Browse code
properly handle partial reads in cli_scandesc()
| ... | ... |
@@ -1,3 +1,7 @@ |
| 1 |
+Fri Mar 10 16:08:25 CET 2006 (tk) |
|
| 2 |
+--------------------------------- |
|
| 3 |
+ * libclamav/matcher.c: properly handle partial reads in cli_scandesc() |
|
| 4 |
+ |
|
| 1 | 5 |
Wed Mar 8 16:05:44 GMT 2006 (njh) |
| 2 | 6 |
---------------------------------- |
| 3 | 7 |
* libclamav/pdf.c: Fix potential DoS discovered in Vector Data Adobe |
| ... | ... |
@@ -277,9 +277,8 @@ int cli_validatesig(unsigned short target, unsigned short ftype, const char *off |
| 277 | 277 |
int cli_scandesc(int desc, cli_ctx *ctx, unsigned short otfrec, unsigned short ftype, struct cli_matched_type **ftoffset) |
| 278 | 278 |
{
|
| 279 | 279 |
char *buffer, *buff, *endbl, *pt; |
| 280 |
- int bytes, buffsize, length, ret, *gpartcnt, *tpartcnt; |
|
| 281 |
- int type = CL_CLEAN, i, tid = 0; |
|
| 282 |
- unsigned int maxpatlen; |
|
| 280 |
+ int ret, *gpartcnt, *tpartcnt, type = CL_CLEAN, i, tid = 0; |
|
| 281 |
+ unsigned int bytes, buffersize, length, maxpatlen, shift = 0; |
|
| 283 | 282 |
unsigned long int *gpartoff, *tpartoff, offset = 0; |
| 284 | 283 |
MD5_CTX md5ctx; |
| 285 | 284 |
unsigned char digest[16]; |
| ... | ... |
@@ -311,9 +310,9 @@ int cli_scandesc(int desc, cli_ctx *ctx, unsigned short otfrec, unsigned short f |
| 311 | 311 |
maxpatlen = groot->maxpatlen; |
| 312 | 312 |
|
| 313 | 313 |
/* prepare the buffer */ |
| 314 |
- buffsize = maxpatlen + SCANBUFF; |
|
| 315 |
- if(!(buffer = (char *) cli_calloc(buffsize, sizeof(char)))) {
|
|
| 316 |
- cli_dbgmsg("cli_scandesc(): unable to cli_calloc(%d)\n", buffsize);
|
|
| 314 |
+ buffersize = maxpatlen + SCANBUFF; |
|
| 315 |
+ if(!(buffer = (char *) cli_calloc(buffersize, sizeof(char)))) {
|
|
| 316 |
+ cli_dbgmsg("cli_scandesc(): unable to cli_calloc(%d)\n", buffersize);
|
|
| 317 | 317 |
return CL_EMEM; |
| 318 | 318 |
} |
| 319 | 319 |
|
| ... | ... |
@@ -361,14 +360,14 @@ int cli_scandesc(int desc, cli_ctx *ctx, unsigned short otfrec, unsigned short f |
| 361 | 361 |
*/ |
| 362 | 362 |
|
| 363 | 363 |
pt = buff; |
| 364 |
- length = SCANBUFF; |
|
| 365 |
- while((bytes = cli_readn(desc, buff, SCANBUFF)) > 0) {
|
|
| 364 |
+ while((bytes = cli_readn(desc, buff + shift, SCANBUFF - shift)) > 0) {
|
|
| 366 | 365 |
|
| 367 | 366 |
if(ctx->scanned) |
| 368 | 367 |
*ctx->scanned += bytes / CL_COUNT_PRECISION; |
| 369 | 368 |
|
| 370 |
- if(bytes < SCANBUFF) |
|
| 371 |
- length -= SCANBUFF - bytes; |
|
| 369 |
+ length = shift + bytes; |
|
| 370 |
+ if(pt == buffer) |
|
| 371 |
+ length += maxpatlen; |
|
| 372 | 372 |
|
| 373 | 373 |
if(troot) {
|
| 374 | 374 |
if(troot->ac_only || (ret = cli_bm_scanbuff(pt, length, ctx->virname, troot, offset, ftype, desc)) != CL_VIRUS) |
| ... | ... |
@@ -411,20 +410,24 @@ int cli_scandesc(int desc, cli_ctx *ctx, unsigned short otfrec, unsigned short f |
| 411 | 411 |
type = ret; |
| 412 | 412 |
} |
| 413 | 413 |
|
| 414 |
- if(bytes == SCANBUFF) {
|
|
| 414 |
+ if(ctx->engine->md5_hlist) |
|
| 415 |
+ MD5_Update(&md5ctx, buff + shift, bytes); |
|
| 416 |
+ |
|
| 417 |
+ if(bytes + shift == SCANBUFF) {
|
|
| 415 | 418 |
memmove(buffer, endbl, maxpatlen); |
| 419 |
+ offset += SCANBUFF; |
|
| 416 | 420 |
|
| 417 |
- if(pt == buffer) {
|
|
| 418 |
- offset += SCANBUFF; |
|
| 419 |
- } else {
|
|
| 420 |
- offset += SCANBUFF - maxpatlen; |
|
| 421 |
+ if(pt == buff) {
|
|
| 421 | 422 |
pt = buffer; |
| 422 |
- length = buffsize; |
|
| 423 |
+ offset -= maxpatlen; |
|
| 423 | 424 |
} |
| 425 |
+ |
|
| 426 |
+ shift = 0; |
|
| 427 |
+ |
|
| 428 |
+ } else {
|
|
| 429 |
+ shift += bytes; |
|
| 424 | 430 |
} |
| 425 | 431 |
|
| 426 |
- if(ctx->engine->md5_hlist) |
|
| 427 |
- MD5_Update(&md5ctx, buff, bytes); |
|
| 428 | 432 |
} |
| 429 | 433 |
|
| 430 | 434 |
free(buffer); |