open-dsi
/
clamav
mirror of https://github.com/Cisco-Talos/clamav
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

bb12262 - Fix to address potential use-after-free bug in scanner code relating to the filenames for nested files.

Browse Source
pull/111/head
Micah Snyder 6 years ago
parent 25d72538cd
commit 5e3b1c62ba
1 changed files with 22 additions and 7 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 29
      libclamav/scanners.c

29
libclamav/scanners.c
Unescape View File

@ -3489,10 +3489,15 @@ static int magic_scandesc(cli_ctx *ctx, cli_file_t type)
}
}
static int cli_base_scandesc(int desc, const char *filepath, cli_ctx *ctx, cli_file_t type)
static cl_error_t cli_base_scandesc(int desc, const char *filepath, cli_ctx *ctx, cli_file_t type)
{
STATBUF sb;
int ret;
cl_error_t status = CL_CLEAN;
cl_error_t ret = CL_CLEAN;
if (!ctx) {
return CL_EARG;
}
const char *parent_filepath = ctx->sub_filepath;
ctx->sub_filepath = filepath;
@ -3504,11 +3509,17 @@ static int cli_base_scandesc(int desc, const char *filepath, cli_ctx *ctx, cli_f
cli_dbgmsg("in cli_magic_scandesc (reclevel: %u/%u)\n", ctx->recursion, ctx->engine->maxreclevel);
if (FSTAT(desc, &sb) == -1) {
cli_errmsg("magic_scandesc: Can't fstat descriptor %d\n", desc);
early_ret_from_magicscan(CL_ESTAT);
status = CL_ESTAT;
cli_dbgmsg("cli_magic_scandesc: returning %d %s (no post, no cache)\n", status, __AT__);
goto done;
}
if (sb.st_size <= 5) {
cli_dbgmsg("Small data (%u bytes)\n", (unsigned int)sb.st_size);
early_ret_from_magicscan(CL_CLEAN);
status = CL_CLEAN;
cli_dbgmsg("cli_magic_scandesc: returning %d %s (no post, no cache)\n", status, __AT__);
goto done;
}
ctx->fmap++;
@ -3517,18 +3528,22 @@ static int cli_base_scandesc(int desc, const char *filepath, cli_ctx *ctx, cli_f
cli_errmsg("CRITICAL: fmap() failed\n");
ctx->fmap--;
perf_stop(ctx, PERFT_MAP);
early_ret_from_magicscan(CL_EMEM);
status = CL_EMEM;
cli_dbgmsg("cli_magic_scandesc: returning %d %s (no post, no cache)\n", status, __AT__);
goto done;
}
perf_stop(ctx, PERFT_MAP);
ret = magic_scandesc(ctx, type);
status = magic_scandesc(ctx, type);
funmap(*ctx->fmap);
ctx->fmap--;
done:
ctx->sub_filepath = parent_filepath;
return ret;
return status;
}
int cli_magic_scandesc(int desc, const char *filepath, cli_ctx *ctx)

Write Preview
Loading…
Cancel
Save