tag 491088 + patch
thanks
Hi,
I think the following patch fixes all these problems (I explained what
was going on in #484676, but didn't submit a patch at that time).
Basically it's always the same thing: memory used after being freed (by
calling context_uninit(p) before using p-foo). The fix is to strdup()
the needed strings before calling context_uninit(p), and later using the
copy instead of p-foo. There's no need to free() the copy because all
these cases are LOG_EMERG cases, and do_log(LOG_EMERG, ...) ends the
program by exit(1).
Regards,
Tom
--
Thomas Parmelan
diff -ubBr p3scan-2.3.2-7/p3scan.c p3scan-2.3.2-7+tom1/p3scan.c
--- p3scan-2.3.2-7/p3scan.c 2009-05-01 11:11:28.0 +0200
+++ p3scan-2.3.2-7+tom1/p3scan.c2009-05-01 12:53:54.0 +0200
@@ -475,24 +475,26 @@
char *vi;
int vipos = 0;
+ char *maildir_name = strdup(p-maildir);
+
/* scan directory */
maildirlen=strlen(p-maildir);
if (stat (p-maildir, s) == -1){
context_uninit(p);
- config-emergency=make_message(%s does not exist, p-maildir);
- do_log(LOG_EMERG, ERR: %s does not exist, p-maildir);
+ config-emergency=make_message(%s does not exist, maildir_name);
+ do_log(LOG_EMERG, ERR: %s does not exist, maildir_name);
return SCANNER_RET_ERR;
}
if (!S_ISDIR(s.st_mode)){
context_uninit(p);
- config-emergency=make_message(%s is not a directory, p-maildir);
- do_log(LOG_EMERG, ERR: %s is not a directory, p-maildir);
+ config-emergency=make_message(%s is not a directory, maildir_name);
+ do_log(LOG_EMERG, ERR: %s is not a directory, maildir_name);
return SCANNER_RET_ERR;
}
if ((dp = opendir (p-maildir)) == NULL){
context_uninit(p);
- config-emergency=make_message(Can't open directory %s, p-maildir);
- do_log(LOG_EMERG, ERR: Can't open directory %s, p-maildir);
+ config-emergency=make_message(Can't open directory %s, maildir_name);
+ do_log(LOG_EMERG, ERR: Can't open directory %s, maildir_name);
return SCANNER_RET_ERR;
}
vi=w_malloc(VISIZE);
@@ -831,10 +833,11 @@
do_log(LOG_DEBUG, Unlinking deMIMEd files, p-maildir);
maildirlen=strlen(p-maildir);
if ((dp = opendir (p-maildir)) == NULL){
+ char *maildir_name = strdup(p-maildir);
p-errmsg=1;
context_uninit(p);
- config-emergency=make_message(Can't open directory %s to erase
files, p-maildir);
- do_log(LOG_EMERG, ERR: Can't open directory %s to erase files,
p-maildir);
+ config-emergency=make_message(Can't open directory %s to erase
files, maildir_name);
+ do_log(LOG_EMERG, ERR: Can't open directory %s to erase files,
maildir_name);
} else {
while ((de = readdir (dp)) != NULL){
if (strcmp (de-d_name, .) == 0) continue;
@@ -1199,7 +1202,7 @@
}
pclose(scanner);
if (vlen 512) virdef[vlen-1]='\0';
- else virdef[512]='\0';
+ else virdef[511]='\0';
paramlist_set(p-params, %VDINFO%, virdef);
}
} else paramlist_set(p-params, %VDINFO%, NULL);
@@ -1284,6 +1287,8 @@
unsigned long len;
int readerr=0, bufferr=0, subjfd=-1, extrafd=-1;
int ret;
+ char *vnmsg = strdup(p-vnmsg);
+ char *mailfile_name = strdup(p-mailfile);
#define CHMODCMD /bin/chmod 0600
if (p-cksmtp){
@@ -1373,8 +1378,8 @@
w_free(mail,mail0);
if (p-extra) w_free(mailx,mailx0);
context_uninit(p);
- config-emergency=make_message(Critical error opening file '%s',
Program aborted., p-vnmsg);
- do_log(LOG_EMERG,ERR: Critical error opening file '%s', Program
aborted., p-vnmsg);
+ config-emergency=make_message(Critical error opening file '%s',
Program aborted., vnmsg);
+ do_log(LOG_EMERG,ERR: Critical error opening file '%s', Program
aborted., vnmsg);
/* should not reach here as we are dead */
}
readerr=read(subjfd,comm,4096);
@@ -1395,8 +1400,8 @@
config-emergency=make_message(Can't open extra mail notification
template %s, EXTRA);
do_log(LOG_EMERG, ERR: Can't open extra mail notification
template %s,EXTRA);
} else {
-config-emergency=make_message(Can't creade extra virus warning
mail message %s, p-mailfile);
-do_log(LOG_EMERG, ERR: Can't create extra virus warning mail
message %s,p-mailfile);
+config-emergency=make_message(Can't creade extra virus warning
mail message %s, mailfile_name);
+do_log(LOG_EMERG, ERR: Can't create extra virus warning mail
message %s, mailfile_name);
}
return -1;
}
@@ -1411,11 +1416,11 @@
w_free(mailx,mailx2);
}
if (ret0) {
-config-emergency=make_message(Can't open alternate mail
notification template %s, p-vnmsg);
-do_log(LOG_EMERG, ERR: Can't open alternate mail notification
template