@@ -884,6 +884,16 @@ int recvloop_th(int *socketds, unsigned nsockets, struct cl_engine *engine, unsi

     val = cl_engine_get_num(engine, CL_ENGINE_MAX_ICONSPE, NULL);

     logg("Limits: MaxIconsPE limit set to %llu.\n", val);

+    if((opt = optget(opts, "MaxRecHWP3"))->active) {

+        if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_RECHWP3, opt->numarg))) {

+            logg("!cli_engine_set_num(MaxRecHWP3) failed: %s\n", cl_strerror(ret));

+            cl_engine_free(engine);

+            return 1;

+        }

+    }

+    val = cl_engine_get_num(engine, CL_ENGINE_MAX_RECHWP3, NULL);

+    logg("Limits: MaxRecHWP3 limit set to %llu.\n", val);

+

     if((opt = optget(opts, "PCREMatchLimit"))->active) {

         if((ret = cl_engine_set_num(engine, CL_ENGINE_PCRE_MATCH_LIMIT, opt->numarg))) {

             logg("!cli_engine_set_num(PCREMatchLimit) failed: %s\n", cl_strerror(ret));

@@ -280,6 +280,7 @@ void help(void)

     mprintf("    --max-ziptypercg=#n                  Maximum size zip to type reanalyze\n");

     mprintf("    --max-partitions=#n                  Maximum number of partitions in disk image to be scanned\n");

     mprintf("    --max-iconspe=#n                     Maximum number of icons in PE file to be scanned\n");

+    mprintf("    --max-rechwp3=#n                     Maximum recursive calls to HWP3 parsing function\n");

 #if HAVE_PCRE

     mprintf("    --pcre-match-limit=#n                Maximum calls to the PCRE match function.\n");

     mprintf("    --pcre-recmatch-limit=#n             Maximum recursive calls to the PCRE match function.\n");

@@ -986,6 +986,15 @@ int scanmanager(const struct optstruct *opts)

         }

     }

+    if((opt = optget(opts, "max-rechwp3"))->active) {

+        if((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_RECHWP3, opt->numarg))) {

+            logg("!cli_engine_set_num(CL_ENGINE_MAX_RECHWP3) failed: %s\n", cl_strerror(ret));

+

+            cl_engine_free(engine);

+            return 2;

+        }

+    }

+

     if ((opt = optget(opts, "timelimit"))->active) {

         if ((ret = cl_engine_set_num(engine, CL_ENGINE_TIME_LIMIT, opt->numarg))) {

             logg("!cli_engine_set_num(CL_ENGINE_TIME_LIMIT) failed: %s\n", cl_strerror(ret));

@@ -577,6 +577,19 @@ WARNING: setting this limit too high may result in severe damage or impact perfo

 .br

 Default: 100

 .TP

+\fBMaxRecHWP3 NUMBER\fR

+This option sets the maximum recursive calls to HWP3 parsing function.

+.br

+HWP3 files using more than this limit will be terminated and alert the user.

+.br

+Scans will be unable to scan any HWP3 attachments if the recursive limit is reached.

+.br

+Negative values are not allowed.

+.br

+WARNING: setting this limit too high may result in severe damage or impact performance.

+.br

+Default: 16

+.TP

 \fBPCREMatchLimit NUMBER\fR

 This option sets the maximum calls to the PCRE match function during an instance of regex matching.

 .br

@@ -214,6 +214,9 @@ This option sets the maximum number of partitions of a raw disk image to be scan

 \fB\-\-max\-iconspe=#n\fR

 This option sets the maximum number of icons within a PE to be scanned. This must be a positive integer (default: 100).

 .TP

+\fB\-\-max\-rechwp3=#n\fR

+This option sets the maximum recursive calls to HWP3 parsing function (default: 16).

+.TP

 \fB\-\-pcre-match-limit=#n\fR

 Maximum calls to the PCRE match function (default: 10000).

 .TP

@@ -522,6 +522,14 @@ Example

 # Default: 100

 #MaxIconsPE 200

+# This option sets the maximum recursive calls for HWP3 parsing during scanning.

+# HWP3 files using more than this limit will be terminated and alert the user.

+# Scans will be unable to scan any HWP3 attachments if the recursive limit is reached.

+# Negative values are not allowed.

+# WARNING: setting this limit too high may result in severe damage or impact performance.

+# Default: 16

+#MaxRecHWP3 16

+

 # This option sets the maximum calls to the PCRE match function during an instance of regex matching.

 # Instances using more than this limit will be terminated and alert the user but the scan will continue.

 # For more information on match_limit, see the PCRE documentation.

@@ -236,6 +236,7 @@ enum cl_engine_field {

     CL_ENGINE_STATS_TIMEOUT,        /* uint32_t */

     CL_ENGINE_MAX_PARTITIONS,       /* uint32_t */

     CL_ENGINE_MAX_ICONSPE,          /* uint32_t */

+    CL_ENGINE_MAX_RECHWP3,          /* uint32_t */

     CL_ENGINE_TIME_LIMIT,           /* uint32_t */

     CL_ENGINE_PCRE_MATCH_LIMIT,     /* uint64_t */

     CL_ENGINE_PCRE_RECMATCH_LIMIT,  /* uint64_t */

@@ -44,6 +44,7 @@

 #define CLI_DEFAULT_MAXSCRIPTNORMALIZE  5242880

 #define CLI_DEFAULT_MAXZIPTYPERCG       1048576

 #define CLI_DEFAULT_MAXICONSPE          100

+#define CLI_DEFAULT_MAXRECHWP3          16

 #define CLI_DEFAULT_MAXPARTITIONS       50

@@ -464,8 +464,6 @@ struct hwp3_docsummary_entry {

 #define NUM_DOCSUMMARY_FIELDS sizeof(hwp3_docsummary_fields)/sizeof(struct hwp3_docsummary_entry)

 //Document Paragraph Information - (43 or 230 total bytes)

-#define HWP_MAX_PARAGRAPH_RECURSION 15

-

 #define HWP3_PARAINFO_SIZE_S  43

 #define HWP3_PARAINFO_SIZE_L  230

 #define HWP3_LINEINFO_SIZE    14

@@ -673,7 +671,7 @@ static inline int parsehwp3_paragraph(cli_ctx *ctx, fmap_t *map, int p, int leve

     hwp3_debug("HWP3.x: recursion level: %d\n", level);

     hwp3_debug("HWP3.x: Paragraph[%d, %d] starts @ offset %llu\n", level, p, (long long unsigned)offset);

-    if (level >= HWP_MAX_PARAGRAPH_RECURSION)

+    if (level >= ctx->engine->maxrechwp3)

         return CL_EMAXREC;

     if (fmap_readn(map, &ppfs, offset+PI_PPFS, sizeof(ppfs)) != sizeof(ppfs))

@@ -444,6 +444,7 @@ struct cl_engine *cl_engine_new(void)

     /* Engine max settings */

     new->maxiconspe = CLI_DEFAULT_MAXICONSPE;

+    new->maxrechwp3 = CLI_DEFAULT_MAXRECHWP3;

     /* PCRE matching limitations */

 #if HAVE_PCRE

@@ -616,6 +617,9 @@ int cl_engine_set_num(struct cl_engine *engine, enum cl_engine_field field, long

 	case CL_ENGINE_MAX_ICONSPE:

 	    engine->maxiconspe = (uint32_t)num;

 	    break;

+    case CL_ENGINE_MAX_RECHWP3:

+	    engine->maxrechwp3 = (uint32_t)num;

+	    break;

 	case CL_ENGINE_TIME_LIMIT:

             engine->time_limit = (uint32_t)num;

             break;

@@ -701,6 +705,8 @@ long long cl_engine_get_num(const struct cl_engine *engine, enum cl_engine_field

 	    return engine->maxpartitions;

 	case CL_ENGINE_MAX_ICONSPE:

 	    return engine->maxiconspe;

+    case CL_ENGINE_MAX_RECHWP3:

+	    return engine->maxrechwp3;

 	case CL_ENGINE_TIME_LIMIT:

             return engine->time_limit;

 	case CL_ENGINE_PCRE_MATCH_LIMIT:

@@ -820,6 +826,7 @@ struct cl_settings *cl_engine_settings_copy(const struct cl_engine *engine)

     settings->maxpartitions = engine->maxpartitions;

     settings->maxiconspe = engine->maxiconspe;

+    settings->maxrechwp3 = engine->maxrechwp3;

     settings->pcre_match_limit = engine->pcre_match_limit;

     settings->pcre_recmatch_limit = engine->pcre_recmatch_limit;

@@ -892,6 +899,7 @@ int cl_engine_settings_apply(struct cl_engine *engine, const struct cl_settings

     engine->maxpartitions = settings->maxpartitions;

     engine->maxiconspe = settings->maxiconspe;

+    engine->maxrechwp3 = settings->maxrechwp3;

     engine->pcre_match_limit = settings->pcre_match_limit;

     engine->pcre_recmatch_limit = settings->pcre_recmatch_limit;

@@ -370,6 +370,7 @@ struct cl_engine {

     /* Engine max settings */

     uint32_t maxiconspe; /* max number of icons to scan for PE */

+    uint32_t maxrechwp3; /* max recursive calls for HWP3 parsing */

     /* millisecond time limit for preclassification scanning */

     uint32_t time_limit;

@@ -442,6 +443,7 @@ struct cl_settings {

     /* Engine max settings */

     uint32_t maxiconspe; /* max number of icons to scan for PE */

+    uint32_t maxrechwp3; /* max recursive calls for HWP3 parsing */

     /* PCRE matching limitations */

     uint64_t pcre_match_limit;

@@ -382,6 +382,8 @@ const struct clam_option __clam_options[] = {

     { "MaxIconsPE", "max-iconspe", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, CLI_DEFAULT_MAXICONSPE, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum number of icons within a PE to be scanned.\nPE files with more icons than this value will have up to the value number icons scanned.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "100" },

+    { "MaxRecHWP3", "max-rechwp3", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, CLI_DEFAULT_MAXRECHWP3, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum recursive calls to HWP3 parsing function.\nHWP3 files using more than this limit will be terminated and alert the user.\nScans will be unable to scan any HWP3 attachments if the recursive limit is reached.\nNegative values are not allowed.\nWARNING: setting this limit too high may result in severe damage or impact performance.", "16" },

+

     { "TimeLimit", "timelimit", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, 0, NULL, 0, OPT_CLAMSCAN, "This clamscan option is currently for testing only. It sets the engine parameter CL_ENGINE_TIME_LIMIT. The value is in milliseconds.", "0" },

     { "PCREMatchLimit", "pcre-match-limit", 0, CLOPT_TYPE_SIZE, MATCH_SIZE, CLI_DEFAULT_PCRE_MATCH_LIMIT, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "This option sets the maximum calls to the PCRE match function during an instance of regex matching.\nInstances using more than this limit will be terminated and alert the user but the scan will continue.\nFor more information on match_limit, see the PCRE documentation.\nNegative values are not allowed.\nWARNING: setting this limit too high may severely impact performance.", "10000" },