... | ... |
@@ -17,11 +17,16 @@ ClamAV 0.102.0 is in development. |
17 | 17 |
- The new home for the documentation markdown is in our |
18 | 18 |
[ClamAV FAQ Github repository](https://github.com/Cisco-Talos/clamav-faq) |
19 | 19 |
|
20 |
+### Additional minor bug fixes |
|
21 |
+ |
|
22 |
+- Fix to prevent a possible crash when loading LDB type signature databases |
|
23 |
+ and PCRE is not available. Patch courtesy of Tomasz Kojm. |
|
24 |
+ |
|
20 | 25 |
### Acknowledgements |
21 | 26 |
|
22 | 27 |
The ClamAV team thanks the following individuals for their code submissions: |
23 | 28 |
|
24 |
-- |
|
29 |
+- Tomasz Kojm |
|
25 | 30 |
|
26 | 31 |
## 0.101.1 |
27 | 32 |
|
... | ... |
@@ -119,18 +124,18 @@ we've cooked up over the past 6 months. |
119 | 119 |
| | `AlertEncryptedArchive` | |
120 | 120 |
| | `AlertEncryptedDoc` | |
121 | 121 |
|
122 |
- | Old `clamscan` option | *New* `clamscan` option | |
|
123 |
- | ---------------------------- | -------------------------------- | |
|
124 |
- | `--algorithmic-detection` | `--heuristic-alerts` | |
|
125 |
- | `--detect-broken` | `--alert-broken` | |
|
126 |
- | `--phishing-cloak` | `--alert-phishing-cloak` | |
|
127 |
- | `--phishing-ssl` | `--alert-phishing-ssl` | |
|
128 |
- | `--partition-intersection` | `--alert-partition-intersection` | |
|
129 |
- | `--block-max` | `--alert-exceeds-max` | |
|
130 |
- | `--block-macros` | `--alert-macros` | |
|
131 |
- | `--block-encrypted` | `--alert-encrypted` | |
|
132 |
- | | `--alert-encrypted-archive` | |
|
133 |
- | | `--alert-encrypted-doc` | |
|
122 |
+ | Old `clamscan` option | *New* `clamscan` option | |
|
123 |
+ | -------------------------- | -------------------------------- | |
|
124 |
+ | `--algorithmic-detection` | `--heuristic-alerts` | |
|
125 |
+ | `--detect-broken` | `--alert-broken` | |
|
126 |
+ | `--phishing-cloak` | `--alert-phishing-cloak` | |
|
127 |
+ | `--phishing-ssl` | `--alert-phishing-ssl` | |
|
128 |
+ | `--partition-intersection` | `--alert-partition-intersection` | |
|
129 |
+ | `--block-max` | `--alert-exceeds-max` | |
|
130 |
+ | `--block-macros` | `--alert-macros` | |
|
131 |
+ | `--block-encrypted` | `--alert-encrypted` | |
|
132 |
+ | | `--alert-encrypted-archive` | |
|
133 |
+ | | `--alert-encrypted-doc` | |
|
134 | 134 |
|
135 | 135 |
### Some more subtle improvements |
136 | 136 |
|
... | ... |
@@ -1740,18 +1740,6 @@ static int load_oneldb(char *buffer, int chkpua, struct cl_engine *engine, unsig |
1740 | 1740 |
} |
1741 | 1741 |
subsigs++; |
1742 | 1742 |
|
1743 |
-#if !HAVE_PCRE |
|
1744 |
- /* Regex Usage and Support Check */ |
|
1745 |
- for (i = 0; i < subsigs; ++i) { |
|
1746 |
- char *slash = strchr(tokens[i + 3], '/'); |
|
1747 |
- if (slash && strchr(slash + 1, '/')) { |
|
1748 |
- cli_warnmsg("cli_loadldb: logical signature for %s uses PCREs but support is disabled, skipping\n", virname); |
|
1749 |
- (*sigs)--; |
|
1750 |
- return CL_SUCCESS; |
|
1751 |
- } |
|
1752 |
- } |
|
1753 |
-#endif |
|
1754 |
- |
|
1755 | 1743 |
if (!line) { |
1756 | 1744 |
/* This is a logical signature from the bytecode, we need all |
1757 | 1745 |
* subsignatures, even if not referenced from the logical expression */ |
... | ... |
@@ -1766,6 +1754,18 @@ static int load_oneldb(char *buffer, int chkpua, struct cl_engine *engine, unsig |
1766 | 1766 |
return CL_EMALFDB; |
1767 | 1767 |
} |
1768 | 1768 |
|
1769 |
+#if !HAVE_PCRE |
|
1770 |
+ /* Regex Usage and Support Check */ |
|
1771 |
+ for (i = 0; i < subsigs; ++i) { |
|
1772 |
+ char *slash = strchr(tokens[i + 3], '/'); |
|
1773 |
+ if (slash && strchr(slash + 1, '/')) { |
|
1774 |
+ cli_warnmsg("cli_loadldb: logical signature for %s uses PCREs but support is disabled, skipping\n", virname); |
|
1775 |
+ (*sigs)--; |
|
1776 |
+ return CL_SUCCESS; |
|
1777 |
+ } |
|
1778 |
+ } |
|
1779 |
+#endif |
|
1780 |
+ |
|
1769 | 1781 |
/* enforce MAX_LDB_SUBSIGS(currently 64) subsig cap */ |
1770 | 1782 |
if (subsigs > MAX_LDB_SUBSIGS) { |
1771 | 1783 |
cli_errmsg("cli_loadldb: Broken logical expression or too many subsignatures\n"); |