X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fmalware.c;h=b36bf0d6442e09cfc004b606936fc0ec67b8d956;hb=109ad60f4d0f4cf43d9dec72fc6eeb3c20d0f062;hp=a5944cafb6aa650d4a907b00ef8c32a49de96274;hpb=55240832db97f7a16fd6ef2e2bb8d899897a1347;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/malware.c b/src/src/malware.c
index a5944cafb..b36bf0d64 100644
--- a/src/src/malware.c
+++ b/src/src/malware.c
@@ -630,7 +630,7 @@ if (!malware_ok)
 	    sock);
 	  }
 
-	if (!(drweb_fbuf = (uschar *) malloc (fsize_uint)))
+	if (!(drweb_fbuf = US malloc(fsize_uint)))
 	  {
 	  (void)close(drweb_fd);
 	  return m_errlog_defer_3(scanent, NULL,
@@ -1003,7 +1003,9 @@ if (!malware_ok)
 	      kav_re = kav_re_inf;
 	      }
 
-	    /* read report, linewise */
+	    /* read report, linewise.  Using size from stream to read amount of data
+	    from same stream is safe enough. */
+	    /* coverity[tainted_data] */
 	    while (kav_reportlen > 0)
 	      {
 	      if ((bread = recv_line(sock, tmpbuf, sizeof(tmpbuf), tmo)) < 0)
@@ -1486,7 +1488,7 @@ if (!malware_ok)
 	  }
 	lseek(clam_fd, 0, SEEK_SET);
 
-	if (!(clamav_fbuf = (uschar *) malloc (fsize_uint)))
+	if (!(clamav_fbuf = US malloc(fsize_uint)))
 	  {
 	  CLOSE_SOCKDATA; (void)close(clam_fd);
 	  return m_errlog_defer_3(scanent, NULL,