Browse code
libclamav/scanners.c: don't call cli_scanembpe() for files larger than 10MB (bb#1604)
| ... | ... |
@@ -1,3 +1,8 @@ |
| 1 |
+Wed May 27 18:32:33 CEST 2009 (tk) |
|
| 2 |
+---------------------------------- |
|
| 3 |
+ * libclamav/scanners.c: don't call cli_scanembpe() for files larger than 10MB |
|
| 4 |
+ (bb#1604) |
|
| 5 |
+ |
|
| 1 | 6 |
Fri May 22 14:09:23 CEST 2009 (tk) |
| 2 | 7 |
---------------------------------- |
| 3 | 8 |
* libclamav/readdb.c: add offset checks (bb#1615) |
| ... | ... |
@@ -1637,7 +1637,6 @@ static int cli_scanembpe(int desc, cli_ctx *ctx) |
| 1637 | 1637 |
char buff[512]; |
| 1638 | 1638 |
char *tmpname; |
| 1639 | 1639 |
|
| 1640 |
- |
|
| 1641 | 1640 |
tmpname = cli_gentemp(ctx->engine->tmpdir); |
| 1642 | 1641 |
if(!tmpname) |
| 1643 | 1642 |
return CL_EMEM; |
| ... | ... |
@@ -1704,6 +1703,7 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type, uint8_t typercg, |
| 1704 | 1704 |
uint32_t lastzip, lastrar; |
| 1705 | 1705 |
struct cli_exe_info peinfo; |
| 1706 | 1706 |
unsigned int acmode = AC_SCAN_VIR, break_loop = 0; |
| 1707 |
+ struct stat sb; |
|
| 1707 | 1708 |
|
| 1708 | 1709 |
|
| 1709 | 1710 |
if(typercg) switch(type) {
|
| ... | ... |
@@ -1790,12 +1790,14 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type, uint8_t typercg, |
| 1790 | 1790 |
|
| 1791 | 1791 |
case CL_TYPE_MSEXE: |
| 1792 | 1792 |
if(SCAN_PE && ctx->dconf->pe && fpt->offset) {
|
| 1793 |
- cli_dbgmsg("PE signature found at %u\n", (unsigned int) fpt->offset);
|
|
| 1793 |
+ fstat(desc, &sb); |
|
| 1794 |
+ if(sb.st_size > 10485760) |
|
| 1795 |
+ break; |
|
| 1794 | 1796 |
memset(&peinfo, 0, sizeof(struct cli_exe_info)); |
| 1795 | 1797 |
peinfo.offset = fpt->offset; |
| 1796 | 1798 |
lseek(desc, fpt->offset, SEEK_SET); |
| 1797 | 1799 |
if(cli_peheader(desc, &peinfo) == 0) {
|
| 1798 |
- cli_dbgmsg("*** Detected embedded PE file ***\n");
|
|
| 1800 |
+ cli_dbgmsg("*** Detected embedded PE file at %u ***\n", (unsigned int) fpt->offset);
|
|
| 1799 | 1801 |
if(peinfo.section) |
| 1800 | 1802 |
free(peinfo.section); |
| 1801 | 1803 |
|