git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
pipe transport: taint-enforce command
[exim.git]
/
src
/
src
/
malware.c
diff --git
a/src/src/malware.c
b/src/src/malware.c
index 2e783e398eb9784ae58caddf4c0708a6a9804077..ef27daf377b2d336ef354979dae2e62f23138dfa 100644
(file)
--- a/
src/src/malware.c
+++ b/
src/src/malware.c
@@
-302,8
+302,7
@@
const uschar * rerror;
int roffset;
const pcre * cre;
int roffset;
const pcre * cre;
-cre = pcre_compile(CS re, PCRE_COPT, (const char **)&rerror, &roffset, NULL);
-if (!cre)
+if (!(cre = pcre_compile(CS re, PCRE_COPT, CCSS &rerror, &roffset, NULL)))
*errstr= string_sprintf("regular expression error in '%s': %s at offset %d",
re, rerror, roffset);
return cre;
*errstr= string_sprintf("regular expression error in '%s': %s at offset %d",
re, rerror, roffset);
return cre;
@@
-317,7
+316,7
@@
int i = pcre_exec(cre, NULL, CS text, Ustrlen(text), 0, 0,
ovector, nelem(ovector));
uschar * substr = NULL;
if (i >= 2) /* Got it */
ovector, nelem(ovector));
uschar * substr = NULL;
if (i >= 2) /* Got it */
- pcre_get_substring(CS text, ovector, i, 1,
(const char **)
&substr);
+ pcre_get_substring(CS text, ovector, i, 1,
CCSS
&substr);
return substr;
}
return substr;
}
@@
-349,13
+348,13
@@
return cre;
-2 on timeout or error
*/
static int
-2 on timeout or error
*/
static int
-recv_line(int fd, uschar * buffer, int bsize,
in
t tmo)
+recv_line(int fd, uschar * buffer, int bsize,
time_
t tmo)
{
uschar * p = buffer;
ssize_t rcv;
BOOL ok = FALSE;
{
uschar * p = buffer;
ssize_t rcv;
BOOL ok = FALSE;
-if (!fd_ready(fd, tmo
-time(NULL)
))
+if (!fd_ready(fd, tmo))
return -2;
/*XXX tmo handling assumes we always get a whole line */
return -2;
/*XXX tmo handling assumes we always get a whole line */
@@
-382,9
+381,9
@@
return p - buffer;
/* return TRUE iff size as requested */
static BOOL
/* return TRUE iff size as requested */
static BOOL
-recv_len(int sock, void * buf, int size,
in
t tmo)
+recv_len(int sock, void * buf, int size,
time_
t tmo)
{
{
-return fd_ready(sock, tmo
-time(NULL)
)
+return fd_ready(sock, tmo)
? recv(sock, buf, size, 0) == size
: FALSE;
}
? recv(sock, buf, size, 0) == size
: FALSE;
}
@@
-430,7
+429,7
@@
for (;;)
}
static inline int
}
static inline int
-mksd_read_lines (int sock, uschar *av_buffer, int av_buffer_size,
in
t tmo)
+mksd_read_lines (int sock, uschar *av_buffer, int av_buffer_size,
time_
t tmo)
{
client_conn_ctx cctx = {.sock = sock};
int offset = 0;
{
client_conn_ctx cctx = {.sock = sock};
int offset = 0;
@@
-438,7
+437,7
@@
int i;
do
{
do
{
- i = ip_recv(&cctx, av_buffer+offset, av_buffer_size-offset, tmo
-time(NULL)
);
+ i = ip_recv(&cctx, av_buffer+offset, av_buffer_size-offset, tmo);
if (i <= 0)
{
(void) malware_panic_defer(US"unable to read from mksd UNIX socket (/var/run/mksd/socket)");
if (i <= 0)
{
(void) malware_panic_defer(US"unable to read from mksd UNIX socket (/var/run/mksd/socket)");
@@
-497,7
+496,7
@@
switch (*line)
static int
mksd_scan_packed(struct scan * scanent, int sock, const uschar * scan_filename,
static int
mksd_scan_packed(struct scan * scanent, int sock, const uschar * scan_filename,
-
in
t tmo)
+
time_
t tmo)
{
struct iovec iov[3];
const char *cmd = "MSQ\n";
{
struct iovec iov[3];
const char *cmd = "MSQ\n";
@@
-746,7
+745,7
@@
if (!malware_ok)
if (m_sock_send(malware_daemon_ctx.sock, scanrequest, Ustrlen(scanrequest), &errstr) < 0)
return m_panic_defer(scanent, CUS callout_address, errstr);
if (m_sock_send(malware_daemon_ctx.sock, scanrequest, Ustrlen(scanrequest), &errstr) < 0)
return m_panic_defer(scanent, CUS callout_address, errstr);
- bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo
-time(NULL)
);
+ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo);
if (bread <= 0)
return m_panic_defer_3(scanent, CUS callout_address,
if (bread <= 0)
return m_panic_defer_3(scanent, CUS callout_address,
@@
-836,7
+835,7
@@
badseek: err = errno;
malware_daemon_ctx.sock);
}
malware_daemon_ctx.sock);
}
- if (!(drweb_fbuf =
US
malloc(fsize_uint)))
+ if (!(drweb_fbuf =
store_
malloc(fsize_uint)))
{
(void)close(drweb_fd);
return m_panic_defer_3(scanent, NULL,
{
(void)close(drweb_fd);
return m_panic_defer_3(scanent, NULL,
@@
-849,7
+848,7
@@
badseek: err = errno;
{
int err = errno;
(void)close(drweb_fd);
{
int err = errno;
(void)close(drweb_fd);
- free(drweb_fbuf);
+
store_
free(drweb_fbuf);
return m_panic_defer_3(scanent, NULL,
string_sprintf("can't read spool file %s: %s",
eml_filename, strerror(err)),
return m_panic_defer_3(scanent, NULL,
string_sprintf("can't read spool file %s: %s",
eml_filename, strerror(err)),
@@
-860,11
+859,12
@@
badseek: err = errno;
/* send file body to socket */
if (send(malware_daemon_ctx.sock, drweb_fbuf, fsize, 0) < 0)
{
/* send file body to socket */
if (send(malware_daemon_ctx.sock, drweb_fbuf, fsize, 0) < 0)
{
- free(drweb_fbuf);
+
store_
free(drweb_fbuf);
return m_panic_defer_3(scanent, CUS callout_address, string_sprintf(
"unable to send file body to socket (%s)", scanner_options),
malware_daemon_ctx.sock);
}
return m_panic_defer_3(scanent, CUS callout_address, string_sprintf(
"unable to send file body to socket (%s)", scanner_options),
malware_daemon_ctx.sock);
}
+ store_free(drweb_fbuf);
}
else
{
}
else
{
@@
-917,7
+917,9
@@
badseek: err = errno;
return m_panic_defer_3(scanent, CUS callout_address,
US"cannot read report size", malware_daemon_ctx.sock);
drweb_slen = ntohl(drweb_slen);
return m_panic_defer_3(scanent, CUS callout_address,
US"cannot read report size", malware_daemon_ctx.sock);
drweb_slen = ntohl(drweb_slen);
- tmpbuf = store_get(drweb_slen);
+
+ /* assume tainted, since it is external input */
+ tmpbuf = store_get(drweb_slen, TRUE);
/* read report body */
if (!recv_len(malware_daemon_ctx.sock, tmpbuf, drweb_slen, tmo))
/* read report body */
if (!recv_len(malware_daemon_ctx.sock, tmpbuf, drweb_slen, tmo))
@@
-1063,7
+1065,7
@@
badseek: err = errno;
if (m_sock_send(malware_daemon_ctx.sock, cmdopt[i], Ustrlen(cmdopt[i]), &errstr) < 0)
return m_panic_defer(scanent, CUS callout_address, errstr);
if (m_sock_send(malware_daemon_ctx.sock, cmdopt[i], Ustrlen(cmdopt[i]), &errstr) < 0)
return m_panic_defer(scanent, CUS callout_address, errstr);
- bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo
-time(NULL)
);
+ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo);
if (bread > 0) av_buffer[bread]='\0';
if (bread < 0)
return m_panic_defer_3(scanent, CUS callout_address,
if (bread > 0) av_buffer[bread]='\0';
if (bread < 0)
return m_panic_defer_3(scanent, CUS callout_address,
@@
-1095,7
+1097,7
@@
badseek: err = errno;
{
errno = ETIMEDOUT;
i = av_buffer+sizeof(av_buffer)-p;
{
errno = ETIMEDOUT;
i = av_buffer+sizeof(av_buffer)-p;
- if ((bread= ip_recv(&malware_daemon_ctx, p, i-1, tmo
-time(NULL)
)) < 0)
+ if ((bread= ip_recv(&malware_daemon_ctx, p, i-1, tmo)) < 0)
return m_panic_defer_3(scanent, CUS callout_address,
string_sprintf("unable to read result (%s)", strerror(errno)),
malware_daemon_ctx.sock);
return m_panic_defer_3(scanent, CUS callout_address,
string_sprintf("unable to read result (%s)", strerror(errno)),
malware_daemon_ctx.sock);
@@
-1400,7
+1402,7
@@
badseek: err = errno;
/* wait for result */
memset(av_buffer, 0, sizeof(av_buffer));
/* wait for result */
memset(av_buffer, 0, sizeof(av_buffer));
- if ((bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo
-time(NULL)
)) <= 0)
+ if ((bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo)) <= 0)
return m_panic_defer_3(scanent, CUS callout_address,
string_sprintf("unable to read from UNIX socket (%s)", scanner_options),
malware_daemon_ctx.sock);
return m_panic_defer_3(scanent, CUS callout_address,
string_sprintf("unable to read from UNIX socket (%s)", scanner_options),
malware_daemon_ctx.sock);
@@
-1463,7
+1465,7
@@
badseek: err = errno;
/* Local file; so we def want to use_scan_command and don't want to try
* passing IP/port combinations */
use_scan_command = TRUE;
/* Local file; so we def want to use_scan_command and don't want to try
* passing IP/port combinations */
use_scan_command = TRUE;
- cd = (clamd_address *) store_get(sizeof(clamd_address));
+ cd = (clamd_address *) store_get(sizeof(clamd_address)
, FALSE
);
/* extract socket-path part */
sublist = scanner_options;
/* extract socket-path part */
sublist = scanner_options;
@@
-1497,7
+1499,7
@@
badseek: err = errno;
continue;
}
continue;
}
- cd = (clamd_address *) store_get(sizeof(clamd_address));
+ cd = (clamd_address *) store_get(sizeof(clamd_address)
, FALSE
);
/* extract host and port part */
sublist = scanner_options;
/* extract host and port part */
sublist = scanner_options;
@@
-1666,7
+1668,7
@@
b_seek: err = errno;
if (lseek(clam_fd, 0, SEEK_SET) < 0)
goto b_seek;
if (lseek(clam_fd, 0, SEEK_SET) < 0)
goto b_seek;
- if (!(clamav_fbuf =
US
malloc(fsize_uint)))
+ if (!(clamav_fbuf =
store_
malloc(fsize_uint)))
{
(void)close(clam_fd);
return m_panic_defer_3(scanent, NULL,
{
(void)close(clam_fd);
return m_panic_defer_3(scanent, NULL,
@@
-1678,7
+1680,7
@@
b_seek: err = errno;
if ((result = read(clam_fd, clamav_fbuf, fsize_uint)) < 0)
{
int err = errno;
if ((result = read(clam_fd, clamav_fbuf, fsize_uint)) < 0)
{
int err = errno;
- free(clamav_fbuf); (void)close(clam_fd);
+
store_
free(clamav_fbuf); (void)close(clam_fd);
return m_panic_defer_3(scanent, NULL,
string_sprintf("can't read spool file %s: %s",
eml_filename, strerror(err)),
return m_panic_defer_3(scanent, NULL,
string_sprintf("can't read spool file %s: %s",
eml_filename, strerror(err)),
@@
-1693,13
+1695,12
@@
b_seek: err = errno;
(send(malware_daemon_ctx.sock, clamav_fbuf, fsize_uint, 0) < 0) ||
(send(malware_daemon_ctx.sock, &send_final_zeroblock, sizeof(send_final_zeroblock), 0) < 0))
{
(send(malware_daemon_ctx.sock, clamav_fbuf, fsize_uint, 0) < 0) ||
(send(malware_daemon_ctx.sock, &send_final_zeroblock, sizeof(send_final_zeroblock), 0) < 0))
{
- free(clamav_fbuf);
+
store_
free(clamav_fbuf);
return m_panic_defer_3(scanent, NULL,
string_sprintf("unable to send file body to socket (%s)", hostname),
malware_daemon_ctx.sock);
}
return m_panic_defer_3(scanent, NULL,
string_sprintf("unable to send file body to socket (%s)", hostname),
malware_daemon_ctx.sock);
}
-
- free(clamav_fbuf);
+ store_free(clamav_fbuf);
}
else
{ /* use scan command */
}
else
{ /* use scan command */
@@
-1736,7
+1737,7
@@
b_seek: err = errno;
/* Read the result */
memset(av_buffer, 0, sizeof(av_buffer));
/* Read the result */
memset(av_buffer, 0, sizeof(av_buffer));
- bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo
-time(NULL)
);
+ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo);
(void)close(malware_daemon_ctx.sock);
malware_daemon_ctx.sock = -1;
malware_daemon_ctx.tls_ctx = NULL;
(void)close(malware_daemon_ctx.sock);
malware_daemon_ctx.sock = -1;
malware_daemon_ctx.tls_ctx = NULL;
@@
-1894,7
+1895,7
@@
b_seek: err = errno;
return m_panic_defer(scanent, CUS callout_address, errstr);
/* Read the result */
return m_panic_defer(scanent, CUS callout_address, errstr);
/* Read the result */
- bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo
-time(NULL)
);
+ bread = ip_recv(&malware_daemon_ctx, av_buffer, sizeof(av_buffer), tmo);
if (bread <= 0)
return m_panic_defer_3(scanent, CUS callout_address,
if (bread <= 0)
return m_panic_defer_3(scanent, CUS callout_address,