Merge 4.80.1 security fix in.

[exim.git] / src / src / malware.c

diff --git a/src/src/malware.c b/src/src/malware.c
index de8d08d195f0a55cbeb5d5807a4d32ae0094f237..7de913f49489ac6223b2bd5eda44371563c685ab 100644 (file)
--- a/src/src/malware.c
+++ b/src/src/malware.c
@@ -1,5 +1,3 @@
-/* $Cambridge: exim/src/src/malware.c,v 1.21 2010/06/07 00:12:42 pdp Exp $ */
-
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 *************************************************/
@@ -71,17 +69,22 @@ Returns:      Exim message processing code (OK, FAIL, DEFER, ...)
 int malware(uschar **listptr) {
   uschar scan_filename[1024];
   BOOL fits;
+  int ret;
 
   fits = string_format(scan_filename, sizeof(scan_filename),
       CS"%s/scan/%s/%s.eml", spool_directory, message_id, message_id);
   if (!fits)
     {
+    av_failed = TRUE;
     log_write(0, LOG_MAIN|LOG_PANIC,
         "malware filename does not fit in buffer [malware()]");
     return DEFER;
   }
 
-  return malware_internal(listptr, scan_filename, FALSE);
+  ret = malware_internal(listptr, scan_filename, FALSE);
+  if (ret == DEFER) av_failed = TRUE;
+
+  return ret;
 }
 
 
@@ -112,7 +115,7 @@ malware_in_file(uschar *eml_filename) {
   /* spool_mbox() assumes various parameters exist, when creating
   the relevant directory and the email within */
   (void) string_format(message_id_buf, sizeof(message_id_buf),
-      "dummy-%d", pseudo_random_number(INT_MAX));
+      "dummy-%d", vaguely_random_number(INT_MAX));
   message_id = message_id_buf;
   sender_address = US"malware-sender@example.net";
   return_path = US"";
@@ -128,6 +131,9 @@ malware_in_file(uschar *eml_filename) {
   set, but if that changes, then it should apply to these tests too */
   unspool_mbox();
 
+  /* silence static analysis tools */
+  message_id = NULL;
+
   return ret;
 }
 
@@ -1068,7 +1074,7 @@ static int malware_internal(uschar **listptr, uschar *eml_filename, BOOL faking)
       cmdline_trigger_re = pcre_compile(CS cmdline_trigger, PCRE_COPT, (const char **)&rerror, &roffset, NULL);
       if (cmdline_trigger_re == NULL) {
         log_write(0, LOG_MAIN|LOG_PANIC,
-                 "malware acl condition: regular expression error in '%s': %s at offset %d", cmdline_trigger_re, rerror, roffset);
+                 "malware acl condition: regular expression error in '%s': %s at offset %d", cmdline_trigger, rerror, roffset);
         return DEFER;
       };
 
@@ -1086,7 +1092,7 @@ static int malware_internal(uschar **listptr, uschar *eml_filename, BOOL faking)
       cmdline_regex_re = pcre_compile(CS cmdline_regex, PCRE_COPT, (const char **)&rerror, &roffset, NULL);
       if (cmdline_regex_re == NULL) {
         log_write(0, LOG_MAIN|LOG_PANIC,
-                 "malware acl condition: regular expression error in '%s': %s at offset %d", cmdline_regex_re, rerror, roffset);
+                 "malware acl condition: regular expression error in '%s': %s at offset %d", cmdline_regex, rerror, roffset);
         return DEFER;
       };
 
@@ -1917,7 +1923,7 @@ static int mksd_scan_packed(int sock, uschar *scan_filename)
   iov[0].iov_len = 3;
   iov[1].iov_base = CS scan_filename;
   iov[1].iov_len = Ustrlen(scan_filename);
-  iov[2].iov_base = (void *) cmd + 3;
+  iov[2].iov_base = (void *) (cmd + 3);
   iov[2].iov_len = 1;
 
   if (mksd_writev (sock, iov, 3) < 0)