bugfixes

git-svn: trunk@526
21 years ago · 56bfccb2bd
parent 7b9aed8c1e
commit 56bfccb2bd
5 changed files with 53 additions and 81 deletions
--- a/clamav-devel/ChangeLog
+++ b/clamav-devel/ChangeLog
@ -1,3 +1,11 @@
+Tue Apr 27 14:53:39 CEST 2004 (tk)
+----------------------------------
+  * clamscan: fix file access problem when using clamscan with external
+	      unpackers in a superuser mode (reported by Robert Allerstorfer
+	      <roal*anet.at> and ZMan Z. <x86zman*go-a-way.dyndns.org>).
+	      Access verification mechanism is POSIX compliant now.
+  * libclamav: ignore more file types
+
 Tue Apr 27 12:42:14 BST 2004 (trog)
 -----------------------------------
 * libclamav/vba_extract.[ch]: Word6 macro extraction code (not yet activated)
--- a/clamav-devel/clamscan/manager.c
+++ b/clamav-devel/clamscan/manager.c
@ -202,7 +202,7 @@ int scanmanager(const struct optstruct *opt)
 			tmpdir = "/tmp";
 #endif

-		if(writeaccess(tmpdir, UNPUSER) != 1) {
+		if(checkaccess(tmpdir, UNPUSER, W_OK) != 1) {
 			mprintf("@Can't write to the temporary directory.\n");
 			exit(64);
 		}
@ -417,13 +417,13 @@ int scanfile(const char *filename, struct cl_node *root, const struct passwd *us
 	 && (optl(opt, "tgz") || optl(opt, "deb"))) ) {

 	/* check permissions */
-	switch(readaccess(filename, UNPUSER)) {
+	switch(checkaccess(filename, UNPUSER, R_OK)) {
 	    case -1:
 		mprintf("@Can't get information about user "UNPUSER".\n");
-		exit(60); /* this is critical problem, so we just exit here */
+		exit(60); /* this is a critical problem so we just exit here */
 	    case -2:
-		mprintf("@Can't get information about current user.\n");
-		exit(59); /* this is critical problem, so we just exit here */
+		mprintf("@Can't fork.\n");
+		exit(61);
 	    case 0: /* read access denied */
 		if(getuid()) {
 		    if(!printinfected)
@ -446,14 +446,10 @@ int scanfile(const char *filename, struct cl_node *root, const struct passwd *us
    }

    if(getuid())
-	switch(readaccess(filename, NULL)) {
-	    case -2:
-		mprintf("@Can't get information about current user.\n");
-		exit(59); /* this is critical problem, so we just exit here */
-	    case 0: /* read access denied */
-		if(!printinfected)
-		    mprintf("%s: Access denied.\n", filename);
-		return 0;
+	if(checkaccess(filename, NULL, R_OK) != 1) {
+	    if(!printinfected)
+		mprintf("%s: Access denied.\n", filename);
+	    return 0;
 	}

    if((ret = checkfile(filename, root, limits, options)) == CL_VIRUS) {
@ -499,7 +495,7 @@ int scancompressed(const char *filename, struct cl_node *root, const struct pass
 	tmpdir = "/tmp";
 #endif

-    if(writeaccess(tmpdir, UNPUSER) != 1) {
+    if(checkaccess(tmpdir, UNPUSER, W_OK) != 1) {
 	mprintf("@Can't write to the temporary directory.\n");
 	exit(64);
    }
@ -701,7 +697,7 @@ int scandenied(const char *filename, struct cl_node *root, const struct passwd *
 #endif


-    if(writeaccess(tmpdir, UNPUSER) != 1) {
+    if(checkaccess(tmpdir, UNPUSER, W_OK) != 1) {
 	mprintf("@Can't write to the temporary directory %s.\n", tmpdir);
 	exit(64);
    }
--- a/clamav-devel/clamscan/others.c
+++ b/clamav-devel/clamscan/others.c
@ -68,66 +68,41 @@ int fileinfo(const char *filename, short i)
    }
 }

-int readaccess(const char *path, const char *username)
+int checkaccess(const char *path, const char *username, int mode)
 {
 	struct passwd *user;
-	unsigned int su = 0, acc = 0;
+	int ret = 0, status;

+    if(!getuid()) {

-    if(!getuid())
-	su = 1;
-
-    if(su) {
 	if((user = getpwnam(username)) == NULL) {
 	    return -1;
 	}

-	/* WARNING: it's not POSIX compliant */
-
-	seteuid(user->pw_uid);
-	setegid(user->pw_gid);
-    }
-
-    if(!access(path, R_OK))
-	acc = 1;
-
-    if(su) {
-	seteuid(0);
-	setegid(0);
-    }
-
-    return acc;
-}
-
-int writeaccess(const char *path, const char *username)
-{
-	struct passwd *user;
-	unsigned int su = 0, acc = 0;
-
-
-    if(!getuid())
-	su = 1;
-
-    if(su) {
-	if((user = getpwnam(username)) == NULL) {
-	    return -1;
+	switch(fork()) {
+	    case -1:
+		return -2;
+
+	    case 0:
+		setuid(user->pw_uid);
+		setgid(user->pw_gid);
+		if(access(path, mode))
+		    exit(0);
+		else
+		    exit(1);
+
+	    default:
+		wait(&status);
+		if(WIFEXITED(status) && WEXITSTATUS(status) == 1)
+		    ret = 1;
 	}

-	/* WARNING: it's not POSIX compliant */
-
-	seteuid(user->pw_uid);
-	setegid(user->pw_gid);
-    }
-
-    if(!access(path, W_OK))
-	acc = 1;
-
-    if(su) {
-	seteuid(0);
-	setegid(0);
+    } else {
+	if(!access(path, mode))
+	    ret = 1;
    }

-    return acc;
+    return ret;
 }

 int filecopy(const char *src, const char *dest)
--- a/clamav-devel/clamscan/others.h
+++ b/clamav-devel/clamscan/others.h
@ -20,17 +20,8 @@
 #define __OTHERS_H

 int fileinfo(const char *filename, short i);
-int readaccess(const char *path, const char *username);
-int writeaccess(const char *path, const char *username);
+int checkaccess(const char *path, const char *username, int mode);
 int filecopy(const char *src, const char *dest);
 int isnumb(const char *str);

-
-/* njh@bandsman.co.uk: for BeOS */
-/* TODO: configure should see if sete[ug]id is set on the target */
-#if defined(C_BEOS) || defined(C_HPUX)
-#define       seteuid(u)      (-1)
-#define       setegid(g)      (-1)
-#endif
-
 #endif
--- a/clamav-devel/libclamav/scanners.c
+++ b/clamav-devel/libclamav/scanners.c
@ -97,15 +97,19 @@ static const struct cli_magic_s cli_magic[] = {

    {0,  "\000\000\001\263",             4, "MPEG video stream",  CL_DATAFILE},
    {0,  "\000\000\001\272",             4, "MPEG sys stream",    CL_DATAFILE},
-    {0,  "RIFF",                         4, "RIFF file",          CL_DATAFILE},
+    {0,  "RIFF",                         4, "RIFF",		  CL_DATAFILE},
    {0,  "GIF87a",                       6, "GIF (87a)",          CL_DATAFILE},
    {0,  "GIF89a",                       6, "GIF (89a)",          CL_DATAFILE},
    {0,  "\x89PNG\r\n\x1a\n",            8, "PNG",                CL_DATAFILE},
    {0,  "\377\330\377\340",             4, "JPEG",               CL_DATAFILE},
    {0,  "\377\330\377\356",             4, "JPG",                CL_DATAFILE},
    {0,  "OggS",                         4, "Ogg Stream",         CL_DATAFILE},
+    {0,  "ID3",				 3, "MP3",		  CL_DATAFILE},
+    {0,  "\377\373\220",		 3, "MP3",		  CL_DATAFILE},
+    {0,  "\%PDF-",			 5, "PDF document",	  CL_DATAFILE},
+    {0,  "\060\046\262\165\216\146\317", 7, "WMA/WMV/ASF",	  CL_DATAFILE},

-    {-1, NULL,              0, NULL,              CL_UNKNOWN_TYPE}
+    {-1, NULL,				 0, NULL,              CL_UNKNOWN_TYPE}
 };

 cli_file_t cli_filetype(const char *buf, size_t buflen)
@ -689,7 +693,7 @@ static int cli_vba_scandir(const char *dirname, const char **virname, long int *
 	DIR *dd;
 	struct dirent *dent;
 	struct stat statbuf;
-	char *fname, *dir, *fullname;
+	char *fname, *fullname;
 	unsigned char *data;

    cli_dbgmsg("VBA scan dir: %s\n", dirname);
@ -767,10 +771,8 @@ static int cli_vba_scandir(const char *dirname, const char **virname, long int *
 static int cli_scanole2(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *reclev)
 {
 	const char *tmpdir;
-	char *dir, *fullname;
-	unsigned char *data;
-	int ret = CL_CLEAN, fd, i, data_len;
-	vba_project_t *vba_project;
+	char *dir;
+	int ret = CL_CLEAN;

    cli_dbgmsg("in cli_scanole2()\n");

@ -799,7 +801,7 @@ static int cli_scanole2(int desc, const char **virname, long int *scanned, const

    if((ret = cli_vba_scandir(dir, virname, scanned, root, limits, options, reclev)) != CL_VIRUS) {
 	if(cli_scandir(dir, virname, scanned, root, limits, options, reclev) == CL_VIRUS) {
-		ret = CL_VIRUS;
+	    ret = CL_VIRUS;
 	}
    }