X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/64cc4714abd0d616327bfacdfc1b0fb45bff096e..568dbf1701e031eb1b0cfb50d3a656477f4198c8:/src/src/malware.c diff --git a/src/src/malware.c b/src/src/malware.c index 7c134d759..4719a5d61 100644 --- a/src/src/malware.c +++ b/src/src/malware.c @@ -2,9 +2,10 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) Tom Kistner 2003 - 2015 +/* + * Copyright (c) The Exim Maintainers 2015 - 2022 + * Copyright (c) Tom Kistner 2003 - 2015 * License: GPL - * Copyright (c) The Exim Maintainers 2015 - 2020 */ /* Code for calling virus (malware) scanners. Called from acl.c. */ @@ -109,7 +110,7 @@ features_malware(void) { const uschar * s; uschar * t; -uschar buf[64]; +uschar buf[EXIM_DRIVERNAME_MAX]; spf(buf, sizeof(buf), US"_HAVE_MALWARE_"); @@ -129,7 +130,7 @@ for (const struct scan * sc = m_scans; sc->scancode != -1; sc++) #define MALWARE_TIMEOUT 120 /* default timeout, seconds */ static const uschar * malware_regex_default = US ".+"; -static const pcre * malware_default_re = NULL; +static const pcre2_code * malware_default_re = NULL; #ifndef DISABLE_MAL_CLAM @@ -156,35 +157,35 @@ typedef struct clamd_address { # define DERR_BAD_CALL (1<<15) /* wrong command */ static const uschar * drweb_re_str = US "infected\\swith\\s*(.+?)$"; -static const pcre * drweb_re = NULL; +static const pcre2_code * drweb_re = NULL; #endif #ifndef DISABLE_MAL_FSECURE static const uschar * fsec_re_str = US "\\S{0,5}INFECTED\\t[^\\t]*\\t([^\\t]+)\\t\\S*$"; -static const pcre * fsec_re = NULL; +static const pcre2_code * fsec_re = NULL; #endif #ifndef DISABLE_MAL_KAV static const uschar * kav_re_sus_str = US "suspicion:\\s*(.+?)\\s*$"; static const uschar * kav_re_inf_str = US "infected:\\s*(.+?)\\s*$"; -static const pcre * kav_re_sus = NULL; -static const pcre * kav_re_inf = NULL; +static const pcre2_code * kav_re_sus = NULL; +static const pcre2_code * kav_re_inf = NULL; #endif #ifndef DISABLE_MAL_AVAST static const uschar * ava_re_clean_str = US "(?!\\\\)\\t\\[\\+\\]"; static const uschar * ava_re_virus_str = US "(?!\\\\)\\t\\[L\\]\\d+\\.0\\t0\\s(.*)"; static const uschar * ava_re_error_str = US "(?!\\\\)\\t\\[E\\]\\d+\\.0\\tError\\s\\d+\\s(.*)"; -static const pcre * ava_re_clean = NULL; -static const pcre * ava_re_virus = NULL; -static const pcre * ava_re_error = NULL; +static const pcre2_code * ava_re_clean = NULL; +static const pcre2_code * ava_re_virus = NULL; +static const pcre2_code * ava_re_error = NULL; #endif #ifndef DISABLE_MAL_FFROT6D static const uschar * fprot6d_re_error_str = US "^\\d+\\s<(.+?)>$"; static const uschar * fprot6d_re_virus_str = US "^\\d+\\s\\s+.+$"; -static const pcre * fprot6d_re_error = NULL; -static const pcre * fprot6d_re_virus = NULL; +static const pcre2_code * fprot6d_re_error = NULL; +static const pcre2_code * fprot6d_re_virus = NULL; #endif @@ -277,11 +278,7 @@ int fd = ip_connectedsocket(SOCK_STREAM, hostname, port, port, 5, /* Under some fault conditions, FreeBSD 12.2 seen to send a (non-TFO) SYN and, getting no response, wait for a long time. Impose a 5s max. */ if (fd >= 0) - { - struct timeval tv = {.tv_sec = 5}; - fd_set fds; - FD_ZERO(fds); FD_SET(fd, &fds); (void) select(fd+1, NULL, &fds, NULL, &tv); - } + (void) poll_one_fd(fd, POLLOUT, 5 * 1000); #endif return fd; } @@ -301,37 +298,43 @@ if (send(sock, buf, cnt, 0) < 0) return sock; } -static const pcre * +static const pcre2_code * m_pcre_compile(const uschar * re, uschar ** errstr) { -const uschar * rerror; -int roffset; -const pcre * cre; +int err; +PCRE2_SIZE roffset; +const pcre2_code * cre; -if (!(cre = pcre_compile(CS re, PCRE_COPT, CCSS &rerror, &roffset, NULL))) - *errstr= string_sprintf("regular expression error in '%s': %s at offset %d", - re, rerror, roffset); +if (!(cre = pcre2_compile((PCRE2_SPTR)re, PCRE2_ZERO_TERMINATED, + PCRE_COPT, &err, &roffset, pcre_cmp_ctx))) + { + uschar errbuf[128]; + pcre2_get_error_message(err, errbuf, sizeof(errbuf)); + *errstr= string_sprintf("regular expression error in '%s': %s at offset %ld", + re, errbuf, (long)roffset); + } return cre; } uschar * -m_pcre_exec(const pcre * cre, uschar * text) +m_pcre_exec(const pcre2_code * cre, uschar * text) { -int ovector[10*3]; -int i = pcre_exec(cre, NULL, CS text, Ustrlen(text), 0, 0, - ovector, nelem(ovector)); -uschar * substr = NULL; +pcre2_match_data * md = pcre2_match_data_create(2, pcre_gen_ctx); +int i = pcre2_match(cre, text, PCRE2_ZERO_TERMINATED, 0, 0, md, pcre_mtc_ctx); +PCRE2_UCHAR * substr = NULL; +PCRE2_SIZE slen; + if (i >= 2) /* Got it */ - pcre_get_substring(CS text, ovector, i, 1, CCSS &substr); -return substr; + pcre2_substring_get_bynumber(md, 1, &substr, &slen); +return US substr; } -static const pcre * +static const pcre2_code * m_pcre_nextinlist(const uschar ** list, int * sep, char * listerr, uschar ** errstr) { const uschar * list_ele; -const pcre * cre = NULL; +const pcre2_code * cre = NULL; if (!(list_ele = string_nextinlist(list, sep, NULL, 0))) *errstr = US listerr; @@ -581,7 +584,7 @@ const uschar *av_scanner_work = av_scanner; uschar *scanner_name; unsigned long mbox_size; FILE *mbox_file; -const pcre *re; +const pcre2_code *re; uschar * errstr; struct scan * scanent; const uschar * scanner_options; @@ -923,7 +926,7 @@ badseek: err = errno; /* read and concatenate virus names into one string */ for (int i = 0; i < drweb_vnum; i++) { - int ovector[10*3]; + pcre2_match_data * md = pcre2_match_data_create(2, pcre_gen_ctx); /* read the size of report */ if (!recv_len(malware_daemon_ctx.sock, &drweb_slen, sizeof(drweb_slen), tmo)) @@ -932,7 +935,7 @@ badseek: err = errno; drweb_slen = ntohl(drweb_slen); /* assume tainted, since it is external input */ - tmpbuf = store_get(drweb_slen, TRUE); + tmpbuf = store_get(drweb_slen, GET_TAINTED); /* read report body */ if (!recv_len(malware_daemon_ctx.sock, tmpbuf, drweb_slen, tmo)) @@ -941,22 +944,20 @@ badseek: err = errno; tmpbuf[drweb_slen] = '\0'; /* try matcher on the line, grab substring */ - result = pcre_exec(drweb_re, NULL, CS tmpbuf, Ustrlen(tmpbuf), 0, 0, - ovector, nelem(ovector)); + result = pcre2_match(drweb_re, (PCRE2_SPTR)tmpbuf, PCRE2_ZERO_TERMINATED, + 0, 0, md, pcre_mtc_ctx); if (result >= 2) { - const char * pre_malware_nb; - - pcre_get_substring(CS tmpbuf, ovector, result, 1, &pre_malware_nb); + PCRE2_SIZE * ovec = pcre2_get_ovector_pointer(md); if (i==0) /* the first name we just copy to malware_name */ - g = string_cat(NULL, US pre_malware_nb); + g = string_catn(NULL, US ovec[2], ovec[3] - ovec[2]); - /*XXX could be string_append_listele? */ else /* concatenate each new virus name to previous */ - g = string_append(g, 2, "/", pre_malware_nb); - - pcre_free_substring(pre_malware_nb); + { + g = string_catn(g, US"/", 1); + g = string_catn(g, US ovec[2], ovec[3] - ovec[2]); + } } } malware_name = string_from_gstring(g); @@ -1149,7 +1150,7 @@ badseek: err = errno; int kav_rc; unsigned long kav_reportlen; int bread; - const pcre *kav_re; + const pcre2_code *kav_re; uschar *p; /* get current date and time, build scan request */ @@ -1258,8 +1259,8 @@ badseek: err = errno; case M_CMDL: /* "cmdline" scanner type ---------------------------------- */ { const uschar *cmdline_scanner = scanner_options; - const pcre *cmdline_trigger_re; - const pcre *cmdline_regex_re; + const pcre2_code *cmdline_trigger_re; + const pcre2_code *cmdline_regex_re; uschar * file_name; uschar * commandline; void (*eximsigchld)(int); @@ -1453,7 +1454,7 @@ badseek: err = errno; uschar av_buffer[1024]; uschar *hostname = US""; host_item connhost; - int clam_fd, result; + int clam_fd; unsigned int fsize_uint; BOOL use_scan_command = FALSE; clamd_address * cv[MAX_CLAMD_SERVERS]; @@ -1471,9 +1472,9 @@ badseek: err = errno; int subsep = ' '; /* Local file; so we def want to use_scan_command and don't want to try - * passing IP/port combinations */ + passing IP/port combinations */ use_scan_command = TRUE; - cd = (clamd_address *) store_get(sizeof(clamd_address), FALSE); + cd = (clamd_address *) store_get(sizeof(clamd_address), GET_UNTAINTED); /* extract socket-path part */ sublist = scanner_options; @@ -1507,7 +1508,7 @@ badseek: err = errno; continue; } - cd = (clamd_address *) store_get(sizeof(clamd_address), FALSE); + cd = (clamd_address *) store_get(sizeof(clamd_address), GET_UNTAINTED); /* extract host and port part */ sublist = scanner_options; @@ -1559,7 +1560,11 @@ badseek: err = errno; if (!use_scan_command) { cmd_str.data = US"zINSTREAM"; cmd_str.len = 10; } else - cmd_str.data = string_sprintf("SCAN %s\n%n", eml_filename, &cmd_str.len); + { + int n; + cmd_str.data = string_sprintf("SCAN %s\n%n", eml_filename, &n); + cmd_str.len = n; /* .len is a size_t */ + } /* We have some network servers specified */ if (num_servers) @@ -1816,7 +1821,7 @@ badseek: err = errno; if (*p) ++p; /* colon in returned output? */ - if(!(p = Ustrchr(av_buffer,':'))) + if (!(p = Ustrchr(av_buffer,':'))) return m_panic_defer(scanent, CUS callout_address, string_sprintf( "ClamAV returned malformed result (missing colon): %s", av_buffer)); @@ -1880,8 +1885,8 @@ badseek: err = errno; uschar * linebuffer; uschar * sockline_scanner; uschar sockline_scanner_default[] = "%s\n"; - const pcre *sockline_trig_re; - const pcre *sockline_name_re; + const pcre2_code *sockline_trig_re; + const pcre2_code *sockline_name_re; /* find scanner command line */ if ( (sockline_scanner = string_nextinlist(&av_scanner_work, &sep, @@ -2120,7 +2125,7 @@ badseek: err = errno; if (malware_name) /* Nothing else matters, just read on */ break; - if (pcre_exec(ava_re_clean, NULL, CS buf, slen, 0, 0, NULL, 0) == 0) + if (regex_match(ava_re_clean, buf, slen, NULL)) break; if ((malware_name = m_pcre_exec(ava_re_virus, buf))) @@ -2141,7 +2146,7 @@ badseek: err = errno; break; } } - else if (pcre_exec(ava_re_error, NULL, CS buf, slen, 0, 0, NULL, 0) == 0) + else if (regex_match(ava_re_error, buf, slen, NULL)) { log_write(0, LOG_MAIN, "internal scanner error (ignored): %s", buf); break;