@@ -1,3 +1,7 @@

+Tue Nov  3 15:18:14 CET 2009 )tk)

+---------------------------------

+ * libclamav/readdb.c: return error if lsig contains redundant subsigs

+

 Sun Nov  1 21:26:10 CET 2009 (acab)

 -----------------------------------

  * win32: improve build system

@@ -856,7 +856,7 @@ static int lsigattribs(char *attribs, struct cli_lsig_tdb *tdb)

 #define LDB_TOKENS 67

 static int cli_loadldb(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigned int options, struct cli_dbio *dbio, const char *dbname)

 {

-	char *tokens[LDB_TOKENS];

+	char *tokens[LDB_TOKENS + 1];

 	char buffer[CLI_DEFAULT_LSIG_BUFSIZE + 1], *buffer_cpy, *pt;

 	const char *sig, *virname, *offset, *logic;

 	struct cli_matcher *root;

@@ -882,7 +882,7 @@ static int cli_loadldb(FILE *fs, struct cl_engine *engine, unsigned int *signo,

 	if(engine->ignored)

 	    strcpy(buffer_cpy, buffer);

-	tokens_count = cli_strtokenize(buffer, ';', LDB_TOKENS, (const char **) tokens);

+	tokens_count = cli_strtokenize(buffer, ';', LDB_TOKENS + 1, (const char **) tokens);

 	if(tokens_count < 4) {

 	    ret = CL_EMALFDB;

 	    break;

@@ -911,6 +911,12 @@ static int cli_loadldb(FILE *fs, struct cl_engine *engine, unsigned int *signo,

 	    break;

 	}

+	if(subsigs != tokens_count - 3) {

+	    cli_errmsg("cli_loadldb: The number of subsignatures (== %u) doesn't match the IDs in the logical expression (== %u)\n", tokens_count - 3, subsigs);

+	    ret = CL_EMALFDB;

+	    break;

+	}

+

 	/* TDB */

 	memset(&tdb, 0, sizeof(tdb));

 #ifdef USE_MPOOL

@@ -984,11 +990,6 @@ static int cli_loadldb(FILE *fs, struct cl_engine *engine, unsigned int *signo,

 	root->ac_lsigtable = newtable;

 	for(i = 0; i < subsigs; i++) {

-	    if(i + 3 >= tokens_count) {

-		cli_errmsg("cli_loadldb: Missing subsignature id %u\n", i);

-		ret = CL_EMALFDB;

-		break;

-	    }

 	    lsigid[1] = i;

 	    sig = tokens[3 + i];