git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
OpenSSL: when supported by the library version, disable renegotiation for pre-TLS1.3
[exim.git]
/
src
/
src
/
malware.c
diff --git
a/src/src/malware.c
b/src/src/malware.c
index 91649cf2022d0d51089e652fceb4a993be35431b..481b46acc2ee4d5971b22b175124003b61d97bb2 100644
(file)
--- a/
src/src/malware.c
+++ b/
src/src/malware.c
@@
-836,7
+836,7
@@
badseek: err = errno;
malware_daemon_ctx.sock);
}
malware_daemon_ctx.sock);
}
- if (!(drweb_fbuf =
US
malloc(fsize_uint)))
+ if (!(drweb_fbuf =
store_
malloc(fsize_uint)))
{
(void)close(drweb_fd);
return m_panic_defer_3(scanent, NULL,
{
(void)close(drweb_fd);
return m_panic_defer_3(scanent, NULL,
@@
-849,7
+849,7
@@
badseek: err = errno;
{
int err = errno;
(void)close(drweb_fd);
{
int err = errno;
(void)close(drweb_fd);
- free(drweb_fbuf);
+
store_
free(drweb_fbuf);
return m_panic_defer_3(scanent, NULL,
string_sprintf("can't read spool file %s: %s",
eml_filename, strerror(err)),
return m_panic_defer_3(scanent, NULL,
string_sprintf("can't read spool file %s: %s",
eml_filename, strerror(err)),
@@
-860,11
+860,12
@@
badseek: err = errno;
/* send file body to socket */
if (send(malware_daemon_ctx.sock, drweb_fbuf, fsize, 0) < 0)
{
/* send file body to socket */
if (send(malware_daemon_ctx.sock, drweb_fbuf, fsize, 0) < 0)
{
- free(drweb_fbuf);
+
store_
free(drweb_fbuf);
return m_panic_defer_3(scanent, CUS callout_address, string_sprintf(
"unable to send file body to socket (%s)", scanner_options),
malware_daemon_ctx.sock);
}
return m_panic_defer_3(scanent, CUS callout_address, string_sprintf(
"unable to send file body to socket (%s)", scanner_options),
malware_daemon_ctx.sock);
}
+ store_free(drweb_fbuf);
}
else
{
}
else
{
@@
-917,7
+918,9
@@
badseek: err = errno;
return m_panic_defer_3(scanent, CUS callout_address,
US"cannot read report size", malware_daemon_ctx.sock);
drweb_slen = ntohl(drweb_slen);
return m_panic_defer_3(scanent, CUS callout_address,
US"cannot read report size", malware_daemon_ctx.sock);
drweb_slen = ntohl(drweb_slen);
- tmpbuf = store_get(drweb_slen);
+
+ /* assume tainted, since it is external input */
+ tmpbuf = store_get(drweb_slen, TRUE);
/* read report body */
if (!recv_len(malware_daemon_ctx.sock, tmpbuf, drweb_slen, tmo))
/* read report body */
if (!recv_len(malware_daemon_ctx.sock, tmpbuf, drweb_slen, tmo))
@@
-1463,7
+1466,7
@@
badseek: err = errno;
/* Local file; so we def want to use_scan_command and don't want to try
* passing IP/port combinations */
use_scan_command = TRUE;
/* Local file; so we def want to use_scan_command and don't want to try
* passing IP/port combinations */
use_scan_command = TRUE;
- cd = (clamd_address *) store_get(sizeof(clamd_address));
+ cd = (clamd_address *) store_get(sizeof(clamd_address)
, FALSE
);
/* extract socket-path part */
sublist = scanner_options;
/* extract socket-path part */
sublist = scanner_options;
@@
-1497,7
+1500,7
@@
badseek: err = errno;
continue;
}
continue;
}
- cd = (clamd_address *) store_get(sizeof(clamd_address));
+ cd = (clamd_address *) store_get(sizeof(clamd_address)
, FALSE
);
/* extract host and port part */
sublist = scanner_options;
/* extract host and port part */
sublist = scanner_options;
@@
-1666,7
+1669,7
@@
b_seek: err = errno;
if (lseek(clam_fd, 0, SEEK_SET) < 0)
goto b_seek;
if (lseek(clam_fd, 0, SEEK_SET) < 0)
goto b_seek;
- if (!(clamav_fbuf =
US
malloc(fsize_uint)))
+ if (!(clamav_fbuf =
store_
malloc(fsize_uint)))
{
(void)close(clam_fd);
return m_panic_defer_3(scanent, NULL,
{
(void)close(clam_fd);
return m_panic_defer_3(scanent, NULL,
@@
-1678,7
+1681,7
@@
b_seek: err = errno;
if ((result = read(clam_fd, clamav_fbuf, fsize_uint)) < 0)
{
int err = errno;
if ((result = read(clam_fd, clamav_fbuf, fsize_uint)) < 0)
{
int err = errno;
- free(clamav_fbuf); (void)close(clam_fd);
+
store_
free(clamav_fbuf); (void)close(clam_fd);
return m_panic_defer_3(scanent, NULL,
string_sprintf("can't read spool file %s: %s",
eml_filename, strerror(err)),
return m_panic_defer_3(scanent, NULL,
string_sprintf("can't read spool file %s: %s",
eml_filename, strerror(err)),
@@
-1693,13
+1696,12
@@
b_seek: err = errno;
(send(malware_daemon_ctx.sock, clamav_fbuf, fsize_uint, 0) < 0) ||
(send(malware_daemon_ctx.sock, &send_final_zeroblock, sizeof(send_final_zeroblock), 0) < 0))
{
(send(malware_daemon_ctx.sock, clamav_fbuf, fsize_uint, 0) < 0) ||
(send(malware_daemon_ctx.sock, &send_final_zeroblock, sizeof(send_final_zeroblock), 0) < 0))
{
- free(clamav_fbuf);
+
store_
free(clamav_fbuf);
return m_panic_defer_3(scanent, NULL,
string_sprintf("unable to send file body to socket (%s)", hostname),
malware_daemon_ctx.sock);
}
return m_panic_defer_3(scanent, NULL,
string_sprintf("unable to send file body to socket (%s)", hostname),
malware_daemon_ctx.sock);
}
-
- free(clamav_fbuf);
+ store_free(clamav_fbuf);
}
else
{ /* use scan command */
}
else
{ /* use scan command */