libclamav, sigtool: fix handling of long signatures (bb#1395)

git-svn: trunk@4795

ChangeLog

@@ -1,3 +1,7 @@
+Mon Feb 16 17:59:57 CET 2009 (tk)
+---------------------------------
+ * libclamav, sigtool: fix handling of long signatures (bb#1395)
+
 Mon Feb 16 13:16:53 CET 2009 (tk)
 ---------------------------------
  * libclamav/clamd: fix double-slash when scanning the root dir (bb#1394)

libclamav/default.h

@@ -25,6 +25,8 @@
 #define CLI_DEFAULT_AC_MAXDEPTH	    3
 #define CLI_DEFAULT_AC_TRACKLEN	    8
 
+#define CLI_DEFAULT_LSIG_BUFSIZE    32768
+
 #define CLI_DEFAULT_MAXSCANSIZE	    104857600
 #define CLI_DEFAULT_MAXFILESIZE	    26214400
 #define CLI_DEFAULT_MAXRECLEVEL	    16

libclamav/readdb.c

@@ -55,6 +55,7 @@
 #include "filetypes_int.h"
 #include "readdb.h"
 #include "cltypes.h"
+#include "default.h"
 
 #include "phishcheck.h"
 #include "phish_whitelist.h"
@@ -796,7 +797,7 @@ static int lsigattribs(char *attribs, struct cli_lsig_tdb *tdb)
 static int cli_loadldb(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigned int options, struct cli_dbio *dbio, const char *dbname)
 {
 	char *tokens[LDB_TOKENS];
-	char buffer[32768], *pt;
+	char buffer[CLI_DEFAULT_LSIG_BUFSIZE + 1], *pt;
 	const char *sig, *virname, *offset, *logic;
 	struct cli_matcher *root;
 	unsigned int line = 0, sigs = 0;
@@ -810,7 +811,7 @@ static int cli_loadldb(FILE *fs, struct cl_engine *engine, unsigned int *signo,
     if((ret = cli_initroots(engine, options)))
 	return ret;
 
-    while(cli_dbgets(buffer, FILEBUFF, fs, dbio)) {
+    while(cli_dbgets(buffer, sizeof(buffer), fs, dbio)) {
 	line++;
 	sigs++;
 	cli_chomp(buffer);

shared/cdiff.c

@@ -40,6 +40,7 @@
 #include "libclamav/str.h"
 #include "libclamav/others.h"
 #include "libclamav/cvd.h"
+#include "libclamav/default.h"
 
 #include "zlib.h"
 
@@ -353,7 +354,7 @@ static int cdiff_cmd_close(const char *cmdstr, struct cdiff_ctx *ctx)
 {
 	struct cdiff_node *add, *del, *xchg;
 	unsigned int lines = 0;
-	char *tmp, line[1024];
+	char *tmp, line[CLI_DEFAULT_LSIG_BUFSIZE + 32];
 	FILE *fh, *tmpfh;
 
 
@@ -489,7 +490,7 @@ static int cdiff_cmd_close(const char *cmdstr, struct cdiff_ctx *ctx)
 static int cdiff_cmd_move(const char *cmdstr, struct cdiff_ctx *ctx)
 {
 	unsigned int lines = 0, start_line, end_line;
-	char *arg, *srcdb, *dstdb, *tmpdb, line[1024], *start_str, *end_str;
+	char *arg, *srcdb, *dstdb, *tmpdb, line[CLI_DEFAULT_LSIG_BUFSIZE + 32], *start_str, *end_str;
 	FILE *src, *dst, *tmp;
 
 
@@ -867,7 +868,7 @@ int cdiff_apply(int fd, unsigned short mode)
 	struct cdiff_ctx ctx;
 	FILE *fh;
 	gzFile *gzh;
-	char line[1024], buff[FILEBUFF], *dsig = NULL;
+	char line[CLI_DEFAULT_LSIG_BUFSIZE + 32], buff[FILEBUFF], *dsig = NULL;
 	unsigned int lines = 0, cmds = 0;
 	unsigned int difflen, diffremain;
 	int end, i, n;

sigtool/sigtool.c

@@ -60,9 +60,15 @@
 #include "libclamav/str.h"
 #include "libclamav/ole2_extract.h"
 #include "libclamav/htmlnorm.h"
+#include "libclamav/default.h"
 
 #define MAX_DEL_LOOKAHEAD   200
 
+/*
+ * Force backward compatibility with the cdiff interpreter of clamav < 0.95
+ */
+#define COMPATIBILITY_LIMIT 896
+
 static const struct dblist_s {
     const char *name;
     unsigned int count;
@@ -1316,7 +1322,7 @@ static int rundiff(const struct optstruct *opts)
 static int compare(const char *oldpath, const char *newpath, FILE *diff)
 {
 	FILE *old, *new;
-	char obuff[1024], nbuff[1024], tbuff[1024], *pt, *omd5, *nmd5;
+	char obuff[CLI_DEFAULT_LSIG_BUFSIZE + 1], nbuff[CLI_DEFAULT_LSIG_BUFSIZE + 1], tbuff[CLI_DEFAULT_LSIG_BUFSIZE + 1], *pt, *omd5, *nmd5;
 	unsigned int oline = 0, tline, found, i;
 	long opos;
 
@@ -1347,7 +1353,14 @@ static int compare(const char *oldpath, const char *newpath, FILE *diff)
 
     while(fgets(nbuff, sizeof(nbuff), new)) {
 	cli_chomp(nbuff);
-
+#ifdef COMPATIBILITY_LIMIT
+	if(strlen(nbuff) > COMPATIBILITY_LIMIT) {
+	    mprintf("!compare: COMPATIBILITY_LIMIT: Line too long\n");
+	    if(old)
+		fclose(old);
+	    return -1;
+	}
+#endif
 	if(!old) {
 	    fprintf(diff, "ADD %s\n", nbuff);
 	} else {