Browse code
bb#1508
| ... | ... |
@@ -1,3 +1,8 @@ |
| 1 |
+Fri Apr 3 13:05:44 CEST 2009 (acab) |
|
| 2 |
+------------------------------------ |
|
| 3 |
+ * shared/optparser.c, docs: limit options expressing sizes to |
|
| 4 |
+ 32bit (bb#1508) |
|
| 5 |
+ |
|
| 1 | 6 |
Fri Apr 3 11:32:33 EEST 2009 (edwin) |
| 2 | 7 |
------------------------------------- |
| 3 | 8 |
* unit_tests/check_clamd.sh: properly remove old logfiles during |
| ... | ... |
@@ -397,6 +397,9 @@ Default: no |
| 397 | 397 |
Ignore files larger than SIZE. |
| 398 | 398 |
.br |
| 399 | 399 |
Default: 5M |
| 400 |
+.SH "NOTES" |
|
| 401 |
+.LP |
|
| 402 |
+All options expressing a size are limited to max 4GB. Values in excess will be resetted to the maximum. |
|
| 400 | 403 |
.SH "FILES" |
| 401 | 404 |
.LP |
| 402 | 405 |
@CFGDIR@/clamd.conf |
| ... | ... |
@@ -142,10 +142,10 @@ If an email contains URLs ClamAV can download and scan them. \fBWARNING: This op |
| 142 | 142 |
Extract at most #n files from each scanned file (when this is an archive, a document or another kind of container). This option protects your system against DoS attacks (default: 10000) |
| 143 | 143 |
.TP |
| 144 | 144 |
\fB\-\-max\-filesize=#n\fR |
| 145 |
-Extract and scan at most #n kilobytes from each archive. You may pass the value in megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 25 MB) |
|
| 145 |
+Extract and scan at most #n kilobytes from each archive. You may pass the value in megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 25 MB, max: <4 GB) |
|
| 146 | 146 |
.TP |
| 147 | 147 |
\fB\-\-max\-scansize=#n\fR |
| 148 |
-Extract and scan at most #n kilobytes from each scanned file. You may pass the value in megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 100 MB) |
|
| 148 |
+Extract and scan at most #n kilobytes from each scanned file. You may pass the value in megabytes in format xM or xm, where x is a number. This option protects your system against DoS attacks (default: 100 MB, max: <4 GB) |
|
| 149 | 149 |
.TP |
| 150 | 150 |
\fB\-\-max\-recursion=#n\fR |
| 151 | 151 |
Set archive recursion level limit. This option protects your system against DoS attacks (default: 16). |
| ... | ... |
@@ -32,6 +32,7 @@ |
| 32 | 32 |
#include <stdio.h> |
| 33 | 33 |
#include <stdlib.h> |
| 34 | 34 |
#include <string.h> |
| 35 |
+#include <errno.h> |
|
| 35 | 36 |
#ifdef HAVE_STRINGS_H |
| 36 | 37 |
#include <strings.h> |
| 37 | 38 |
#endif |
| ... | ... |
@@ -635,6 +636,7 @@ struct optstruct *optparse(const char *cfgfile, int argc, char **argv, int verbo |
| 635 | 635 |
struct option longopts[MAXCMDOPTS]; |
| 636 | 636 |
char shortopts[MAXCMDOPTS]; |
| 637 | 637 |
regex_t regex; |
| 638 |
+ unsigned long int lnumarg; |
|
| 638 | 639 |
|
| 639 | 640 |
|
| 640 | 641 |
if(oldopts) |
| ... | ... |
@@ -898,27 +900,55 @@ struct optstruct *optparse(const char *cfgfile, int argc, char **argv, int verbo |
| 898 | 898 |
break; |
| 899 | 899 |
|
| 900 | 900 |
case TYPE_SIZE: |
| 901 |
- if(sscanf(arg, "%d", &numarg) != 1) {
|
|
| 901 |
+ errno = 0; |
|
| 902 |
+ lnumarg = strtoul(arg, &buff, 0); |
|
| 903 |
+ if(errno != ERANGE) {
|
|
| 904 |
+ switch(*buff) {
|
|
| 905 |
+ case 'M': |
|
| 906 |
+ case 'm': |
|
| 907 |
+ printf("%u\n", UINT_MAX/(1024*1024));
|
|
| 908 |
+ if(lnumarg <= UINT_MAX/(1024*1024)) lnumarg *= 1024*1024; |
|
| 909 |
+ else errno = ERANGE; |
|
| 910 |
+ break; |
|
| 911 |
+ case 'K': |
|
| 912 |
+ case 'k': |
|
| 913 |
+ if(lnumarg <= UINT_MAX/1024) lnumarg *= 1024; |
|
| 914 |
+ else errno = ERANGE; |
|
| 915 |
+ break; |
|
| 916 |
+ case '\0': |
|
| 917 |
+ break; |
|
| 918 |
+ default: |
|
| 919 |
+ if(cfgfile) {
|
|
| 920 |
+ fprintf(stderr, "ERROR: Can't parse numerical argument for option %s\n", name); |
|
| 921 |
+ } else {
|
|
| 922 |
+ if(optentry->shortopt) |
|
| 923 |
+ fprintf(stderr, "ERROR: Can't parse numerical argument for option --%s (-%c)\n", optentry->longopt, optentry->shortopt); |
|
| 924 |
+ else |
|
| 925 |
+ fprintf(stderr, "ERROR: Can't parse numerical argument for option --%s\n", optentry->longopt); |
|
| 926 |
+ } |
|
| 927 |
+ err = 1; |
|
| 928 |
+ } |
|
| 929 |
+ } |
|
| 930 |
+ |
|
| 931 |
+ arg = NULL; |
|
| 932 |
+ if(err) break; |
|
| 933 |
+ |
|
| 934 |
+ if(sizeof(lnumarg) > sizeof(numarg) && (lnumarg >> (sizeof(numarg)<<3)) ) |
|
| 935 |
+ errno = ERANGE; |
|
| 936 |
+ |
|
| 937 |
+ if(errno == ERANGE) {
|
|
| 902 | 938 |
if(cfgfile) {
|
| 903 |
- fprintf(stderr, "ERROR: Can't parse numerical argument for option %s\n", name); |
|
| 939 |
+ fprintf(stderr, "WARNING: Numerical value for option %s too high, resetting to 4G\n", name); |
|
| 904 | 940 |
} else {
|
| 905 | 941 |
if(optentry->shortopt) |
| 906 |
- fprintf(stderr, "ERROR: Can't parse numerical argument for option --%s (-%c)\n", optentry->longopt, optentry->shortopt); |
|
| 942 |
+ fprintf(stderr, "WARNING: Numerical value for option --%s (-%c) too high, resetting to 4G\n", optentry->longopt, optentry->shortopt); |
|
| 907 | 943 |
else |
| 908 |
- fprintf(stderr, "ERROR: Can't parse numerical argument for option --%s\n", optentry->longopt); |
|
| 944 |
+ fprintf(stderr, "WARNING: Numerical value for option %s too high, resetting to 4G\n", optentry->longopt); |
|
| 909 | 945 |
} |
| 910 |
- err = 1; |
|
| 911 |
- break; |
|
| 946 |
+ lnumarg = UINT_MAX; |
|
| 912 | 947 |
} |
| 913 |
- i = strlen(arg) - 1; |
|
| 914 |
- if(arg[i] == 'M' || arg[i] == 'm') |
|
| 915 |
- numarg *= 1048576; |
|
| 916 |
- else if(arg[i] == 'K' || arg[i] == 'k') |
|
| 917 |
- numarg *= 1024; |
|
| 918 |
- else |
|
| 919 |
- numarg = atoi(arg); |
|
| 920 | 948 |
|
| 921 |
- arg = NULL; |
|
| 949 |
+ numarg = (unsigned int)lnumarg; |
|
| 922 | 950 |
break; |
| 923 | 951 |
|
| 924 | 952 |
case TYPE_BOOL: |