Hi there, Please find attached a small patch against snapshot 20031009 (SF seem to be having some problems else it would be against current CVS) which fixes a problem in mbox.c insert() where an empty content-disposition causes a crash.
Also a fix for cases where header args flow to the next line. It seems that inMimeHead is incorrectly set to TRUE and thus whole header lines are incorrectly considered arguments rather than new headers e.g. consider this: 1: Content-Type: 2: base64 3: Content-Disposition: 4: attachment; filename="info.rtf" Content-Type is set correctly but lines 3 & 4 are added as arguments with messageAddArgument() at approx. line 530 of mbox.c since inMimeHead remains TRUE after setting of Content-type and thus Content-Disposition is never actually set. Regards, Matt.
diff -ruN clamav-0.60.cvs20031009.orig/libclamav/mbox.c
clamav-0.60.cvs20031009/libclamav/mbox.c
--- clamav-0.60.cvs20031009.orig/libclamav/mbox.c Wed Oct 1 21:27:42 2003
+++ clamav-0.60.cvs20031009/libclamav/mbox.c Fri Oct 10 16:20:47 2003
@@ -596,16 +596,50 @@
if(t_line->t_next) {
t_line =
t_line->t_next;
messageSetEncoding(aMessage, t_line->t_text);
+ inMimeHead = FALSE;
break;
}
cli_warnmsg("Empty encoding
type, assuming none");
messageSetEncoding(aMessage,
"7bit");
+ inMimeHead = FALSE;
break;
case CONTENT_DISPOSITION:
-
messageSetDispositionType(aMessage, strtok_r(NULL, ";", &strptr));
- messageAddArgument(aMessage,
strtok_r(NULL, "", &strptr));
+ ptr = strtok_r(NULL, ";",
&strptr);
+ if(ptr) {
+
messageSetDispositionType(aMessage, ptr);
+
messageAddArgument(aMessage, strtok_r(NULL, "", &strptr));
+ break;
+ }
+ /*
+ * Disposition not found
+ */
+ if(!inMimeHead) {
+ cli_warnmsg("Empty
disposition, assuming none");
+ break;
+ }
+ /*
+ * Handle the case
+ * when it flows over
+ * to the next line.
+ *
+ * Content-Disposition:
+ * attachment;
filename="info.rtf"
+ */
+ if(t_line->t_next) {
+ char *tmp;
+ t_line =
t_line->t_next;
+ tmp =
strdup(t_line->t_text);
+ ptr = strtok_r(tmp,
";", &strptr);
+
messageSetDispositionType(aMessage, ptr);
+
messageAddArgument(aMessage, strtok_r(NULL, "", &strptr));
+ free(tmp);
+ inMimeHead = FALSE;
+ break;
+ }
+ cli_warnmsg("Empty
disposition, assuming none");
+ inMimeHead = FALSE;
break;
}
free(copy);
diff -ruN clamav-0.60.cvs20031009.orig/libclamav/message.c
clamav-0.60.cvs20031009/libclamav/message.c
--- clamav-0.60.cvs20031009.orig/libclamav/message.c Wed Oct 1 21:28:23 2003
+++ clamav-0.60.cvs20031009/libclamav/message.c Fri Oct 10 15:49:48 2003
@@ -221,6 +221,9 @@
assert(m != NULL);
assert(disptype != NULL);
+ while((*disptype == '\t') || (*disptype == ' '))
+ disptype++;
+
m->mimeDispositionType = strdup(disptype);
}
pgp00000.pgp
Description: PGP signature
