git-svn: trunk@3208
Nigel Horne authored on 2007/09/07 02:09:12... | ... |
@@ -1,3 +1,20 @@ |
1 |
+Thu Sep 6 17:18:01 BST 2007 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav/pdf.c: Ensure consistency with other archivers when attempted |
|
4 |
+ DoS attacks are caught |
|
5 |
+ |
|
6 |
+Thu Sep 6 12:30:10 BST 2007 (njh) |
|
7 |
+---------------------------------- |
|
8 |
+ * libclamav, clamav-milter: Various cleanups |
|
9 |
+ * libclamav/blob.c: Handle cli_readn() difficulties when called by |
|
10 |
+ cli_check_mydoom_log() |
|
11 |
+ |
|
12 |
+Tue Sep 4 16:38:18 BST 2007 (njh) |
|
13 |
+---------------------------------- |
|
14 |
+ * libclamav/pdf.c: Don't clear any stored virus name |
|
15 |
+ * libclamav/[mbox|message.c]: Code clean up |
|
16 |
+ * clamav-milter/clamav-milter.c: Blacklist crackers |
|
17 |
+ |
|
1 | 18 |
Tue Sep 4 11:48:08 BST 2007 (njh) |
2 | 19 |
---------------------------------- |
3 | 20 |
* libclamav/mbox.c: Catch phishes with NULL names |
... | ... |
@@ -487,35 +487,16 @@ cli_pdf(const char *dir, int desc, const cli_ctx *ctx) |
487 | 487 |
* Note that it will probably be both |
488 | 488 |
* ascii85encoded and flateencoded |
489 | 489 |
*/ |
490 |
- if(is_flatedecode) { |
|
491 |
- const int zstat = try_flatedecode((unsigned char *)tmpbuf, real_streamlen, real_streamlen, fout, ctx); |
|
492 |
- |
|
493 |
- switch(zstat) { |
|
494 |
- case Z_DATA_ERROR: |
|
495 |
- rc = *ctx->virname ? CL_VIRUS : CL_EZIP; |
|
496 |
- break; |
|
497 |
- case Z_OK: |
|
498 |
- break; |
|
499 |
- default: |
|
500 |
- rc = CL_EZIP; |
|
501 |
- } |
|
502 |
- } else |
|
490 |
+ if(is_flatedecode) |
|
491 |
+ rc = try_flatedecode((unsigned char *)tmpbuf, real_streamlen, real_streamlen, fout, ctx); |
|
492 |
+ else |
|
503 | 493 |
cli_writen(fout, (const char *)streamstart, real_streamlen); |
504 | 494 |
} |
505 | 495 |
free(tmpbuf); |
506 |
- } else if(is_flatedecode) { |
|
507 |
- const int zstat = try_flatedecode((unsigned char *)streamstart, real_streamlen, calculated_streamlen, fout, ctx); |
|
508 |
- |
|
509 |
- switch(zstat) { |
|
510 |
- case Z_DATA_ERROR: |
|
511 |
- rc = *ctx->virname ? CL_VIRUS : CL_EZIP; |
|
512 |
- break; |
|
513 |
- case Z_OK: |
|
514 |
- break; |
|
515 |
- default: |
|
516 |
- rc = CL_EZIP; |
|
517 |
- } |
|
518 |
- } else { |
|
496 |
+ } else if(is_flatedecode) |
|
497 |
+ rc = try_flatedecode((unsigned char *)streamstart, real_streamlen, calculated_streamlen, fout, ctx); |
|
498 |
+ |
|
499 |
+ else { |
|
519 | 500 |
cli_dbgmsg("cli_pdf: writing %lu bytes from the stream\n", |
520 | 501 |
(unsigned long)real_streamlen); |
521 | 502 |
cli_writen(fout, (const char *)streamstart, real_streamlen); |
... | ... |
@@ -543,26 +524,28 @@ cli_pdf(const char *dir, int desc, const cli_ctx *ctx) |
543 | 543 |
return rc; |
544 | 544 |
} |
545 | 545 |
|
546 |
-/* flate inflation - returns zlib status, e.g. Z_OK */ |
|
546 |
+/* |
|
547 |
+ * flate inflation - returns clamAV status, e.g CL_SUCCESS, CL_EZIP |
|
548 |
+ */ |
|
547 | 549 |
static int |
548 | 550 |
try_flatedecode(unsigned char *buf, off_t real_len, off_t calculated_len, int fout, const cli_ctx *ctx) |
549 | 551 |
{ |
550 | 552 |
int ret = flatedecode(buf, real_len, fout, ctx); |
551 | 553 |
|
552 |
- if(ret == Z_OK) |
|
553 |
- return Z_OK; |
|
554 |
+ if(ret == CL_SUCCESS) |
|
555 |
+ return CL_SUCCESS; |
|
554 | 556 |
|
555 | 557 |
if(real_len == calculated_len) { |
556 | 558 |
/* |
557 | 559 |
* Nothing more we can do to inflate |
558 | 560 |
*/ |
559 | 561 |
cli_warnmsg("Bad compression in flate stream\n"); |
560 |
- return ret; |
|
562 |
+ return (ret == CL_SUCCESS) ? CL_EFORMAT : ret; |
|
561 | 563 |
} |
562 | 564 |
|
563 | 565 |
ret = flatedecode(buf, calculated_len, fout, ctx); |
564 |
- if(ret == Z_OK) |
|
565 |
- return Z_OK; |
|
566 |
+ if(ret == CL_SUCCESS) |
|
567 |
+ return CL_SUCCESS; |
|
566 | 568 |
|
567 | 569 |
/* i.e. the PDF file is broken :-( */ |
568 | 570 |
cli_warnmsg("cli_pdf: Bad compressed block length in flate stream\n"); |
... | ... |
@@ -586,7 +569,7 @@ flatedecode(unsigned char *buf, off_t len, int fout, const cli_ctx *ctx) |
586 | 586 |
|
587 | 587 |
if(len == 0) { |
588 | 588 |
cli_warnmsg("cli_pdf: flatedecode len == 0\n"); |
589 |
- return Z_OK; |
|
589 |
+ return CL_CLEAN; |
|
590 | 590 |
} |
591 | 591 |
|
592 | 592 |
#ifdef SAVE_TMP |
... | ... |
@@ -625,7 +608,7 @@ flatedecode(unsigned char *buf, off_t len, int fout, const cli_ctx *ctx) |
625 | 625 |
zstat = inflateInit(&stream); |
626 | 626 |
if(zstat != Z_OK) { |
627 | 627 |
cli_warnmsg("cli_pdf: inflateInit failed"); |
628 |
- return zstat; |
|
628 |
+ return CL_EZIP; |
|
629 | 629 |
} |
630 | 630 |
|
631 | 631 |
nbytes = 0; |
... | ... |
@@ -644,9 +627,11 @@ flatedecode(unsigned char *buf, off_t len, int fout, const cli_ctx *ctx) |
644 | 644 |
cli_dbgmsg("cli_pdf: flatedecode size exceeded (%lu)\n", |
645 | 645 |
(unsigned long)nbytes); |
646 | 646 |
inflateEnd(&stream); |
647 |
- if(BLOCKMAX) |
|
647 |
+ if(BLOCKMAX) { |
|
648 | 648 |
*ctx->virname = "PDF.ExceededFileSize"; |
649 |
- return Z_DATA_ERROR; |
|
649 |
+ return CL_VIRUS; |
|
650 |
+ } |
|
651 |
+ return CL_EZIP; |
|
650 | 652 |
} |
651 | 653 |
stream.next_out = output; |
652 | 654 |
stream.avail_out = sizeof(output); |
... | ... |
@@ -663,14 +648,14 @@ flatedecode(unsigned char *buf, off_t len, int fout, const cli_ctx *ctx) |
663 | 663 |
cli_dbgmsg("pdf: after writing %lu bytes, got error %d inflating PDF attachment\n", |
664 | 664 |
(unsigned long)nbytes, zstat); |
665 | 665 |
inflateEnd(&stream); |
666 |
- return zstat; |
|
666 |
+ return (zstat == Z_OK) ? CL_SUCCESS : CL_EZIP; |
|
667 | 667 |
} |
668 | 668 |
break; |
669 | 669 |
} |
670 | 670 |
|
671 | 671 |
if(stream.avail_out != sizeof(output)) |
672 | 672 |
if(cli_writen(fout, output, sizeof(output) - stream.avail_out) < 0) |
673 |
- return Z_STREAM_ERROR; |
|
673 |
+ return CL_EIO; |
|
674 | 674 |
|
675 | 675 |
/* |
676 | 676 |
* On BSD systems total_in and total_out are "long long", so these |
... | ... |
@@ -686,15 +671,17 @@ flatedecode(unsigned char *buf, off_t len, int fout, const cli_ctx *ctx) |
686 | 686 |
((stream.total_out / stream.total_in) > ctx->limits->maxratio)) { |
687 | 687 |
cli_dbgmsg("cli_pdf: flatedecode Max ratio reached\n"); |
688 | 688 |
inflateEnd(&stream); |
689 |
- if(BLOCKMAX) |
|
689 |
+ if(BLOCKMAX) { |
|
690 | 690 |
*ctx->virname = "Oversized.PDF"; |
691 |
- return Z_DATA_ERROR; |
|
691 |
+ return CL_VIRUS; |
|
692 |
+ } |
|
693 |
+ return CL_EZIP; |
|
692 | 694 |
} |
693 | 695 |
|
694 | 696 |
#ifdef SAVE_TMP |
695 | 697 |
unlink(tmpfilename); |
696 | 698 |
#endif |
697 |
- return inflateEnd(&stream); |
|
699 |
+ return inflateEnd(&stream) == Z_OK ? CL_SUCCESS : CL_EZIP; |
|
698 | 700 |
} |
699 | 701 |
|
700 | 702 |
/* |