open-dsi
/
clamav
mirror of https://github.com/Cisco-Talos/clamav
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix infinite loop in cl_free(); check file size

Browse Source 
git-svn: trunk@699
remotes/push_mirror/metadata
Tomasz Kojm 21 years ago
parent 1a74d4df97
commit 022a21cf60
5 changed files with 35 additions and 9 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      clamav-devel/ChangeLog
  2. 1
      clamav-devel/libclamav/clamav.h
  3. 19
      clamav-devel/libclamav/matcher.c
  4. 13
      clamav-devel/libclamav/readdb.c
  5. 6
      clamav-devel/libclamav/scanners.c

5
clamav-devel/ChangeLog
Unescape View File

@ -1,3 +1,8 @@
Wed Jul 28 01:10:46 CEST 2004 (tk)
----------------------------------
* libclamav: md5: fix possible infinite loop in cl_free(); check file
size to eliminate potential false positive alerts
Mon Jul 26 14:24:24 BST 2004 (njh)
----------------------------------
* clamav-milter: %v in the template file handling is now replaced

1
clamav-devel/libclamav/clamav.h
Unescape View File

@ -99,6 +99,7 @@ struct cli_ac_node {
struct cli_md5_node {
char *virname, *viralias, *md5;
unsigned int size;
struct cli_md5_node *next;
};

19
clamav-devel/libclamav/matcher.c
Unescape View File

@ -178,9 +178,19 @@ int cli_scandesc(int desc, const char **virname, long int *scanned, const struct
md5_finish_ctx(&ctx, &md5buff);
if((md5_node = cli_vermd5(md5buff, root))) {
if(virname)
*virname = md5_node->virname;
return CL_VIRUS;
struct stat sb;
if(fstat(desc, &sb))
return CL_EIO;
if(sb.st_size != md5_node->size) {
cli_warnmsg("Detected false positive MD5 match. Please report.\n");
} else {
if(virname)
*virname = md5_node->virname;
return CL_VIRUS;
}
}
}
@ -208,7 +218,8 @@ void cl_free(struct cl_node *root)
if(root->md5_hlist) {
for(i = 0; i < 256; i++) {
while((pt = root->md5_hlist[i])) {
pt = root->md5_hlist[i];
while(pt) {
h = pt;
pt = pt->next;
free(h);

13
clamav-devel/libclamav/readdb.c
Unescape View File

@ -484,14 +484,23 @@ static int cli_loadhdb(FILE *fd, struct cl_node **root, int *virnum)
}
free(pt);
if(!(new->virname = cli_strtok(buffer, 1, ":"))) {
if(!(pt = cli_strtok(buffer, 1, ":"))) {
free(new->md5);
free(new);
ret = CL_EMALFDB;
break;
}
new->size = atoi(pt);
free(pt);
if(!(new->virname = cli_strtok(buffer, 2, ":"))) {
free(new->md5);
free(new);
ret = CL_EMALFDB;
break;
}
new->viralias = cli_strtok(buffer, 1, ":"); /* aliases are optional */
new->viralias = cli_strtok(buffer, 3, ":"); /* aliases are optional */
if(!(*root)->md5_hlist) {
cli_dbgmsg("Initializing md5 list structure\n");

6
clamav-devel/libclamav/scanners.c
Unescape View File

@ -661,9 +661,6 @@ static int cli_scanhtml(int desc, const char **virname, long int *scanned, const
#ifdef HAVE_MMAP
membuff = mmap(NULL, statbuf.st_size, PROT_READ, MAP_PRIVATE, desc, 0);
#else /* FIXME */
return CL_CLEAN;
#endif
/* TODO: do file operations if mmap fails */
if(membuff == MAP_FAILED) {
@ -690,6 +687,9 @@ static int cli_scanhtml(int desc, const char **virname, long int *scanned, const
free(newbuff);
return ret;
#else /* FIXME */
return CL_CLEAN;
#endif
}
static int cli_scandir(const char *dirname, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec)

Write Preview
Loading…
Cancel
Save