git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@699 77e5149b-7576-45b1-b177-96237e5ba77b
Tomasz Kojm authored on 2004/07/28 08:22:44... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Wed Jul 28 01:10:46 CEST 2004 (tk) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav: md5: fix possible infinite loop in cl_free(); check file |
|
4 |
+ size to eliminate potential false positive alerts |
|
5 |
+ |
|
1 | 6 |
Mon Jul 26 14:24:24 BST 2004 (njh) |
2 | 7 |
---------------------------------- |
3 | 8 |
* clamav-milter: %v in the template file handling is now replaced |
... | ... |
@@ -178,9 +178,19 @@ int cli_scandesc(int desc, const char **virname, long int *scanned, const struct |
178 | 178 |
md5_finish_ctx(&ctx, &md5buff); |
179 | 179 |
|
180 | 180 |
if((md5_node = cli_vermd5(md5buff, root))) { |
181 |
- if(virname) |
|
182 |
- *virname = md5_node->virname; |
|
183 |
- return CL_VIRUS; |
|
181 |
+ struct stat sb; |
|
182 |
+ |
|
183 |
+ if(fstat(desc, &sb)) |
|
184 |
+ return CL_EIO; |
|
185 |
+ |
|
186 |
+ if(sb.st_size != md5_node->size) { |
|
187 |
+ cli_warnmsg("Detected false positive MD5 match. Please report.\n"); |
|
188 |
+ } else { |
|
189 |
+ if(virname) |
|
190 |
+ *virname = md5_node->virname; |
|
191 |
+ |
|
192 |
+ return CL_VIRUS; |
|
193 |
+ } |
|
184 | 194 |
} |
185 | 195 |
} |
186 | 196 |
|
... | ... |
@@ -208,7 +218,8 @@ void cl_free(struct cl_node *root) |
208 | 208 |
|
209 | 209 |
if(root->md5_hlist) { |
210 | 210 |
for(i = 0; i < 256; i++) { |
211 |
- while((pt = root->md5_hlist[i])) { |
|
211 |
+ pt = root->md5_hlist[i]; |
|
212 |
+ while(pt) { |
|
212 | 213 |
h = pt; |
213 | 214 |
pt = pt->next; |
214 | 215 |
free(h); |
... | ... |
@@ -484,14 +484,23 @@ static int cli_loadhdb(FILE *fd, struct cl_node **root, int *virnum) |
484 | 484 |
} |
485 | 485 |
free(pt); |
486 | 486 |
|
487 |
- if(!(new->virname = cli_strtok(buffer, 1, ":"))) { |
|
487 |
+ if(!(pt = cli_strtok(buffer, 1, ":"))) { |
|
488 |
+ free(new->md5); |
|
489 |
+ free(new); |
|
490 |
+ ret = CL_EMALFDB; |
|
491 |
+ break; |
|
492 |
+ } |
|
493 |
+ new->size = atoi(pt); |
|
494 |
+ free(pt); |
|
495 |
+ |
|
496 |
+ if(!(new->virname = cli_strtok(buffer, 2, ":"))) { |
|
488 | 497 |
free(new->md5); |
489 | 498 |
free(new); |
490 | 499 |
ret = CL_EMALFDB; |
491 | 500 |
break; |
492 | 501 |
} |
493 | 502 |
|
494 |
- new->viralias = cli_strtok(buffer, 1, ":"); /* aliases are optional */ |
|
503 |
+ new->viralias = cli_strtok(buffer, 3, ":"); /* aliases are optional */ |
|
495 | 504 |
|
496 | 505 |
if(!(*root)->md5_hlist) { |
497 | 506 |
cli_dbgmsg("Initializing md5 list structure\n"); |
... | ... |
@@ -661,9 +661,6 @@ static int cli_scanhtml(int desc, const char **virname, long int *scanned, const |
661 | 661 |
|
662 | 662 |
#ifdef HAVE_MMAP |
663 | 663 |
membuff = mmap(NULL, statbuf.st_size, PROT_READ, MAP_PRIVATE, desc, 0); |
664 |
-#else /* FIXME */ |
|
665 |
- return CL_CLEAN; |
|
666 |
-#endif |
|
667 | 664 |
|
668 | 665 |
/* TODO: do file operations if mmap fails */ |
669 | 666 |
if(membuff == MAP_FAILED) { |
... | ... |
@@ -690,6 +687,9 @@ static int cli_scanhtml(int desc, const char **virname, long int *scanned, const |
690 | 690 |
|
691 | 691 |
free(newbuff); |
692 | 692 |
return ret; |
693 |
+#else /* FIXME */ |
|
694 |
+ return CL_CLEAN; |
|
695 |
+#endif |
|
693 | 696 |
} |
694 | 697 |
|
695 | 698 |
static int cli_scandir(const char *dirname, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec) |