← Back to branch summary

~yolanda.robla/ubuntu/saucy/clamav/dep-8-tests

« back to all changes in this revision

Viewing changes to clamav-milter/clamav-milter.c

  • Committer: Bazaar Package Importer
  • Author(s): Stephen Gran
  • Date: 2008-09-05 17:25:34 UTC
  • mfrom: (0.35.1 lenny)
  • Revision ID: james.westby@ubuntu.com-20080905172534-yi3f8fkye1o7u1r3
http://bugs.debian.org/497662
http://bugs.debian.org/497773
http://bugs.debian.org/496276
http://bugs.debian.org/491760
* New upstream version (closes: #497662, #497773)
  - lots of new options for clamd.conf
  - fixes CVEs CVE-2008-3912, CVE-2008-3913, CVE-2008-3914, and
    CVE-2008-1389
* No longer supports --unzip option, so typo is gone (closes: #496276)
* Translations:
  - sv (thanks Martin Bagge <brother@bsnet.se>) (closes: #491760)

Show diffs side-by-side

added added

removed removed

Lines of Context:
clamav-milter/clamav-milter.c
33
33
 */
34
34
static  char    const   rcsid[] = "$Id: clamav-milter.c,v 1.312 2007/02/12 22:24:21 njh Exp $";
35
35
 
36
 
#define CM_VERSION      "0.93.3"
37
 
 
38
36
#if HAVE_CONFIG_H
39
37
#include "clamav-config.h"
40
38
#endif
47
45
#include "clamav.h"
48
46
#include "table.h"
49
47
#include "network.h"
 
48
#include "misc.h"
50
49
 
51
50
#ifndef CL_DEBUG
52
51
#define NDEBUG
80
79
#endif
81
80
#include <pthread.h>
82
81
#include <sys/time.h>
 
82
#include <sys/resource.h>
83
83
#include <signal.h>
84
84
#include <fcntl.h>
85
85
#include <pwd.h>
182
182
 
183
183
#define VERSION_LENGTH  128
184
184
#define DEFAULT_TIMEOUT 120
 
185
 
185
186
#define NTRIES  5       /* How many times we try to connect to a clamd */
186
187
 
187
188
/*#define       SESSION*/
241
242
        uint32_t        base;
242
243
        uint32_t        mask;
243
244
} localNets[] = {
244
 
        /*{ PACKADDR(127,   0,   0,   0), MAKEMASK(24) },       /*   127.0.0.0/24 */
245
 
        { PACKADDR(192, 168,   0,   0), MAKEMASK(24) }, /* 192.168.0.0/24 - RFC3330 */
246
 
        /*{ PACKADDR(192, 18,   0,   0), MAKEMASK(17) },        /* 192.18.0.0/17 - RFC2544 */
247
 
        /*{ PACKADDR(192, 0,   2,   0), MAKEMASK(8) },  /* 192.0.2.0/8 - RFC3330 */
 
245
        /*{ PACKADDR(127,   0,   0,   0), MAKEMASK(8) },        *   127.0.0.0/8 */
 
246
        { PACKADDR(192, 168,   0,   0), MAKEMASK(16) }, /* 192.168.0.0/16 - RFC3330 */
 
247
        /*{ PACKADDR(192, 18,   0,   0), MAKEMASK(15) },        * 192.18.0.0/15 - RFC2544 */
 
248
        /*{ PACKADDR(192, 0,   2,   0), MAKEMASK(24) }, * 192.0.2.0/24 - RFC3330 */
248
249
        { PACKADDR( 10,   0,   0,   0), MAKEMASK(8) },  /*    10.0.0.0/8 */
249
250
        { PACKADDR(172,  16,   0,   0), MAKEMASK(12) }, /*  172.16.0.0/12 */
250
251
        { PACKADDR(169, 254,   0,   0), MAKEMASK(16) }, /* 169.254.0.0/16 */
333
334
static  sfsistat        clamfi_close(SMFICTX *ctx);
334
335
static  void            clamfi_cleanup(SMFICTX *ctx);
335
336
static  void            clamfi_free(struct privdata *privdata, int keep);
 
337
#ifdef __GNUC__
 
338
static  int             clamfi_send(struct privdata *privdata, size_t len, const char *format, ...) __attribute__((format(printf, 3,4)));
 
339
#else
336
340
static  int             clamfi_send(struct privdata *privdata, size_t len, const char *format, ...);
 
341
#endif
337
342
static  long            clamd_recv(int sock, char *buf, size_t len);
338
343
static  off_t           updateSigFile(void);
339
344
static  header_list_t   header_list_new(void);
455
460
static  int     logok = 0;      /*
456
461
                                 * Add clean items to the log file
457
462
                                 */
458
 
static  char    *signature = N_("-- \nScanned by ClamAv - http://www.clamav.net\n");
 
463
static  const char      *signature = N_("-- \nScanned by ClamAv - http://www.clamav.net\n");
459
464
static  time_t  signatureStamp;
460
465
static  char    *templateFile;  /* e-mail to be sent when virus detected */
461
466
static  char    *templateHeaders;       /* headers to be added to the above */
483
488
                                 * if max_chilren is exceeded, otherwise we
484
489
                                 * wait for the number to go down
485
490
                                 */
 
491
static  int     dont_sanitise = 0; /*
 
492
                                 * Don't check for ";" and "|" chars in 
 
493
                                 * email addresses.
 
494
                                 */
486
495
static  int     advisory = 0;   /*
487
496
                                 * Run clamav-milter in advisory mode - viruses
488
497
                                 * are flagged rather than deleted. Incompatible
541
550
                                         * addresses that we don't scan
542
551
                                         */
543
552
static  const   char    *sendmailCF;    /* location of sendmail.cf to verify */
 
553
static          int     checkCF = 1;
544
554
static  const   char    *pidfile;
545
 
static  int nocheckCF = 0;
546
555
static  int     black_hole_mode; /*
547
556
                                 * Since sendmail calls its milters before it
548
557
                                 * looks in /etc/aliases we can spend time
586
595
static  int     isWhitelisted(const char *emailaddress, int to);
587
596
static  int     isBlacklisted(const char *ip_address);
588
597
static  table_t *mx(const char *host, table_t *t);
589
 
#ifdef  HAVE_RESOLV_H
 
598
static  sfsistat        black_hole(const struct privdata *privdata);
 
599
static  int     useful_header(const char *cmd);
 
600
 
 
601
extern  short   logg_foreground;
 
602
 
 
603
#ifdef HAVE_RESOLV_H
590
604
static  table_t *resolve(const char *host, table_t *t);
591
605
static  int     spf(struct privdata *privdata, table_t *prevhosts);
592
606
static  void    spf_ip(char *ip, int zero, void *v);
593
 
#endif
594
 
static  sfsistat        black_hole(const struct privdata *privdata);
595
 
static  int     useful_header(const char *cmd);
596
 
 
597
 
extern  short   logg_foreground;
 
607
 
 
608
pthread_mutex_t res_pool_mutex = PTHREAD_MUTEX_INITIALIZER;
 
609
 
 
610
#ifdef HAVE_LRESOLV_R
 
611
res_state res_pool;
 
612
uint8_t *res_pool_state;
 
613
pthread_cond_t res_pool_cond = PTHREAD_COND_INITIALIZER;
 
614
 
 
615
static int safe_res_query(const char *d, int c, int t, u_char *a, int l) {
 
616
        int i = -1, ret;
 
617
 
 
618
        pthread_mutex_lock(&res_pool_mutex);
 
619
        while(i==-1) {
 
620
                int j;
 
621
                for(j=0; j<max_children+1; j++) {
 
622
                        if(!res_pool_state[j]) continue;
 
623
                        i = j;
 
624
                        break;
 
625
                }
 
626
                if(i!=-1) break;
 
627
                pthread_cond_wait(&res_pool_cond, &res_pool_mutex);
 
628
        }
 
629
        res_pool_state[i]=0;
 
630
        pthread_mutex_unlock(&res_pool_mutex);
 
631
 
 
632
        ret = res_nquery(&res_pool[i], d, c, t, a, l);
 
633
  
 
634
        pthread_mutex_lock(&res_pool_mutex);
 
635
        res_pool_state[i]=1;
 
636
        pthread_cond_signal(&res_pool_cond);
 
637
        pthread_mutex_unlock(&res_pool_mutex);
 
638
        return ret;
 
639
}
 
640
 
 
641
#else /* !HAVE_LRESOLV_R - non thread safe resolver (old bsd's) */
 
642
 
 
643
static int safe_res_query(const char *d, int c, int t, u_char *a, int l) {
 
644
        int ret;
 
645
        pthread_mutex_lock(&res_pool_mutex);
 
646
        ret = res_query(d, c, t, a, l);
 
647
        pthread_mutex_unlock(&res_pool_mutex);
 
648
        return ret;
 
649
}
 
650
 
 
651
#endif /* HAVE_LRESOLV_R */
 
652
 
 
653
#endif /* HAVE_RESOLV_H */
598
654
 
599
655
static void
600
656
help(void)
601
657
{
602
 
        printf("\n\tclamav-milter version %s\n", CM_VERSION);
 
658
        printf("\n\tclamav-milter version %s\n", get_version());
603
659
        puts("\tCopyright (C) 2007 Nigel Horne <njh@clamav.net>\n");
604
660
 
605
661
        puts(_("\t--advisory\t\t-A\tFlag viruses rather than deleting them."));
616
672
        puts(_("\t--dont-blacklist\t-K\tDon't blacklist a given IP."));
617
673
        puts(_("\t--dont-scan-on-error\t-d\tPass e-mails through unscanned if a system error occurs."));
618
674
        puts(_("\t--dont-wait\t\t\tAsk remote end to resend if max-children exceeded."));
 
675
        puts(_("\t--dont-sanitise\t\t\tAllow semicolon and pipe characters in email addresses."));
619
676
        puts(_("\t--external\t\t-e\tUse an external scanner (usually clamd)."));
620
677
        puts(_("\t--freshclam-monitor=SECS\t-M SECS\tHow often to check for database update."));
621
678
        puts(_("\t--from=EMAIL\t\t-a EMAIL\tError messages come from here."));
653
710
        puts(_("For bug reports, please refer to http://www.clamav.net/bugs"));
654
711
}
655
712
 
 
713
extern char *optarg;
656
714
int
657
715
main(int argc, char **argv)
658
716
{
659
 
        extern char *optarg;
660
717
        int i, Bflag = 0, server = 0;
661
718
        char *cfgfile = NULL;
662
719
        const char *wont_blacklist = NULL;
663
720
        const struct cfgstruct *cpt;
664
721
        char version[VERSION_LENGTH + 1];
665
722
        pthread_t tid;
 
723
        struct rlimit rlim;
666
724
#ifdef  CL_DEBUG
667
725
        int consolefd;
668
726
#endif
702
760
        };
703
761
 
704
762
#if defined(CL_DEBUG) && defined(C_LINUX)
705
 
        struct rlimit rlim;
706
 
 
707
763
        rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;
708
764
        if(setrlimit(RLIMIT_CORE, &rlim) < 0)
709
765
                perror("setrlimit");
715
771
         */
716
772
        snprintf(version, sizeof(version) - 1,
717
773
                "ClamAV version %s, clamav-milter version %s",
718
 
                VERSION, CM_VERSION);
 
774
                cl_retver(), get_version());
719
775
 
720
776
        progname = strrchr(argv[0], '/');
721
777
        if(progname)
733
789
                int opt_index = 0;
734
790
#ifdef  BOUNCE
735
791
#ifdef  CL_DEBUG
736
 
                const char *args = "a:AbB:c:C:dDefF:I:k:K:lLm:M:nNop:PqQ:r:R:hHs:St:T:U:VwW:x:0:1:2";
 
792
                const char *args = "a:AbB:c:C:dDefF:I:i:k:K:lLm:M:nNop:PqQ:r:R:hHs:St:T:U:VwW:x:z0:1:2";
737
793
#else
738
 
                const char *args = "a:AbB:c:C:dDefF:I:k:K:lLm:M:nNop:PqQ:r:R:hHs:St:T:U:VwW:0:1:2";
 
794
                const char *args = "a:AbB:c:C:dDefF:I:i:k:K:lLm:M:nNop:PqQ:r:R:hHs:St:T:U:VwW:z0:1:2";
739
795
#endif
740
796
#else   /*!BOUNCE*/
741
797
#ifdef  CL_DEBUG
742
 
                const char *args = "a:AB:c:C:dDefF:I:k:K:lLm:M:nNop:PqQ:r:R:hHs:St:T:U:VwW:x:0:1:2";
 
798
                const char *args = "a:AB:c:C:dDefF:I:i:k:K:lLm:M:nNop:PqQ:r:R:hHs:St:T:U:VwW:x:z0:1:2";
743
799
#else
744
 
                const char *args = "a:AB:c:C:dDefF:I:k:K:lLm:M:nNop:PqQ:r:R:hHs:St:T:U:VwW:0:1:2";
 
800
                const char *args = "a:AB:c:C:dDefF:I:i:k:K:lLm:M:nNop:PqQ:r:R:hHs:St:T:U:VwW:z0:1:2";
745
801
#endif
746
802
#endif  /*BOUNCE*/
747
803
 
779
835
                                "dont-wait", 0, NULL, 'w'
780
836
                        },
781
837
                        {
 
838
                                "dont-sanitise", 0, NULL, 'z'
 
839
                        },
 
840
                        {
782
841
                                "debug", 0, NULL, 'D'
783
842
                        },
784
843
                        {
842
901
                                "freshclam-monitor", 1, NULL, 'M'
843
902
                        },
844
903
                        {
845
 
                                "no-check-cf", 0, NULL, 'z'
846
 
                        },
847
 
                        {
848
904
                                "sendmail-cf", 1, NULL, '0'
849
905
                        },
850
906
                        {
 
907
                                "no-check-cf", 0, &checkCF, 0
 
908
                        },
 
909
                        {
851
910
                                "server", 1, NULL, 's'
852
911
                        },
853
912
                        {
888
947
 
889
948
                if(ret == -1)
890
949
                        break;
891
 
                else if(ret == 0)
892
 
                        ret = long_options[opt_index].val;
 
950
                else if(ret == 0)
 
951
                        continue;
893
952
 
894
953
                switch(ret) {
895
954
                        case 'a':       /* e-mail errors from here */
1042
1101
                        case 'W':
1043
1102
                                whitelistFile = optarg;
1044
1103
                                break;
 
1104
                        case 'z':
 
1105
                                dont_sanitise=1;
 
1106
                                break;
1045
1107
                        case '0':
1046
1108
                                sendmailCF = optarg;
1047
1109
                                break;
1050
1112
                                debug_level = atoi(optarg);
1051
1113
                                break;
1052
1114
#endif
1053
 
                        case 'z':
1054
 
                                nocheckCF = 1;
1055
 
                                break;
1056
1115
                        default:
1057
1116
#ifdef  CL_DEBUG
1058
1117
                                fprintf(stderr, "Usage: %s [-b] [-c FILE] [-F FILE] [--max-children=num] [-e] [-l] [-o] [-p address] [-P] [-q] [-Q USER] [-s SERVER] [-S] [-x#] [-U PATH] [-M#] socket-addr\n", argv[0]);
1089
1148
        port = argv[optind];
1090
1149
 
1091
1150
        if(rootdir == NULL)     /* FIXME: Handle CHROOT */
1092
 
                if(verifyIncomingSocketName(port) < 0) {
 
1151
                if(checkCF && verifyIncomingSocketName(port) < 0) {
1093
1152
                        fprintf(stderr, _("%s: socket-addr (%s) doesn't agree with sendmail.cf\n"), argv[0], port);
1094
1153
                        return EX_CONFIG;
1095
1154
                }
1367
1426
        if((max_children == 0) && ((cpt = cfgopt(copt, "MaxThreads")) != NULL))
1368
1427
                max_children = cfgopt(copt, "MaxThreads")->numarg;
1369
1428
 
 
1429
#ifdef HAVE_LRESOLV_R
 
1430
        /* allocate a pool of resolvers */
 
1431
        if(!(res_pool=cli_calloc(max_children+1, sizeof(*res_pool))))
 
1432
                return EX_OSERR;
 
1433
        if(!(res_pool_state=cli_malloc(max_children+1)))
 
1434
                return EX_OSERR;
 
1435
        memset(res_pool_state, 1, max_children+1);
 
1436
        for(i = 0; i < max_children+1; i++)
 
1437
                res_ninit(&res_pool[i]);
 
1438
#endif
 
1439
 
1370
1440
        if((cpt = cfgopt(copt, "ReadTimeout")) != NULL) {
1371
1441
                readTimeout = cpt->numarg;
1372
1442
 
1867
1937
#endif
1868
1938
                }
1869
1939
 
1870
 
                close(2);
1871
 
                dup(1);
 
1940
                dup2(1, 2);
1872
1941
 
1873
1942
#ifdef  CL_DEBUG
1874
1943
                if(consolefd >= 0)
1930
1999
                else
1931
2000
                        limits.maxfilesize = 10485760;
1932
2001
 
 
2002
                if(getrlimit(RLIMIT_FSIZE, &rlim) == 0) {
 
2003
                        if((rlim.rlim_max < limits.maxfilesize) || (rlim.rlim_max < limits.maxscansize))
 
2004
                                logg("^System limit for file size is lower than maxfilesize or maxscansize\n");
 
2005
                } else {
 
2006
                        logg("^Cannot obtain resource limits for file size\n");
 
2007
                }
 
2008
 
1933
2009
                if(((cpt = cfgopt(copt, "MaxRecursion")) != NULL) && cpt->enabled)
1934
2010
                        limits.maxreclevel = cpt->numarg;
1935
2011
                else
2011
2087
                umask(old_umask);
2012
2088
        } else if(tmpdir) {
2013
2089
                if(rootdir == NULL)
2014
 
                        chdir(tmpdir);  /* safety */
 
2090
                        if(chdir(tmpdir) < 0) { /* safety */
 
2091
                                perror(tmpdir);
 
2092
                                logg("!chdir %s failed\n", tmpdir);
 
2093
                        }
2015
2094
        } else
2016
2095
                if(rootdir == NULL)
2017
2096
#ifdef  P_tmpdir
2018
 
                        chdir(P_tmpdir);
 
2097
                        if(chdir(P_tmpdir) < 0) {
 
2098
                                perror(P_tmpdir);
 
2099
                                logg("!chdir %s failed\n", P_tmpdir);
 
2100
                        }
2019
2101
#else
2020
 
                        chdir("/tmp");
 
2102
                        if(chdir("/tmp") < 0) {
 
2103
                                perror("/tmp");
 
2104
                                logg("!chdir /tmp failed\n", P_tmpdir);
 
2105
                        }
2021
2106
#endif
2022
2107
 
2023
2108
        if(cfgopt(copt, "FixStaleSocket")->enabled) {
2062
2147
#endif
2063
2148
 
2064
2149
        signal(SIGPIPE, SIG_IGN);       /* libmilter probably does this as well */
 
2150
        signal(SIGXFSZ, SIG_IGN); /* TODO: check if it's safe to call signal() here */
2065
2151
 
2066
2152
#ifdef  SESSION
2067
2153
        pthread_mutex_lock(&version_mutex);
2069
2155
        logg(_("Starting %s\n"), clamav_version);
2070
2156
        logg(_("*Debugging is on\n"));
2071
2157
 
 
2158
#ifdef HAVE_RESOLV_H
2072
2159
        if(!(_res.options&RES_INIT))
2073
2160
                if(res_init() < 0) {
2074
2161
                        fprintf(stderr, "%s: Can't initialise the resolver\n",
2100
2187
                }
2101
2188
                tableIterate(blacklist, dump_blacklist, NULL);
2102
2189
        }
 
2190
#endif /* HAVE_RESOLV_H */
2103
2191
 
2104
2192
#ifdef  SESSION
2105
2193
        pthread_mutex_unlock(&version_mutex);
2321
2409
         */
2322
2410
        snprintf(clamav_version, sizeof(clamav_version) - 1,
2323
2411
                "%s\n\tclamav-milter version %s",
2324
 
                buf, CM_VERSION);
 
2412
                buf, get_version());
2325
2413
 
2326
2414
        return 1;
2327
2415
}
2678
2766
#ifdef HAVE_INET_NTOP
2679
2767
                switch(hostaddr->sa_family) {
2680
2768
                        case AF_INET:
2681
 
                                remoteIP = (char *)inet_ntop(AF_INET, &((struct sockaddr_in *)(hostaddr))->sin_addr, ip, sizeof(ip));
 
2769
                                remoteIP = (const char *)inet_ntop(AF_INET, &((struct sockaddr_in *)(hostaddr))->sin_addr, ip, sizeof(ip));
2682
2770
                                break;
2683
2771
#ifdef AF_INET6
2684
2772
                        case AF_INET6:
2685
 
                                remoteIP = (char *)inet_ntop(AF_INET6, &((struct sockaddr_in6 *)(hostaddr))->sin6_addr, ip, sizeof(ip));
 
2773
                                remoteIP = (const char *)inet_ntop(AF_INET6, &((struct sockaddr_in6 *)(hostaddr))->sin6_addr, ip, sizeof(ip));
2686
2774
                                break;
2687
2775
#endif
2688
2776
                        default:
3018
3106
        if(to == NULL)
3019
3107
                to = argv[0];
3020
3108
 
3021
 
        for(ptr = to; *ptr; ptr++)
 
3109
        for(ptr = to; !dont_sanitise && *ptr; ptr++)
3022
3110
                if(strchr("|;", *ptr) != NULL) {
3023
3111
                        smfi_setreply(ctx, "554", "5.7.1", _("Suspicious recipient address blocked"));
3024
3112
                        logg("^Suspicious recipient address blocked: '%s'\n", to);
3271
3359
                                nbytes += clamfi_send(privdata, 1, ptr++);
3272
3360
                                left--;
3273
3361
                        }
3274
 
                        if(left < 6) {
 
3362
                        if(left < 6 && left > 0) {
3275
3363
                                nbytes += clamfi_send(privdata, left, ptr);
3276
3364
                                break;
3277
3365
                        }
3968
4056
                 * quarantine email
3969
4057
                 */
3970
4058
                snprintf(reject, sizeof(reject) - 1, _("virus %s detected by ClamAV - http://www.clamav.net"), virusname);
3971
 
                smfi_setreply(ctx, (char *)privdata->rejectCode, "5.7.1", reject);
 
4059
                smfi_setreply(ctx, (const char *)privdata->rejectCode, "5.7.1", reject);
3972
4060
                broadcast(mess);
3973
4061
 
3974
4062
                if(blacklist_time && privdata->ip[0]) {
4207
4295
        char output[BUFSIZ];
4208
4296
        const char *ptr;
4209
4297
        int ret = 0;
4210
 
 
4211
4298
        assert(format != NULL);
4212
4299
 
4213
4300
        if(len > 0)
5040
5127
#ifdef  C_DARWIN
5041
5128
                *ptr &= '\177';
5042
5129
#endif
5043
 
#if     defined(MSDOS) || defined(C_CYGWIN) || defined(C_WINDOWS) || defined(C_OS2)
 
5130
#if     defined(MSDOS) || defined(C_WINDOWS) || defined(C_OS2)
5044
5131
                if(strchr("/*?<>|\\\"+=,;:\t ", *ptr))
5045
5132
#else
5046
5133
                if(*ptr == '/')
5761
5848
static int
5762
5849
loadDatabase(void)
5763
5850
{
5764
 
        /*extern const char *cl_retdbdir(void); /* FIXME: should be included */
5765
5851
        int ret;
5766
5852
        unsigned int signatures, dboptions;
5767
5853
        char *daily;
5788
5874
        if(access(daily, R_OK) < 0)
5789
5875
                sprintf(daily, "%s/daily.cld", dbdir);
5790
5876
 
 
5877
 
5791
5878
        cli_dbgmsg("loadDatabase: check %s for updates\n", daily);
5792
5879
 
5793
5880
        d = cl_cvdhead(daily);
5798
5885
                char buf[26];
5799
5886
 
5800
5887
                snprintf(clamav_version, VERSION_LENGTH,
5801
 
                        "ClamAV %s/%u/%s", VERSION, d->version,
 
5888
                        "ClamAV %s/%u/%s", get_version(), d->version,
5802
5889
                        cli_ctime(&t, buf, sizeof(buf)));
5803
5890
 
5804
5891
                /* Remove ctime's trailing \n */
5809
5896
        } else
5810
5897
                snprintf(clamav_version, VERSION_LENGTH,
5811
5898
                        "ClamAV version %s, clamav-milter version %s",
5812
 
                        VERSION, CM_VERSION);
 
5899
                        cl_retver(), get_version());
5813
5900
 
5814
5901
        free(daily);
5815
5902
 
5893
5980
        smfi_stop();
5894
5981
}
5895
5982
 
 
5983
extern FILE *logg_fd;
5896
5984
static void
5897
5985
sighup(int sig)
5898
5986
{
5899
 
        extern FILE *logg_fd;
5900
5987
 
5901
5988
        signal(SIGHUP, sighup);
5902
5989
 
5906
5993
        logg("SIGHUP caught: re-opening log file\n");
5907
5994
        logg_close();
5908
5995
        logg("*Log file re-opened\n");
5909
 
        close(2);
5910
 
        dup(fileno(logg_fd));
 
5996
        dup2(fileno(logg_fd), 2);
5911
5997
}
5912
5998
 
5913
5999
static void
5973
6059
                 */
5974
6060
                return 1;
5975
6061
 
5976
 
        if (nocheckCF) 
5977
 
                return 1;
5978
 
 
5979
6062
        if(sendmailCF)
5980
6063
                fd = open(sendmailCF, O_RDONLY);
5981
6064
        else {
5999
6082
                return -1;
6000
6083
        }
6001
6084
 
6002
 
        ptr = mmap(NULL, size, PROT_READ, MAP_SHARED, fd, 0);
 
6085
        ptr = mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0);
6003
6086
        if(ptr == MAP_FAILED) {
6004
6087
                perror("mmap");
6005
6088
                close(fd);
6197
6280
                        return NULL;
6198
6281
        }
6199
6282
 
6200
 
        len = res_query(host, C_IN, T_MX, (u_char *)&q, sizeof(q));
 
6283
        len = safe_res_query(host, C_IN, T_MX, (u_char *)&q, sizeof(q));
6201
6284
        if(len < 0)
6202
6285
                return t;       /* Host has no MX records */
6203
6286
 
6266
6349
        if((host == NULL) || (*host == '\0'))
6267
6350
                return t;
6268
6351
 
6269
 
        len = res_query(host, C_IN, T_A, (u_char *)&q, sizeof(q));
 
6352
        len = safe_res_query(host, C_IN, T_A, (u_char *)&q, sizeof(q));
6270
6353
        if(len < 0)
6271
6354
                return t;       /* Host has no A records */
6272
6355
 
6325
6408
 *      an SPF system, we ONLY use SPF records to reduce phish false positives
6326
6409
 * TODO: IPv6?
6327
6410
 * TODO: cache queries?
6328
 
 * TODO: check res_query is thread safe
6329
6411
 *
6330
6412
 * INPUT: prevhosts, a list of hosts already searched: stops include loops
6331
6413
 *      e.g. mercado.com includes medrcadosw.com which includes mercado.com,
6377
6459
                *ptr = '\0';
6378
6460
 
6379
6461
        logg("*SPF query '%s'\n", host);
6380
 
        len = res_query(host, C_IN, T_TXT, (u_char *)&q, sizeof(q));
 
6462
        len = safe_res_query(host, C_IN, T_TXT, (u_char *)&q, sizeof(q));
6381
6463
        if(len < 0) {
6382
6464
                free(host);
6383
6465
                return 0;       /* Host has no TXT records */
6566
6648
}
6567
6649
 
6568
6650
#else   /*!HAVE_RESOLV_H */
6569
 
static void
6570
 
mx(void)
 
6651
static table_t *
 
6652
mx(const char *host, table_t *t)
6571
6653
{
6572
6654
        logg(_("^MX peers will not be immune from being blacklisted"));
6573
6655
 
6574
6656
        if(blacklist == NULL)
6575
6657
                blacklist = tableCreate();
 
6658
        return NULL;
6576
6659
}
6577
6660
#endif  /* HAVE_RESOLV_H */
6578
6661
 
6943
7026
                return -1;
6944
7027
        }
6945
7028
#endif
6946
 
 
6947
7029
        return 0;
6948
7030
}