open-dsi
/
clamav
mirror of https://github.com/Cisco-Talos/clamav
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

more limits

Browse Source 
git-svn: trunk@3616
remotes/push_mirror/metadata
aCaB 18 years ago
parent c754386654
commit 86e209d667
9 changed files with 38 additions and 30 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      ChangeLog
  2. 16
      libclamav/blob.c
  3. 2
      libclamav/cab.c
  4. 4
      libclamav/chmunpack.h
  5. 4
      libclamav/matcher.c
  6. 4
      libclamav/mbox.c
  7. 29
      libclamav/pdf.c
  8. 3
      libclamav/scanners.c
  9. 2
      libclamav/spin.c

4
ChangeLog
Unescape View File

@ -1,3 +1,7 @@
Mon Feb 11 21:04:30 CET 2008 (acab)
-----------------------------------
* libclamav: more limit updates, more to come
Mon Feb 11 19:15:16 CET 2008 (tk)
---------------------------------
* libclamav: mail: scan text attachments and decoded base64 bodies also with

16
libclamav/blob.c
Unescape View File

@ -65,11 +65,12 @@ static char const rcsid[] = "$Id: blob.c,v 1.64 2007/02/12 22:25:14 njh Exp $";
#include <windows.h>
#endif
#define MAX_SCAN_SIZE 20*1024 /*
* The performance benefit of scanning
* early disappears on medium and
* large sized files
*/
/* Scehduled for rewite in 0.94 (bb#804). Disabling for now */
/* #define MAX_SCAN_SIZE 20*1024 /\* */
/* * The performance benefit of scanning */
/* * early disappears on medium and */
/* * large sized files */
/* *\/ */
static const char *blobGetFilename(const blob *b);
@ -618,9 +619,8 @@ fileblobAddData(fileblob *fb, const unsigned char *data, size_t len)
if(ctx) {
int do_scan = 1;
if(ctx->limits && ctx->limits->maxfilesize) /* FIXMELIMITS */
if(fb->bytes_scanned >= ctx->limits->maxfilesize)
do_scan = 0;
if(cli_checklimits("fileblobAddData", ctx, fb->bytes_scanned, 0, 0)!=CL_CLEAN)
do_scan = 0;
if(fb->bytes_scanned > MAX_SCAN_SIZE)
do_scan = 0;

2
libclamav/cab.c
Unescape View File

@ -49,7 +49,7 @@
#endif
/* hard limits */
#define CAB_FOLDER_LIMIT 5000 /* FIXMELIMITS */
#define CAB_FOLDER_LIMIT 5000
#define CAB_FILE_LIMIT 5000
/* Cabinet format data structures */

4
libclamav/chmunpack.h
Unescape View File

@ -116,8 +116,4 @@ int cli_chm_open(int fd, const char *dirname, chm_metadata_t *metadata);
int cli_chm_prepare_file(int fd, char *dirname, chm_metadata_t *metadata);
int cli_chm_extract_file(int fd, char *dirname, chm_metadata_t *metadata);
void cli_chm_close(chm_metadata_t *metadata);
int cli_chm_open(int fd, const char *dirname, chm_metadata_t *metadata);
void cli_chm_close(chm_metadata_t *metadata);
int cli_chm_extract_file(int fd, char *dirname, chm_metadata_t *metadata);
int cli_chm_prepare_file(int fd, char *dirname, chm_metadata_t *metadata);
#endif

4
libclamav/matcher.c
Unescape View File

@ -53,12 +53,14 @@ int cli_scanbuff(const unsigned char *buffer, uint32_t length, const char **virn
struct cli_ac_data mdata;
struct cli_matcher *groot, *troot = NULL;
if(!engine) {
cli_errmsg("cli_scanbuff: engine == NULL\n");
return CL_ENULLARG;
}
if(cli_updatelimits(ctx, length)!=CL_CLEAN)
return CL_CLEAN;
groot = engine->root[0]; /* generic signatures */
if(ftype) {

4
libclamav/mbox.c
Unescape View File

@ -2010,9 +2010,9 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re
cli_dbgmsg("in parseEmailBody, %u files saved so far\n",
mctx->files);
if(limits) { /* FIXMELIMITS */
if(limits) { /* FIXMELIMITS: this should be better integrated */
if(limits->maxreclevel) {
const cli_ctx *ctx = mctx->ctx; /* needed for BLOCKMAX :-( */
const cli_ctx *ctx = mctx->ctx;
/*
* This is approximate

29
libclamav/pdf.c
Unescape View File

@ -189,7 +189,6 @@ cli_pdf(const char *dir, int desc, const cli_ctx *ctx)
bytesleft -= xreflength;
*/
rc = CL_CLEAN;
files = 0;
/*
@ -430,13 +429,20 @@ cli_pdf(const char *dir, int desc, const cli_ctx *ctx)
#endif
if(is_ascii85decode) {
unsigned char *tmpbuf = cli_malloc(calculated_streamlen * 5);
int ret;
unsigned char *tmpbuf; = cli_malloc(calculated_streamlen * 5);
int ret = cli_checklimits("cli_pdf", ctx, calculated_streamlen * 5, calculated_streamlen, 0);
if(ret != CL_CLEAN) {
close(fout);
unlink(fullname);
continue;
}
tmpbuf = cli_malloc(calculated_streamlen * 5);
if(tmpbuf == NULL) {
close(fout);
unlink(fullname);
rc = CL_EMEM;
continue;
}
@ -446,7 +452,6 @@ cli_pdf(const char *dir, int desc, const cli_ctx *ctx)
free(tmpbuf);
close(fout);
unlink(fullname);
rc = CL_CLEAN;
continue;
}
if(ret) {
@ -459,7 +464,6 @@ cli_pdf(const char *dir, int desc, const cli_ctx *ctx)
free(tmpbuf);
close(fout);
unlink(fullname);
rc = CL_EMEM;
continue;
}
tmpbuf = t;
@ -467,16 +471,17 @@ cli_pdf(const char *dir, int desc, const cli_ctx *ctx)
* Note that it will probably be both
* ascii85encoded and flateencoded
*/
if(is_flatedecode)
rc = try_flatedecode((unsigned char *)tmpbuf, real_streamlen, real_streamlen, fout, ctx);
else
cli_writen(fout, (const char *)streamstart, real_streamlen);
}
free(tmpbuf);
} else if(is_flatedecode)
} else if(is_flatedecode) {
rc = try_flatedecode((unsigned char *)streamstart, real_streamlen, calculated_streamlen, fout, ctx);
else {
} else {
cli_dbgmsg("cli_pdf: writing %lu bytes from the stream\n",
(unsigned long)real_streamlen);
cli_writen(fout, (const char *)streamstart, real_streamlen);
@ -508,9 +513,9 @@ cli_pdf(const char *dir, int desc, const cli_ctx *ctx)
static int
try_flatedecode(unsigned char *buf, off_t real_len, off_t calculated_len, int fout, const cli_ctx *ctx)
{
int ret = flatedecode(buf, real_len, fout, ctx);
int ret = cli_checklimits("cli_pdf", ctx, real_len, 0, 0);
if(ret == CL_SUCCESS)
if (ret==CL_CLEAN && flatedecode(buf, real_len, fout, ctx) == CL_SUCCESS)
return CL_SUCCESS;
if(real_len == calculated_len) {
@ -521,6 +526,9 @@ try_flatedecode(unsigned char *buf, off_t real_len, off_t calculated_len, int fo
return CL_CLEAN;
}
if(cli_checklimits("cli_pdf", ctx, calculated_len, 0, 0)!=CL_CLEAN)
return CL_CLEAN;
ret = flatedecode(buf, calculated_len, fout, ctx);
if(ret == CL_SUCCESS)
return CL_SUCCESS;
@ -605,7 +613,6 @@ flatedecode(unsigned char *buf, off_t len, int fout, const cli_ctx *ctx)
nbytes += written;
if((ret=cli_checklimits("cli_pdf", ctx, nbytes, 0, 0))!=CL_CLEAN) {
/* FIXMELIMITS */
inflateEnd(&stream);
return ret;
}

3
libclamav/scanners.c
Unescape View File

@ -230,7 +230,7 @@ static int cli_unrar_scanmetadata(int desc, unrar_metadata_t *metadata, cli_ctx
if(mdata->fileno && mdata->fileno != files)
continue;
if(mdata->maxdepth && ctx->recursion > mdata->maxdepth) /* FIXMELIMITS */
if(mdata->maxdepth && ctx->recursion > mdata->maxdepth)
continue;
/* TODO add support for regex */
@ -401,7 +401,6 @@ static int cli_scanarj(int desc, cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_c
break;
}
if ((ret = cli_checklimits("ARJ", ctx, metadata.orig_size, metadata.comp_size, 0))!=CL_CLEAN) {
/* FIXMELIMITS: is this correct, shall I free something? */
ret = CL_SUCCESS;
continue;
}

2
libclamav/spin.c
Unescape View File

@ -372,7 +372,7 @@ int unspin(char *src, int ssize, struct cli_exe_section *sections, int sectcnt,
bitmap = cli_readint32(ep+0x3061);
bitman = bitmap;
/* FIXMELIMITS */
/* FIXMELIMITS: possibly rewrite to use the limits api */
if(ctx->limits && ctx->limits->maxfilesize) {
unsigned long int filesize = 0;

Write Preview
Loading…
Cancel
Save