git-svn: trunk@5020
aCaB authored on 2009/04/03 20:09:00... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Fri Apr 3 13:05:44 CEST 2009 (acab) |
|
2 |
+------------------------------------ |
|
3 |
+ * shared/optparser.c, docs: limit options expressing sizes to |
|
4 |
+ 32bit (bb#1508) |
|
5 |
+ |
|
1 | 6 |
Fri Apr 3 11:32:33 EEST 2009 (edwin) |
2 | 7 |
------------------------------------- |
3 | 8 |
* unit_tests/check_clamd.sh: properly remove old logfiles during |
... | ... |
@@ -397,6 +397,9 @@ Default: no |
397 | 397 |
Ignore files larger than SIZE. |
398 | 398 |
.br |
399 | 399 |
Default: 5M |
400 |
+.SH "NOTES" |
|
401 |
+.LP |
|
402 |
+All options expressing a size are limited to max 4GB. Values in excess will be resetted to the maximum. |
|
400 | 403 |
.SH "FILES" |
401 | 404 |
.LP |
402 | 405 |
@CFGDIR@/clamd.conf |
... | ... |
@@ -142,10 +142,10 @@ If an email contains URLs ClamAV can download and scan them. \fBWARNING: This op |
142 | 142 |
Extract at most #n files from each scanned file (when this is an archive, a document or another kind of container). This option protects your system against DoS attacks (default: 10000) |
143 | 143 |
.TP |
144 | 144 |
\fB\-\-max\-filesize=#n\fR |
145 |
-Extract and scan at most #n kilobytes from each archive. You may pass the value in megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 25 MB) |
|
145 |
+Extract and scan at most #n kilobytes from each archive. You may pass the value in megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 25 MB, max: <4 GB) |
|
146 | 146 |
.TP |
147 | 147 |
\fB\-\-max\-scansize=#n\fR |
148 |
-Extract and scan at most #n kilobytes from each scanned file. You may pass the value in megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 100 MB) |
|
148 |
+Extract and scan at most #n kilobytes from each scanned file. You may pass the value in megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 100 MB, max: <4 GB) |
|
149 | 149 |
.TP |
150 | 150 |
\fB\-\-max\-recursion=#n\fR |
151 | 151 |
Set archive recursion level limit. This option protects your system against DoS attacks (default: 16). |
... | ... |
@@ -32,6 +32,7 @@ |
32 | 32 |
#include <stdio.h> |
33 | 33 |
#include <stdlib.h> |
34 | 34 |
#include <string.h> |
35 |
+#include <errno.h> |
|
35 | 36 |
#ifdef HAVE_STRINGS_H |
36 | 37 |
#include <strings.h> |
37 | 38 |
#endif |
... | ... |
@@ -635,6 +636,7 @@ struct optstruct *optparse(const char *cfgfile, int argc, char **argv, int verbo |
635 | 635 |
struct option longopts[MAXCMDOPTS]; |
636 | 636 |
char shortopts[MAXCMDOPTS]; |
637 | 637 |
regex_t regex; |
638 |
+ unsigned long int lnumarg; |
|
638 | 639 |
|
639 | 640 |
|
640 | 641 |
if(oldopts) |
... | ... |
@@ -898,27 +900,55 @@ struct optstruct *optparse(const char *cfgfile, int argc, char **argv, int verbo |
898 | 898 |
break; |
899 | 899 |
|
900 | 900 |
case TYPE_SIZE: |
901 |
- if(sscanf(arg, "%d", &numarg) != 1) { |
|
901 |
+ errno = 0; |
|
902 |
+ lnumarg = strtoul(arg, &buff, 0); |
|
903 |
+ if(errno != ERANGE) { |
|
904 |
+ switch(*buff) { |
|
905 |
+ case 'M': |
|
906 |
+ case 'm': |
|
907 |
+ printf("%u\n", UINT_MAX/(1024*1024)); |
|
908 |
+ if(lnumarg <= UINT_MAX/(1024*1024)) lnumarg *= 1024*1024; |
|
909 |
+ else errno = ERANGE; |
|
910 |
+ break; |
|
911 |
+ case 'K': |
|
912 |
+ case 'k': |
|
913 |
+ if(lnumarg <= UINT_MAX/1024) lnumarg *= 1024; |
|
914 |
+ else errno = ERANGE; |
|
915 |
+ break; |
|
916 |
+ case '\0': |
|
917 |
+ break; |
|
918 |
+ default: |
|
919 |
+ if(cfgfile) { |
|
920 |
+ fprintf(stderr, "ERROR: Can't parse numerical argument for option %s\n", name); |
|
921 |
+ } else { |
|
922 |
+ if(optentry->shortopt) |
|
923 |
+ fprintf(stderr, "ERROR: Can't parse numerical argument for option --%s (-%c)\n", optentry->longopt, optentry->shortopt); |
|
924 |
+ else |
|
925 |
+ fprintf(stderr, "ERROR: Can't parse numerical argument for option --%s\n", optentry->longopt); |
|
926 |
+ } |
|
927 |
+ err = 1; |
|
928 |
+ } |
|
929 |
+ } |
|
930 |
+ |
|
931 |
+ arg = NULL; |
|
932 |
+ if(err) break; |
|
933 |
+ |
|
934 |
+ if(sizeof(lnumarg) > sizeof(numarg) && (lnumarg >> (sizeof(numarg)<<3)) ) |
|
935 |
+ errno = ERANGE; |
|
936 |
+ |
|
937 |
+ if(errno == ERANGE) { |
|
902 | 938 |
if(cfgfile) { |
903 |
- fprintf(stderr, "ERROR: Can't parse numerical argument for option %s\n", name); |
|
939 |
+ fprintf(stderr, "WARNING: Numerical value for option %s too high, resetting to 4G\n", name); |
|
904 | 940 |
} else { |
905 | 941 |
if(optentry->shortopt) |
906 |
- fprintf(stderr, "ERROR: Can't parse numerical argument for option --%s (-%c)\n", optentry->longopt, optentry->shortopt); |
|
942 |
+ fprintf(stderr, "WARNING: Numerical value for option --%s (-%c) too high, resetting to 4G\n", optentry->longopt, optentry->shortopt); |
|
907 | 943 |
else |
908 |
- fprintf(stderr, "ERROR: Can't parse numerical argument for option --%s\n", optentry->longopt); |
|
944 |
+ fprintf(stderr, "WARNING: Numerical value for option %s too high, resetting to 4G\n", optentry->longopt); |
|
909 | 945 |
} |
910 |
- err = 1; |
|
911 |
- break; |
|
946 |
+ lnumarg = UINT_MAX; |
|
912 | 947 |
} |
913 |
- i = strlen(arg) - 1; |
|
914 |
- if(arg[i] == 'M' || arg[i] == 'm') |
|
915 |
- numarg *= 1048576; |
|
916 |
- else if(arg[i] == 'K' || arg[i] == 'k') |
|
917 |
- numarg *= 1024; |
|
918 |
- else |
|
919 |
- numarg = atoi(arg); |
|
920 | 948 |
|
921 |
- arg = NULL; |
|
949 |
+ numarg = (unsigned int)lnumarg; |
|
922 | 950 |
break; |
923 | 951 |
|
924 | 952 |
case TYPE_BOOL: |