- messageDestroy(mainMessage); |
|
2020 |
- mainMessage = NULL; |
|
2021 |
- } |
|
2022 |
- |
|
2023 |
- cli_dbgmsg("Mixed message with %d parts\n", multiparts); |
|
2024 |
- for(i = 0; i < multiparts; i++) { |
|
2025 |
- mainMessage = do_multipart(mainMessage, |
|
2026 |
- messages, i, &rc, mctx, |
|
2027 |
- messageIn, &aText, recursion_level + 1); |
|
2028 |
- if(rc == VIRUS) { |
|
2029 |
- infected = TRUE; |
|
2030 |
- break; |
|
2031 |
- } |
|
2032 |
- if(rc == MAXREC) |
|
2033 |
- break; |
|
2034 |
- if (rc == OK_ATTACHMENTS_NOT_SAVED) |
|
2035 |
- rc = OK; |
|
2036 |
- } |
|
2037 |
- |
|
2038 |
- /* rc = parseEmailBody(NULL, NULL, mctx, recursion_level + 1); */ |
|
2039 |
- break; |
|
2040 |
- case SIGNED: |
|
2041 |
- case PARALLEL: |
|
2042 |
- /* |
|
2017 |
+ if (aText) { |
|
2018 |
+ if (mainMessage && (mainMessage != messageIn)) |
|
2019 |
+ messageDestroy(mainMessage); |
|
2020 |
+ mainMessage = NULL; |
|
2021 |
+ } |
|
2022 |
+ |
|
2023 |
+ cli_dbgmsg("Mixed message with %d parts\n", multiparts); |
|
2024 |
+ for (i = 0; i < multiparts; i++) { |
|
2025 |
+ mainMessage = do_multipart(mainMessage, |
|
2026 |
+ messages, i, &rc, mctx, |
|
2027 |
+ messageIn, &aText, recursion_level + 1); |
|
2028 |
+ if (rc == VIRUS) { |
|
2029 |
+ infected = TRUE; |
|
2030 |
+ break; |
|
2031 |
+ } |
|
2032 |
+ if (rc == MAXREC) |
|
2033 |
+ break; |
|
2034 |
+ if (rc == OK_ATTACHMENTS_NOT_SAVED) |
|
2035 |
+ rc = OK; |
|
2036 |
+ } |
|
2037 |
+ |
|
2038 |
+ /* rc = parseEmailBody(NULL, NULL, mctx, recursion_level + 1); */ |
|
2039 |
+ break; |
|
2040 |
+ case SIGNED: |
|
2041 |
+ case PARALLEL: |
|
2042 |
+ /* |
|
2043 | 2043 |
* If we're here it could be because we have a |
2044 | 2044 |
* multipart/mixed message, consisting of a |
2045 | 2045 |
* message followed by an attachment. That |
... | ... |
@@ -2047,226 +2025,225 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re |
2047 | 2047 |
* message and we need to dig out the plain |
2048 | 2048 |
* text part of that alternative |
2049 | 2049 |
*/ |
2050 |
- if(messages) { |
|
2051 |
- htmltextPart = getTextPart(messages, multiparts); |
|
2052 |
- if(htmltextPart == -1) |
|
2053 |
- htmltextPart = 0; |
|
2054 |
- rc = parseEmailBody(messages[htmltextPart], aText, mctx, recursion_level + 1); |
|
2055 |
- } |
|
2056 |
- break; |
|
2057 |
- default: |
|
2058 |
- assert(0); |
|
2059 |
- } |
|
2060 |
- |
|
2061 |
- if(mainMessage && (mainMessage != messageIn)) |
|
2062 |
- messageDestroy(mainMessage); |
|
2063 |
- |
|
2064 |
- if(aText && (textIn == NULL)) { |
|
2065 |
- if((!infected) && (fb = fileblobCreate()) != NULL) { |
|
2066 |
- cli_dbgmsg("Save non mime and/or text/plain part\n"); |
|
2067 |
- fileblobSetFilename(fb, mctx->dir, "textpart"); |
|
2068 |
- /*fileblobAddData(fb, "Received: by clamd (textpart)\n", 30);*/ |
|
2069 |
- fileblobSetCTX(fb, mctx->ctx); |
|
2070 |
- (void)textToFileblob(aText, fb, 1); |
|
2071 |
- |
|
2072 |
- fileblobDestroy(fb); |
|
2073 |
- mctx->files++; |
|
2074 |
- } |
|
2075 |
- textDestroy(aText); |
|
2076 |
- } |
|
2077 |
- |
|
2078 |
- for(i = 0; i < multiparts; i++) |
|
2079 |
- if(messages[i]) |
|
2080 |
- messageDestroy(messages[i]); |
|
2081 |
- |
|
2082 |
- if(messages) |
|
2083 |
- free(messages); |
|
2050 |
+ if (messages) { |
|
2051 |
+ htmltextPart = getTextPart(messages, multiparts); |
|
2052 |
+ if (htmltextPart == -1) |
|
2053 |
+ htmltextPart = 0; |
|
2054 |
+ rc = parseEmailBody(messages[htmltextPart], aText, mctx, recursion_level + 1); |
|
2055 |
+ } |
|
2056 |
+ break; |
|
2057 |
+ default: |
|
2058 |
+ assert(0); |
|
2059 |
+ } |
|
2060 |
+ |
|
2061 |
+ if (mainMessage && (mainMessage != messageIn)) |
|
2062 |
+ messageDestroy(mainMessage); |
|
2063 |
+ |
|
2064 |
+ if (aText && (textIn == NULL)) { |
|
2065 |
+ if ((!infected) && (fb = fileblobCreate()) != NULL) { |
|
2066 |
+ cli_dbgmsg("Save non mime and/or text/plain part\n"); |
|
2067 |
+ fileblobSetFilename(fb, mctx->dir, "textpart"); |
|
2068 |
+ /*fileblobAddData(fb, "Received: by clamd (textpart)\n", 30);*/ |
|
2069 |
+ fileblobSetCTX(fb, mctx->ctx); |
|
2070 |
+ (void)textToFileblob(aText, fb, 1); |
|
2071 |
+ |
|
2072 |
+ fileblobDestroy(fb); |
|
2073 |
+ mctx->files++; |
|
2074 |
+ } |
|
2075 |
+ textDestroy(aText); |
|
2076 |
+ } |
|
2077 |
+ |
|
2078 |
+ for (i = 0; i < multiparts; i++) |
|
2079 |
+ if (messages[i]) |
|
2080 |
+ messageDestroy(messages[i]); |
|
2081 |
+ |
|
2082 |
+ if (messages) |
|
2083 |
+ free(messages); |
|
2084 | 2084 |
|
2085 | 2085 |
#if HAVE_JSON |
2086 |
- mctx->wrkobj = saveobj; |
|
2086 |
+ mctx->wrkobj = saveobj; |
|
2087 | 2087 |
#endif |
2088 |
- return rc; |
|
2088 |
+ return rc; |
|
2089 | 2089 |
|
2090 |
- case MESSAGE: |
|
2091 |
- /* |
|
2090 |
+ case MESSAGE: |
|
2091 |
+ /* |
|
2092 | 2092 |
* Check for forbidden encodings |
2093 | 2093 |
*/ |
2094 |
- switch(messageGetEncoding(mainMessage)) { |
|
2095 |
- case NOENCODING: |
|
2096 |
- case EIGHTBIT: |
|
2097 |
- case BINARY: |
|
2098 |
- break; |
|
2099 |
- default: |
|
2100 |
- cli_dbgmsg("MIME type 'message' cannot be decoded\n"); |
|
2101 |
- break; |
|
2102 |
- } |
|
2103 |
- rc = FAIL; |
|
2104 |
- if((strcasecmp(mimeSubtype, "rfc822") == 0) || |
|
2105 |
- (strcasecmp(mimeSubtype, "delivery-status") == 0)) { |
|
2106 |
- message *m = parseEmailHeaders(mainMessage, mctx->rfc821Table); |
|
2107 |
- if(m) { |
|
2108 |
- cli_dbgmsg("Decode rfc822\n"); |
|
2109 |
- |
|
2110 |
- messageSetCTX(m, mctx->ctx); |
|
2111 |
- |
|
2112 |
- if(mainMessage && (mainMessage != messageIn)) { |
|
2113 |
- messageDestroy(mainMessage); |
|
2114 |
- mainMessage = NULL; |
|
2115 |
- } else |
|
2116 |
- messageReset(mainMessage); |
|
2117 |
- if(messageGetBody(m)) |
|
2118 |
- rc = parseEmailBody(m, NULL, mctx, recursion_level + 1); |
|
2119 |
- |
|
2120 |
- messageDestroy(m); |
|
2121 |
- } |
|
2122 |
- break; |
|
2123 |
- } else if(strcasecmp(mimeSubtype, "disposition-notification") == 0) { |
|
2124 |
- /* RFC 2298 - handle like a normal email */ |
|
2125 |
- rc = OK; |
|
2126 |
- break; |
|
2127 |
- } else if(strcasecmp(mimeSubtype, "partial") == 0) { |
|
2128 |
- if(mctx->ctx->options->mail & CL_SCAN_MAIL_PARTIAL_MESSAGE) { |
|
2129 |
- /* RFC1341 message split over many emails */ |
|
2130 |
- if(rfc1341(mainMessage, mctx->dir) >= 0) |
|
2131 |
- rc = OK; |
|
2132 |
- } else { |
|
2133 |
- cli_warnmsg("Partial message received from MUA/MTA - message cannot be scanned\n"); |
|
2134 |
- } |
|
2135 |
- } else if(strcasecmp(mimeSubtype, "external-body") == 0) |
|
2136 |
- /* TODO */ |
|
2137 |
- cli_warnmsg("Attempt to send Content-type message/external-body trapped\n"); |
|
2138 |
- else |
|
2139 |
- cli_warnmsg("Unsupported message format `%s' - if you believe this file contains a virus, submit it to www.clamav.net\n", mimeSubtype); |
|
2140 |
- |
|
2141 |
- |
|
2142 |
- if(mainMessage && (mainMessage != messageIn)) |
|
2143 |
- messageDestroy(mainMessage); |
|
2144 |
- if(messages) |
|
2145 |
- free(messages); |
|
2094 |
+ switch (messageGetEncoding(mainMessage)) { |
|
2095 |
+ case NOENCODING: |
|
2096 |
+ case EIGHTBIT: |
|
2097 |
+ case BINARY: |
|
2098 |
+ break; |
|
2099 |
+ default: |
|
2100 |
+ cli_dbgmsg("MIME type 'message' cannot be decoded\n"); |
|
2101 |
+ break; |
|
2102 |
+ } |
|
2103 |
+ rc = FAIL; |
|
2104 |
+ if ((strcasecmp(mimeSubtype, "rfc822") == 0) || |
|
2105 |
+ (strcasecmp(mimeSubtype, "delivery-status") == 0)) { |
|
2106 |
+ message *m = parseEmailHeaders(mainMessage, mctx->rfc821Table); |
|
2107 |
+ if (m) { |
|
2108 |
+ cli_dbgmsg("Decode rfc822\n"); |
|
2109 |
+ |
|
2110 |
+ messageSetCTX(m, mctx->ctx); |
|
2111 |
+ |
|
2112 |
+ if (mainMessage && (mainMessage != messageIn)) { |
|
2113 |
+ messageDestroy(mainMessage); |
|
2114 |
+ mainMessage = NULL; |
|
2115 |
+ } else |
|
2116 |
+ messageReset(mainMessage); |
|
2117 |
+ if (messageGetBody(m)) |
|
2118 |
+ rc = parseEmailBody(m, NULL, mctx, recursion_level + 1); |
|
2119 |
+ |
|
2120 |
+ messageDestroy(m); |
|
2121 |
+ } |
|
2122 |
+ break; |
|
2123 |
+ } else if (strcasecmp(mimeSubtype, "disposition-notification") == 0) { |
|
2124 |
+ /* RFC 2298 - handle like a normal email */ |
|
2125 |
+ rc = OK; |
|
2126 |
+ break; |
|
2127 |
+ } else if (strcasecmp(mimeSubtype, "partial") == 0) { |
|
2128 |
+ if (mctx->ctx->options->mail & CL_SCAN_MAIL_PARTIAL_MESSAGE) { |
|
2129 |
+ /* RFC1341 message split over many emails */ |
|
2130 |
+ if (rfc1341(mainMessage, mctx->dir) >= 0) |
|
2131 |
+ rc = OK; |
|
2132 |
+ } else { |
|
2133 |
+ cli_warnmsg("Partial message received from MUA/MTA - message cannot be scanned\n"); |
|
2134 |
+ } |
|
2135 |
+ } else if (strcasecmp(mimeSubtype, "external-body") == 0) |
|
2136 |
+ /* TODO */ |
|
2137 |
+ cli_warnmsg("Attempt to send Content-type message/external-body trapped\n"); |
|
2138 |
+ else |
|
2139 |
+ cli_warnmsg("Unsupported message format `%s' - if you believe this file contains a virus, submit it to www.clamav.net\n", mimeSubtype); |
|
2140 |
+ |
|
2141 |
+ if (mainMessage && (mainMessage != messageIn)) |
|
2142 |
+ messageDestroy(mainMessage); |
|
2143 |
+ if (messages) |
|
2144 |
+ free(messages); |
|
2146 | 2145 |
#if HAVE_JSON |
2147 |
- mctx->wrkobj = saveobj; |
|
2146 |
+ mctx->wrkobj = saveobj; |
|
2148 | 2147 |
#endif |
2149 |
- return rc; |
|
2148 |
+ return rc; |
|
2150 | 2149 |
|
2151 |
- default: |
|
2152 |
- cli_dbgmsg("Message received with unknown mime encoding - assume application\n"); |
|
2153 |
- /* |
|
2150 |
+ default: |
|
2151 |
+ cli_dbgmsg("Message received with unknown mime encoding - assume application\n"); |
|
2152 |
+ /* |
|
2154 | 2153 |
* Some Yahoo emails attach as |
2155 | 2154 |
* Content-Type: X-unknown/unknown; |
2156 | 2155 |
* instead of |
2157 | 2156 |
* Content-Type: application/unknown; |
2158 | 2157 |
* so let's try our best to salvage something |
2159 | 2158 |
*/ |
2160 |
- case APPLICATION: |
|
2161 |
- /*cptr = messageGetMimeSubtype(mainMessage); |
|
2159 |
+ case APPLICATION: |
|
2160 |
+ /*cptr = messageGetMimeSubtype(mainMessage); |
|
2162 | 2161 |
|
2163 | 2162 |
if((strcasecmp(cptr, "octet-stream") == 0) || |
2164 | 2163 |
(strcasecmp(cptr, "x-msdownload") == 0)) {*/ |
2165 |
- { |
|
2166 |
- fb = messageToFileblob(mainMessage, mctx->dir, 1); |
|
2167 |
- |
|
2168 |
- if(fb) { |
|
2169 |
- cli_dbgmsg("Saving main message as attachment\n"); |
|
2170 |
- if(fileblobScanAndDestroy(fb) == CL_VIRUS) |
|
2171 |
- rc = VIRUS; |
|
2172 |
- mctx->files++; |
|
2173 |
- if(mainMessage != messageIn) { |
|
2174 |
- messageDestroy(mainMessage); |
|
2175 |
- mainMessage = NULL; |
|
2176 |
- } else |
|
2177 |
- messageReset(mainMessage); |
|
2178 |
- } |
|
2179 |
- } /*else |
|
2164 |
+ { |
|
2165 |
+ fb = messageToFileblob(mainMessage, mctx->dir, 1); |
|
2166 |
+ |
|
2167 |
+ if (fb) { |
|
2168 |
+ cli_dbgmsg("Saving main message as attachment\n"); |
|
2169 |
+ if (fileblobScanAndDestroy(fb) == CL_VIRUS) |
|
2170 |
+ rc = VIRUS; |
|
2171 |
+ mctx->files++; |
|
2172 |
+ if (mainMessage != messageIn) { |
|
2173 |
+ messageDestroy(mainMessage); |
|
2174 |
+ mainMessage = NULL; |
|
2175 |
+ } else |
|
2176 |
+ messageReset(mainMessage); |
|
2177 |
+ } |
|
2178 |
+ } /*else |
|
2180 | 2179 |
cli_warnmsg("Discarded application not sent as attachment\n");*/ |
2181 |
- break; |
|
2182 |
- |
|
2183 |
- case AUDIO: |
|
2184 |
- case VIDEO: |
|
2185 |
- case IMAGE: |
|
2186 |
- break; |
|
2187 |
- } |
|
2188 |
- |
|
2189 |
- if(messages) { |
|
2190 |
- /* "can't happen" */ |
|
2191 |
- cli_warnmsg("messages != NULL\n"); |
|
2192 |
- free(messages); |
|
2193 |
- } |
|
2194 |
- } |
|
2195 |
- |
|
2196 |
- if(aText && (textIn == NULL)) { |
|
2197 |
- /* Look for a bounce in the text (non mime encoded) portion */ |
|
2198 |
- const text *t; |
|
2199 |
- /* isBounceStart() is expensive, reduce the number of calls */ |
|
2200 |
- bool lookahead_definately_is_bounce = FALSE; |
|
2201 |
- |
|
2202 |
- for(t = aText; t && (rc != VIRUS); t = t->t_next) { |
|
2203 |
- const line_t *l = t->t_line; |
|
2204 |
- const text *lookahead, *topofbounce; |
|
2205 |
- const char *s; |
|
2206 |
- bool inheader; |
|
2207 |
- |
|
2208 |
- if(l == NULL) { |
|
2209 |
- /* assert(lookahead_definately_is_bounce == FALSE) */ |
|
2210 |
- continue; |
|
2211 |
- } |
|
2212 |
- |
|
2213 |
- if(lookahead_definately_is_bounce) |
|
2214 |
- lookahead_definately_is_bounce = FALSE; |
|
2215 |
- else if(!isBounceStart(mctx, lineGetData(l))) |
|
2216 |
- continue; |
|
2217 |
- |
|
2218 |
- lookahead = t->t_next; |
|
2219 |
- if(lookahead) { |
|
2220 |
- if(isBounceStart(mctx, lineGetData(lookahead->t_line))) { |
|
2221 |
- lookahead_definately_is_bounce = TRUE; |
|
2222 |
- /* don't save worthless header lines */ |
|
2223 |
- continue; |
|
2224 |
- } |
|
2225 |
- } else /* don't save a single liner */ |
|
2226 |
- break; |
|
2227 |
- |
|
2228 |
- /* |
|
2180 |
+ break; |
|
2181 |
+ |
|
2182 |
+ case AUDIO: |
|
2183 |
+ case VIDEO: |
|
2184 |
+ case IMAGE: |
|
2185 |
+ break; |
|
2186 |
+ } |
|
2187 |
+ |
|
2188 |
+ if (messages) { |
|
2189 |
+ /* "can't happen" */ |
|
2190 |
+ cli_warnmsg("messages != NULL\n"); |
|
2191 |
+ free(messages); |
|
2192 |
+ } |
|
2193 |
+ } |
|
2194 |
+ |
|
2195 |
+ if (aText && (textIn == NULL)) { |
|
2196 |
+ /* Look for a bounce in the text (non mime encoded) portion */ |
|
2197 |
+ const text *t; |
|
2198 |
+ /* isBounceStart() is expensive, reduce the number of calls */ |
|
2199 |
+ bool lookahead_definately_is_bounce = FALSE; |
|
2200 |
+ |
|
2201 |
+ for (t = aText; t && (rc != VIRUS); t = t->t_next) { |
|
2202 |
+ const line_t *l = t->t_line; |
|
2203 |
+ const text *lookahead, *topofbounce; |
|
2204 |
+ const char *s; |
|
2205 |
+ bool inheader; |
|
2206 |
+ |
|
2207 |
+ if (l == NULL) { |
|
2208 |
+ /* assert(lookahead_definately_is_bounce == FALSE) */ |
|
2209 |
+ continue; |
|
2210 |
+ } |
|
2211 |
+ |
|
2212 |
+ if (lookahead_definately_is_bounce) |
|
2213 |
+ lookahead_definately_is_bounce = FALSE; |
|
2214 |
+ else if (!isBounceStart(mctx, lineGetData(l))) |
|
2215 |
+ continue; |
|
2216 |
+ |
|
2217 |
+ lookahead = t->t_next; |
|
2218 |
+ if (lookahead) { |
|
2219 |
+ if (isBounceStart(mctx, lineGetData(lookahead->t_line))) { |
|
2220 |
+ lookahead_definately_is_bounce = TRUE; |
|
2221 |
+ /* don't save worthless header lines */ |
|
2222 |
+ continue; |
|
2223 |
+ } |
|
2224 |
+ } else /* don't save a single liner */ |
|
2225 |
+ break; |
|
2226 |
+ |
|
2227 |
+ /* |
|
2229 | 2228 |
* We've found what looks like the start of a bounce |
2230 | 2229 |
* message. Only bother saving if it really is a bounce |
2231 | 2230 |
* message, this helps to speed up scanning of ping-pong |
2232 | 2231 |
* messages that have lots of bounces within bounces in |
2233 | 2232 |
* them |
2234 | 2233 |
*/ |
2235 |
- for(; lookahead; lookahead = lookahead->t_next) { |
|
2236 |
- l = lookahead->t_line; |
|
2237 |
- |
|
2238 |
- if(l == NULL) |
|
2239 |
- break; |
|
2240 |
- s = lineGetData(l); |
|
2241 |
- if(strncasecmp(s, "Content-Type:", 13) == 0) { |
|
2242 |
- /* |
|
2234 |
+ for (; lookahead; lookahead = lookahead->t_next) { |
|
2235 |
+ l = lookahead->t_line; |
|
2236 |
+ |
|
2237 |
+ if (l == NULL) |
|
2238 |
+ break; |
|
2239 |
+ s = lineGetData(l); |
|
2240 |
+ if (strncasecmp(s, "Content-Type:", 13) == 0) { |
|
2241 |
+ /* |
|
2243 | 2242 |
* Don't bother with text/plain or |
2244 | 2243 |
* text/html |
2245 | 2244 |
*/ |
2246 |
- if(cli_strcasestr(s, "text/plain") != NULL) |
|
2247 |
- /* |
|
2245 |
+ if (cli_strcasestr(s, "text/plain") != NULL) |
|
2246 |
+ /* |
|
2248 | 2247 |
* Don't bother to save the |
2249 | 2248 |
* unuseful part, read past |
2250 | 2249 |
* the headers then we'll go |
2251 | 2250 |
* on to look for the next |
2252 | 2251 |
* bounce message |
2253 | 2252 |
*/ |
2254 |
- continue; |
|
2255 |
- if((!doPhishingScan) && |
|
2256 |
- (cli_strcasestr(s, "text/html") != NULL)) |
|
2257 |
- continue; |
|
2258 |
- break; |
|
2259 |
- } |
|
2260 |
- } |
|
2261 |
- |
|
2262 |
- if(lookahead && (lookahead->t_line == NULL)) { |
|
2263 |
- cli_dbgmsg("Non mime part bounce message is not mime encoded, so it will not be scanned\n"); |
|
2264 |
- t = lookahead; |
|
2265 |
- /* look for next bounce message */ |
|
2266 |
- continue; |
|
2267 |
- } |
|
2268 |
- |
|
2269 |
- /* |
|
2253 |
+ continue; |
|
2254 |
+ if ((!doPhishingScan) && |
|
2255 |
+ (cli_strcasestr(s, "text/html") != NULL)) |
|
2256 |
+ continue; |
|
2257 |
+ break; |
|
2258 |
+ } |
|
2259 |
+ } |
|
2260 |
+ |
|
2261 |
+ if (lookahead && (lookahead->t_line == NULL)) { |
|
2262 |
+ cli_dbgmsg("Non mime part bounce message is not mime encoded, so it will not be scanned\n"); |
|
2263 |
+ t = lookahead; |
|
2264 |
+ /* look for next bounce message */ |
|
2265 |
+ continue; |
|
2266 |
+ } |
|
2267 |
+ |
|
2268 |
+ /* |
|
2270 | 2269 |
* Prescan the bounce message to see if there's likely |
2271 | 2270 |
* to be anything nasty. |
2272 | 2271 |
* This algorithm is hand crafted and may be breakable |
... | ... |
@@ -2275,155 +2252,156 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re |
2275 | 2275 |
* significantly speeds up the scanning of multiple |
2276 | 2276 |
* bounces (i.e. bounces within many bounces) |
2277 | 2277 |
*/ |
2278 |
- for(; lookahead; lookahead = lookahead->t_next) { |
|
2279 |
- l = lookahead->t_line; |
|
2280 |
- |
|
2281 |
- if(l) { |
|
2282 |
- s = lineGetData(l); |
|
2283 |
- if((strncasecmp(s, "Content-Type:", 13) == 0) && |
|
2284 |
- (strstr(s, "multipart/") == NULL) && |
|
2285 |
- (strstr(s, "message/rfc822") == NULL) && |
|
2286 |
- (strstr(s, "text/plain") == NULL)) |
|
2287 |
- break; |
|
2288 |
- } |
|
2289 |
- } |
|
2290 |
- if(lookahead == NULL) { |
|
2291 |
- cli_dbgmsg("cli_mbox: I believe it's plain text which must be clean\n"); |
|
2292 |
- /* nothing here, move along please */ |
|
2293 |
- break; |
|
2294 |
- } |
|
2295 |
- if((fb = fileblobCreate()) == NULL) |
|
2296 |
- break; |
|
2297 |
- cli_dbgmsg("Save non mime part bounce message\n"); |
|
2298 |
- fileblobSetFilename(fb, mctx->dir, "bounce"); |
|
2299 |
- fileblobAddData(fb, (const unsigned char *)"Received: by clamd (bounce)\n", 28); |
|
2300 |
- fileblobSetCTX(fb, mctx->ctx); |
|
2301 |
- |
|
2302 |
- inheader = TRUE; |
|
2303 |
- topofbounce = NULL; |
|
2304 |
- do { |
|
2305 |
- l = t->t_line; |
|
2306 |
- |
|
2307 |
- if(l == NULL) { |
|
2308 |
- if(inheader) { |
|
2309 |
- inheader = FALSE; |
|
2310 |
- topofbounce = t; |
|
2311 |
- } |
|
2312 |
- } else { |
|
2313 |
- s = lineGetData(l); |
|
2314 |
- fileblobAddData(fb, (const unsigned char *)s, strlen(s)); |
|
2315 |
- } |
|
2316 |
- fileblobAddData(fb, (const unsigned char *)"\n", 1); |
|
2317 |
- lookahead = t->t_next; |
|
2318 |
- if(lookahead == NULL) |
|
2319 |
- break; |
|
2320 |
- t = lookahead; |
|
2321 |
- l = t->t_line; |
|
2322 |
- if((!inheader) && l) { |
|
2323 |
- s = lineGetData(l); |
|
2324 |
- if(isBounceStart(mctx, s)) { |
|
2325 |
- cli_dbgmsg("Found the start of another bounce candidate (%s)\n", s); |
|
2326 |
- lookahead_definately_is_bounce = TRUE; |
|
2327 |
- break; |
|
2328 |
- } |
|
2329 |
- } |
|
2330 |
- } while(!fileblobInfected(fb)); |
|
2331 |
- |
|
2332 |
- if(fileblobScanAndDestroy(fb) == CL_VIRUS) |
|
2333 |
- rc = VIRUS; |
|
2334 |
- mctx->files++; |
|
2335 |
- |
|
2336 |
- if(topofbounce) |
|
2337 |
- t = topofbounce; |
|
2338 |
- } |
|
2339 |
- textDestroy(aText); |
|
2340 |
- aText = NULL; |
|
2341 |
- } |
|
2342 |
- |
|
2343 |
- /* |
|
2278 |
+ for (; lookahead; lookahead = lookahead->t_next) { |
|
2279 |
+ l = lookahead->t_line; |
|
2280 |
+ |
|
2281 |
+ if (l) { |
|
2282 |
+ s = lineGetData(l); |
|
2283 |
+ if ((strncasecmp(s, "Content-Type:", 13) == 0) && |
|
2284 |
+ (strstr(s, "multipart/") == NULL) && |
|
2285 |
+ (strstr(s, "message/rfc822") == NULL) && |
|
2286 |
+ (strstr(s, "text/plain") == NULL)) |
|
2287 |
+ break; |
|
2288 |
+ } |
|
2289 |
+ } |
|
2290 |
+ if (lookahead == NULL) { |
|
2291 |
+ cli_dbgmsg("cli_mbox: I believe it's plain text which must be clean\n"); |
|
2292 |
+ /* nothing here, move along please */ |
|
2293 |
+ break; |
|
2294 |
+ } |
|
2295 |
+ if ((fb = fileblobCreate()) == NULL) |
|
2296 |
+ break; |
|
2297 |
+ cli_dbgmsg("Save non mime part bounce message\n"); |
|
2298 |
+ fileblobSetFilename(fb, mctx->dir, "bounce"); |
|
2299 |
+ fileblobAddData(fb, (const unsigned char *)"Received: by clamd (bounce)\n", 28); |
|
2300 |
+ fileblobSetCTX(fb, mctx->ctx); |
|
2301 |
+ |
|
2302 |
+ inheader = TRUE; |
|
2303 |
+ topofbounce = NULL; |
|
2304 |
+ do { |
|
2305 |
+ l = t->t_line; |
|
2306 |
+ |
|
2307 |
+ if (l == NULL) { |
|
2308 |
+ if (inheader) { |
|
2309 |
+ inheader = FALSE; |
|
2310 |
+ topofbounce = t; |
|
2311 |
+ } |
|
2312 |
+ } else { |
|
2313 |
+ s = lineGetData(l); |
|
2314 |
+ fileblobAddData(fb, (const unsigned char *)s, strlen(s)); |
|
2315 |
+ } |
|
2316 |
+ fileblobAddData(fb, (const unsigned char *)"\n", 1); |
|
2317 |
+ lookahead = t->t_next; |
|
2318 |
+ if (lookahead == NULL) |
|
2319 |
+ break; |
|
2320 |
+ t = lookahead; |
|
2321 |
+ l = t->t_line; |
|
2322 |
+ if ((!inheader) && l) { |
|
2323 |
+ s = lineGetData(l); |
|
2324 |
+ if (isBounceStart(mctx, s)) { |
|
2325 |
+ cli_dbgmsg("Found the start of another bounce candidate (%s)\n", s); |
|
2326 |
+ lookahead_definately_is_bounce = TRUE; |
|
2327 |
+ break; |
|
2328 |
+ } |
|
2329 |
+ } |
|
2330 |
+ } while (!fileblobInfected(fb)); |
|
2331 |
+ |
|
2332 |
+ if (fileblobScanAndDestroy(fb) == CL_VIRUS) |
|
2333 |
+ rc = VIRUS; |
|
2334 |
+ mctx->files++; |
|
2335 |
+ |
|
2336 |
+ if (topofbounce) |
|
2337 |
+ t = topofbounce; |
|
2338 |
+ } |
|
2339 |
+ textDestroy(aText); |
|
2340 |
+ aText = NULL; |
|
2341 |
+ } |
|
2342 |
+ |
|
2343 |
+ /* |
|
2344 | 2344 |
* No attachments - scan the text portions, often files |
2345 | 2345 |
* are hidden in HTML code |
2346 | 2346 |
*/ |
2347 |
- if(mainMessage && (rc != VIRUS)) { |
|
2348 |
- text *t_line; |
|
2347 |
+ if (mainMessage && (rc != VIRUS)) { |
|
2348 |
+ text *t_line; |
|
2349 | 2349 |
|
2350 |
- /* |
|
2350 |
+ /* |
|
2351 | 2351 |
* Look for uu-encoded main file |
2352 | 2352 |
*/ |
2353 |
- if(mainMessage->body_first != NULL && |
|
2354 |
- (encodingLine(mainMessage) != NULL) && |
|
2355 |
- ((t_line = bounceBegin(mainMessage)) != NULL)) |
|
2356 |
- rc = (exportBounceMessage(mctx, t_line) == CL_VIRUS) ? VIRUS : OK; |
|
2357 |
- else { |
|
2358 |
- bool saveIt; |
|
2359 |
- |
|
2360 |
- if(messageGetMimeType(mainMessage) == MESSAGE) |
|
2361 |
- /* |
|
2353 |
+ if (mainMessage->body_first != NULL && |
|
2354 |
+ (encodingLine(mainMessage) != NULL) && |
|
2355 |
+ ((t_line = bounceBegin(mainMessage)) != NULL)) |
|
2356 |
+ rc = (exportBounceMessage(mctx, t_line) == CL_VIRUS) ? VIRUS : OK; |
|
2357 |
+ else { |
|
2358 |
+ bool saveIt; |
|
2359 |
+ |
|
2360 |
+ if (messageGetMimeType(mainMessage) == MESSAGE) |
|
2361 |
+ /* |
|
2362 | 2362 |
* Quick peek, if the encapsulated |
2363 | 2363 |
* message has no |
2364 | 2364 |
* content encoding statement don't |
2365 | 2365 |
* bother saving to scan, it's safe |
2366 | 2366 |
*/ |
2367 |
- saveIt = (bool)(encodingLine(mainMessage) != NULL); |
|
2368 |
- else if(mainMessage->body_last != NULL && (t_line = encodingLine(mainMessage)) != NULL) { |
|
2369 |
- /* |
|
2367 |
+ saveIt = (bool)(encodingLine(mainMessage) != NULL); |
|
2368 |
+ else if (mainMessage->body_last != NULL && (t_line = encodingLine(mainMessage)) != NULL) { |
|
2369 |
+ /* |
|
2370 | 2370 |
* Some bounces include the message |
2371 | 2371 |
* body without the headers. |
2372 | 2372 |
* FIXME: Unfortunately this generates a |
2373 | 2373 |
* lot of false positives that a bounce |
2374 | 2374 |
* has been found when it hasn't. |
2375 | 2375 |
*/ |
2376 |
- if((fb = fileblobCreate()) != NULL) { |
|
2377 |
- cli_dbgmsg("Found a bounce message with no header at '%s'\n", |
|
2378 |
- lineGetData(t_line->t_line)); |
|
2379 |
- fileblobSetFilename(fb, mctx->dir, "bounce"); |
|
2380 |
- fileblobAddData(fb, |
|
2381 |
- (const unsigned char *)"Received: by clamd (bounce)\n", |
|
2382 |
- 28); |
|
2383 |
- |
|
2384 |
- fileblobSetCTX(fb, mctx->ctx); |
|
2385 |
- if(fileblobScanAndDestroy(textToFileblob(t_line, fb, 1)) == CL_VIRUS) |
|
2386 |
- rc = VIRUS; |
|
2387 |
- mctx->files++; |
|
2388 |
- } |
|
2389 |
- saveIt = FALSE; |
|
2390 |
- } else |
|
2391 |
- /* |
|
2376 |
+ if ((fb = fileblobCreate()) != NULL) { |
|
2377 |
+ cli_dbgmsg("Found a bounce message with no header at '%s'\n", |
|
2378 |
+ lineGetData(t_line->t_line)); |
|
2379 |
+ fileblobSetFilename(fb, mctx->dir, "bounce"); |
|
2380 |
+ fileblobAddData(fb, |
|
2381 |
+ (const unsigned char *)"Received: by clamd (bounce)\n", |
|
2382 |
+ 28); |
|
2383 |
+ |
|
2384 |
+ fileblobSetCTX(fb, mctx->ctx); |
|
2385 |
+ if (fileblobScanAndDestroy(textToFileblob(t_line, fb, 1)) == CL_VIRUS) |
|
2386 |
+ rc = VIRUS; |
|
2387 |
+ mctx->files++; |
|
2388 |
+ } |
|
2389 |
+ saveIt = FALSE; |
|
2390 |
+ } else |
|
2391 |
+ /* |
|
2392 | 2392 |
* Save the entire text portion, |
2393 | 2393 |
* since it it may be an HTML file with |
2394 | 2394 |
* a JavaScript virus or a phish |
2395 | 2395 |
*/ |
2396 |
- saveIt = TRUE; |
|
2397 |
- |
|
2398 |
- if(saveIt) { |
|
2399 |
- cli_dbgmsg("Saving text part to scan, rc = %d\n", |
|
2400 |
- (int)rc); |
|
2401 |
- if(saveTextPart(mctx, mainMessage, 1) == CL_VIRUS) |
|
2402 |
- rc = VIRUS; |
|
2403 |
- |
|
2404 |
- if(mainMessage != messageIn) { |
|
2405 |
- messageDestroy(mainMessage); |
|
2406 |
- mainMessage = NULL; |
|
2407 |
- } else |
|
2408 |
- messageReset(mainMessage); |
|
2409 |
- } |
|
2410 |
- } |
|
2411 |
- } /*else |
|
2412 |
- rc = OK_ATTACHMENTS_NOT_SAVED; */ /* nothing saved */ |
|
2413 |
- |
|
2414 |
- if(mainMessage && (mainMessage != messageIn)) |
|
2415 |
- messageDestroy(mainMessage); |
|
2416 |
- |
|
2417 |
- if((rc != FAIL) && infected) |
|
2418 |
- rc = VIRUS; |
|
2396 |
+ saveIt = TRUE; |
|
2397 |
+ |
|
2398 |
+ if (saveIt) { |
|
2399 |
+ cli_dbgmsg("Saving text part to scan, rc = %d\n", |
|
2400 |
+ (int)rc); |
|
2401 |
+ if (saveTextPart(mctx, mainMessage, 1) == CL_VIRUS) |
|
2402 |
+ rc = VIRUS; |
|
2403 |
+ |
|
2404 |
+ if (mainMessage != messageIn) { |
|
2405 |
+ messageDestroy(mainMessage); |
|
2406 |
+ mainMessage = NULL; |
|
2407 |
+ } else |
|
2408 |
+ messageReset(mainMessage); |
|
2409 |
+ } |
|
2410 |
+ } |
|
2411 |
+ } /*else |
|
2412 |
+ rc = OK_ATTACHMENTS_NOT_SAVED; */ |
|
2413 |
+ /* nothing saved */ |
|
2414 |
+ |
|
2415 |
+ if (mainMessage && (mainMessage != messageIn)) |
|
2416 |
+ messageDestroy(mainMessage); |
|
2417 |
+ |
|
2418 |
+ if ((rc != FAIL) && infected) |
|
2419 |
+ rc = VIRUS; |
|
2419 | 2420 |
|
2420 | 2421 |
#if HAVE_JSON |
2421 |
- mctx->wrkobj = saveobj; |
|
2422 |
+ mctx->wrkobj = saveobj; |
|
2422 | 2423 |
#endif |
2423 | 2424 |
|
2424 |
- cli_dbgmsg("parseEmailBody() returning %d\n", (int)rc); |
|
2425 |
+ cli_dbgmsg("parseEmailBody() returning %d\n", (int)rc); |
|
2425 | 2426 |
|
2426 |
- return rc; |
|
2427 |
+ return rc; |
|
2427 | 2428 |
} |
2428 | 2429 |
|
2429 | 2430 |
/* |
... | ... |
@@ -2434,16 +2412,16 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re |
2434 | 2434 |
static int |
2435 | 2435 |
boundaryStart(const char *line, const char *boundary) |
2436 | 2436 |
{ |
2437 |
- const char *ptr; |
|
2438 |
- char *out; |
|
2439 |
- int rc; |
|
2440 |
- char buf[RFC2821LENGTH + 1]; |
|
2437 |
+ const char *ptr; |
|
2438 |
+ char *out; |
|
2439 |
+ int rc; |
|
2440 |
+ char buf[RFC2821LENGTH + 1]; |
|
2441 | 2441 |
char *newline; |
2442 | 2442 |
|
2443 |
- if(line == NULL || *line == '\0') |
|
2444 |
- return 0; /* empty line */ |
|
2445 |
- if(boundary == NULL) |
|
2446 |
- return 0; |
|
2443 |
+ if (line == NULL || *line == '\0') |
|
2444 |
+ return 0; /* empty line */ |
|
2445 |
+ if (boundary == NULL) |
|
2446 |
+ return 0; |
|
2447 | 2447 |
|
2448 | 2448 |
newline = strdup(line); |
2449 | 2449 |
if (!(newline)) |
... | ... |
@@ -2460,39 +2438,39 @@ boundaryStart(const char *line, const char *boundary) |
2460 | 2460 |
if (newline != line) |
2461 | 2461 |
cli_chomp(newline); |
2462 | 2462 |
|
2463 |
- /* cli_dbgmsg("boundaryStart: line = '%s' boundary = '%s'\n", line, boundary); */ |
|
2463 |
+ /* cli_dbgmsg("boundaryStart: line = '%s' boundary = '%s'\n", line, boundary); */ |
|
2464 | 2464 |
|
2465 |
- if((*newline != '-') && (*newline != '(')) { |
|
2465 |
+ if ((*newline != '-') && (*newline != '(')) { |
|
2466 | 2466 |
if (newline != line) |
2467 | 2467 |
free(newline); |
2468 |
- return 0; |
|
2468 |
+ return 0; |
|
2469 | 2469 |
} |
2470 | 2470 |
|
2471 |
- if(strchr(newline, '-') == NULL) { |
|
2471 |
+ if (strchr(newline, '-') == NULL) { |
|
2472 | 2472 |
if (newline != line) |
2473 | 2473 |
free(newline); |
2474 |
- return 0; |
|
2474 |
+ return 0; |
|
2475 | 2475 |
} |
2476 | 2476 |
|
2477 |
- if(strlen(newline) <= sizeof(buf)) { |
|
2478 |
- out = NULL; |
|
2479 |
- ptr = rfc822comments(newline, buf); |
|
2480 |
- } else |
|
2481 |
- ptr = out = rfc822comments(newline, NULL); |
|
2477 |
+ if (strlen(newline) <= sizeof(buf)) { |
|
2478 |
+ out = NULL; |
|
2479 |
+ ptr = rfc822comments(newline, buf); |
|
2480 |
+ } else |
|
2481 |
+ ptr = out = rfc822comments(newline, NULL); |
|
2482 | 2482 |
|
2483 |
- if(ptr == NULL) |
|
2484 |
- ptr = newline; |
|
2483 |
+ if (ptr == NULL) |
|
2484 |
+ ptr = newline; |
|
2485 | 2485 |
|
2486 |
- if((*ptr++ != '-') || (*ptr == '\0')) { |
|
2487 |
- if(out) |
|
2488 |
- free(out); |
|
2486 |
+ if ((*ptr++ != '-') || (*ptr == '\0')) { |
|
2487 |
+ if (out) |
|
2488 |
+ free(out); |
|
2489 | 2489 |
if (newline != line) |
2490 | 2490 |
free(newline); |
2491 | 2491 |
|
2492 |
- return 0; |
|
2493 |
- } |
|
2492 |
+ return 0; |
|
2493 |
+ } |
|
2494 | 2494 |
|
2495 |
- /* |
|
2495 |
+ /* |
|
2496 | 2496 |
* Gibe.B3 is broken, it has: |
2497 | 2497 |
* boundary="---- =_NextPart_000_01C31177.9DC7C000" |
2498 | 2498 |
* but it's boundaries look like |
... | ... |
@@ -2512,45 +2490,45 @@ boundaryStart(const char *line, const char *boundary) |
2512 | 2512 |
* they're not. Irrespective of whatever RFC2822 says, we need to find |
2513 | 2513 |
* viruses in both types of mails. |
2514 | 2514 |
*/ |
2515 |
- if((strstr(&ptr[1], boundary) != NULL) || (strstr(newline, boundary) != NULL)) { |
|
2516 |
- const char *k = ptr; |
|
2515 |
+ if ((strstr(&ptr[1], boundary) != NULL) || (strstr(newline, boundary) != NULL)) { |
|
2516 |
+ const char *k = ptr; |
|
2517 | 2517 |
|
2518 |
- /* |
|
2518 |
+ /* |
|
2519 | 2519 |
* We need to ensure that we don't match --11=-=-=11 when |
2520 | 2520 |
* looking for --1=-=-=1 in well behaved headers, that's a |
2521 | 2521 |
* false positive problem mentioned above |
2522 | 2522 |
*/ |
2523 |
- rc = 0; |
|
2524 |
- do |
|
2525 |
- if(strcmp(++k, boundary) == 0) { |
|
2526 |
- rc = 1; |
|
2527 |
- break; |
|
2528 |
- } |
|
2529 |
- while(*k == '-'); |
|
2530 |
- if(rc == 0) { |
|
2531 |
- k = &line[1]; |
|
2532 |
- do |
|
2533 |
- if(strcmp(++k, boundary) == 0) { |
|
2534 |
- rc = 1; |
|
2535 |
- break; |
|
2536 |
- } |
|
2537 |
- while(*k == '-'); |
|
2538 |
- } |
|
2539 |
- } else if(*ptr++ != '-') |
|
2540 |
- rc = 0; |
|
2541 |
- else |
|
2542 |
- rc = (strcasecmp(ptr, boundary) == 0); |
|
2543 |
- |
|
2544 |
- if(out) |
|
2545 |
- free(out); |
|
2546 |
- |
|
2547 |
- if(rc == 1) |
|
2548 |
- cli_dbgmsg("boundaryStart: found %s in %s\n", boundary, line); |
|
2523 |
+ rc = 0; |
|
2524 |
+ do |
|
2525 |
+ if (strcmp(++k, boundary) == 0) { |
|
2526 |
+ rc = 1; |
|
2527 |
+ break; |
|
2528 |
+ } |
|
2529 |
+ while (*k == '-'); |
|
2530 |
+ if (rc == 0) { |
|
2531 |
+ k = &line[1]; |
|
2532 |
+ do |
|
2533 |
+ if (strcmp(++k, boundary) == 0) { |
|
2534 |
+ rc = 1; |
|
2535 |
+ break; |
|
2536 |
+ } |
|
2537 |
+ while (*k == '-'); |
|
2538 |
+ } |
|
2539 |
+ } else if (*ptr++ != '-') |
|
2540 |
+ rc = 0; |
|
2541 |
+ else |
|
2542 |
+ rc = (strcasecmp(ptr, boundary) == 0); |
|
2543 |
+ |
|
2544 |
+ if (out) |
|
2545 |
+ free(out); |
|
2546 |
+ |
|
2547 |
+ if (rc == 1) |
|
2548 |
+ cli_dbgmsg("boundaryStart: found %s in %s\n", boundary, line); |
|
2549 | 2549 |
|
2550 | 2550 |
if (newline != line) |
2551 | 2551 |
free(newline); |
2552 | 2552 |
|
2553 |
- return rc; |
|
2553 |
+ return rc; |
|
2554 | 2554 |
} |
2555 | 2555 |
|
2556 | 2556 |
/* |
... | ... |
@@ -2561,15 +2539,15 @@ boundaryStart(const char *line, const char *boundary) |
2561 | 2561 |
static int |
2562 | 2562 |
boundaryEnd(const char *line, const char *boundary) |
2563 | 2563 |
{ |
2564 |
- size_t len; |
|
2564 |
+ size_t len; |
|
2565 | 2565 |
char *newline, *p, *p2; |
2566 | 2566 |
|
2567 |
- if(line == NULL || *line == '\0') |
|
2568 |
- return 0; |
|
2567 |
+ if (line == NULL || *line == '\0') |
|
2568 |
+ return 0; |
|
2569 | 2569 |
|
2570 | 2570 |
p = newline = strdup(line); |
2571 | 2571 |
if (!(newline)) { |
2572 |
- p = (char *)line; |
|
2572 |
+ p = (char *)line; |
|
2573 | 2573 |
newline = (char *)line; |
2574 | 2574 |
} |
2575 | 2575 |
|
... | ... |
@@ -2580,59 +2558,59 @@ boundaryEnd(const char *line, const char *boundary) |
2580 | 2580 |
*(p2--) = '\0'; |
2581 | 2581 |
} |
2582 | 2582 |
|
2583 |
- /* cli_dbgmsg("boundaryEnd: line = '%s' boundary = '%s'\n", newline, boundary); */ |
|
2583 |
+ /* cli_dbgmsg("boundaryEnd: line = '%s' boundary = '%s'\n", newline, boundary); */ |
|
2584 | 2584 |
|
2585 |
- if(*p++ != '-') { |
|
2585 |
+ if (*p++ != '-') { |
|
2586 | 2586 |
if (newline != line) |
2587 | 2587 |
free(newline); |
2588 |
- return 0; |
|
2588 |
+ return 0; |
|
2589 | 2589 |
} |
2590 | 2590 |
|
2591 |
- if(*p++ != '-') { |
|
2591 |
+ if (*p++ != '-') { |
|
2592 | 2592 |
if (newline != line) |
2593 | 2593 |
free(newline); |
2594 | 2594 |
|
2595 |
- return 0; |
|
2595 |
+ return 0; |
|
2596 | 2596 |
} |
2597 | 2597 |
|
2598 |
- len = strlen(boundary); |
|
2599 |
- if(strncasecmp(p, boundary, len) != 0) { |
|
2598 |
+ len = strlen(boundary); |
|
2599 |
+ if (strncasecmp(p, boundary, len) != 0) { |
|
2600 | 2600 |
if (newline != line) |
2601 | 2601 |
free(newline); |
2602 | 2602 |
|
2603 |
- return 0; |
|
2603 |
+ return 0; |
|
2604 | 2604 |
} |
2605 |
- /* |
|
2605 |
+ /* |
|
2606 | 2606 |
* Use < rather than == because some broken mails have white |
2607 | 2607 |
* space after the boundary |
2608 | 2608 |
*/ |
2609 |
- if(strlen(p) < (len + 2)) { |
|
2609 |
+ if (strlen(p) < (len + 2)) { |
|
2610 | 2610 |
if (newline != line) |
2611 | 2611 |
free(newline); |
2612 | 2612 |
|
2613 |
- return 0; |
|
2613 |
+ return 0; |
|
2614 | 2614 |
} |
2615 | 2615 |
|
2616 |
- p = &p[len]; |
|
2617 |
- if(*p++ != '-') { |
|
2616 |
+ p = &p[len]; |
|
2617 |
+ if (*p++ != '-') { |
|
2618 | 2618 |
if (newline != line) |
2619 | 2619 |
free(newline); |
2620 | 2620 |
|
2621 |
- return 0; |
|
2621 |
+ return 0; |
|
2622 | 2622 |
} |
2623 | 2623 |
|
2624 |
- if(*p == '-') { |
|
2625 |
- /* cli_dbgmsg("boundaryEnd: found %s in %s\n", boundary, p); */ |
|
2624 |
+ if (*p == '-') { |
|
2625 |
+ /* cli_dbgmsg("boundaryEnd: found %s in %s\n", boundary, p); */ |
|
2626 | 2626 |
if (newline != line) |
2627 | 2627 |
free(newline); |
2628 | 2628 |
|
2629 |
- return 1; |
|
2630 |
- } |
|
2629 |
+ return 1; |
|
2630 |
+ } |
|
2631 | 2631 |
|
2632 | 2632 |
if (newline != line) |
2633 | 2633 |
free(newline); |
2634 | 2634 |
|
2635 |
- return 0; |
|
2635 |
+ return 0; |
|
2636 | 2636 |
} |
2637 | 2637 |
|
2638 | 2638 |
/* |
... | ... |
@@ -2641,34 +2619,34 @@ boundaryEnd(const char *line, const char *boundary) |
2641 | 2641 |
static int |
2642 | 2642 |
initialiseTables(table_t **rfc821Table, table_t **subtypeTable) |
2643 | 2643 |
{ |
2644 |
- const struct tableinit *tableinit; |
|
2644 |
+ const struct tableinit *tableinit; |
|
2645 | 2645 |
|
2646 |
- /* |
|
2646 |
+ /* |
|
2647 | 2647 |
* Initialise the various look up tables |
2648 | 2648 |
*/ |
2649 |
- *rfc821Table = tableCreate(); |
|
2650 |
- assert(*rfc821Table != NULL); |
|
2651 |
- |
|
2652 |
- for(tableinit = rfc821headers; tableinit->key; tableinit++) |
|
2653 |
- if(tableInsert(*rfc821Table, tableinit->key, tableinit->value) < 0) { |
|
2654 |
- tableDestroy(*rfc821Table); |
|
2655 |
- *rfc821Table = NULL; |
|
2656 |
- return -1; |
|
2657 |
- } |
|
2658 |
- |
|
2659 |
- *subtypeTable = tableCreate(); |
|
2660 |
- assert(*subtypeTable != NULL); |
|
2661 |
- |
|
2662 |
- for(tableinit = mimeSubtypes; tableinit->key; tableinit++) |
|
2663 |
- if(tableInsert(*subtypeTable, tableinit->key, tableinit->value) < 0) { |
|
2664 |
- tableDestroy(*rfc821Table); |
|
2665 |
- tableDestroy(*subtypeTable); |
|
2666 |
- *rfc821Table = NULL; |
|
2667 |
- *subtypeTable = NULL; |
|
2668 |
- return -1; |
|
2669 |
- } |
|
2670 |
- |
|
2671 |
- return 0; |
|
2649 |
+ *rfc821Table = tableCreate(); |
|
2650 |
+ assert(*rfc821Table != NULL); |
|
2651 |
+ |
|
2652 |
+ for (tableinit = rfc821headers; tableinit->key; tableinit++) |
|
2653 |
+ if (tableInsert(*rfc821Table, tableinit->key, tableinit->value) < 0) { |
|
2654 |
+ tableDestroy(*rfc821Table); |
|
2655 |
+ *rfc821Table = NULL; |
|
2656 |
+ return -1; |
|
2657 |
+ } |
|
2658 |
+ |
|
2659 |
+ *subtypeTable = tableCreate(); |
|
2660 |
+ assert(*subtypeTable != NULL); |
|
2661 |
+ |
|
2662 |
+ for (tableinit = mimeSubtypes; tableinit->key; tableinit++) |
|
2663 |
+ if (tableInsert(*subtypeTable, tableinit->key, tableinit->value) < 0) { |
|
2664 |
+ tableDestroy(*rfc821Table); |
|
2665 |
+ tableDestroy(*subtypeTable); |
|
2666 |
+ *rfc821Table = NULL; |
|
2667 |
+ *subtypeTable = NULL; |
|
2668 |
+ return -1; |
|
2669 |
+ } |
|
2670 |
+ |
|
2671 |
+ return 0; |
|
2672 | 2672 |
} |
2673 | 2673 |
|
2674 | 2674 |
/* |
... | ... |
@@ -2682,17 +2660,17 @@ initialiseTables(table_t **rfc821Table, table_t **subtypeTable) |
2682 | 2682 |
static int |
2683 | 2683 |
getTextPart(message *const messages[], size_t size) |
2684 | 2684 |
{ |
2685 |
- size_t i; |
|
2686 |
- int textpart = -1; |
|
2685 |
+ size_t i; |
|
2686 |
+ int textpart = -1; |
|
2687 | 2687 |
|
2688 |
- for(i = 0; i < size; i++) |
|
2689 |
- if(messages[i] && (messageGetMimeType(messages[i]) == TEXT)) { |
|
2690 |
- if(strcasecmp(messageGetMimeSubtype(messages[i]), "html") == 0) |
|
2691 |
- return (int)i; |
|
2692 |
- textpart = (int)i; |
|
2693 |
- } |
|
2688 |
+ for (i = 0; i < size; i++) |
|
2689 |
+ if (messages[i] && (messageGetMimeType(messages[i]) == TEXT)) { |
|
2690 |
+ if (strcasecmp(messageGetMimeSubtype(messages[i]), "html") == 0) |
|
2691 |
+ return (int)i; |
|
2692 |
+ textpart = (int)i; |
|
2693 |
+ } |
|
2694 | 2694 |
|
2695 |
- return textpart; |
|
2695 |
+ return textpart; |
|
2696 | 2696 |
} |
2697 | 2697 |
|
2698 | 2698 |
/* |
... | ... |
@@ -2712,31 +2690,31 @@ getTextPart(message *const messages[], size_t size) |
2712 | 2712 |
static size_t |
2713 | 2713 |
strip(char *buf, int len) |
2714 | 2714 |
{ |
2715 |
- register char *ptr; |
|
2716 |
- register size_t i; |
|
2717 |
- |
|
2718 |
- if((buf == NULL) || (len <= 0)) |
|
2719 |
- return 0; |
|
2720 |
- |
|
2721 |
- i = strlen(buf); |
|
2722 |
- if(len > (int)(i + 1)) |
|
2723 |
- return i; |
|
2724 |
- ptr = &buf[--len]; |
|
2725 |
- |
|
2726 |
-#if defined(UNIX) || defined(C_LINUX) || defined(C_DARWIN) /* watch - it may be in shared text area */ |
|
2727 |
- do |
|
2728 |
- if(*ptr) |
|
2729 |
- *ptr = '\0'; |
|
2730 |
- while((--len >= 0) && (!isgraph(*--ptr)) && (*ptr != '\n') && (*ptr != '\r')); |
|
2731 |
-#else /* more characters can be displayed on DOS */ |
|
2732 |
- do |
|
2733 |
-#ifndef REAL_MODE_DOS |
|
2734 |
- if(*ptr) /* C8.0 puts into a text area */ |
|
2715 |
+ register char *ptr; |
|
2716 |
+ register size_t i; |
|
2717 |
+ |
|
2718 |
+ if ((buf == NULL) || (len <= 0)) |
|
2719 |
+ return 0; |
|
2720 |
+ |
|
2721 |
+ i = strlen(buf); |
|
2722 |
+ if (len > (int)(i + 1)) |
|
2723 |
+ return i; |
|
2724 |
+ ptr = &buf[--len]; |
|
2725 |
+ |
|
2726 |
+#if defined(UNIX) || defined(C_LINUX) || defined(C_DARWIN) /* watch - it may be in shared text area */ |
|
2727 |
+ do |
|
2728 |
+ if (*ptr) |
|
2729 |
+ *ptr = '\0'; |
|
2730 |
+ while ((--len >= 0) && (!isgraph(*--ptr)) && (*ptr != '\n') && (*ptr != '\r')); |
|
2731 |
+#else /* more characters can be displayed on DOS */ |
|
2732 |
+ do |
|
2733 |
+#ifndef REAL_MODE_DOS |
|
2734 |
+ if (*ptr) /* C8.0 puts into a text area */ |
|
2735 | 2735 |
#endif |
2736 |
- *ptr = '\0'; |
|
2737 |
- while((--len >= 0) && ((*--ptr == '\0') || isspace((int)(*ptr & 0xFF)))); |
|
2736 |
+ *ptr = '\0'; |
|
2737 |
+ while ((--len >= 0) && ((*--ptr == '\0') || isspace((int)(*ptr & 0xFF)))); |
|
2738 | 2738 |
#endif |
2739 |
- return((size_t)(len + 1)); |
|
2739 |
+ return ((size_t)(len + 1)); |
|
2740 | 2740 |
} |
2741 | 2741 |
|
2742 | 2742 |
/* |
... | ... |
@@ -2746,10 +2724,10 @@ strip(char *buf, int len) |
2746 | 2746 |
size_t |
2747 | 2747 |
strstrip(char *s) |
2748 | 2748 |
{ |
2749 |
- if(s == (char *)NULL) |
|
2750 |
- return(0); |
|
2749 |
+ if (s == (char *)NULL) |
|
2750 |
+ return (0); |
|
2751 | 2751 |
|
2752 |
- return(strip(s, strlen(s) + 1)); |
|
2752 |
+ return (strip(s, strlen(s) + 1)); |
|
2753 | 2753 |
} |
2754 | 2754 |
|
2755 | 2755 |
/* |
... | ... |
@@ -2758,38 +2736,38 @@ strstrip(char *s) |
2758 | 2758 |
static int |
2759 | 2759 |
parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const char *arg) |
2760 | 2760 |
{ |
2761 |
- char *copy, *p, *buf; |
|
2762 |
- const char *ptr; |
|
2763 |
- int commandNumber; |
|
2761 |
+ char *copy, *p, *buf; |
|
2762 |
+ const char *ptr; |
|
2763 |
+ int commandNumber; |
|
2764 | 2764 |
|
2765 |
- cli_dbgmsg("parseMimeHeader: cmd='%s', arg='%s'\n", cmd, arg); |
|
2765 |
+ cli_dbgmsg("parseMimeHeader: cmd='%s', arg='%s'\n", cmd, arg); |
|
2766 | 2766 |
|
2767 |
- copy = rfc822comments(cmd, NULL); |
|
2768 |
- if(copy) { |
|
2769 |
- commandNumber = tableFind(rfc821Table, copy); |
|
2770 |
- free(copy); |
|
2771 |
- } else |
|
2772 |
- commandNumber = tableFind(rfc821Table, cmd); |
|
2767 |
+ copy = rfc822comments(cmd, NULL); |
|
2768 |
+ if (copy) { |
|
2769 |
+ commandNumber = tableFind(rfc821Table, copy); |
|
2770 |
+ free(copy); |
|
2771 |
+ } else |
|
2772 |
+ commandNumber = tableFind(rfc821Table, cmd); |
|
2773 | 2773 |
|
2774 |
- copy = rfc822comments(arg, NULL); |
|
2774 |
+ copy = rfc822comments(arg, NULL); |
|
2775 | 2775 |
|
2776 |
- if(copy) |
|
2777 |
- ptr = copy; |
|
2778 |
- else |
|
2779 |
- ptr = arg; |
|
2776 |
+ if (copy) |
|
2777 |
+ ptr = copy; |
|
2778 |
+ else |
|
2779 |
+ ptr = arg; |
|
2780 | 2780 |
|
2781 |
- buf = NULL; |
|
2781 |
+ buf = NULL; |
|
2782 | 2782 |
|
2783 |
- switch(commandNumber) { |
|
2784 |
- case CONTENT_TYPE: |
|
2785 |
- /* |
|
2783 |
+ switch (commandNumber) { |
|
2784 |
+ case CONTENT_TYPE: |
|
2785 |
+ /* |
|
2786 | 2786 |
* Fix for non RFC1521 compliant mailers |
2787 | 2787 |
* that send content-type: Text instead |
2788 | 2788 |
* of content-type: Text/Plain, or |
2789 | 2789 |
* just simply "Content-Type:" |
2790 | 2790 |
*/ |
2791 |
- if(arg == NULL) |
|
2792 |
- /* |
|
2791 |
+ if (arg == NULL) |
|
2792 |
+ /* |
|
2793 | 2793 |
* According to section 4 of RFC1521: |
2794 | 2794 |
* "Note also that a subtype specification is |
2795 | 2795 |
* MANDATORY. There are no default subtypes" |
... | ... |
@@ -2798,155 +2776,155 @@ parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const c |
2798 | 2798 |
* for the subtype because virus writers and |
2799 | 2799 |
* email client writers don't get it right |
2800 | 2800 |
*/ |
2801 |
- cli_dbgmsg("Empty content-type received, no subtype specified, assuming text/plain; charset=us-ascii\n"); |
|
2802 |
- else if(strchr(ptr, '/') == NULL) |
|
2803 |
- /* |
|
2801 |
+ cli_dbgmsg("Empty content-type received, no subtype specified, assuming text/plain; charset=us-ascii\n"); |
|
2802 |
+ else if (strchr(ptr, '/') == NULL) |
|
2803 |
+ /* |
|
2804 | 2804 |
* Empty field, such as |
2805 | 2805 |
* Content-Type: |
2806 | 2806 |
* which I believe is illegal according to |
2807 | 2807 |
* RFC1521 |
2808 | 2808 |
*/ |
2809 |
- cli_dbgmsg("Invalid content-type '%s' received, no subtype specified, assuming text/plain; charset=us-ascii\n", ptr); |
|
2810 |
- else { |
|
2811 |
- int i; |
|
2809 |
+ cli_dbgmsg("Invalid content-type '%s' received, no subtype specified, assuming text/plain; charset=us-ascii\n", ptr); |
|
2810 |
+ else { |
|
2811 |
+ int i; |
|
2812 | 2812 |
|
2813 |
- buf = cli_malloc(strlen(ptr) + 1); |
|
2814 |
- if(buf == NULL) { |
|
2813 |
+ buf = cli_malloc(strlen(ptr) + 1); |
|
2814 |
+ if (buf == NULL) { |
|
2815 | 2815 |
cli_errmsg("parseMimeHeader: Unable to allocate memory for buf %llu\n", (long long unsigned)(strlen(ptr) + 1)); |
2816 |
- if(copy) |
|
2817 |
- free(copy); |
|
2818 |
- return -1; |
|
2819 |
- } |
|
2820 |
- /* |
|
2816 |
+ if (copy) |
|
2817 |
+ free(copy); |
|
2818 |
+ return -1; |
|
2819 |
+ } |
|
2820 |
+ /* |
|
2821 | 2821 |
* Some clients are broken and |
2822 | 2822 |
* put white space after the ; |
2823 | 2823 |
*/ |
2824 |
- if(*arg == '/') { |
|
2825 |
- cli_dbgmsg("Content-type '/' received, assuming application/octet-stream\n"); |
|
2826 |
- messageSetMimeType(m, "application"); |
|
2827 |
- messageSetMimeSubtype(m, "octet-stream"); |
|
2828 |
- } else { |
|
2829 |
- /* |
|
2824 |
+ if (*arg == '/') { |
|
2825 |
+ cli_dbgmsg("Content-type '/' received, assuming application/octet-stream\n"); |
|
2826 |
+ messageSetMimeType(m, "application"); |
|
2827 |
+ messageSetMimeSubtype(m, "octet-stream"); |
|
2828 |
+ } else { |
|
2829 |
+ /* |
|
2830 | 2830 |
* The content type could be in quotes: |
2831 | 2831 |
* Content-Type: "multipart/mixed" |
2832 | 2832 |
* FIXME: this is a hack in that ignores |
2833 | 2833 |
* the quotes, it doesn't handle |
2834 | 2834 |
* them properly |
2835 | 2835 |
*/ |
2836 |
- while(isspace(*ptr)) |
|
2837 |
- ptr++; |
|
2838 |
- if(ptr[0] == '\"') |
|
2839 |
- ptr++; |
|
2836 |
+ while (isspace(*ptr)) |
|
2837 |
+ ptr++; |
|
2838 |
+ if (ptr[0] == '\"') |
|
2839 |
+ ptr++; |
|
2840 | 2840 |
|
2841 |
- if(ptr[0] != '/') { |
|
2842 |
- char *s; |
|
2841 |
+ if (ptr[0] != '/') { |
|
2842 |
+ char *s; |
|
2843 | 2843 |
#ifdef CL_THREAD_SAFE |
2844 |
- char *strptr = NULL; |
|
2844 |
+ char *strptr = NULL; |
|
2845 | 2845 |
#endif |
2846 | 2846 |
|
2847 |
- s = cli_strtokbuf(ptr, 0, ";", buf); |
|
2848 |
- /* |
|
2847 |
+ s = cli_strtokbuf(ptr, 0, ";", buf); |
|
2848 |
+ /* |
|
2849 | 2849 |
* Handle |
2850 | 2850 |
* Content-Type: foo/bar multipart/mixed |
2851 | 2851 |
* and |
2852 | 2852 |
* Content-Type: multipart/mixed foo/bar |
2853 | 2853 |
*/ |
2854 |
- if(s && *s) { |
|
2855 |
- char *buf2 = cli_strdup(buf); |
|
2856 |
- |
|
2857 |
- if(buf2 == NULL) { |
|
2858 |
- if(copy) |
|
2859 |
- free(copy); |
|
2860 |
- free(buf); |
|
2861 |
- return -1; |
|
2862 |
- } |
|
2863 |
- for(;;) { |
|
2864 |
-#ifdef CL_THREAD_SAFE |
|
2865 |
- int set = messageSetMimeType(m, strtok_r(s, "/", &strptr)); |
|
2854 |
+ if (s && *s) { |
|
2855 |
+ char *buf2 = cli_strdup(buf); |
|
2856 |
+ |
|
2857 |
+ if (buf2 == NULL) { |
|
2858 |
+ if (copy) |
|
2859 |
+ free(copy); |
|
2860 |
+ free(buf); |
|
2861 |
+ return -1; |
|
2862 |
+ } |
|
2863 |
+ for (;;) { |
|
2864 |
+#ifdef CL_THREAD_SAFE |
|
2865 |
+ int set = messageSetMimeType(m, strtok_r(s, "/", &strptr)); |
|
2866 | 2866 |
#else |
2867 |
- int set = messageSetMimeType(m, strtok(s, "/")); |
|
2867 |
+ int set = messageSetMimeType(m, strtok(s, "/")); |
|
2868 | 2868 |
#endif |
2869 | 2869 |
|
2870 |
-#ifdef CL_THREAD_SAFE |
|
2871 |
- s = strtok_r(NULL, ";", &strptr); |
|
2870 |
+#ifdef CL_THREAD_SAFE |
|
2871 |
+ s = strtok_r(NULL, ";", &strptr); |
|
2872 | 2872 |
#else |
2873 |
- s = strtok(NULL, ";"); |
|
2873 |
+ s = strtok(NULL, ";"); |
|
2874 | 2874 |
#endif |
2875 |
- if(s == NULL) |
|
2876 |
- break; |
|
2877 |
- if(set) { |
|
2878 |
- size_t len = strstrip(s) - 1; |
|
2879 |
- if(s[len] == '\"') { |
|
2880 |
- s[len] = '\0'; |
|
2881 |
- len = strstrip(s); |
|
2882 |
- } |
|
2883 |
- if(len) { |
|
2884 |
- if(strchr(s, ' ')) |
|
2885 |
- messageSetMimeSubtype(m, |
|
2886 |
- cli_strtokbuf(s, 0, " ", buf2)); |
|
2887 |
- else |
|
2888 |
- messageSetMimeSubtype(m, s); |
|
2889 |
- } |
|
2890 |
- } |
|
2891 |
- |
|
2892 |
- while(*s && !isspace(*s)) |
|
2893 |
- s++; |
|
2894 |
- if(*s++ == '\0') |
|
2895 |
- break; |
|
2896 |
- if(*s == '\0') |
|
2897 |
- break; |
|
2898 |
- } |
|
2899 |
- free(buf2); |
|
2900 |
- } |
|
2901 |
- } |
|
2902 |
- } |
|
2903 |
- |
|
2904 |
- /* |
|
2875 |
+ if (s == NULL) |
|
2876 |
+ break; |
|
2877 |
+ if (set) { |
|
2878 |
+ size_t len = strstrip(s) - 1; |
|
2879 |
+ if (s[len] == '\"') { |
|
2880 |
+ s[len] = '\0'; |
|
2881 |
+ len = strstrip(s); |
|
2882 |
+ } |
|
2883 |
+ if (len) { |
|
2884 |
+ if (strchr(s, ' ')) |
|
2885 |
+ messageSetMimeSubtype(m, |
|
2886 |
+ cli_strtokbuf(s, 0, " ", buf2)); |
|
2887 |
+ else |
|
2888 |
+ messageSetMimeSubtype(m, s); |
|
2889 |
+ } |
|
2890 |
+ } |
|
2891 |
+ |
|
2892 |
+ while (*s && !isspace(*s)) |
|
2893 |
+ s++; |
|
2894 |
+ if (*s++ == '\0') |
|
2895 |
+ break; |
|
2896 |
+ if (*s == '\0') |
|
2897 |
+ break; |
|
2898 |
+ } |
|
2899 |
+ free(buf2); |
|
2900 |
+ } |
|
2901 |
+ } |
|
2902 |
+ } |
|
2903 |
+ |
|
2904 |
+ /* |
|
2905 | 2905 |
* Add in all rest of the the arguments. |
2906 | 2906 |
* e.g. if the header is this: |
2907 | 2907 |
* Content-Type:', arg='multipart/mixed; boundary=foo |
2908 | 2908 |
* we find the boundary argument set it |
2909 | 2909 |
*/ |
2910 |
- i = 1; |
|
2911 |
- while(cli_strtokbuf(ptr, i++, ";", buf) != NULL) { |
|
2912 |
- cli_dbgmsg("mimeArgs = '%s'\n", buf); |
|
2913 |
- |
|
2914 |
- messageAddArguments(m, buf); |
|
2915 |
- } |
|
2916 |
- } |
|
2917 |
- break; |
|
2918 |
- case CONTENT_TRANSFER_ENCODING: |
|
2919 |
- messageSetEncoding(m, ptr); |
|
2920 |
- break; |
|
2921 |
- case CONTENT_DISPOSITION: |
|
2922 |
- buf = cli_malloc(strlen(ptr) + 1); |
|
2923 |
- if(buf == NULL) { |
|
2910 |
+ i = 1; |
|
2911 |
+ while (cli_strtokbuf(ptr, i++, ";", buf) != NULL) { |
|
2912 |
+ cli_dbgmsg("mimeArgs = '%s'\n", buf); |
|
2913 |
+ |
|
2914 |
+ messageAddArguments(m, buf); |
|
2915 |
+ } |
|
2916 |
+ } |
|
2917 |
+ break; |
|
2918 |
+ case CONTENT_TRANSFER_ENCODING: |
|
2919 |
+ messageSetEncoding(m, ptr); |
|
2920 |
+ break; |
|
2921 |
+ case CONTENT_DISPOSITION: |
|
2922 |
+ buf = cli_malloc(strlen(ptr) + 1); |
|
2923 |
+ if (buf == NULL) { |
|
2924 | 2924 |
cli_errmsg("parseMimeHeader: Unable to allocate memory for buf %llu\n", (long long unsigned)(strlen(ptr) + 1)); |
2925 |
- if(copy) |
|
2926 |
- free(copy); |
|
2927 |
- return -1; |
|
2928 |
- } |
|
2929 |
- p = cli_strtokbuf(ptr, 0, ";", buf); |
|
2930 |
- if(p && *p) { |
|
2931 |
- messageSetDispositionType(m, p); |
|
2932 |
- messageAddArgument(m, cli_strtokbuf(ptr, 1, ";", buf)); |
|
2933 |
- } |
|
2934 |
- if(!messageHasFilename(m)) |
|
2935 |
- /* |
|
2925 |
+ if (copy) |
|
2926 |
+ free(copy); |
|
2927 |
+ return -1; |
|
2928 |
+ } |
|
2929 |
+ p = cli_strtokbuf(ptr, 0, ";", buf); |
|
2930 |
+ if (p && *p) { |
|
2931 |
+ messageSetDispositionType(m, p); |
|
2932 |
+ messageAddArgument(m, cli_strtokbuf(ptr, 1, ";", buf)); |
|
2933 |
+ } |
|
2934 |
+ if (!messageHasFilename(m)) |
|
2935 |
+ /* |
|
2936 | 2936 |
* Handle this type of header, without |
2937 | 2937 |
* a filename (e.g. some Worm.Torvil.D) |
2938 | 2938 |
* Content-ID: <nRfkHdrKsAxRU> |
2939 | 2939 |
* Content-Transfer-Encoding: base64 |
2940 | 2940 |
* Content-Disposition: attachment |
2941 | 2941 |
*/ |
2942 |
- messageAddArgument(m, "filename=unknown"); |
|
2943 |
- } |
|
2944 |
- if(copy) |
|
2945 |
- free(copy); |
|
2946 |
- if(buf) |
|
2947 |
- free(buf); |
|
2948 |
- |
|
2949 |
- return 0; |
|
2942 |
+ messageAddArgument(m, "filename=unknown"); |
|
2943 |
+ } |
|
2944 |
+ if (copy) |
|
2945 |
+ free(copy); |
|
2946 |
+ if (buf) |
|
2947 |
+ free(buf); |
|
2948 |
+ |
|
2949 |
+ return 0; |
|
2950 | 2950 |
} |
2951 | 2951 |
|
2952 | 2952 |
/* |
... | ... |
@@ -2955,19 +2933,19 @@ parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const c |
2955 | 2955 |
static int |
2956 | 2956 |
saveTextPart(mbox_ctx *mctx, message *m, int destroy_text) |
2957 | 2957 |
{ |
2958 |
- fileblob *fb; |
|
2958 |
+ fileblob *fb; |
|
2959 | 2959 |
|
2960 |
- messageAddArgument(m, "filename=textportion"); |
|
2961 |
- if((fb = messageToFileblob(m, mctx->dir, destroy_text)) != NULL) { |
|
2962 |
- /* |
|
2960 |
+ messageAddArgument(m, "filename=textportion"); |
|
2961 |
+ if ((fb = messageToFileblob(m, mctx->dir, destroy_text)) != NULL) { |
|
2962 |
+ /* |
|
2963 | 2963 |
* Save main part to scan that |
2964 | 2964 |
*/ |
2965 |
- cli_dbgmsg("Saving main message\n"); |
|
2965 |
+ cli_dbgmsg("Saving main message\n"); |
|
2966 | 2966 |
|
2967 |
- mctx->files++; |
|
2968 |
- return fileblobScanAndDestroy(fb); |
|
2969 |
- } |
|
2970 |
- return CL_ETMPFILE; |
|
2967 |
+ mctx->files++; |
|
2968 |
+ return fileblobScanAndDestroy(fb); |
|
2969 |
+ } |
|
2970 |
+ return CL_ETMPFILE; |
|
2971 | 2971 |
} |
2972 | 2972 |
|
2973 | 2973 |
/* |
... | ... |
@@ -2981,73 +2959,74 @@ saveTextPart(mbox_ctx *mctx, message *m, int destroy_text) |
2981 | 2981 |
static char * |
2982 | 2982 |
rfc822comments(const char *in, char *out) |
2983 | 2983 |
{ |
2984 |
- const char *iptr; |
|
2985 |
- char *optr; |
|
2986 |
- int backslash, inquote, commentlevel; |
|
2984 |
+ const char *iptr; |
|
2985 |
+ char *optr; |
|
2986 |
+ int backslash, inquote, commentlevel; |
|
2987 | 2987 |
|
2988 |
- if(in == NULL) |
|
2989 |
- return NULL; |
|
2988 |
+ if (in == NULL) |
|
2989 |
+ return NULL; |
|
2990 | 2990 |
|
2991 |
- if(strchr(in, '(') == NULL) |
|
2992 |
- return NULL; |
|
2991 |
+ if (strchr(in, '(') == NULL) |
|
2992 |
+ return NULL; |
|
2993 | 2993 |
|
2994 |
- assert(out != in); |
|
2994 |
+ assert(out != in); |
|
2995 | 2995 |
|
2996 |
- while(isspace(*in)) |
|
2997 |
- in++; |
|
2996 |
+ while (isspace(*in)) |
|
2997 |
+ in++; |
|
2998 | 2998 |
|
2999 |
- if(out == NULL) { |
|
3000 |
- out = cli_malloc(strlen(in) + 1); |
|
3001 |
- if(out == NULL) { |
|
2999 |
+ if (out == NULL) { |
|
3000 |
+ out = cli_malloc(strlen(in) + 1); |
|
3001 |
+ if (out == NULL) { |
|
3002 | 3002 |
cli_errmsg("rfc822comments: Unable to allocate memory for out %llu\n", (long long unsigned)(strlen(in) + 1)); |
3003 |
- return NULL; |
|
3003 |
+ return NULL; |
|
3004 | 3004 |
} |
3005 |
- } |
|
3006 |
- |
|
3007 |
- backslash = commentlevel = inquote = 0; |
|
3008 |
- optr = out; |
|
3009 |
- |
|
3010 |
- cli_dbgmsg("rfc822comments: contains a comment\n"); |
|
3011 |
- |
|
3012 |
- for(iptr = in; *iptr; iptr++) |
|
3013 |
- if(backslash) { |
|
3014 |
- if(commentlevel == 0) |
|
3015 |
- *optr++ = *iptr; |
|
3016 |
- backslash = 0; |
|
3017 |
- } else switch(*iptr) { |
|
3018 |
- case '\\': |
|
3019 |
- backslash = 1; |
|
3020 |
- break; |
|
3021 |
- case '\"': |
|
3022 |
- *optr++ = '\"'; |
|
3023 |
- inquote = !inquote; |
|
3024 |
- break; |
|
3025 |
- case '(': |
|
3026 |
- if(inquote) |
|
3027 |
- *optr++ = '('; |
|
3028 |
- else |
|
3029 |
- commentlevel++; |
|
3030 |
- break; |
|
3031 |
- case ')': |
|
3032 |
- if(inquote) |
|
3033 |
- *optr++ = ')'; |
|
3034 |
- else if(commentlevel > 0) |
|
3035 |
- commentlevel--; |
|
3036 |
- break; |
|
3037 |
- default: |
|
3038 |
- if(commentlevel == 0) |
|
3039 |
- *optr++ = *iptr; |
|
3040 |
- } |
|
3041 |
- |
|
3042 |
- if(backslash) /* last character was a single backslash */ |
|
3043 |
- *optr++ = '\\'; |
|
3044 |
- *optr = '\0'; |
|
3045 |
- |
|
3046 |
- /*strstrip(out);*/ |
|
3047 |
- |
|
3048 |
- cli_dbgmsg("rfc822comments '%s'=>'%s'\n", in, out); |
|
3049 |
- |
|
3050 |
- return out; |
|
3005 |
+ } |
|
3006 |
+ |
|
3007 |
+ backslash = commentlevel = inquote = 0; |
|
3008 |
+ optr = out; |
|
3009 |
+ |
|
3010 |
+ cli_dbgmsg("rfc822comments: contains a comment\n"); |
|
3011 |
+ |
|
3012 |
+ for (iptr = in; *iptr; iptr++) |
|
3013 |
+ if (backslash) { |
|
3014 |
+ if (commentlevel == 0) |
|
3015 |
+ *optr++ = *iptr; |
|
3016 |
+ backslash = 0; |
|
3017 |
+ } else |
|
3018 |
+ switch (*iptr) { |
|
3019 |
+ case '\\': |
|
3020 |
+ backslash = 1; |
|
3021 |
+ break; |
|
3022 |
+ case '\"': |
|
3023 |
+ *optr++ = '\"'; |
|
3024 |
+ inquote = !inquote; |
|
3025 |
+ break; |
|
3026 |
+ case '(': |
|
3027 |
+ if (inquote) |
|
3028 |
+ *optr++ = '('; |
|
3029 |
+ else |
|
3030 |
+ commentlevel++; |
|
3031 |
+ break; |
|
3032 |
+ case ')': |
|
3033 |
+ if (inquote) |
|
3034 |
+ *optr++ = ')'; |
|
3035 |
+ else if (commentlevel > 0) |
|
3036 |
+ commentlevel--; |
|
3037 |
+ break; |
|
3038 |
+ default: |
|
3039 |
+ if (commentlevel == 0) |
|
3040 |
+ *optr++ = *iptr; |
|
3041 |
+ } |
|
3042 |
+ |
|
3043 |
+ if (backslash) /* last character was a single backslash */ |
|
3044 |
+ *optr++ = '\\'; |
|
3045 |
+ *optr = '\0'; |
|
3046 |
+ |
|
3047 |
+ /*strstrip(out);*/ |
|
3048 |
+ |
|
3049 |
+ cli_dbgmsg("rfc822comments '%s'=>'%s'\n", in, out); |
|
3050 |
+ |
|
3051 |
+ return out; |
|
3051 | 3052 |
} |
3052 | 3053 |
|
3053 | 3054 |
/* |
... | ... |
@@ -3057,110 +3036,109 @@ rfc822comments(const char *in, char *out) |
3057 | 3057 |
static char * |
3058 | 3058 |
rfc2047(const char *in) |
3059 | 3059 |
{ |
3060 |
- char *out, *pout; |
|
3061 |
- size_t len; |
|
3060 |
+ char *out, *pout; |
|
3061 |
+ size_t len; |
|
3062 | 3062 |
|
3063 |
- if((strstr(in, "=?") == NULL) || (strstr(in, "?=") == NULL)) |
|
3064 |
- return cli_strdup(in); |
|
3063 |
+ if ((strstr(in, "=?") == NULL) || (strstr(in, "?=") == NULL)) |
|
3064 |
+ return cli_strdup(in); |
|
3065 | 3065 |
|
3066 |
- cli_dbgmsg("rfc2047 '%s'\n", in); |
|
3067 |
- out = cli_malloc(strlen(in) + 1); |
|
3066 |
+ cli_dbgmsg("rfc2047 '%s'\n", in); |
|
3067 |
+ out = cli_malloc(strlen(in) + 1); |
|
3068 | 3068 |
|
3069 |
- if(out == NULL) { |
|
3069 |
+ if (out == NULL) { |
|
3070 | 3070 |
cli_errmsg("rfc2047: Unable to allocate memory for out %llu\n", (long long unsigned)(strlen(in) + 1)); |
3071 |
- return NULL; |
|
3071 |
+ return NULL; |
|
3072 | 3072 |
} |
3073 | 3073 |
|
3074 |
- pout = out; |
|
3075 |
- |
|
3076 |
- /* For each RFC2047 string */ |
|
3077 |
- while(*in) { |
|
3078 |
- char encoding, *ptr, *enctext; |
|
3079 |
- message *m; |
|
3080 |
- blob *b; |
|
3081 |
- |
|
3082 |
- /* Find next RFC2047 string */ |
|
3083 |
- while(*in) { |
|
3084 |
- if((*in == '=') && (in[1] == '?')) { |
|
3085 |
- in += 2; |
|
3086 |
- break; |
|
3087 |
- } |
|
3088 |
- *pout++ = *in++; |
|
3089 |
- } |
|
3090 |
- /* Skip over charset, find encoding */ |
|
3091 |
- while((*in != '?') && *in) |
|
3092 |
- in++; |
|
3093 |
- if(*in == '\0') |
|
3094 |
- break; |
|
3095 |
- encoding = *++in; |
|
3096 |
- encoding = (char)tolower(encoding); |
|
3097 |
- |
|
3098 |
- if((encoding != 'q') && (encoding != 'b')) { |
|
3099 |
- cli_warnmsg("Unsupported RFC2047 encoding type '%c' - if you believe this file contains a virus, submit it to www.clamav.net\n", encoding); |
|
3100 |
- free(out); |
|
3101 |
- out = NULL; |
|
3102 |
- break; |
|
3103 |
- } |
|
3104 |
- /* Skip to encoded text */ |
|
3105 |
- if(*++in != '?') |
|
3106 |
- break; |
|
3107 |
- if(*++in == '\0') |
|
3108 |
- break; |
|
3109 |
- |
|
3110 |
- enctext = cli_strdup(in); |
|
3111 |
- if(enctext == NULL) { |
|
3112 |
- free(out); |
|
3113 |
- out = NULL; |
|
3114 |
- break; |
|
3115 |
- } |
|
3116 |
- in = strstr(in, "?="); |
|
3117 |
- if(in == NULL) { |
|
3118 |
- free(enctext); |
|
3119 |
- break; |
|
3120 |
- } |
|
3121 |
- in += 2; |
|
3122 |
- ptr = strstr(enctext, "?="); |
|
3123 |
- assert(ptr != NULL); |
|
3124 |
- *ptr = '\0'; |
|
3125 |
- /*cli_dbgmsg("Need to decode '%s' with method '%c'\n", enctext, encoding);*/ |
|
3126 |
- |
|
3127 |
- m = messageCreate(); |
|
3128 |
- if(m == NULL) |
|
3129 |
- break; |
|
3130 |
- messageAddStr(m, enctext); |
|
3131 |
- free(enctext); |
|
3132 |
- switch(encoding) { |
|
3133 |
- case 'q': |
|
3134 |
- messageSetEncoding(m, "quoted-printable"); |
|
3135 |
- break; |
|
3136 |
- case 'b': |
|
3137 |
- messageSetEncoding(m, "base64"); |
|
3138 |
- break; |
|
3139 |
- } |
|
3140 |
- b = messageToBlob(m, 1); |
|
3141 |
- if (b == NULL) { |
|
3142 |
- messageDestroy(m); |
|
3143 |
- break; |
|
3144 |
- } |
|
3145 |
- len = blobGetDataSize(b); |
|
3146 |
- cli_dbgmsg("Decoded as '%*.*s'\n", (int)len, (int)len, |
|
3147 |
- (const char *)blobGetData(b)); |
|
3148 |
- memcpy(pout, blobGetData(b), len); |
|
3149 |
- blobDestroy(b); |
|
3150 |
- messageDestroy(m); |
|
3151 |
- if(len > 0 && pout[len - 1] == '\n') |
|
3152 |
- pout += len - 1; |
|
3153 |
- else |
|
3154 |
- pout += len; |
|
3155 |
- |
|
3156 |
- } |
|
3157 |
- if(out == NULL) |
|
3158 |
- return NULL; |
|
3159 |
- |
|
3160 |
- *pout = '\0'; |
|
3161 |
- |
|
3162 |
- cli_dbgmsg("rfc2047 returns '%s'\n", out); |
|
3163 |
- return out; |
|
3074 |
+ pout = out; |
|
3075 |
+ |
|
3076 |
+ /* For each RFC2047 string */ |
|
3077 |
+ while (*in) { |
|
3078 |
+ char encoding, *ptr, *enctext; |
|
3079 |
+ message *m; |
|
3080 |
+ blob *b; |
|
3081 |
+ |
|
3082 |
+ /* Find next RFC2047 string */ |
|
3083 |
+ while (*in) { |
|
3084 |
+ if ((*in == '=') && (in[1] == '?')) { |
|
3085 |
+ in += 2; |
|
3086 |
+ break; |
|
3087 |
+ } |
|
3088 |
+ *pout++ = *in++; |
|
3089 |
+ } |
|
3090 |
+ /* Skip over charset, find encoding */ |
|
3091 |
+ while ((*in != '?') && *in) |
|
3092 |
+ in++; |
|
3093 |
+ if (*in == '\0') |
|
3094 |
+ break; |
|
3095 |
+ encoding = *++in; |
|
3096 |
+ encoding = (char)tolower(encoding); |
|
3097 |
+ |
|
3098 |
+ if ((encoding != 'q') && (encoding != 'b')) { |
|
3099 |
+ cli_warnmsg("Unsupported RFC2047 encoding type '%c' - if you believe this file contains a virus, submit it to www.clamav.net\n", encoding); |
|
3100 |
+ free(out); |
|
3101 |
+ out = NULL; |
|
3102 |
+ break; |
|
3103 |
+ } |
|
3104 |
+ /* Skip to encoded text */ |
|
3105 |
+ if (*++in != '?') |
|
3106 |
+ break; |
|
3107 |
+ if (*++in == '\0') |
|
3108 |
+ break; |
|
3109 |
+ |
|
3110 |
+ enctext = cli_strdup(in); |
|
3111 |
+ if (enctext == NULL) { |
|
3112 |
+ free(out); |
|
3113 |
+ out = NULL; |
|
3114 |
+ break; |
|
3115 |
+ } |
|
3116 |
+ in = strstr(in, "?="); |
|
3117 |
+ if (in == NULL) { |
|
3118 |
+ free(enctext); |
|
3119 |
+ break; |
|
3120 |
+ } |
|
3121 |
+ in += 2; |
|
3122 |
+ ptr = strstr(enctext, "?="); |
|
3123 |
+ assert(ptr != NULL); |
|
3124 |
+ *ptr = '\0'; |
|
3125 |
+ /*cli_dbgmsg("Need to decode '%s' with method '%c'\n", enctext, encoding);*/ |
|
3126 |
+ |
|
3127 |
+ m = messageCreate(); |
|
3128 |
+ if (m == NULL) |
|
3129 |
+ break; |
|
3130 |
+ messageAddStr(m, enctext); |
|
3131 |
+ free(enctext); |
|
3132 |
+ switch (encoding) { |
|
3133 |
+ case 'q': |
|
3134 |
+ messageSetEncoding(m, "quoted-printable"); |
|
3135 |
+ break; |
|
3136 |
+ case 'b': |
|
3137 |
+ messageSetEncoding(m, "base64"); |
|
3138 |
+ break; |
|
3139 |
+ } |
|
3140 |
+ b = messageToBlob(m, 1); |
|
3141 |
+ if (b == NULL) { |
|
3142 |
+ messageDestroy(m); |
|
3143 |
+ break; |
|
3144 |
+ } |
|
3145 |
+ len = blobGetDataSize(b); |
|
3146 |
+ cli_dbgmsg("Decoded as '%*.*s'\n", (int)len, (int)len, |
|
3147 |
+ (const char *)blobGetData(b)); |
|
3148 |
+ memcpy(pout, blobGetData(b), len); |
|
3149 |
+ blobDestroy(b); |
|
3150 |
+ messageDestroy(m); |
|
3151 |
+ if (len > 0 && pout[len - 1] == '\n') |
|
3152 |
+ pout += len - 1; |
|
3153 |
+ else |
|
3154 |
+ pout += len; |
|
3155 |
+ } |
|
3156 |
+ if (out == NULL) |
|
3157 |
+ return NULL; |
|
3158 |
+ |
|
3159 |
+ *pout = '\0'; |
|
3160 |
+ |
|
3161 |
+ cli_dbgmsg("rfc2047 returns '%s'\n", out); |
|
3162 |
+ return out; |
|
3164 | 3163 |
} |
3165 | 3164 |
|
3166 | 3165 |
/* |
... | ... |
@@ -3169,252 +3147,252 @@ rfc2047(const char *in) |
3169 | 3169 |
static int |
3170 | 3170 |
rfc1341(message *m, const char *dir) |
3171 | 3171 |
{ |
3172 |
- char *arg, *id, *number, *total, *oldfilename; |
|
3173 |
- const char *tmpdir; |
|
3174 |
- int n; |
|
3175 |
- char pdir[NAME_MAX + 1]; |
|
3176 |
- unsigned char md5_val[16]; |
|
3177 |
- char *md5_hex; |
|
3178 |
- |
|
3179 |
- id = (char *)messageFindArgument(m, "id"); |
|
3180 |
- if(id == NULL) |
|
3181 |
- return -1; |
|
3182 |
- |
|
3183 |
- tmpdir = cli_gettmpdir(); |
|
3184 |
- |
|
3185 |
- snprintf(pdir, sizeof(pdir) - 1, "%s"PATHSEP"clamav-partial", tmpdir); |
|
3186 |
- |
|
3187 |
- if((mkdir(pdir, S_IRWXU) < 0) && (errno != EEXIST)) { |
|
3188 |
- cli_errmsg("Can't create the directory '%s'\n", pdir); |
|
3189 |
- free(id); |
|
3190 |
- return -1; |
|
3191 |
- } else if(errno == EEXIST) { |
|
3192 |
- STATBUF statb; |
|
3193 |
- |
|
3194 |
- if(CLAMSTAT(pdir, &statb) < 0) { |
|
3195 |
- char err[128]; |
|
3196 |
- cli_errmsg("Partial directory %s: %s\n", pdir, |
|
3197 |
- cli_strerror(errno, err, sizeof(err))); |
|
3198 |
- free(id); |
|
3199 |
- return -1; |
|
3200 |
- } |
|
3201 |
- if(statb.st_mode & 077) |
|
3202 |
- cli_warnmsg("Insecure partial directory %s (mode 0%o)\n", |
|
3203 |
- pdir, |
|
3204 |
-#ifdef ACCESSPERMS |
|
3205 |
- (int)(statb.st_mode&ACCESSPERMS) |
|
3172 |
+ char *arg, *id, *number, *total, *oldfilename; |
|
3173 |
+ const char *tmpdir; |
|
3174 |
+ int n; |
|
3175 |
+ char pdir[NAME_MAX + 1]; |
|
3176 |
+ unsigned char md5_val[16]; |
|
3177 |
+ char *md5_hex; |
|
3178 |
+ |
|
3179 |
+ id = (char *)messageFindArgument(m, "id"); |
|
3180 |
+ if (id == NULL) |
|
3181 |
+ return -1; |
|
3182 |
+ |
|
3183 |
+ tmpdir = cli_gettmpdir(); |
|
3184 |
+ |
|
3185 |
+ snprintf(pdir, sizeof(pdir) - 1, "%s" PATHSEP "clamav-partial", tmpdir); |
|
3186 |
+ |
|
3187 |
+ if ((mkdir(pdir, S_IRWXU) < 0) && (errno != EEXIST)) { |
|
3188 |
+ cli_errmsg("Can't create the directory '%s'\n", pdir); |
|
3189 |
+ free(id); |
|
3190 |
+ return -1; |
|
3191 |
+ } else if (errno == EEXIST) { |
|
3192 |
+ STATBUF statb; |
|
3193 |
+ |
|
3194 |
+ if (CLAMSTAT(pdir, &statb) < 0) { |
|
3195 |
+ char err[128]; |
|
3196 |
+ cli_errmsg("Partial directory %s: %s\n", pdir, |
|
3197 |
+ cli_strerror(errno, err, sizeof(err))); |
|
3198 |
+ free(id); |
|
3199 |
+ return -1; |
|
3200 |
+ } |
|
3201 |
+ if (statb.st_mode & 077) |
|
3202 |
+ cli_warnmsg("Insecure partial directory %s (mode 0%o)\n", |
|
3203 |
+ pdir, |
|
3204 |
+#ifdef ACCESSPERMS |
|
3205 |
+ (int)(statb.st_mode & ACCESSPERMS) |
|
3206 | 3206 |
#else |
3207 |
- (int)(statb.st_mode & 0777) |
|
3207 |
+ (int)(statb.st_mode & 0777) |
|
3208 | 3208 |
#endif |
3209 |
- ); |
|
3210 |
- } |
|
3211 |
- |
|
3212 |
- number = (char *)messageFindArgument(m, "number"); |
|
3213 |
- if(number == NULL) { |
|
3214 |
- free(id); |
|
3215 |
- return -1; |
|
3216 |
- } |
|
3217 |
- |
|
3218 |
- oldfilename = messageGetFilename(m); |
|
3219 |
- |
|
3220 |
- arg = cli_malloc(10 + strlen(id) + strlen(number)); |
|
3221 |
- if(arg) { |
|
3222 |
- sprintf(arg, "filename=%s%s", id, number); |
|
3223 |
- messageAddArgument(m, arg); |
|
3224 |
- free(arg); |
|
3225 |
- } |
|
3226 |
- |
|
3227 |
- if(oldfilename) { |
|
3228 |
- cli_dbgmsg("Must reset to %s\n", oldfilename); |
|
3229 |
- free(oldfilename); |
|
3230 |
- } |
|
3231 |
- |
|
3232 |
- n = atoi(number); |
|
3209 |
+ ); |
|
3210 |
+ } |
|
3211 |
+ |
|
3212 |
+ number = (char *)messageFindArgument(m, "number"); |
|
3213 |
+ if (number == NULL) { |
|
3214 |
+ free(id); |
|
3215 |
+ return -1; |
|
3216 |
+ } |
|
3217 |
+ |
|
3218 |
+ oldfilename = messageGetFilename(m); |
|
3219 |
+ |
|
3220 |
+ arg = cli_malloc(10 + strlen(id) + strlen(number)); |
|
3221 |
+ if (arg) { |
|
3222 |
+ sprintf(arg, "filename=%s%s", id, number); |
|
3223 |
+ messageAddArgument(m, arg); |
|
3224 |
+ free(arg); |
|
3225 |
+ } |
|
3226 |
+ |
|
3227 |
+ if (oldfilename) { |
|
3228 |
+ cli_dbgmsg("Must reset to %s\n", oldfilename); |
|
3229 |
+ free(oldfilename); |
|
3230 |
+ } |
|
3231 |
+ |
|
3232 |
+ n = atoi(number); |
|
3233 | 3233 |
cl_hash_data("md5", id, strlen(id), md5_val, NULL); |
3234 |
- md5_hex = cli_str2hex((const char*)md5_val, 16); |
|
3235 |
- |
|
3236 |
- if(!md5_hex) { |
|
3237 |
- free(id); |
|
3238 |
- free(number); |
|
3239 |
- return CL_EMEM; |
|
3240 |
- } |
|
3241 |
- |
|
3242 |
- if(messageSavePartial(m, pdir, md5_hex, n) < 0) { |
|
3243 |
- free(md5_hex); |
|
3244 |
- free(id); |
|
3245 |
- free(number); |
|
3246 |
- return -1; |
|
3247 |
- } |
|
3248 |
- |
|
3249 |
- total = (char *)messageFindArgument(m, "total"); |
|
3250 |
- cli_dbgmsg("rfc1341: %s, %s of %s\n", id, number, (total) ? total : "?"); |
|
3251 |
- if(total) { |
|
3252 |
- int t = atoi(total); |
|
3253 |
- DIR *dd = NULL; |
|
3254 |
- |
|
3255 |
- free(total); |
|
3256 |
- /* |
|
3234 |
+ md5_hex = cli_str2hex((const char *)md5_val, 16); |
|
3235 |
+ |
|
3236 |
+ if (!md5_hex) { |
|
3237 |
+ free(id); |
|
3238 |
+ free(number); |
|
3239 |
+ return CL_EMEM; |
|
3240 |
+ } |
|
3241 |
+ |
|
3242 |
+ if (messageSavePartial(m, pdir, md5_hex, n) < 0) { |
|
3243 |
+ free(md5_hex); |
|
3244 |
+ free(id); |
|
3245 |
+ free(number); |
|
3246 |
+ return -1; |
|
3247 |
+ } |
|
3248 |
+ |
|
3249 |
+ total = (char *)messageFindArgument(m, "total"); |
|
3250 |
+ cli_dbgmsg("rfc1341: %s, %s of %s\n", id, number, (total) ? total : "?"); |
|
3251 |
+ if (total) { |
|
3252 |
+ int t = atoi(total); |
|
3253 |
+ DIR *dd = NULL; |
|
3254 |
+ |
|
3255 |
+ free(total); |
|
3256 |
+ /* |
|
3257 | 3257 |
* If it's the last one - reassemble it |
3258 | 3258 |
* FIXME: this assumes that we receive the parts in order |
3259 | 3259 |
*/ |
3260 |
- if((n == t) && ((dd = opendir(pdir)) != NULL)) { |
|
3261 |
- FILE *fout; |
|
3262 |
- char outname[NAME_MAX + 1]; |
|
3263 |
- time_t now; |
|
3264 |
- |
|
3265 |
- sanitiseName(id); |
|
3266 |
- |
|
3267 |
- snprintf(outname, sizeof(outname) - 1, "%s"PATHSEP"%s", dir, id); |
|
3268 |
- |
|
3269 |
- cli_dbgmsg("outname: %s\n", outname); |
|
3270 |
- |
|
3271 |
- fout = fopen(outname, "wb"); |
|
3272 |
- if(fout == NULL) { |
|
3273 |
- cli_errmsg("Can't open '%s' for writing", outname); |
|
3274 |
- free(id); |
|
3275 |
- free(number); |
|
3276 |
- free(md5_hex); |
|
3277 |
- closedir(dd); |
|
3278 |
- return -1; |
|
3279 |
- } |
|
3280 |
- |
|
3281 |
- time(&now); |
|
3282 |
- for(n = 1; n <= t; n++) { |
|
3283 |
- char filename[NAME_MAX + 1]; |
|
3284 |
- struct dirent *dent; |
|
3260 |
+ if ((n == t) && ((dd = opendir(pdir)) != NULL)) { |
|
3261 |
+ FILE *fout; |
|
3262 |
+ char outname[NAME_MAX + 1]; |
|
3263 |
+ time_t now; |
|
3264 |
+ |
|
3265 |
+ sanitiseName(id); |
|
3266 |
+ |
|
3267 |
+ snprintf(outname, sizeof(outname) - 1, "%s" PATHSEP "%s", dir, id); |
|
3268 |
+ |
|
3269 |
+ cli_dbgmsg("outname: %s\n", outname); |
|
3270 |
+ |
|
3271 |
+ fout = fopen(outname, "wb"); |
|
3272 |
+ if (fout == NULL) { |
|
3273 |
+ cli_errmsg("Can't open '%s' for writing", outname); |
|
3274 |
+ free(id); |
|
3275 |
+ free(number); |
|
3276 |
+ free(md5_hex); |
|
3277 |
+ closedir(dd); |
|
3278 |
+ return -1; |
|
3279 |
+ } |
|
3280 |
+ |
|
3281 |
+ time(&now); |
|
3282 |
+ for (n = 1; n <= t; n++) { |
|
3283 |
+ char filename[NAME_MAX + 1]; |
|
3284 |
+ struct dirent *dent; |
|
3285 | 3285 |
#if defined(HAVE_READDIR_R_3) || defined(HAVE_READDIR_R_2) |
3286 |
- union { |
|
3287 |
- struct dirent d; |
|
3288 |
- char b[offsetof(struct dirent, d_name) + NAME_MAX + 1]; |
|
3289 |
- } result; |
|
3286 |
+ union { |
|
3287 |
+ struct dirent d; |
|
3288 |
+ char b[offsetof(struct dirent, d_name) + NAME_MAX + 1]; |
|
3289 |
+ } result; |
|
3290 | 3290 |
#endif |
3291 | 3291 |
|
3292 |
- snprintf(filename, sizeof(filename), "_%s-%u", md5_hex, n); |
|
3292 |
+ snprintf(filename, sizeof(filename), "_%s-%u", md5_hex, n); |
|
3293 | 3293 |
|
3294 | 3294 |
#ifdef HAVE_READDIR_R_3 |
3295 |
- while((readdir_r(dd, &result.d, &dent) == 0) && dent) { |
|
3295 |
+ while ((readdir_r(dd, &result.d, &dent) == 0) && dent) { |
|
3296 | 3296 |
#elif defined(HAVE_READDIR_R_2) |
3297 |
- while((dent = (struct dirent *)readdir_r(dd, &result.d))) { |
|
3298 |
-#else /*!HAVE_READDIR_R*/ |
|
3299 |
- while((dent = readdir(dd))) { |
|
3297 |
+ while ((dent = (struct dirent *)readdir_r(dd, &result.d))) { |
|
3298 |
+#else /*!HAVE_READDIR_R*/ |
|
3299 |
+ while ((dent = readdir(dd))) { |
|
3300 | 3300 |
#endif |
3301 |
- FILE *fin; |
|
3302 |
- char buffer[BUFSIZ], fullname[NAME_MAX + 1]; |
|
3303 |
- int nblanks; |
|
3304 |
- STATBUF statb; |
|
3305 |
- const char *dentry_idpart; |
|
3301 |
+ FILE *fin; |
|
3302 |
+ char buffer[BUFSIZ], fullname[NAME_MAX + 1]; |
|
3303 |
+ int nblanks; |
|
3304 |
+ STATBUF statb; |
|
3305 |
+ const char *dentry_idpart; |
|
3306 | 3306 |
int test_fd; |
3307 | 3307 |
|
3308 |
- if(dent->d_ino == 0) |
|
3309 |
- continue; |
|
3308 |
+ if (dent->d_ino == 0) |
|
3309 |
+ continue; |
|
3310 | 3310 |
|
3311 |
- if(!strcmp(".",dent->d_name) || |
|
3312 |
- !strcmp("..", dent->d_name)) |
|
3313 |
- continue; |
|
3314 |
- snprintf(fullname, sizeof(fullname) - 1, |
|
3315 |
- "%s"PATHSEP"%s", pdir, dent->d_name); |
|
3316 |
- dentry_idpart = strchr(dent->d_name, '_'); |
|
3311 |
+ if (!strcmp(".", dent->d_name) || |
|
3312 |
+ !strcmp("..", dent->d_name)) |
|
3313 |
+ continue; |
|
3314 |
+ snprintf(fullname, sizeof(fullname) - 1, |
|
3315 |
+ "%s" PATHSEP "%s", pdir, dent->d_name); |
|
3316 |
+ dentry_idpart = strchr(dent->d_name, '_'); |
|
3317 | 3317 |
|
3318 |
- if(!dentry_idpart || |
|
3319 |
- strcmp(filename, dentry_idpart) != 0) { |
|
3320 |
- if(!m->ctx->engine->keeptmp) |
|
3321 |
- continue; |
|
3318 |
+ if (!dentry_idpart || |
|
3319 |
+ strcmp(filename, dentry_idpart) != 0) { |
|
3320 |
+ if (!m->ctx->engine->keeptmp) |
|
3321 |
+ continue; |
|
3322 | 3322 |
|
3323 | 3323 |
if ((test_fd = open(fullname, O_RDONLY)) < 0) |
3324 | 3324 |
continue; |
3325 | 3325 |
|
3326 |
- if(FSTAT(test_fd, &statb) < 0) { |
|
3326 |
+ if (FSTAT(test_fd, &statb) < 0) { |
|
3327 | 3327 |
close(test_fd); |
3328 |
- continue; |
|
3328 |
+ continue; |
|
3329 | 3329 |
} |
3330 | 3330 |
|
3331 |
- if(now - statb.st_mtime > (time_t)(7 * 24 * 3600)) { |
|
3332 |
- if (cli_unlink(fullname)) { |
|
3333 |
- cli_unlink(outname); |
|
3334 |
- fclose(fout); |
|
3335 |
- free(md5_hex); |
|
3336 |
- free(id); |
|
3337 |
- free(number); |
|
3338 |
- closedir(dd); |
|
3331 |
+ if (now - statb.st_mtime > (time_t)(7 * 24 * 3600)) { |
|
3332 |
+ if (cli_unlink(fullname)) { |
|
3333 |
+ cli_unlink(outname); |
|
3334 |
+ fclose(fout); |
|
3335 |
+ free(md5_hex); |
|
3336 |
+ free(id); |
|
3337 |
+ free(number); |
|
3338 |
+ closedir(dd); |
|
3339 | 3339 |
close(test_fd); |
3340 |
- return -1; |
|
3341 |
- } |
|
3342 |
- } |
|
3340 |
+ return -1; |
|
3341 |
+ } |
|
3342 |
+ } |
|
3343 | 3343 |
|
3344 | 3344 |
close(test_fd); |
3345 |
- continue; |
|
3346 |
- } |
|
3347 |
- |
|
3348 |
- fin = fopen(fullname, "rb"); |
|
3349 |
- if(fin == NULL) { |
|
3350 |
- cli_errmsg("Can't open '%s' for reading", fullname); |
|
3351 |
- fclose(fout); |
|
3352 |
- cli_unlink(outname); |
|
3353 |
- free(md5_hex); |
|
3354 |
- free(id); |
|
3355 |
- free(number); |
|
3356 |
- closedir(dd); |
|
3357 |
- return -1; |
|
3358 |
- } |
|
3359 |
- nblanks = 0; |
|
3360 |
- while(fgets(buffer, sizeof(buffer) - 1, fin) != NULL) |
|
3361 |
- /* |
|
3345 |
+ continue; |
|
3346 |
+ } |
|
3347 |
+ |
|
3348 |
+ fin = fopen(fullname, "rb"); |
|
3349 |
+ if (fin == NULL) { |
|
3350 |
+ cli_errmsg("Can't open '%s' for reading", fullname); |
|
3351 |
+ fclose(fout); |
|
3352 |
+ cli_unlink(outname); |
|
3353 |
+ free(md5_hex); |
|
3354 |
+ free(id); |
|
3355 |
+ free(number); |
|
3356 |
+ closedir(dd); |
|
3357 |
+ return -1; |
|
3358 |
+ } |
|
3359 |
+ nblanks = 0; |
|
3360 |
+ while (fgets(buffer, sizeof(buffer) - 1, fin) != NULL) |
|
3361 |
+ /* |
|
3362 | 3362 |
* Ensure that trailing newlines |
3363 | 3363 |
* aren't copied |
3364 | 3364 |
*/ |
3365 |
- if(buffer[0] == '\n') |
|
3366 |
- nblanks++; |
|
3367 |
- else { |
|
3368 |
- if(nblanks) |
|
3369 |
- do { |
|
3370 |
- if (putc('\n', fout)==EOF) break; |
|
3371 |
- } while(--nblanks > 0); |
|
3372 |
- if (nblanks || fputs(buffer, fout)==EOF) { |
|
3373 |
- fclose(fin); |
|
3374 |
- fclose(fout); |
|
3375 |
- cli_unlink(outname); |
|
3376 |
- free(md5_hex); |
|
3377 |
- free(id); |
|
3378 |
- free(number); |
|
3379 |
- closedir(dd); |
|
3380 |
- return -1; |
|
3381 |
- } |
|
3382 |
- } |
|
3383 |
- fclose(fin); |
|
3384 |
- |
|
3385 |
- /* don't unlink if leave temps */ |
|
3386 |
- if(!m->ctx->engine->keeptmp) { |
|
3387 |
- if(cli_unlink(fullname)) { |
|
3388 |
- fclose(fout); |
|
3389 |
- cli_unlink(outname); |
|
3390 |
- free(md5_hex); |
|
3391 |
- free(id); |
|
3392 |
- free(number); |
|
3393 |
- closedir(dd); |
|
3394 |
- return -1; |
|
3395 |
- } |
|
3396 |
- } |
|
3397 |
- break; |
|
3398 |
- } |
|
3399 |
- rewinddir(dd); |
|
3400 |
- } |
|
3401 |
- closedir(dd); |
|
3402 |
- fclose(fout); |
|
3403 |
- } |
|
3404 |
- } |
|
3405 |
- free(number); |
|
3406 |
- free(id); |
|
3407 |
- free(md5_hex); |
|
3408 |
- |
|
3409 |
- return 0; |
|
3365 |
+ if (buffer[0] == '\n') |
|
3366 |
+ nblanks++; |
|
3367 |
+ else { |
|
3368 |
+ if (nblanks) |
|
3369 |
+ do { |
|
3370 |
+ if (putc('\n', fout) == EOF) break; |
|
3371 |
+ } while (--nblanks > 0); |
|
3372 |
+ if (nblanks || fputs(buffer, fout) == EOF) { |
|
3373 |
+ fclose(fin); |
|
3374 |
+ fclose(fout); |
|
3375 |
+ cli_unlink(outname); |
|
3376 |
+ free(md5_hex); |
|
3377 |
+ free(id); |
|
3378 |
+ free(number); |
|
3379 |
+ closedir(dd); |
|
3380 |
+ return -1; |
|
3381 |
+ } |
|
3382 |
+ } |
|
3383 |
+ fclose(fin); |
|
3384 |
+ |
|
3385 |
+ /* don't unlink if leave temps */ |
|
3386 |
+ if (!m->ctx->engine->keeptmp) { |
|
3387 |
+ if (cli_unlink(fullname)) { |
|
3388 |
+ fclose(fout); |
|
3389 |
+ cli_unlink(outname); |
|
3390 |
+ free(md5_hex); |
|
3391 |
+ free(id); |
|
3392 |
+ free(number); |
|
3393 |
+ closedir(dd); |
|
3394 |
+ return -1; |
|
3395 |
+ } |
|
3396 |
+ } |
|
3397 |
+ break; |
|
3398 |
+ } |
|
3399 |
+ rewinddir(dd); |
|
3400 |
+ } |
|
3401 |
+ closedir(dd); |
|
3402 |
+ fclose(fout); |
|
3403 |
+ } |
|
3404 |
+ } |
|
3405 |
+ free(number); |
|
3406 |
+ free(id); |
|
3407 |
+ free(md5_hex); |
|
3408 |
+ |
|
3409 |
+ return 0; |
|
3410 | 3410 |
} |
3411 | 3411 |
|
3412 | 3412 |
static void |
3413 | 3413 |
hrefs_done(blob *b, tag_arguments_t *hrefs) |
3414 | 3414 |
{ |
3415 |
- if(b) |
|
3416 |
- blobDestroy(b); |
|
3417 |
- html_tag_arg_free(hrefs); |
|
3415 |
+ if (b) |
|
3416 |
+ blobDestroy(b); |
|
3417 |
+ html_tag_arg_free(hrefs); |
|
3418 | 3418 |
} |
3419 | 3419 |
|
3420 | 3420 |
/* extract URLs from static text */ |
... | ... |
@@ -3422,28 +3400,28 @@ static void extract_text_urls(const unsigned char *mem, size_t len, tag_argument |
3422 | 3422 |
{ |
3423 | 3423 |
char url[1024]; |
3424 | 3424 |
size_t off; |
3425 |
- for (off=0;off + 10 < len;off++) { |
|
3426 |
- /* check whether this is the start of a URL */ |
|
3427 |
- int32_t proto = cli_readint32(mem + off); |
|
3428 |
- /* convert to lowercase */ |
|
3429 |
- proto |= 0x20202020; |
|
3430 |
- /* 'http:', 'https:', or 'ftp:' in little-endian */ |
|
3431 |
- if ((proto == 0x70747468 && |
|
3432 |
- (mem[off+4] == ':' || (mem[off+5] == 's' && mem[off+6] == ':'))) |
|
3433 |
- || proto == 0x3a707466) { |
|
3434 |
- size_t url_len; |
|
3435 |
- for (url_len=4; off + url_len < len && url_len < (sizeof(url)-1); url_len++) { |
|
3436 |
- unsigned char c = mem[off + url_len]; |
|
3437 |
- /* smart compilers will compile this if into |
|
3425 |
+ for (off = 0; off + 10 < len; off++) { |
|
3426 |
+ /* check whether this is the start of a URL */ |
|
3427 |
+ int32_t proto = cli_readint32(mem + off); |
|
3428 |
+ /* convert to lowercase */ |
|
3429 |
+ proto |= 0x20202020; |
|
3430 |
+ /* 'http:', 'https:', or 'ftp:' in little-endian */ |
|
3431 |
+ if ((proto == 0x70747468 && |
|
3432 |
+ (mem[off + 4] == ':' || (mem[off + 5] == 's' && mem[off + 6] == ':'))) || |
|
3433 |
+ proto == 0x3a707466) { |
|
3434 |
+ size_t url_len; |
|
3435 |
+ for (url_len = 4; off + url_len < len && url_len < (sizeof(url) - 1); url_len++) { |
|
3436 |
+ unsigned char c = mem[off + url_len]; |
|
3437 |
+ /* smart compilers will compile this if into |
|
3438 | 3438 |
* a single bt + jb instruction */ |
3439 |
- if (c == ' ' || c == '\n' || c == '\t') |
|
3440 |
- break; |
|
3441 |
- } |
|
3442 |
- memcpy(url, mem + off, url_len); |
|
3443 |
- url[url_len] = '\0'; |
|
3444 |
- html_tag_arg_add(hrefs, "href", url); |
|
3445 |
- off += url_len; |
|
3446 |
- } |
|
3439 |
+ if (c == ' ' || c == '\n' || c == '\t') |
|
3440 |
+ break; |
|
3441 |
+ } |
|
3442 |
+ memcpy(url, mem + off, url_len); |
|
3443 |
+ url[url_len] = '\0'; |
|
3444 |
+ html_tag_arg_add(hrefs, "href", url); |
|
3445 |
+ off += url_len; |
|
3446 |
+ } |
|
3447 | 3447 |
} |
3448 | 3448 |
} |
3449 | 3449 |
|
... | ... |
@@ -3455,44 +3433,44 @@ static void extract_text_urls(const unsigned char *mem, size_t len, tag_argument |
3455 | 3455 |
static blob * |
3456 | 3456 |
getHrefs(message *m, tag_arguments_t *hrefs) |
3457 | 3457 |
{ |
3458 |
- unsigned char *mem; |
|
3459 |
- blob *b = messageToBlob(m, 0); |
|
3460 |
- size_t len; |
|
3461 |
- |
|
3462 |
- if(b == NULL) |
|
3463 |
- return NULL; |
|
3464 |
- |
|
3465 |
- len = blobGetDataSize(b); |
|
3466 |
- |
|
3467 |
- if(len == 0) { |
|
3468 |
- blobDestroy(b); |
|
3469 |
- return NULL; |
|
3470 |
- } |
|
3471 |
- |
|
3472 |
- /* TODO: make this size customisable */ |
|
3473 |
- if(len > 100*1024) { |
|
3474 |
- cli_dbgmsg("Viruses pointed to by URLs not scanned in large message\n"); |
|
3475 |
- blobDestroy(b); |
|
3476 |
- return NULL; |
|
3477 |
- } |
|
3478 |
- |
|
3479 |
- hrefs->count = 0; |
|
3480 |
- hrefs->tag = hrefs->value = NULL; |
|
3481 |
- hrefs->contents = NULL; |
|
3482 |
- |
|
3483 |
- cli_dbgmsg("getHrefs: calling html_normalise_mem\n"); |
|
3484 |
- mem = blobGetData(b); |
|
3485 |
- if(!html_normalise_mem(mem, (off_t)len, NULL, hrefs,m->ctx->dconf)) { |
|
3486 |
- blobDestroy(b); |
|
3487 |
- return NULL; |
|
3488 |
- } |
|
3489 |
- cli_dbgmsg("getHrefs: html_normalise_mem returned\n"); |
|
3490 |
- if (!hrefs->count && hrefs->scanContents) { |
|
3491 |
- extract_text_urls(mem, len, hrefs); |
|
3492 |
- } |
|
3493 |
- |
|
3494 |
- /* TODO: Do we need to call remove_html_comments? */ |
|
3495 |
- return b; |
|
3458 |
+ unsigned char *mem; |
|
3459 |
+ blob *b = messageToBlob(m, 0); |
|
3460 |
+ size_t len; |
|
3461 |
+ |
|
3462 |
+ if (b == NULL) |
|
3463 |
+ return NULL; |
|
3464 |
+ |
|
3465 |
+ len = blobGetDataSize(b); |
|
3466 |
+ |
|
3467 |
+ if (len == 0) { |
|
3468 |
+ blobDestroy(b); |
|
3469 |
+ return NULL; |
|
3470 |
+ } |
|
3471 |
+ |
|
3472 |
+ /* TODO: make this size customisable */ |
|
3473 |
+ if (len > 100 * 1024) { |
|
3474 |
+ cli_dbgmsg("Viruses pointed to by URLs not scanned in large message\n"); |
|
3475 |
+ blobDestroy(b); |
|
3476 |
+ return NULL; |
|
3477 |
+ } |
|
3478 |
+ |
|
3479 |
+ hrefs->count = 0; |
|
3480 |
+ hrefs->tag = hrefs->value = NULL; |
|
3481 |
+ hrefs->contents = NULL; |
|
3482 |
+ |
|
3483 |
+ cli_dbgmsg("getHrefs: calling html_normalise_mem\n"); |
|
3484 |
+ mem = blobGetData(b); |
|
3485 |
+ if (!html_normalise_mem(mem, (off_t)len, NULL, hrefs, m->ctx->dconf)) { |
|
3486 |
+ blobDestroy(b); |
|
3487 |
+ return NULL; |
|
3488 |
+ } |
|
3489 |
+ cli_dbgmsg("getHrefs: html_normalise_mem returned\n"); |
|
3490 |
+ if (!hrefs->count && hrefs->scanContents) { |
|
3491 |
+ extract_text_urls(mem, len, hrefs); |
|
3492 |
+ } |
|
3493 |
+ |
|
3494 |
+ /* TODO: Do we need to call remove_html_comments? */ |
|
3495 |
+ return b; |
|
3496 | 3496 |
} |
3497 | 3497 |
|
3498 | 3498 |
/* |
... | ... |
@@ -3502,84 +3480,84 @@ getHrefs(message *m, tag_arguments_t *hrefs) |
3502 | 3502 |
static void |
3503 | 3503 |
checkURLs(message *mainMessage, mbox_ctx *mctx, mbox_status *rc, int is_html) |
3504 | 3504 |
{ |
3505 |
- blob *b; |
|
3506 |
- tag_arguments_t hrefs; |
|
3505 |
+ blob *b; |
|
3506 |
+ tag_arguments_t hrefs; |
|
3507 | 3507 |
|
3508 | 3508 |
UNUSEDPARAM(is_html); |
3509 | 3509 |
|
3510 |
- if(*rc == VIRUS) |
|
3511 |
- return; |
|
3510 |
+ if (*rc == VIRUS) |
|
3511 |
+ return; |
|
3512 | 3512 |
|
3513 |
- hrefs.scanContents = mctx->ctx->engine->dboptions&CL_DB_PHISHING_URLS && (DCONF_PHISHING & PHISHING_CONF_ENGINE); |
|
3513 |
+ hrefs.scanContents = mctx->ctx->engine->dboptions & CL_DB_PHISHING_URLS && (DCONF_PHISHING & PHISHING_CONF_ENGINE); |
|
3514 | 3514 |
|
3515 |
- if(!hrefs.scanContents) |
|
3516 |
- /* |
|
3515 |
+ if (!hrefs.scanContents) |
|
3516 |
+ /* |
|
3517 | 3517 |
* Don't waste time extracting hrefs (parsing html), nobody |
3518 | 3518 |
* will need it |
3519 | 3519 |
*/ |
3520 |
- return; |
|
3520 |
+ return; |
|
3521 | 3521 |
|
3522 |
- hrefs.count = 0; |
|
3523 |
- hrefs.tag = hrefs.value = NULL; |
|
3524 |
- hrefs.contents = NULL; |
|
3522 |
+ hrefs.count = 0; |
|
3523 |
+ hrefs.tag = hrefs.value = NULL; |
|
3524 |
+ hrefs.contents = NULL; |
|
3525 | 3525 |
|
3526 |
- b = getHrefs(mainMessage, &hrefs); |
|
3527 |
- if(b) { |
|
3528 |
- if(hrefs.scanContents) { |
|
3529 |
- if(phishingScan(mctx->ctx, &hrefs) == CL_VIRUS) { |
|
3530 |
- /* |
|
3526 |
+ b = getHrefs(mainMessage, &hrefs); |
|
3527 |
+ if (b) { |
|
3528 |
+ if (hrefs.scanContents) { |
|
3529 |
+ if (phishingScan(mctx->ctx, &hrefs) == CL_VIRUS) { |
|
3530 |
+ /* |
|
3531 | 3531 |
* FIXME: message objects' contents are |
3532 | 3532 |
* encapsulated so we should not access |
3533 | 3533 |
* the members directly |
3534 | 3534 |
*/ |
3535 |
- mainMessage->isInfected = TRUE; |
|
3536 |
- *rc = VIRUS; |
|
3537 |
- cli_dbgmsg("PH:Phishing found\n"); |
|
3538 |
- } |
|
3539 |
- } |
|
3540 |
- } |
|
3541 |
- hrefs_done(b,&hrefs); |
|
3535 |
+ mainMessage->isInfected = TRUE; |
|
3536 |
+ *rc = VIRUS; |
|
3537 |
+ cli_dbgmsg("PH:Phishing found\n"); |
|
3538 |
+ } |
|
3539 |
+ } |
|
3540 |
+ } |
|
3541 |
+ hrefs_done(b, &hrefs); |
|
3542 | 3542 |
} |
3543 | 3543 |
|
3544 | 3544 |
#ifdef HAVE_BACKTRACE |
3545 | 3545 |
static void |
3546 | 3546 |
sigsegv(int sig) |
3547 | 3547 |
{ |
3548 |
- signal(SIGSEGV, SIG_DFL); |
|
3549 |
- print_trace(1); |
|
3550 |
- exit(SIGSEGV); |
|
3548 |
+ signal(SIGSEGV, SIG_DFL); |
|
3549 |
+ print_trace(1); |
|
3550 |
+ exit(SIGSEGV); |
|
3551 | 3551 |
} |
3552 | 3552 |
|
3553 | 3553 |
static void |
3554 | 3554 |
print_trace(int use_syslog) |
3555 | 3555 |
{ |
3556 |
- void *array[10]; |
|
3557 |
- size_t size; |
|
3558 |
- char **strings; |
|
3559 |
- size_t i; |
|
3560 |
- pid_t pid = getpid(); |
|
3556 |
+ void *array[10]; |
|
3557 |
+ size_t size; |
|
3558 |
+ char **strings; |
|
3559 |
+ size_t i; |
|
3560 |
+ pid_t pid = getpid(); |
|
3561 | 3561 |
|
3562 |
- cli_errmsg("Segmentation fault, attempting to print backtrace\n"); |
|
3562 |
+ cli_errmsg("Segmentation fault, attempting to print backtrace\n"); |
|
3563 | 3563 |
|
3564 |
- size = backtrace(array, 10); |
|
3565 |
- strings = backtrace_symbols(array, size); |
|
3564 |
+ size = backtrace(array, 10); |
|
3565 |
+ strings = backtrace_symbols(array, size); |
|
3566 | 3566 |
|
3567 |
- cli_errmsg("Backtrace of pid %d:\n", pid); |
|
3568 |
- if(use_syslog) |
|
3569 |
- syslog(LOG_ERR, "Backtrace of pid %d:", pid); |
|
3567 |
+ cli_errmsg("Backtrace of pid %d:\n", pid); |
|
3568 |
+ if (use_syslog) |
|
3569 |
+ syslog(LOG_ERR, "Backtrace of pid %d:", pid); |
|
3570 | 3570 |
|
3571 |
- for(i = 0; i < size; i++) { |
|
3572 |
- cli_errmsg("%s\n", strings[i]); |
|
3573 |
- if(use_syslog) |
|
3574 |
- syslog(LOG_ERR, "bt[%llu]: %s", (unsigned long long)i, strings[i]); |
|
3575 |
- } |
|
3571 |
+ for (i = 0; i < size; i++) { |
|
3572 |
+ cli_errmsg("%s\n", strings[i]); |
|
3573 |
+ if (use_syslog) |
|
3574 |
+ syslog(LOG_ERR, "bt[%llu]: %s", (unsigned long long)i, strings[i]); |
|
3575 |
+ } |
|
3576 | 3576 |
|
3577 |
-#ifdef SAVE_TMP |
|
3578 |
- cli_errmsg("The errant mail file has been saved\n"); |
|
3577 |
+#ifdef SAVE_TMP |
|
3578 |
+ cli_errmsg("The errant mail file has been saved\n"); |
|
3579 | 3579 |
#endif |
3580 |
- /* #else TODO: dump the current email */ |
|
3580 |
+ /* #else TODO: dump the current email */ |
|
3581 | 3581 |
|
3582 |
- free(strings); |
|
3582 |
+ free(strings); |
|
3583 | 3583 |
} |
3584 | 3584 |
#endif |
3585 | 3585 |
|
... | ... |
@@ -3587,21 +3565,21 @@ print_trace(int use_syslog) |
3587 | 3587 |
static bool |
3588 | 3588 |
usefulHeader(int commandNumber, const char *cmd) |
3589 | 3589 |
{ |
3590 |
- switch(commandNumber) { |
|
3591 |
- case CONTENT_TRANSFER_ENCODING: |
|
3592 |
- case CONTENT_DISPOSITION: |
|
3593 |
- case CONTENT_TYPE: |
|
3594 |
- return TRUE; |
|
3595 |
- default: |
|
3596 |
- if(strcasecmp(cmd, "From") == 0) |
|
3597 |
- return TRUE; |
|
3598 |
- if(strcasecmp(cmd, "Received") == 0) |
|
3599 |
- return TRUE; |
|
3600 |
- if(strcasecmp(cmd, "De") == 0) |
|
3601 |
- return TRUE; |
|
3602 |
- } |
|
3603 |
- |
|
3604 |
- return FALSE; |
|
3590 |
+ switch (commandNumber) { |
|
3591 |
+ case CONTENT_TRANSFER_ENCODING: |
|
3592 |
+ case CONTENT_DISPOSITION: |
|
3593 |
+ case CONTENT_TYPE: |
|
3594 |
+ return TRUE; |
|
3595 |
+ default: |
|
3596 |
+ if (strcasecmp(cmd, "From") == 0) |
|
3597 |
+ return TRUE; |
|
3598 |
+ if (strcasecmp(cmd, "Received") == 0) |
|
3599 |
+ return TRUE; |
|
3600 |
+ if (strcasecmp(cmd, "De") == 0) |
|
3601 |
+ return TRUE; |
|
3602 |
+ } |
|
3603 |
+ |
|
3604 |
+ return FALSE; |
|
3605 | 3605 |
} |
3606 | 3606 |
|
3607 | 3607 |
/* |
... | ... |
@@ -3616,53 +3594,53 @@ getline_from_mbox(char *buffer, size_t buffer_len, fmap_t *map, size_t *at) |
3616 | 3616 |
size_t input_len = MIN(map->len - *at, buffer_len + 1); |
3617 | 3617 |
src = cursrc = fmap_need_off_once(map, *at, input_len); |
3618 | 3618 |
|
3619 |
-/* we check for eof from the result of GETC() |
|
3619 |
+ /* we check for eof from the result of GETC() |
|
3620 | 3620 |
* if(feof(fin)) |
3621 | 3621 |
return NULL;*/ |
3622 |
- if(!src) { |
|
3623 |
- cli_dbgmsg("getline_from_mbox: fmap need failed\n"); |
|
3624 |
- return NULL; |
|
3622 |
+ if (!src) { |
|
3623 |
+ cli_dbgmsg("getline_from_mbox: fmap need failed\n"); |
|
3624 |
+ return NULL; |
|
3625 | 3625 |
} |
3626 |
- if((buffer_len == 0) || (buffer == NULL)) { |
|
3627 |
- cli_errmsg("Invalid call to getline_from_mbox(). Refer to https://www.clamav.net/documents/installing-clamav\n"); |
|
3628 |
- return NULL; |
|
3626 |
+ if ((buffer_len == 0) || (buffer == NULL)) { |
|
3627 |
+ cli_errmsg("Invalid call to getline_from_mbox(). Refer to https://www.clamav.net/documents/installing-clamav\n"); |
|
3628 |
+ return NULL; |
|
3629 | 3629 |
} |
3630 | 3630 |
|
3631 | 3631 |
curbuf = buffer; |
3632 | 3632 |
|
3633 |
- for(i=0; i<buffer_len-1; i++) { |
|
3634 |
- char c; |
|
3635 |
- |
|
3636 |
- if(!input_len--) { |
|
3637 |
- if(curbuf == buffer) { |
|
3638 |
- /* EOF on first char */ |
|
3639 |
- return NULL; |
|
3640 |
- } |
|
3641 |
- break; |
|
3642 |
- } |
|
3643 |
- |
|
3644 |
- switch((c = *cursrc++)) { |
|
3645 |
- case '\0': |
|
3646 |
- continue; |
|
3647 |
- case '\n': |
|
3648 |
- *curbuf++ = '\n'; |
|
3649 |
- if(input_len && *cursrc == '\r') { |
|
3650 |
- i++; |
|
3651 |
- cursrc++; |
|
3652 |
- } |
|
3653 |
- break; |
|
3654 |
- case '\r': |
|
3655 |
- *curbuf++ = '\r'; |
|
3656 |
- if(input_len && *cursrc == '\n') { |
|
3657 |
- i++; |
|
3658 |
- cursrc++; |
|
3659 |
- } |
|
3660 |
- break; |
|
3661 |
- default: |
|
3662 |
- *curbuf++ = c; |
|
3663 |
- continue; |
|
3664 |
- } |
|
3665 |
- break; |
|
3633 |
+ for (i = 0; i < buffer_len - 1; i++) { |
|
3634 |
+ char c; |
|
3635 |
+ |
|
3636 |
+ if (!input_len--) { |
|
3637 |
+ if (curbuf == buffer) { |
|
3638 |
+ /* EOF on first char */ |
|
3639 |
+ return NULL; |
|
3640 |
+ } |
|
3641 |
+ break; |
|
3642 |
+ } |
|
3643 |
+ |
|
3644 |
+ switch ((c = *cursrc++)) { |
|
3645 |
+ case '\0': |
|
3646 |
+ continue; |
|
3647 |
+ case '\n': |
|
3648 |
+ *curbuf++ = '\n'; |
|
3649 |
+ if (input_len && *cursrc == '\r') { |
|
3650 |
+ i++; |
|
3651 |
+ cursrc++; |
|
3652 |
+ } |
|
3653 |
+ break; |
|
3654 |
+ case '\r': |
|
3655 |
+ *curbuf++ = '\r'; |
|
3656 |
+ if (input_len && *cursrc == '\n') { |
|
3657 |
+ i++; |
|
3658 |
+ cursrc++; |
|
3659 |
+ } |
|
3660 |
+ break; |
|
3661 |
+ default: |
|
3662 |
+ *curbuf++ = c; |
|
3663 |
+ continue; |
|
3664 |
+ } |
|
3665 |
+ break; |
|
3666 | 3666 |
} |
3667 | 3667 |
*at += cursrc - src; |
3668 | 3668 |
*curbuf = '\0'; |
... | ... |
@@ -3676,41 +3654,41 @@ getline_from_mbox(char *buffer, size_t buffer_len, fmap_t *map, size_t *at) |
3676 | 3676 |
static bool |
3677 | 3677 |
isBounceStart(mbox_ctx *mctx, const char *line) |
3678 | 3678 |
{ |
3679 |
- size_t len; |
|
3679 |
+ size_t len; |
|
3680 | 3680 |
|
3681 |
- if(line == NULL) |
|
3682 |
- return FALSE; |
|
3683 |
- if(*line == '\0') |
|
3684 |
- return FALSE; |
|
3685 |
- /*if((strncmp(line, "From ", 5) == 0) && !isalnum(line[5])) |
|
3681 |
+ if (line == NULL) |
|
3682 |
+ return FALSE; |
|
3683 |
+ if (*line == '\0') |
|
3684 |
+ return FALSE; |
|
3685 |
+ /*if((strncmp(line, "From ", 5) == 0) && !isalnum(line[5])) |
|
3686 | 3686 |
return FALSE; |
3687 | 3687 |
if((strncmp(line, ">From ", 6) == 0) && !isalnum(line[6])) |
3688 | 3688 |
return FALSE;*/ |
3689 | 3689 |
|
3690 |
- len = strlen(line); |
|
3691 |
- if((len < 6) || (len >= 72)) |
|
3692 |
- return FALSE; |
|
3690 |
+ len = strlen(line); |
|
3691 |
+ if ((len < 6) || (len >= 72)) |
|
3692 |
+ return FALSE; |
|
3693 | 3693 |
|
3694 |
- if((memcmp(line, "From ", 5) == 0) || |
|
3695 |
- (memcmp(line, ">From ", 6) == 0)) { |
|
3696 |
- int numSpaces = 0, numDigits = 0; |
|
3697 |
- |
|
3698 |
- line += 4; |
|
3699 |
- |
|
3700 |
- do |
|
3701 |
- if(*line == ' ') |
|
3702 |
- numSpaces++; |
|
3703 |
- else if(isdigit((*line) & 0xFF)) |
|
3704 |
- numDigits++; |
|
3705 |
- while(*++line != '\0'); |
|
3706 |
- |
|
3707 |
- if(numSpaces < 6) |
|
3708 |
- return FALSE; |
|
3709 |
- if(numDigits < 11) |
|
3710 |
- return FALSE; |
|
3711 |
- return TRUE; |
|
3712 |
- } |
|
3713 |
- return (bool)(cli_filetype((const unsigned char *)line, len, mctx->ctx->engine) == CL_TYPE_MAIL); |
|
3694 |
+ if ((memcmp(line, "From ", 5) == 0) || |
|
3695 |
+ (memcmp(line, ">From ", 6) == 0)) { |
|
3696 |
+ int numSpaces = 0, numDigits = 0; |
|
3697 |
+ |
|
3698 |
+ line += 4; |
|
3699 |
+ |
|
3700 |
+ do |
|
3701 |
+ if (*line == ' ') |
|
3702 |
+ numSpaces++; |
|
3703 |
+ else if (isdigit((*line) & 0xFF)) |
|
3704 |
+ numDigits++; |
|
3705 |
+ while (*++line != '\0'); |
|
3706 |
+ |
|
3707 |
+ if (numSpaces < 6) |
|
3708 |
+ return FALSE; |
|
3709 |
+ if (numDigits < 11) |
|
3710 |
+ return FALSE; |
|
3711 |
+ return TRUE; |
|
3712 |
+ } |
|
3713 |
+ return (bool)(cli_filetype((const unsigned char *)line, len, mctx->ctx->engine) == CL_TYPE_MAIL); |
|
3714 | 3714 |
} |
3715 | 3715 |
|
3716 | 3716 |
/* |
... | ... |
@@ -3720,25 +3698,25 @@ isBounceStart(mbox_ctx *mctx, const char *line) |
3720 | 3720 |
static bool |
3721 | 3721 |
exportBinhexMessage(mbox_ctx *mctx, message *m) |
3722 | 3722 |
{ |
3723 |
- bool infected = FALSE; |
|
3724 |
- fileblob *fb; |
|
3723 |
+ bool infected = FALSE; |
|
3724 |
+ fileblob *fb; |
|
3725 | 3725 |
|
3726 |
- if(messageGetEncoding(m) == NOENCODING) |
|
3727 |
- messageSetEncoding(m, "x-binhex"); |
|
3726 |
+ if (messageGetEncoding(m) == NOENCODING) |
|
3727 |
+ messageSetEncoding(m, "x-binhex"); |
|
3728 | 3728 |
|
3729 |
- fb = messageToFileblob(m, mctx->dir, 0); |
|
3729 |
+ fb = messageToFileblob(m, mctx->dir, 0); |
|
3730 | 3730 |
|
3731 |
- if(fb) { |
|
3732 |
- cli_dbgmsg("Binhex file decoded to %s\n", |
|
3733 |
- fileblobGetFilename(fb)); |
|
3731 |
+ if (fb) { |
|
3732 |
+ cli_dbgmsg("Binhex file decoded to %s\n", |
|
3733 |
+ fileblobGetFilename(fb)); |
|
3734 | 3734 |
|
3735 |
- if(fileblobScanAndDestroy(fb) == CL_VIRUS) |
|
3736 |
- infected = TRUE; |
|
3737 |
- mctx->files++; |
|
3738 |
- } else |
|
3739 |
- cli_errmsg("Couldn't decode binhex file to %s\n", mctx->dir); |
|
3735 |
+ if (fileblobScanAndDestroy(fb) == CL_VIRUS) |
|
3736 |
+ infected = TRUE; |
|
3737 |
+ mctx->files++; |
|
3738 |
+ } else |
|
3739 |
+ cli_errmsg("Couldn't decode binhex file to %s\n", mctx->dir); |
|
3740 | 3740 |
|
3741 |
- return infected; |
|
3741 |
+ return infected; |
|
3742 | 3742 |
} |
3743 | 3743 |
|
3744 | 3744 |
/* |
... | ... |
@@ -3747,11 +3725,11 @@ exportBinhexMessage(mbox_ctx *mctx, message *m) |
3747 | 3747 |
static int |
3748 | 3748 |
exportBounceMessage(mbox_ctx *mctx, text *start) |
3749 | 3749 |
{ |
3750 |
- int rc = CL_CLEAN; |
|
3751 |
- text *t; |
|
3752 |
- fileblob *fb; |
|
3750 |
+ int rc = CL_CLEAN; |
|
3751 |
+ text *t; |
|
3752 |
+ fileblob *fb; |
|
3753 | 3753 |
|
3754 |
- /* |
|
3754 |
+ /* |
|
3755 | 3755 |
* Attempt to save the original (unbounced) |
3756 | 3756 |
* message - clamscan will find that in the |
3757 | 3757 |
* directory and call us again (with any luck) |
... | ... |
@@ -3770,80 +3748,80 @@ exportBounceMessage(mbox_ctx *mctx, text *start) |
3770 | 3770 |
* must remain otherwise non bounce messages |
3771 | 3771 |
* won't be scanned |
3772 | 3772 |
*/ |
3773 |
- for(t = start; t; t = t->t_next) { |
|
3774 |
- const char *txt = lineGetData(t->t_line); |
|
3775 |
- char cmd[RFC2821LENGTH + 1]; |
|
3776 |
- |
|
3777 |
- if(txt == NULL) |
|
3778 |
- continue; |
|
3779 |
- if(cli_strtokbuf(txt, 0, ":", cmd) == NULL) |
|
3780 |
- continue; |
|
3781 |
- |
|
3782 |
- switch(tableFind(mctx->rfc821Table, cmd)) { |
|
3783 |
- case CONTENT_TRANSFER_ENCODING: |
|
3784 |
- if((strstr(txt, "7bit") == NULL) && |
|
3785 |
- (strstr(txt, "8bit") == NULL)) |
|
3786 |
- break; |
|
3787 |
- continue; |
|
3788 |
- case CONTENT_DISPOSITION: |
|
3789 |
- break; |
|
3790 |
- case CONTENT_TYPE: |
|
3791 |
- if(strstr(txt, "text/plain") != NULL) |
|
3792 |
- t = NULL; |
|
3793 |
- break; |
|
3794 |
- default: |
|
3795 |
- if(strcasecmp(cmd, "From") == 0) |
|
3796 |
- start = t; |
|
3797 |
- else if(strcasecmp(cmd, "Received") == 0) |
|
3798 |
- start = t; |
|
3799 |
- continue; |
|
3800 |
- } |
|
3801 |
- break; |
|
3802 |
- } |
|
3803 |
- if(t && ((fb = fileblobCreate()) != NULL)) { |
|
3804 |
- cli_dbgmsg("Found a bounce message\n"); |
|
3805 |
- fileblobSetFilename(fb, mctx->dir, "bounce"); |
|
3806 |
- fileblobSetCTX(fb, mctx->ctx); |
|
3807 |
- if(textToFileblob(start, fb, 1) == NULL) { |
|
3808 |
- cli_dbgmsg("Nothing new to save in the bounce message\n"); |
|
3809 |
- fileblobDestroy(fb); |
|
3810 |
- } else |
|
3811 |
- rc = fileblobScanAndDestroy(fb); |
|
3812 |
- mctx->files++; |
|
3813 |
- } else |
|
3814 |
- cli_dbgmsg("Not found a bounce message\n"); |
|
3815 |
- |
|
3816 |
- return rc; |
|
3773 |
+ for (t = start; t; t = t->t_next) { |
|
3774 |
+ const char *txt = lineGetData(t->t_line); |
|
3775 |
+ char cmd[RFC2821LENGTH + 1]; |
|
3776 |
+ |
|
3777 |
+ if (txt == NULL) |
|
3778 |
+ continue; |
|
3779 |
+ if (cli_strtokbuf(txt, 0, ":", cmd) == NULL) |
|
3780 |
+ continue; |
|
3781 |
+ |
|
3782 |
+ switch (tableFind(mctx->rfc821Table, cmd)) { |
|
3783 |
+ case CONTENT_TRANSFER_ENCODING: |
|
3784 |
+ if ((strstr(txt, "7bit") == NULL) && |
|
3785 |
+ (strstr(txt, "8bit") == NULL)) |
|
3786 |
+ break; |
|
3787 |
+ continue; |
|
3788 |
+ case CONTENT_DISPOSITION: |
|
3789 |
+ break; |
|
3790 |
+ case CONTENT_TYPE: |
|
3791 |
+ if (strstr(txt, "text/plain") != NULL) |
|
3792 |
+ t = NULL; |
|
3793 |
+ break; |
|
3794 |
+ default: |
|
3795 |
+ if (strcasecmp(cmd, "From") == 0) |
|
3796 |
+ start = t; |
|
3797 |
+ else if (strcasecmp(cmd, "Received") == 0) |
|
3798 |
+ start = t; |
|
3799 |
+ continue; |
|
3800 |
+ } |
|
3801 |
+ break; |
|
3802 |
+ } |
|
3803 |
+ if (t && ((fb = fileblobCreate()) != NULL)) { |
|
3804 |
+ cli_dbgmsg("Found a bounce message\n"); |
|
3805 |
+ fileblobSetFilename(fb, mctx->dir, "bounce"); |
|
3806 |
+ fileblobSetCTX(fb, mctx->ctx); |
|
3807 |
+ if (textToFileblob(start, fb, 1) == NULL) { |
|
3808 |
+ cli_dbgmsg("Nothing new to save in the bounce message\n"); |
|
3809 |
+ fileblobDestroy(fb); |
|
3810 |
+ } else |
|
3811 |
+ rc = fileblobScanAndDestroy(fb); |
|
3812 |
+ mctx->files++; |
|
3813 |
+ } else |
|
3814 |
+ cli_dbgmsg("Not found a bounce message\n"); |
|
3815 |
+ |
|
3816 |
+ return rc; |
|
3817 | 3817 |
} |
3818 | 3818 |
|
3819 | 3819 |
/* |
3820 | 3820 |
* Get string representation of mimetype |
3821 | 3821 |
*/ |
3822 |
-static const char *getMimeTypeStr(mime_type mimetype) |
|
3822 |
+static const char *getMimeTypeStr(mime_type mimetype) |
|
3823 | 3823 |
{ |
3824 |
- const struct tableinit *entry = mimeTypeStr; |
|
3825 |
- |
|
3826 |
- while (entry->key) { |
|
3827 |
- if (mimetype == entry->value) |
|
3828 |
- return entry->key; |
|
3829 |
- entry++; |
|
3830 |
- } |
|
3831 |
- return "UNKNOWN"; |
|
3824 |
+ const struct tableinit *entry = mimeTypeStr; |
|
3825 |
+ |
|
3826 |
+ while (entry->key) { |
|
3827 |
+ if (mimetype == entry->value) |
|
3828 |
+ return entry->key; |
|
3829 |
+ entry++; |
|
3830 |
+ } |
|
3831 |
+ return "UNKNOWN"; |
|
3832 | 3832 |
} |
3833 | 3833 |
|
3834 | 3834 |
/* |
3835 | 3835 |
* Get string representation of encoding type |
3836 | 3836 |
*/ |
3837 |
-static const char *getEncTypeStr(encoding_type enctype) |
|
3837 |
+static const char *getEncTypeStr(encoding_type enctype) |
|
3838 | 3838 |
{ |
3839 |
- const struct tableinit *entry = encTypeStr; |
|
3840 |
- |
|
3841 |
- while (entry->key) { |
|
3842 |
- if (enctype == entry->value) |
|
3843 |
- return entry->key; |
|
3844 |
- entry++; |
|
3845 |
- } |
|
3846 |
- return "UNKNOWN"; |
|
3839 |
+ const struct tableinit *entry = encTypeStr; |
|
3840 |
+ |
|
3841 |
+ while (entry->key) { |
|
3842 |
+ if (enctype == entry->value) |
|
3843 |
+ return entry->key; |
|
3844 |
+ entry++; |
|
3845 |
+ } |
|
3846 |
+ return "UNKNOWN"; |
|
3847 | 3847 |
} |
3848 | 3848 |
|
3849 | 3849 |
/* |
... | ... |
@@ -3852,146 +3830,145 @@ static const char *getEncTypeStr(encoding_type enctype) |
3852 | 3852 |
static message * |
3853 | 3853 |
do_multipart(message *mainMessage, message **messages, int i, mbox_status *rc, mbox_ctx *mctx, message *messageIn, text **tptr, unsigned int recursion_level) |
3854 | 3854 |
{ |
3855 |
- bool addToText = FALSE; |
|
3856 |
- const char *dtype; |
|
3857 |
-#ifndef SAVE_TO_DISC |
|
3858 |
- message *body; |
|
3855 |
+ bool addToText = FALSE; |
|
3856 |
+ const char *dtype; |
|
3857 |
+#ifndef SAVE_TO_DISC |
|
3858 |
+ message *body; |
|
3859 | 3859 |
#endif |
3860 |
- message *aMessage = messages[i]; |
|
3861 |
- const int doPhishingScan = mctx->ctx->engine->dboptions&CL_DB_PHISHING_URLS && (DCONF_PHISHING&PHISHING_CONF_ENGINE); |
|
3860 |
+ message *aMessage = messages[i]; |
|
3861 |
+ const int doPhishingScan = mctx->ctx->engine->dboptions & CL_DB_PHISHING_URLS && (DCONF_PHISHING & PHISHING_CONF_ENGINE); |
|
3862 | 3862 |
#if HAVE_JSON |
3863 |
- const char *mtype = NULL; |
|
3864 |
- json_object *thisobj = NULL, *saveobj = mctx->wrkobj; |
|
3865 |
- |
|
3866 |
- if (mctx->wrkobj != NULL) { |
|
3867 |
- json_object *multiobj = cli_jsonarray(mctx->wrkobj, "Multipart"); |
|
3868 |
- if (multiobj == NULL) { |
|
3869 |
- cli_errmsg("Cannot get multipart preclass array\n"); |
|
3870 |
- *rc = -1; |
|
3871 |
- return mainMessage; |
|
3872 |
- } |
|
3873 |
- |
|
3874 |
- thisobj = messageGetJObj(aMessage); |
|
3875 |
- if (thisobj == NULL) { |
|
3876 |
- cli_dbgmsg("Cannot get message preclass object\n"); |
|
3877 |
- *rc = -1; |
|
3878 |
- return mainMessage; |
|
3879 |
- } |
|
3880 |
- if (cli_json_addowner(multiobj, thisobj, NULL, -1) != CL_SUCCESS) { |
|
3881 |
- cli_errmsg("Cannot assign message preclass object to multipart preclass array\n"); |
|
3882 |
- *rc = -1; |
|
3883 |
- return mainMessage; |
|
3884 |
- } |
|
3885 |
- } |
|
3863 |
+ const char *mtype = NULL; |
|
3864 |
+ json_object *thisobj = NULL, *saveobj = mctx->wrkobj; |
|
3865 |
+ |
|
3866 |
+ if (mctx->wrkobj != NULL) { |
|
3867 |
+ json_object *multiobj = cli_jsonarray(mctx->wrkobj, "Multipart"); |
|
3868 |
+ if (multiobj == NULL) { |
|
3869 |
+ cli_errmsg("Cannot get multipart preclass array\n"); |
|
3870 |
+ *rc = -1; |
|
3871 |
+ return mainMessage; |
|
3872 |
+ } |
|
3873 |
+ |
|
3874 |
+ thisobj = messageGetJObj(aMessage); |
|
3875 |
+ if (thisobj == NULL) { |
|
3876 |
+ cli_dbgmsg("Cannot get message preclass object\n"); |
|
3877 |
+ *rc = -1; |
|
3878 |
+ return mainMessage; |
|
3879 |
+ } |
|
3880 |
+ if (cli_json_addowner(multiobj, thisobj, NULL, -1) != CL_SUCCESS) { |
|
3881 |
+ cli_errmsg("Cannot assign message preclass object to multipart preclass array\n"); |
|
3882 |
+ *rc = -1; |
|
3883 |
+ return mainMessage; |
|
3884 |
+ } |
|
3885 |
+ } |
|
3886 | 3886 |
#endif |
3887 | 3887 |
|
3888 |
- if(aMessage == NULL) { |
|
3888 |
+ if (aMessage == NULL) { |
|
3889 | 3889 |
#if HAVE_JSON |
3890 |
- if (thisobj != NULL) |
|
3891 |
- cli_jsonstr(thisobj, "MimeType", "NULL"); |
|
3890 |
+ if (thisobj != NULL) |
|
3891 |
+ cli_jsonstr(thisobj, "MimeType", "NULL"); |
|
3892 | 3892 |
#endif |
3893 |
- return mainMessage; |
|
3894 |
- } |
|
3893 |
+ return mainMessage; |
|
3894 |
+ } |
|
3895 | 3895 |
|
3896 |
- if(*rc != OK) |
|
3897 |
- return mainMessage; |
|
3896 |
+ if (*rc != OK) |
|
3897 |
+ return mainMessage; |
|
3898 | 3898 |
|
3899 |
- cli_dbgmsg("Mixed message part %d is of type %d\n", |
|
3900 |
- i, messageGetMimeType(aMessage)); |
|
3899 |
+ cli_dbgmsg("Mixed message part %d is of type %d\n", |
|
3900 |
+ i, messageGetMimeType(aMessage)); |
|
3901 | 3901 |
|
3902 | 3902 |
#if HAVE_JSON |
3903 |
- if (thisobj != NULL) { |
|
3904 |
- cli_jsonstr(thisobj, "MimeType", getMimeTypeStr(messageGetMimeType(aMessage))); |
|
3905 |
- cli_jsonstr(thisobj, "MimeSubtype", messageGetMimeSubtype(aMessage)); |
|
3906 |
- cli_jsonstr(thisobj, "EncodingType", getEncTypeStr(messageGetEncoding(aMessage))); |
|
3907 |
- cli_jsonstr(thisobj, "Disposition", messageGetDispositionType(aMessage)); |
|
3908 |
- cli_jsonstr(thisobj, "Filename", messageHasFilename(aMessage) ? |
|
3909 |
- messageGetFilename(aMessage): "(inline)"); |
|
3910 |
- } |
|
3903 |
+ if (thisobj != NULL) { |
|
3904 |
+ cli_jsonstr(thisobj, "MimeType", getMimeTypeStr(messageGetMimeType(aMessage))); |
|
3905 |
+ cli_jsonstr(thisobj, "MimeSubtype", messageGetMimeSubtype(aMessage)); |
|
3906 |
+ cli_jsonstr(thisobj, "EncodingType", getEncTypeStr(messageGetEncoding(aMessage))); |
|
3907 |
+ cli_jsonstr(thisobj, "Disposition", messageGetDispositionType(aMessage)); |
|
3908 |
+ cli_jsonstr(thisobj, "Filename", messageHasFilename(aMessage) ? messageGetFilename(aMessage) : "(inline)"); |
|
3909 |
+ } |
|
3911 | 3910 |
#endif |
3912 | 3911 |
|
3913 |
- switch(messageGetMimeType(aMessage)) { |
|
3914 |
- case APPLICATION: |
|
3915 |
- case AUDIO: |
|
3916 |
- case IMAGE: |
|
3917 |
- case VIDEO: |
|
3918 |
- break; |
|
3919 |
- case NOMIME: |
|
3920 |
- cli_dbgmsg("No mime headers found in multipart part %d\n", i); |
|
3921 |
- if(mainMessage) { |
|
3922 |
- if(binhexBegin(aMessage)) { |
|
3923 |
- cli_dbgmsg("Found binhex message in multipart/mixed mainMessage\n"); |
|
3924 |
- |
|
3925 |
- if(exportBinhexMessage(mctx, mainMessage)) |
|
3926 |
- *rc = VIRUS; |
|
3927 |
- } |
|
3928 |
- if(mainMessage != messageIn) |
|
3929 |
- messageDestroy(mainMessage); |
|
3930 |
- mainMessage = NULL; |
|
3931 |
- } else if(aMessage) { |
|
3932 |
- if(binhexBegin(aMessage)) { |
|
3933 |
- cli_dbgmsg("Found binhex message in multipart/mixed non mime part\n"); |
|
3934 |
- if(exportBinhexMessage(mctx, aMessage)) |
|
3935 |
- *rc = VIRUS; |
|
3936 |
- assert(aMessage == messages[i]); |
|
3937 |
- messageReset(messages[i]); |
|
3938 |
- } |
|
3939 |
- } |
|
3940 |
- addToText = TRUE; |
|
3941 |
- if(messageGetBody(aMessage) == NULL) |
|
3942 |
- /* |
|
3912 |
+ switch (messageGetMimeType(aMessage)) { |
|
3913 |
+ case APPLICATION: |
|
3914 |
+ case AUDIO: |
|
3915 |
+ case IMAGE: |
|
3916 |
+ case VIDEO: |
|
3917 |
+ break; |
|
3918 |
+ case NOMIME: |
|
3919 |
+ cli_dbgmsg("No mime headers found in multipart part %d\n", i); |
|
3920 |
+ if (mainMessage) { |
|
3921 |
+ if (binhexBegin(aMessage)) { |
|
3922 |
+ cli_dbgmsg("Found binhex message in multipart/mixed mainMessage\n"); |
|
3923 |
+ |
|
3924 |
+ if (exportBinhexMessage(mctx, mainMessage)) |
|
3925 |
+ *rc = VIRUS; |
|
3926 |
+ } |
|
3927 |
+ if (mainMessage != messageIn) |
|
3928 |
+ messageDestroy(mainMessage); |
|
3929 |
+ mainMessage = NULL; |
|
3930 |
+ } else if (aMessage) { |
|
3931 |
+ if (binhexBegin(aMessage)) { |
|
3932 |
+ cli_dbgmsg("Found binhex message in multipart/mixed non mime part\n"); |
|
3933 |
+ if (exportBinhexMessage(mctx, aMessage)) |
|
3934 |
+ *rc = VIRUS; |
|
3935 |
+ assert(aMessage == messages[i]); |
|
3936 |
+ messageReset(messages[i]); |
|
3937 |
+ } |
|
3938 |
+ } |
|
3939 |
+ addToText = TRUE; |
|
3940 |
+ if (messageGetBody(aMessage) == NULL) |
|
3941 |
+ /* |
|
3943 | 3942 |
* No plain text version |
3944 | 3943 |
*/ |
3945 |
- cli_dbgmsg("No plain text alternative\n"); |
|
3946 |
- break; |
|
3947 |
- case TEXT: |
|
3948 |
- dtype = messageGetDispositionType(aMessage); |
|
3949 |
- cli_dbgmsg("Mixed message text part disposition \"%s\"\n", |
|
3950 |
- dtype); |
|
3951 |
- if(strcasecmp(dtype, "attachment") == 0) |
|
3952 |
- break; |
|
3953 |
- if((*dtype == '\0') || (strcasecmp(dtype, "inline") == 0)) { |
|
3954 |
- const char *cptr; |
|
3955 |
- |
|
3956 |
- if(mainMessage && (mainMessage != messageIn)) |
|
3957 |
- messageDestroy(mainMessage); |
|
3958 |
- mainMessage = NULL; |
|
3959 |
- cptr = messageGetMimeSubtype(aMessage); |
|
3960 |
- cli_dbgmsg("Mime subtype \"%s\"\n", cptr); |
|
3961 |
- if((tableFind(mctx->subtypeTable, cptr) == PLAIN) && |
|
3962 |
- (messageGetEncoding(aMessage) == NOENCODING)) { |
|
3963 |
- /* |
|
3944 |
+ cli_dbgmsg("No plain text alternative\n"); |
|
3945 |
+ break; |
|
3946 |
+ case TEXT: |
|
3947 |
+ dtype = messageGetDispositionType(aMessage); |
|
3948 |
+ cli_dbgmsg("Mixed message text part disposition \"%s\"\n", |
|
3949 |
+ dtype); |
|
3950 |
+ if (strcasecmp(dtype, "attachment") == 0) |
|
3951 |
+ break; |
|
3952 |
+ if ((*dtype == '\0') || (strcasecmp(dtype, "inline") == 0)) { |
|
3953 |
+ const char *cptr; |
|
3954 |
+ |
|
3955 |
+ if (mainMessage && (mainMessage != messageIn)) |
|
3956 |
+ messageDestroy(mainMessage); |
|
3957 |
+ mainMessage = NULL; |
|
3958 |
+ cptr = messageGetMimeSubtype(aMessage); |
|
3959 |
+ cli_dbgmsg("Mime subtype \"%s\"\n", cptr); |
|
3960 |
+ if ((tableFind(mctx->subtypeTable, cptr) == PLAIN) && |
|
3961 |
+ (messageGetEncoding(aMessage) == NOENCODING)) { |
|
3962 |
+ /* |
|
3964 | 3963 |
* Strictly speaking, a text/plain part |
3965 | 3964 |
* is not an attachment. We pretend it |
3966 | 3965 |
* is so that we can decode and scan it |
3967 | 3966 |
*/ |
3968 |
- if(!messageHasFilename(aMessage)) { |
|
3969 |
- cli_dbgmsg("Adding part to main message\n"); |
|
3970 |
- addToText = TRUE; |
|
3971 |
- } else |
|
3972 |
- cli_dbgmsg("Treating inline as attachment\n"); |
|
3973 |
- } else { |
|
3974 |
- const int is_html = (tableFind(mctx->subtypeTable, cptr) == HTML); |
|
3975 |
- if(doPhishingScan) |
|
3976 |
- checkURLs(aMessage, mctx, rc, is_html); |
|
3977 |
- messageAddArgument(aMessage, |
|
3978 |
- "filename=mixedtextportion"); |
|
3979 |
- } |
|
3980 |
- break; |
|
3981 |
- } |
|
3982 |
- cli_dbgmsg("Text type %s is not supported\n", dtype); |
|
3983 |
- return mainMessage; |
|
3984 |
- case MESSAGE: |
|
3985 |
- /* Content-Type: message/rfc822 */ |
|
3986 |
- cli_dbgmsg("Found message inside multipart (encoding type %d)\n", |
|
3987 |
- messageGetEncoding(aMessage)); |
|
3988 |
-#ifndef SCAN_UNENCODED_BOUNCES |
|
3989 |
- switch(messageGetEncoding(aMessage)) { |
|
3990 |
- case NOENCODING: |
|
3991 |
- case EIGHTBIT: |
|
3992 |
- case BINARY: |
|
3993 |
- if(encodingLine(aMessage) == NULL) { |
|
3994 |
- /* |
|
3967 |
+ if (!messageHasFilename(aMessage)) { |
|
3968 |
+ cli_dbgmsg("Adding part to main message\n"); |
|
3969 |
+ addToText = TRUE; |
|
3970 |
+ } else |
|
3971 |
+ cli_dbgmsg("Treating inline as attachment\n"); |
|
3972 |
+ } else { |
|
3973 |
+ const int is_html = (tableFind(mctx->subtypeTable, cptr) == HTML); |
|
3974 |
+ if (doPhishingScan) |
|
3975 |
+ checkURLs(aMessage, mctx, rc, is_html); |
|
3976 |
+ messageAddArgument(aMessage, |
|
3977 |
+ "filename=mixedtextportion"); |
|
3978 |
+ } |
|
3979 |
+ break; |
|
3980 |
+ } |
|
3981 |
+ cli_dbgmsg("Text type %s is not supported\n", dtype); |
|
3982 |
+ return mainMessage; |
|
3983 |
+ case MESSAGE: |
|
3984 |
+ /* Content-Type: message/rfc822 */ |
|
3985 |
+ cli_dbgmsg("Found message inside multipart (encoding type %d)\n", |
|
3986 |
+ messageGetEncoding(aMessage)); |
|
3987 |
+#ifndef SCAN_UNENCODED_BOUNCES |
|
3988 |
+ switch (messageGetEncoding(aMessage)) { |
|
3989 |
+ case NOENCODING: |
|
3990 |
+ case EIGHTBIT: |
|
3991 |
+ case BINARY: |
|
3992 |
+ if (encodingLine(aMessage) == NULL) { |
|
3993 |
+ /* |
|
3995 | 3994 |
* This means that the message |
3996 | 3995 |
* has no attachments |
3997 | 3996 |
* |
... | ... |
@@ -4001,39 +3978,39 @@ do_multipart(message *mainMessage, message **messages, int i, mbox_status *rc, m |
4001 | 4001 |
* been set if the message |
4002 | 4002 |
* itself has been encoded |
4003 | 4003 |
*/ |
4004 |
- cli_dbgmsg("Unencoded multipart/message will not be scanned\n"); |
|
4005 |
- assert(aMessage == messages[i]); |
|
4006 |
- messageDestroy(messages[i]); |
|
4007 |
- messages[i] = NULL; |
|
4008 |
- return mainMessage; |
|
4009 |
- } |
|
4010 |
- /* FALLTHROUGH */ |
|
4011 |
- default: |
|
4012 |
- cli_dbgmsg("Encoded multipart/message will be scanned\n"); |
|
4013 |
- } |
|
4004 |
+ cli_dbgmsg("Unencoded multipart/message will not be scanned\n"); |
|
4005 |
+ assert(aMessage == messages[i]); |
|
4006 |
+ messageDestroy(messages[i]); |
|
4007 |
+ messages[i] = NULL; |
|
4008 |
+ return mainMessage; |
|
4009 |
+ } |
|
4010 |
+ /* FALLTHROUGH */ |
|
4011 |
+ default: |
|
4012 |
+ cli_dbgmsg("Encoded multipart/message will be scanned\n"); |
|
4013 |
+ } |
|
4014 | 4014 |
#endif |
4015 |
-#if 0 |
|
4015 |
+#if 0 |
|
4016 | 4016 |
messageAddStrAtTop(aMessage, |
4017 | 4017 |
"Received: by clamd (message/rfc822)"); |
4018 | 4018 |
#endif |
4019 |
-#ifdef SAVE_TO_DISC |
|
4020 |
- /* |
|
4019 |
+#ifdef SAVE_TO_DISC |
|
4020 |
+ /* |
|
4021 | 4021 |
* Save this embedded message |
4022 | 4022 |
* to a temporary file |
4023 | 4023 |
*/ |
4024 |
- if(saveTextPart(mctx, aMessage, 1) == CL_VIRUS) |
|
4025 |
- *rc = VIRUS; |
|
4026 |
- assert(aMessage == messages[i]); |
|
4027 |
- messageDestroy(messages[i]); |
|
4028 |
- messages[i] = NULL; |
|
4024 |
+ if (saveTextPart(mctx, aMessage, 1) == CL_VIRUS) |
|
4025 |
+ *rc = VIRUS; |
|
4026 |
+ assert(aMessage == messages[i]); |
|
4027 |
+ messageDestroy(messages[i]); |
|
4028 |
+ messages[i] = NULL; |
|
4029 | 4029 |
#else |
4030 |
- /* |
|
4030 |
+ /* |
|
4031 | 4031 |
* Scan in memory, faster but is open to DoS attacks |
4032 | 4032 |
* when many nested levels are involved. |
4033 | 4033 |
*/ |
4034 |
- body = parseEmailHeaders(aMessage, mctx->rfc821Table); |
|
4034 |
+ body = parseEmailHeaders(aMessage, mctx->rfc821Table); |
|
4035 | 4035 |
|
4036 |
- /* |
|
4036 |
+ /* |
|
4037 | 4037 |
* We've finished with the |
4038 | 4038 |
* original copy of the message, |
4039 | 4039 |
* so throw that away and |
... | ... |
@@ -4041,106 +4018,106 @@ do_multipart(message *mainMessage, message **messages, int i, mbox_status *rc, m |
4041 | 4041 |
* message as a message. |
4042 | 4042 |
* This can save a lot of memory |
4043 | 4043 |
*/ |
4044 |
- assert(aMessage == messages[i]); |
|
4045 |
- messageDestroy(messages[i]); |
|
4046 |
- messages[i] = NULL; |
|
4044 |
+ assert(aMessage == messages[i]); |
|
4045 |
+ messageDestroy(messages[i]); |
|
4046 |
+ messages[i] = NULL; |
|
4047 | 4047 |
#if HAVE_JSON |
4048 |
- mctx->wrkobj = thisobj; |
|
4048 |
+ mctx->wrkobj = thisobj; |
|
4049 | 4049 |
#endif |
4050 |
- if(body) { |
|
4051 |
- messageSetCTX(body, mctx->ctx); |
|
4052 |
- *rc = parseEmailBody(body, NULL, mctx, recursion_level + 1); |
|
4053 |
- if((*rc == OK) && messageContainsVirus(body)) |
|
4054 |
- *rc = VIRUS; |
|
4055 |
- messageDestroy(body); |
|
4056 |
- } |
|
4050 |
+ if (body) { |
|
4051 |
+ messageSetCTX(body, mctx->ctx); |
|
4052 |
+ *rc = parseEmailBody(body, NULL, mctx, recursion_level + 1); |
|
4053 |
+ if ((*rc == OK) && messageContainsVirus(body)) |
|
4054 |
+ *rc = VIRUS; |
|
4055 |
+ messageDestroy(body); |
|
4056 |
+ } |
|
4057 | 4057 |
#if HAVE_JSON |
4058 |
- mctx->wrkobj = saveobj; |
|
4058 |
+ mctx->wrkobj = saveobj; |
|
4059 | 4059 |
#endif |
4060 | 4060 |
#endif |
4061 |
- return mainMessage; |
|
4062 |
- case MULTIPART: |
|
4063 |
- /* |
|
4061 |
+ return mainMessage; |
|
4062 |
+ case MULTIPART: |
|
4063 |
+ /* |
|
4064 | 4064 |
* It's a multi part within a multi part |
4065 | 4065 |
* Run the message parser on this bit, it won't |
4066 | 4066 |
* be an attachment |
4067 | 4067 |
*/ |
4068 |
- cli_dbgmsg("Found multipart inside multipart\n"); |
|
4068 |
+ cli_dbgmsg("Found multipart inside multipart\n"); |
|
4069 | 4069 |
#if HAVE_JSON |
4070 |
- mctx->wrkobj = thisobj; |
|
4070 |
+ mctx->wrkobj = thisobj; |
|
4071 | 4071 |
#endif |
4072 |
- if(aMessage) { |
|
4073 |
- /* |
|
4072 |
+ if (aMessage) { |
|
4073 |
+ /* |
|
4074 | 4074 |
* The headers were parsed when reading in the |
4075 | 4075 |
* whole multipart section |
4076 | 4076 |
*/ |
4077 |
- *rc = parseEmailBody(aMessage, *tptr, mctx, recursion_level + 1); |
|
4078 |
- cli_dbgmsg("Finished recursion, rc = %d\n", (int)*rc); |
|
4079 |
- assert(aMessage == messages[i]); |
|
4080 |
- messageDestroy(messages[i]); |
|
4081 |
- messages[i] = NULL; |
|
4082 |
- } else { |
|
4083 |
- *rc = parseEmailBody(NULL, NULL, mctx, recursion_level + 1); |
|
4084 |
- if(mainMessage && (mainMessage != messageIn)) |
|
4085 |
- messageDestroy(mainMessage); |
|
4086 |
- mainMessage = NULL; |
|
4087 |
- } |
|
4077 |
+ *rc = parseEmailBody(aMessage, *tptr, mctx, recursion_level + 1); |
|
4078 |
+ cli_dbgmsg("Finished recursion, rc = %d\n", (int)*rc); |
|
4079 |
+ assert(aMessage == messages[i]); |
|
4080 |
+ messageDestroy(messages[i]); |
|
4081 |
+ messages[i] = NULL; |
|
4082 |
+ } else { |
|
4083 |
+ *rc = parseEmailBody(NULL, NULL, mctx, recursion_level + 1); |
|
4084 |
+ if (mainMessage && (mainMessage != messageIn)) |
|
4085 |
+ messageDestroy(mainMessage); |
|
4086 |
+ mainMessage = NULL; |
|
4087 |
+ } |
|
4088 | 4088 |
#if HAVE_JSON |
4089 |
- mctx->wrkobj = saveobj; |
|
4089 |
+ mctx->wrkobj = saveobj; |
|
4090 | 4090 |
#endif |
4091 |
- return mainMessage; |
|
4092 |
- default: |
|
4093 |
- cli_dbgmsg("Only text and application attachments are fully supported, type = %d\n", |
|
4094 |
- messageGetMimeType(aMessage)); |
|
4095 |
- /* fall through - we may be able to salvage something */ |
|
4096 |
- } |
|
4097 |
- |
|
4098 |
- if(*rc != VIRUS) { |
|
4099 |
- fileblob *fb = messageToFileblob(aMessage, mctx->dir, 1); |
|
4091 |
+ return mainMessage; |
|
4092 |
+ default: |
|
4093 |
+ cli_dbgmsg("Only text and application attachments are fully supported, type = %d\n", |
|
4094 |
+ messageGetMimeType(aMessage)); |
|
4095 |
+ /* fall through - we may be able to salvage something */ |
|
4096 |
+ } |
|
4097 |
+ |
|
4098 |
+ if (*rc != VIRUS) { |
|
4099 |
+ fileblob *fb = messageToFileblob(aMessage, mctx->dir, 1); |
|
4100 | 4100 |
#if HAVE_JSON |
4101 |
- json_object *arrobj; |
|
4102 |
- int arrlen = 0; |
|
4101 |
+ json_object *arrobj; |
|
4102 |
+ int arrlen = 0; |
|
4103 | 4103 |
|
4104 |
- if (thisobj != NULL) { |
|
4105 |
- /* attempt to determine container size - prevents incorrect type reporting */ |
|
4106 |
- if (json_object_object_get_ex(mctx->ctx->wrkproperty, "ContainedObjects", &arrobj)) |
|
4107 |
- arrlen = json_object_array_length(arrobj); |
|
4108 |
- } |
|
4104 |
+ if (thisobj != NULL) { |
|
4105 |
+ /* attempt to determine container size - prevents incorrect type reporting */ |
|
4106 |
+ if (json_object_object_get_ex(mctx->ctx->wrkproperty, "ContainedObjects", &arrobj)) |
|
4107 |
+ arrlen = json_object_array_length(arrobj); |
|
4108 |
+ } |
|
4109 | 4109 |
|
4110 | 4110 |
#endif |
4111 |
- if(fb) { |
|
4112 |
- /* aMessage doesn't always have a ctx set */ |
|
4113 |
- fileblobSetCTX(fb, mctx->ctx); |
|
4114 |
- if(fileblobScanAndDestroy(fb) == CL_VIRUS) |
|
4115 |
- *rc = VIRUS; |
|
4116 |
- if (!addToText) |
|
4117 |
- mctx->files++; |
|
4118 |
- } |
|
4111 |
+ if (fb) { |
|
4112 |
+ /* aMessage doesn't always have a ctx set */ |
|
4113 |
+ fileblobSetCTX(fb, mctx->ctx); |
|
4114 |
+ if (fileblobScanAndDestroy(fb) == CL_VIRUS) |
|
4115 |
+ *rc = VIRUS; |
|
4116 |
+ if (!addToText) |
|
4117 |
+ mctx->files++; |
|
4118 |
+ } |
|
4119 | 4119 |
#if HAVE_JSON |
4120 |
- if (thisobj != NULL) { |
|
4121 |
- json_object *entry = NULL; |
|
4122 |
- const char *dtype = NULL; |
|
4123 |
- |
|
4124 |
- /* attempt to acquire container type */ |
|
4125 |
- if (json_object_object_get_ex(mctx->ctx->wrkproperty, "ContainedObjects", &arrobj)) |
|
4126 |
- if (json_object_array_length(arrobj) > arrlen) |
|
4127 |
- entry = json_object_array_get_idx(arrobj, arrlen); |
|
4128 |
- if (entry) { |
|
4129 |
- json_object_object_get_ex(entry, "FileType", &entry); |
|
4130 |
- if (entry) |
|
4131 |
- dtype = json_object_get_string(entry); |
|
4132 |
- } |
|
4133 |
- cli_jsonint(thisobj, "ContainedObjectsIndex", arrlen); |
|
4134 |
- cli_jsonstr(thisobj, "ClamAVFileType", dtype ? dtype : "UNKNOWN"); |
|
4135 |
- } |
|
4120 |
+ if (thisobj != NULL) { |
|
4121 |
+ json_object *entry = NULL; |
|
4122 |
+ const char *dtype = NULL; |
|
4123 |
+ |
|
4124 |
+ /* attempt to acquire container type */ |
|
4125 |
+ if (json_object_object_get_ex(mctx->ctx->wrkproperty, "ContainedObjects", &arrobj)) |
|
4126 |
+ if (json_object_array_length(arrobj) > arrlen) |
|
4127 |
+ entry = json_object_array_get_idx(arrobj, arrlen); |
|
4128 |
+ if (entry) { |
|
4129 |
+ json_object_object_get_ex(entry, "FileType", &entry); |
|
4130 |
+ if (entry) |
|
4131 |
+ dtype = json_object_get_string(entry); |
|
4132 |
+ } |
|
4133 |
+ cli_jsonint(thisobj, "ContainedObjectsIndex", arrlen); |
|
4134 |
+ cli_jsonstr(thisobj, "ClamAVFileType", dtype ? dtype : "UNKNOWN"); |
|
4135 |
+ } |
|
4136 | 4136 |
#endif |
4137 |
- if(messageContainsVirus(aMessage)) |
|
4138 |
- *rc = VIRUS; |
|
4139 |
- } |
|
4140 |
- messageDestroy(aMessage); |
|
4141 |
- messages[i] = NULL; |
|
4137 |
+ if (messageContainsVirus(aMessage)) |
|
4138 |
+ *rc = VIRUS; |
|
4139 |
+ } |
|
4140 |
+ messageDestroy(aMessage); |
|
4141 |
+ messages[i] = NULL; |
|
4142 | 4142 |
|
4143 |
- return mainMessage; |
|
4143 |
+ return mainMessage; |
|
4144 | 4144 |
} |
4145 | 4145 |
|
4146 | 4146 |
/* |
... | ... |
@@ -4149,13 +4126,13 @@ do_multipart(message *mainMessage, message **messages, int i, mbox_status *rc, m |
4149 | 4149 |
static int |
4150 | 4150 |
count_quotes(const char *buf) |
4151 | 4151 |
{ |
4152 |
- int quotes = 0; |
|
4152 |
+ int quotes = 0; |
|
4153 | 4153 |
|
4154 |
- while(*buf) |
|
4155 |
- if(*buf++ == '\"') |
|
4156 |
- quotes++; |
|
4154 |
+ while (*buf) |
|
4155 |
+ if (*buf++ == '\"') |
|
4156 |
+ quotes++; |
|
4157 | 4157 |
|
4158 |
- return quotes; |
|
4158 |
+ return quotes; |
|
4159 | 4159 |
} |
4160 | 4160 |
|
4161 | 4161 |
/* |
... | ... |
@@ -4164,33 +4141,33 @@ count_quotes(const char *buf) |
4164 | 4164 |
static bool |
4165 | 4165 |
next_is_folded_header(const text *t) |
4166 | 4166 |
{ |
4167 |
- const text *next = t->t_next; |
|
4168 |
- const char *data, *ptr; |
|
4167 |
+ const text *next = t->t_next; |
|
4168 |
+ const char *data, *ptr; |
|
4169 | 4169 |
|
4170 |
- if(next == NULL) |
|
4171 |
- return FALSE; |
|
4170 |
+ if (next == NULL) |
|
4171 |
+ return FALSE; |
|
4172 | 4172 |
|
4173 |
- if(next->t_line == NULL) |
|
4174 |
- return FALSE; |
|
4173 |
+ if (next->t_line == NULL) |
|
4174 |
+ return FALSE; |
|
4175 | 4175 |
|
4176 |
- data = lineGetData(next->t_line); |
|
4176 |
+ data = lineGetData(next->t_line); |
|
4177 | 4177 |
|
4178 |
- /* |
|
4178 |
+ /* |
|
4179 | 4179 |
* Section B.2 of RFC822 says TAB or SPACE means a continuation of the |
4180 | 4180 |
* previous entry. |
4181 | 4181 |
*/ |
4182 |
- if(isblank(data[0])) |
|
4183 |
- return TRUE; |
|
4182 |
+ if (isblank(data[0])) |
|
4183 |
+ return TRUE; |
|
4184 | 4184 |
|
4185 |
- if(strchr(data, '=') == NULL) |
|
4186 |
- /* |
|
4185 |
+ if (strchr(data, '=') == NULL) |
|
4186 |
+ /* |
|
4187 | 4187 |
* Avoid false positives with |
4188 | 4188 |
* Content-Type: text/html; |
4189 | 4189 |
* Content-Transfer-Encoding: quoted-printable |
4190 | 4190 |
*/ |
4191 |
- return FALSE; |
|
4191 |
+ return FALSE; |
|
4192 | 4192 |
|
4193 |
- /* |
|
4193 |
+ /* |
|
4194 | 4194 |
* Some are broken and don't fold headers lines |
4195 | 4195 |
* correctly as per section 2.2.3 of RFC2822. |
4196 | 4196 |
* Generally they miss the white space at |
... | ... |
@@ -4205,23 +4182,23 @@ next_is_folded_header(const text *t) |
4205 | 4205 |
* Since we're a virus checker not an RFC |
4206 | 4206 |
* verifier we need to handle these |
4207 | 4207 |
*/ |
4208 |
- data = lineGetData(t->t_line); |
|
4209 |
- |
|
4210 |
- ptr = strchr(data, '\0'); |
|
4211 |
- |
|
4212 |
- while(--ptr > data) |
|
4213 |
- switch(*ptr) { |
|
4214 |
- case ';': |
|
4215 |
- return TRUE; |
|
4216 |
- case '\n': |
|
4217 |
- case ' ': |
|
4218 |
- case '\r': |
|
4219 |
- case '\t': |
|
4220 |
- continue; /* white space at end of line */ |
|
4221 |
- default: |
|
4222 |
- return FALSE; |
|
4223 |
- } |
|
4224 |
- return FALSE; |
|
4208 |
+ data = lineGetData(t->t_line); |
|
4209 |
+ |
|
4210 |
+ ptr = strchr(data, '\0'); |
|
4211 |
+ |
|
4212 |
+ while (--ptr > data) |
|
4213 |
+ switch (*ptr) { |
|
4214 |
+ case ';': |
|
4215 |
+ return TRUE; |
|
4216 |
+ case '\n': |
|
4217 |
+ case ' ': |
|
4218 |
+ case '\r': |
|
4219 |
+ case '\t': |
|
4220 |
+ continue; /* white space at end of line */ |
|
4221 |
+ default: |
|
4222 |
+ return FALSE; |
|
4223 |
+ } |
|
4224 |
+ return FALSE; |
|
4225 | 4225 |
} |
4226 | 4226 |
|
4227 | 4227 |
/* |
... | ... |
@@ -4232,12 +4209,12 @@ next_is_folded_header(const text *t) |
4232 | 4232 |
static bool |
4233 | 4233 |
newline_in_header(const char *line) |
4234 | 4234 |
{ |
4235 |
- cli_dbgmsg("newline_in_header, check \"%s\"\n", line); |
|
4235 |
+ cli_dbgmsg("newline_in_header, check \"%s\"\n", line); |
|
4236 | 4236 |
|
4237 |
- if(strncmp(line, "Message-Id: ", 12) == 0) |
|
4238 |
- return TRUE; |
|
4239 |
- if(strncmp(line, "Date: ", 6) == 0) |
|
4240 |
- return TRUE; |
|
4237 |
+ if (strncmp(line, "Message-Id: ", 12) == 0) |
|
4238 |
+ return TRUE; |
|
4239 |
+ if (strncmp(line, "Date: ", 6) == 0) |
|
4240 |
+ return TRUE; |
|
4241 | 4241 |
|
4242 |
- return FALSE; |
|
4242 |
+ return FALSE; |
|
4243 | 4243 |
} |