subject:"Bug#491088\: p3scan\: Unable to free memory not previously allocated"

Bug#491088: p3scan: Unable to free memory not previously allocated

2009-05-01 Thread Thomas Parmelan

tag 491088 + patch
thanks

Hi,

I think the following patch fixes all these problems (I explained what
was going on in #484676, but didn't submit a patch at that time).

Basically it's always the same thing: memory used after being freed (by
calling context_uninit(p) before using p-foo). The fix is to strdup()
the needed strings before calling context_uninit(p), and later using the
copy instead of p-foo. There's no need to free() the copy because all
these cases are LOG_EMERG cases, and do_log(LOG_EMERG, ...) ends the
program by exit(1).

Regards,
Tom

-- 
Thomas Parmelan
diff -ubBr p3scan-2.3.2-7/p3scan.c p3scan-2.3.2-7+tom1/p3scan.c
--- p3scan-2.3.2-7/p3scan.c 2009-05-01 11:11:28.0 +0200
+++ p3scan-2.3.2-7+tom1/p3scan.c2009-05-01 12:53:54.0 +0200
@@ -475,24 +475,26 @@
char *vi;
int vipos = 0;
 
+   char *maildir_name = strdup(p-maildir);
+
/* scan directory */
maildirlen=strlen(p-maildir);
if (stat (p-maildir, s) == -1){
   context_uninit(p);
-  config-emergency=make_message(%s does not exist, p-maildir);
-  do_log(LOG_EMERG, ERR: %s does not exist, p-maildir);
+  config-emergency=make_message(%s does not exist, maildir_name);
+  do_log(LOG_EMERG, ERR: %s does not exist, maildir_name);
   return SCANNER_RET_ERR;
}
if (!S_ISDIR(s.st_mode)){
   context_uninit(p);
-  config-emergency=make_message(%s is not a directory, p-maildir);
-  do_log(LOG_EMERG, ERR: %s is not a directory, p-maildir);
+  config-emergency=make_message(%s is not a directory, maildir_name);
+  do_log(LOG_EMERG, ERR: %s is not a directory, maildir_name);
   return SCANNER_RET_ERR;
}
if ((dp = opendir (p-maildir)) == NULL){
   context_uninit(p);
-  config-emergency=make_message(Can't open directory %s, p-maildir);
-  do_log(LOG_EMERG, ERR: Can't open directory %s, p-maildir);
+  config-emergency=make_message(Can't open directory %s, maildir_name);
+  do_log(LOG_EMERG, ERR: Can't open directory %s, maildir_name);
   return SCANNER_RET_ERR;
}
vi=w_malloc(VISIZE);
@@ -831,10 +833,11 @@
   do_log(LOG_DEBUG, Unlinking deMIMEd files, p-maildir);
   maildirlen=strlen(p-maildir);
   if ((dp = opendir (p-maildir)) == NULL){
+ char *maildir_name = strdup(p-maildir);
  p-errmsg=1;
  context_uninit(p);
- config-emergency=make_message(Can't open directory %s to erase 
files, p-maildir);
- do_log(LOG_EMERG, ERR: Can't open directory %s to erase files, 
p-maildir);
+ config-emergency=make_message(Can't open directory %s to erase 
files, maildir_name);
+ do_log(LOG_EMERG, ERR: Can't open directory %s to erase files, 
maildir_name);
   } else {
  while ((de = readdir (dp)) != NULL){
 if (strcmp (de-d_name, .) == 0) continue;
@@ -1199,7 +1202,7 @@
  }
  pclose(scanner);
  if (vlen  512) virdef[vlen-1]='\0';
- else virdef[512]='\0';
+ else virdef[511]='\0';
  paramlist_set(p-params, %VDINFO%, virdef);
   }
} else paramlist_set(p-params, %VDINFO%, NULL);
@@ -1284,6 +1287,8 @@
unsigned long len;
int readerr=0, bufferr=0, subjfd=-1, extrafd=-1;
int ret;
+   char *vnmsg = strdup(p-vnmsg);
+   char *mailfile_name = strdup(p-mailfile);
 #define CHMODCMD /bin/chmod 0600
 
if (p-cksmtp){
@@ -1373,8 +1378,8 @@
  w_free(mail,mail0);
  if (p-extra) w_free(mailx,mailx0);
  context_uninit(p);
- config-emergency=make_message(Critical error opening file '%s', 
Program aborted., p-vnmsg);
- do_log(LOG_EMERG,ERR: Critical error opening file '%s', Program 
aborted., p-vnmsg);
+ config-emergency=make_message(Critical error opening file '%s', 
Program aborted., vnmsg);
+ do_log(LOG_EMERG,ERR: Critical error opening file '%s', Program 
aborted., vnmsg);
   /* should not reach here as we are dead */
   }
   readerr=read(subjfd,comm,4096);
@@ -1395,8 +1400,8 @@
 config-emergency=make_message(Can't open extra mail notification 
template %s, EXTRA);
 do_log(LOG_EMERG, ERR: Can't open extra mail notification 
template %s,EXTRA);
  } else {
-config-emergency=make_message(Can't creade extra virus warning 
mail message %s, p-mailfile);
-do_log(LOG_EMERG, ERR: Can't create extra virus warning mail 
message %s,p-mailfile);
+config-emergency=make_message(Can't creade extra virus warning 
mail message %s, mailfile_name);
+do_log(LOG_EMERG, ERR: Can't create extra virus warning mail 
message %s, mailfile_name);
  }
  return -1;
   }
@@ -1411,11 +1416,11 @@
 w_free(mailx,mailx2);
  }
  if (ret0) {
-config-emergency=make_message(Can't open alternate mail 
notification template %s, p-vnmsg);
-do_log(LOG_EMERG, ERR: Can't open alternate mail notification 
template

Bug#491088: p3scan: Unable to free memory not previously allocated

2008-07-16 Thread martin

Package: p3scan
Version: 2:2.3.2-7
Severity: important


The problem happens when a virus is received, no problem receiving clean emails.

From the logs:

Jul 16 11:22:55 diamante p3scan[16232]: POP3 Connection from 10.10.203.70:3581
Jul 16 11:22:55 diamante p3scan[16232]: Real-server address is 
xxx.xxx.xxx.xxx:110
Jul 16 11:22:55 diamante p3scan[16232]: Ignoring servers PIPELINING 
capability...
Jul 16 11:22:57 diamante p3scan[16232]: POP3 from 10.10.203.70:3581 to 
xxx.xxx.xxx.xxx:110 from Rafael [EMAIL PROTECTED] to [EMAIL PROTECTED] user: 
(null) virus: Worm.SomeFool.D file: /p3scan.5Iltub
Jul 16 11:22:57 diamante p3scan[16232]: ERR: Critical error opening file '', 
Program aborted.
Jul 16 11:22:57 diamante p3scan[16232]: ERR: Exiting now...
Jul 16 11:22:57 diamante p3scan[16232]: ERR: Unable to free memory not 
previously allocated:  'FC^IF8^Dڷ 'FC^I 'FC^I  CBF
Jul 16 11:22:57 diamante kernel: [10122.723789] p3scan[16232]: segfault at 4 ip 
0804ddc2 sp bf879b60 error 4 in p3scan[8048000+3]
Jul 16 11:22:57 diamante p3scan[15201]: ERR: Attention: child with pid 16232 
died with abnormal termsignal (11)! This is probably a bug. Please report to 
the author. numprocs is now 3


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.25-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages p3scan depends on:
ii  adduser 3.108add and remove users and groups
ii  libc6   2.7-10   GNU C Library: Shared libraries
ii  libpcre37.4-1+lenny2 Perl 5 Compatible Regular Expressi
ii  libssl0.9.8 0.9.8g-10.1  SSL shared libraries

p3scan recommends no packages.

-- no debconf information



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#491088: p3scan: Unable to free memory not previously allocated

Bug#491088: p3scan: Unable to free memory not previously allocated

2 matches

Site Navigation

Mail list logo

Footer information