For some reason we're generating a filename wiith a random hash in it
to use for the comment content in the event that codepage converstion to
utf8 fails for the comment. This makes no sense. So I'm removing it and
letting it just fail out. The calling functions ignore the failure
anyways and move on which is good.
Note: I think the "cli_genfname" call that I'm removing was a copypaste
from the logic for converting the filename to utf8. We still do that.
I'm not sure about the consequence of failing to have a filename in that
case, so I'm going to leave it as-is.
Coverity-225186, 225156: Fix possible leak of comment message in case
parsing the comment header fails after allocating the comment buffer.
Coverity-225184: Fix possible leak of egg block if the archive is not
solid and contains no files.
Additional improvements to egg parser error handling for functions that
pass back allocated memory through the parameters. Instead of checking
for failure before freeing the allocated memory, we'll hand off
ownership of the allocated memory to the parameter variable by setting
to NULL afterwards, and then always free the variable if not NULL after
the `done` label.
Coverity is unhappy with the use of the EC32, cli_readint32,
and cli_writeint32 macros (and the 64bit equivalents to potentially
change the endianess of variables in place.
It claims:
overlapping_assignment: Assigning ... to ..., which have overlapping
memory locations and different types.
Using a temporary variable in between reading and writing should
resolve these "high impact" complaints.
Resolves: Coverity-225232. 225225, 225215, 225212, 225180, 225170,
225165, 225161, 225159.
Coverity-344510: Fix unitialized sock variable in check_clamd test
program. Only close the socket on error if is a valid file descriptor.
Coverity-344507: Remove unused file-open from clamd test.
Coverity-344497: clamd test recvpartial convenience function is was
reusing the `len` variable used for "how long is the reply" also as
the buffer length. Coverity appears to be confused here and thinks that
the length of the buffer may not be long enough for the NULL terminating
character. I have reworked this to use a separate variable for managing
the length of the buffer.
Prevent double-extraction of same PDF object
Two indirect references to the same PDF object may cause it to try to
extract that object twice. This also may cause it to set the extraction
path twice, which leaks the memory from the first time.
This commit records when object extraction is attempted and prevents
doing it again. It also adds a couple extra checks to make sure that the
object path string is not leaked.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58072
Also:
- Coverity-317959: Fix complaint about logically dead code. No need to
check if UE variable is NULL because we would've returned earlier if it
was NULL.
- A bunch of medium-severity coverity issues for PDF parser regarding
checking if a `pdf` pointer is NULL after dereferencing it.
- Coverity-192930: bytes_remaining was being checked twice in a row
without chainging it. Turns out we should have been changing it after
moving the `index` pointer.
- Coverity-192920: Switch to use CLI_REALLOC instead of cli_realloc2.
This is because cli_realloc2 would free `pdf->objs` on failure and we
still need it.
Fix possibly unitialized binop variable in bytecode module for STORE
and COPY instructions in bytecode module.
Refactored slightly to include additional opcode login in the switch statement.
Coverity-344508: Fix out-of-bound read in check_str test.
The len argument cannot be longer than the size of the source buffer.
The original test was attempting to test an append failure.
The updated test checks for correct behavior with two consecutive
appends.
Also added function comments to document correct use of textbuffer
functions.
Coverity-344493: Fix out-of-bounds read in check_jsnorm test.
The buffers passed to tokenizer_test must be NULL-terminated.
RTF:
- Coverity-344490: Use cli_realloc instead of cli_realloc2.
cli_realloc2 will free the memory if the allocation fails, though we
also free the memory later in SCAN_CLEANUP.
- Fix warning about unused variable.
AutoIt:
- Fix possible memory leaks of input and output buffers.
- Set pointer to NULL after handing off memory to new pointer.
The pointer used to index an HTML file during normalization may be
rewound to an earlier location if encoded javascript (screnc) is
detected while processing the line.
If a <style>-tag was also found in the line after the screnc bytes
then the check for the size of the style-chunk will be "negative"
and would result in a massive memcpy.
This issue was introduced during 1.1 development.
This commit ensures the style chunk size may not be negative.
Resolves: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57327
Somehow the LOGG_DEBUG-level message used to verify correct behavior
in one of the freshclam tests is not written to stdout when testing
on some Fedora systems.
This commit changes the test to verify correct behavior by checking
for a different message that is LOGG_INFO-level, and is consistently
written to stdout.
Further investigation required to find out why debug messages aren't
always written to stdout.
Previous behaviour would remove temp files by deleting the subdirectory
This caused issues in cases (on Windows) where subdirectories aren't created
due to performance concerns
This commit removes tempfiles individually if keeptemp is off
Original patch authored by Thomas Vy
The CLOSE command is failing to create a file when appending changes if
the file does not already exist. This prevents adding new files to a
database with a CDIFF and caused failures applying the test-3.cdiff file
in the freshclam feature tests.
Also improved the error message to show which command, specifically, is
failing (not just the line number).
Any cdiff or script using the UNLINK operation will fail to delete the
file claiming "No DB open for action UNLINK".
The UNLINK operation appears to be trying to delete a currently open
database, when in fact it should ensure no database is open before
deleting the local file given by the single "db_name" parameter.
Some log statements using the old ^, !, and * logg-prefix where they
were making use a ternary to determine the log level in the log
statement.
Also sigtool and freshclam weren't outputting error log messages using
the Rust log macros e.g. `error!("...")`.
Also includes:
- A sigtool test to verify that Rust log macros are working.
- Changing the freshclam tests to use --no-dns so they run faster
when DNS isn't working (e.g. no internet).
In the event that there is an issue with the CDIFF process, freshclam is
treating it as thought no patch was downloaded.
If freshclam fails to apply the patch because of an issue with the
patch, or some bug in the CDIFF module, it should retry for the whole
CVD.
Coverity complained about missing break statements for two switch cases
that end with asserts.
Adding /* fall-through */ comments appears to assuage Coverity's fears.
The strncpy intentionally is not copying the NULL terminator for the log
message prefix. The NULL will be added by vsnprintf, after.
Switching to memcpy eliminates the warning.
Change the version suffix from -devel-{TODAY} to -rc
Bump the SO version for libclamav and libfreshclam.
Increasing the current version to 12.0.0 and 3.0.0 respectively.
The reason is that we reintroduced using the version scripts:
- libclamav.map
- libfreshclam.map
- libclamunrar.map
- libclamunrar_iface.map
Note that libclamunrar and libclamunrar_iface use the SO version from
libclamav.
Note that libclammspack does not have a .map file and so is not getting
symbol versioning at this time nor are we bumping the SO version for
that library.
Add a new cl_engine_set_clcb_vba() function to set a cb_vba callback
function and add clcb_generic_data handler prototype to the clamav.h
public API.
The cb_vba callback function will be run whenever VBA is extracted from
office documents. The provided data will be a normalized copy of the
original VBA. This callback is added to support Sigtool so it can use
the same VBA extraction logic as when scanning documents.
Change the Sigtool temp directory creation for any commands that use
temp directories so that you can select a custom temp directory with the
`--tempdir=PATH` option, and can retain the temp files with the
`--leave-temps` option.
Added `--tempdir` and `--leave-temps` to the Sigtool `--help` output.
Added `--tempdir` and `--leave-temps` to the Sigtool manpage.
Micah Snyder