X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Fmalware.c;h=e1eff16cf9df4c0ae1a0c60048e5d8f6bf10f821;hb=278293d39d5c3f77e6deb4c52a7068ea4a1d48dd;hp=b67f31598e5a1b17b93a4313af47520585f48b0c;hpb=80fea873648ca2ab2e592999a336c59cf054ab55;p=exim.git

diff --git a/src/src/malware.c b/src/src/malware.c
index b67f31598..e1eff16cf 100644
--- a/src/src/malware.c
+++ b/src/src/malware.c
@@ -108,7 +108,7 @@ BOOL malware_ok = FALSE;
 the scan directory normally for that case, but look into rigging up the
 needed header variables if not already set on the command-line? */
 extern int spool_mbox_ok;
-extern uschar spooled_message_id[17];
+extern uschar spooled_message_id[MESSAGE_ID_LENGTH+1];
 
 
 
@@ -630,7 +630,7 @@ if (!malware_ok)
 	    sock);
 	  }
 
-	if (!(drweb_fbuf = (uschar *) malloc (fsize_uint)))
+	if (!(drweb_fbuf = US malloc(fsize_uint)))
 	  {
 	  (void)close(drweb_fd);
 	  return m_errlog_defer_3(scanent, NULL,
@@ -966,7 +966,7 @@ if (!malware_ok)
 		US"reported 'kavdaemon damaged' (code 7).", sock);
       }
 
-      /* code 8 is not handled, since it is ambigous. It appears mostly on
+      /* code 8 is not handled, since it is ambiguous. It appears mostly on
       bounces where part of a file has been cut off */
 
       /* "virus found" return codes (2-4) */
@@ -1003,7 +1003,9 @@ if (!malware_ok)
 	      kav_re = kav_re_inf;
 	      }
 
-	    /* read report, linewise */
+	    /* read report, linewise.  Using size from stream to read amount of data
+	    from same stream is safe enough. */
+	    /* coverity[tainted_data] */
 	    while (kav_reportlen > 0)
 	      {
 	      if ((bread = recv_line(sock, tmpbuf, sizeof(tmpbuf), tmo)) < 0)
@@ -1486,7 +1488,7 @@ if (!malware_ok)
 	  }
 	lseek(clam_fd, 0, SEEK_SET);
 
-	if (!(clamav_fbuf = (uschar *) malloc (fsize_uint)))
+	if (!(clamav_fbuf = US malloc(fsize_uint)))
 	  {
 	  CLOSE_SOCKDATA; (void)close(clam_fd);
 	  return m_errlog_defer_3(scanent, NULL,
@@ -1947,15 +1949,15 @@ Returns:      Exim message processing code (OK, FAIL, DEFER, ...)
 int
 malware(const uschar * malware_re, int timeout)
 {
-  uschar * scan_filename;
-  int ret;
+uschar * scan_filename;
+int ret;
 
-  scan_filename = string_sprintf("%s/scan/%s/%s.eml",
-		    spool_directory, message_id, message_id);
-  ret = malware_internal(malware_re, scan_filename, timeout, FALSE);
-  if (ret == DEFER) av_failed = TRUE;
+scan_filename = string_sprintf("%s/scan/%s/%s.eml",
+		  spool_directory, message_id, message_id);
+ret = malware_internal(malware_re, scan_filename, timeout, FALSE);
+if (ret == DEFER) av_failed = TRUE;
 
-  return ret;
+return ret;
 }
 
 
@@ -1977,32 +1979,35 @@ Returns:        Exim message processing code (OK, FAIL, DEFER, ...)
 int
 malware_in_file(uschar *eml_filename)
 {
-  uschar message_id_buf[64];
-  int ret;
-
-  /* spool_mbox() assumes various parameters exist, when creating
-  the relevant directory and the email within */
-  (void) string_format(message_id_buf, sizeof(message_id_buf),
-      "dummy-%d", vaguely_random_number(INT_MAX));
-  message_id = message_id_buf;
-  sender_address = US"malware-sender@example.net";
-  return_path = US"";
-  recipients_list = NULL;
-  receive_add_recipient(US"malware-victim@example.net", -1);
-  enable_dollar_recipients = TRUE;
-
-  ret = malware_internal(US"*", eml_filename, 0,  TRUE);
-
-  Ustrncpy(spooled_message_id, message_id, sizeof(spooled_message_id));
-  spool_mbox_ok = 1;
-  /* don't set no_mbox_unspool; at present, there's no way for it to become
-  set, but if that changes, then it should apply to these tests too */
-  unspool_mbox();
-
-  /* silence static analysis tools */
-  message_id = NULL;
-
-  return ret;
+uschar message_id_buf[64];
+int ret;
+
+/* spool_mbox() assumes various parameters exist, when creating
+the relevant directory and the email within */
+
+(void) string_format(message_id_buf, sizeof(message_id_buf),
+    "dummy-%d", vaguely_random_number(INT_MAX));
+message_id = message_id_buf;
+sender_address = US"malware-sender@example.net";
+return_path = US"";
+recipients_list = NULL;
+receive_add_recipient(US"malware-victim@example.net", -1);
+enable_dollar_recipients = TRUE;
+
+ret = malware_internal(US"*", eml_filename, 0,  TRUE);
+
+Ustrncpy(spooled_message_id, message_id, sizeof(spooled_message_id));
+spool_mbox_ok = 1;
+
+/* don't set no_mbox_unspool; at present, there's no way for it to become
+set, but if that changes, then it should apply to these tests too */
+
+unspool_mbox();
+
+/* silence static analysis tools */
+message_id = NULL;
+
+return ret;
 }