Browse code
bb6091 - check lseek() return
Shawn Webb authored on 2013/03/01 09:32:29Showing 9 changed files
- libclamav/autoit.c
- libclamav/binhex.c
- libclamav/bytecode.c
- libclamav/bytecode_api.c
- libclamav/ishield.c
- libclamav/nsis/nulsft.c
- libclamav/ole2_extract.c
- libclamav/pe.c
- libclamav/scanners.c
| ... | ... |
@@ -379,7 +379,11 @@ static int ea05(cli_ctx *ctx, const uint8_t *base, char *tmpd) {
|
| 379 | 379 |
cli_dbgmsg("autoit: file extracted to %s\n", tempfile);
|
| 380 | 380 |
else |
| 381 | 381 |
cli_dbgmsg("autoit: file successfully extracted\n");
|
| 382 |
- lseek(i, 0, SEEK_SET); |
|
| 382 |
+ if (lseek(i, 0, SEEK_SET) == -1) {
|
|
| 383 |
+ cli_dbgmsg("autoit: call to lseek() has failed\n");
|
|
| 384 |
+ close(i); |
|
| 385 |
+ return CL_ESEEK; |
|
| 386 |
+ } |
|
| 383 | 387 |
if(cli_magic_scandesc(i, ctx) == CL_VIRUS) {
|
| 384 | 388 |
close(i); |
| 385 | 389 |
if(!ctx->engine->keeptmp) |
| ... | ... |
@@ -896,7 +900,11 @@ static int ea06(cli_ctx *ctx, const uint8_t *base, char *tmpd) {
|
| 896 | 896 |
cli_dbgmsg("autoit: %s extracted to %s\n", (script)?"script":"file", tempfile);
|
| 897 | 897 |
else |
| 898 | 898 |
cli_dbgmsg("autoit: %s successfully extracted\n", (script)?"script":"file");
|
| 899 |
- lseek(i, 0, SEEK_SET); |
|
| 899 |
+ if (lseek(i, 0, SEEK_SET) == -1) {
|
|
| 900 |
+ cli_dbgmsg("autoit: call to lseek() has failed\n");
|
|
| 901 |
+ close(i); |
|
| 902 |
+ return CL_ESEEK; |
|
| 903 |
+ } |
|
| 900 | 904 |
if(cli_magic_scandesc(i, ctx) == CL_VIRUS) {
|
| 901 | 905 |
close(i); |
| 902 | 906 |
if(!ctx->engine->keeptmp) |
| ... | ... |
@@ -109,7 +109,11 @@ int cli_binhex(cli_ctx *ctx) {
|
| 109 | 109 |
} |
| 110 | 110 |
if(!datalen) {
|
| 111 | 111 |
write_phase++; |
| 112 |
- lseek(datafd, 0, SEEK_SET); |
|
| 112 |
+ if (lseek(datafd, 0, SEEK_SET) == -1) {
|
|
| 113 |
+ cli_dbgmsg("cli_binhex: call to lseek() has failed\n");
|
|
| 114 |
+ ret = CL_ESEEK; |
|
| 115 |
+ break; |
|
| 116 |
+ } |
|
| 113 | 117 |
ret = cli_magic_scandesc(datafd, ctx); |
| 114 | 118 |
if(ret == CL_VIRUS) break; |
| 115 | 119 |
} |
| ... | ... |
@@ -151,7 +155,11 @@ int cli_binhex(cli_ctx *ctx) {
|
| 151 | 151 |
break; |
| 152 | 152 |
} |
| 153 | 153 |
if(!reslen) {
|
| 154 |
- lseek(resfd, 0, SEEK_SET); |
|
| 154 |
+ if (lseek(resfd, 0, SEEK_SET) == -1) {
|
|
| 155 |
+ cli_dbgmsg("cli_binhex: call to lseek() has failed\n");
|
|
| 156 |
+ ret = CL_ESEEK; |
|
| 157 |
+ break; |
|
| 158 |
+ } |
|
| 155 | 159 |
ret = cli_magic_scandesc(resfd, ctx); |
| 156 | 160 |
break; |
| 157 | 161 |
} |
| ... | ... |
@@ -159,11 +167,19 @@ int cli_binhex(cli_ctx *ctx) {
|
| 159 | 159 |
if(!enc_todo) {
|
| 160 | 160 |
if(write_phase == IN_DATA) {
|
| 161 | 161 |
cli_dbgmsg("cli_binhex: scanning partially extracted data fork\n");
|
| 162 |
- lseek(datafd, 0, SEEK_SET); |
|
| 162 |
+ if (lseek(datafd, 0, SEEK_SET) == -1) {
|
|
| 163 |
+ cli_dbgmsg("cli_binhex: call to lseek() has failed\n");
|
|
| 164 |
+ ret = CL_ESEEK; |
|
| 165 |
+ break; |
|
| 166 |
+ } |
|
| 163 | 167 |
ret = cli_magic_scandesc(datafd, ctx); |
| 164 | 168 |
} else if(write_phase == IN_RES) {
|
| 165 | 169 |
cli_dbgmsg("cli_binhex: scanning partially extracted resource fork\n");
|
| 166 |
- lseek(resfd, 0, SEEK_SET); |
|
| 170 |
+ if (lseek(resfd, 0, SEEK_SET) == -1) {
|
|
| 171 |
+ cli_dbgmsg("cli_binhex: call to lseek() has failed\n");
|
|
| 172 |
+ ret = CL_ESEEK; |
|
| 173 |
+ break; |
|
| 174 |
+ } |
|
| 167 | 175 |
ret = cli_magic_scandesc(resfd, ctx); |
| 168 | 176 |
} |
| 169 | 177 |
break; |
| ... | ... |
@@ -161,8 +161,10 @@ static int cli_bytecode_context_reset(struct cli_bc_ctx *ctx) |
| 161 | 161 |
if(fd >= 0) {
|
| 162 | 162 |
ret = cli_scandesc(fd, cctx, CL_TYPE_HTML, 0, NULL, AC_SCAN_VIR, NULL); |
| 163 | 163 |
if (ret == CL_CLEAN) {
|
| 164 |
- lseek(fd, 0, SEEK_SET); |
|
| 165 |
- ret = cli_scandesc(fd, cctx, CL_TYPE_TEXT_ASCII, 0, NULL, AC_SCAN_VIR, NULL); |
|
| 164 |
+ if (lseek(fd, 0, SEEK_SET) == -1) |
|
| 165 |
+ cli_dbgmsg("cli_bytecode: call to lseek() has failed\n");
|
|
| 166 |
+ else |
|
| 167 |
+ ret = cli_scandesc(fd, cctx, CL_TYPE_TEXT_ASCII, 0, NULL, AC_SCAN_VIR, NULL); |
|
| 166 | 168 |
} |
| 167 | 169 |
close(fd); |
| 168 | 170 |
} |
| ... | ... |
@@ -502,7 +502,10 @@ int32_t cli_bcapi_extract_new(struct cli_bc_ctx *ctx, int32_t id) |
| 502 | 502 |
if (ctx->ctx && cli_updatelimits(ctx->ctx, ctx->written)) |
| 503 | 503 |
return -1; |
| 504 | 504 |
ctx->written = 0; |
| 505 |
- lseek(ctx->outfd, 0, SEEK_SET); |
|
| 505 |
+ if (lseek(ctx->outfd, 0, SEEK_SET) == -1) {
|
|
| 506 |
+ cli_dbgmsg("bytecode: call to lseek() has failed\n");
|
|
| 507 |
+ return CL_ESEEK; |
|
| 508 |
+ } |
|
| 506 | 509 |
cli_dbgmsg("bytecode: scanning extracted file %s\n", ctx->tempfile);
|
| 507 | 510 |
cctx = (cli_ctx*)ctx->ctx; |
| 508 | 511 |
if (cctx) {
|
| ... | ... |
@@ -298,7 +298,10 @@ int cli_scanishield_msi(cli_ctx *ctx, off_t off) {
|
| 298 | 298 |
if (ret == CL_SUCCESS) {
|
| 299 | 299 |
cli_dbgmsg("ishield-msi: extracted to %s\n", tempfile);
|
| 300 | 300 |
|
| 301 |
- lseek(ofd, 0, SEEK_SET); |
|
| 301 |
+ if (lseek(ofd, 0, SEEK_SET) == -1) {
|
|
| 302 |
+ cli_dbgmsg("ishield-msi: call to lseek() failed\n");
|
|
| 303 |
+ ret = CL_ESEEK; |
|
| 304 |
+ } |
|
| 302 | 305 |
ret = cli_magic_scandesc(ofd, ctx); |
| 303 | 306 |
} |
| 304 | 307 |
close(ofd); |
| ... | ... |
@@ -470,7 +473,10 @@ static int is_dump_and_scan(cli_ctx *ctx, off_t off, size_t fsize) {
|
| 470 | 470 |
} |
| 471 | 471 |
if(!fsize) {
|
| 472 | 472 |
cli_dbgmsg("ishield: extracted to %s\n", fname);
|
| 473 |
- lseek(ofd, 0, SEEK_SET); |
|
| 473 |
+ if (lseek(ofd, 0, SEEK_SET) == -1) {
|
|
| 474 |
+ cli_dbgmsg("ishield: call to lseek() failed\n");
|
|
| 475 |
+ ret = CL_ESEEK; |
|
| 476 |
+ } |
|
| 474 | 477 |
ret = cli_magic_scandesc(ofd, ctx); |
| 475 | 478 |
} |
| 476 | 479 |
close(ofd); |
| ... | ... |
@@ -766,7 +772,8 @@ static int is_extract_cab(cli_ctx *ctx, uint64_t off, uint64_t size, uint64_t cs |
| 766 | 766 |
cli_dbgmsg("is_extract_cab: extracted %llu bytes to %s, expected %llu, scanning anyway.\n", (long long)outsz, tempfile, (long long)size);
|
| 767 | 767 |
else |
| 768 | 768 |
cli_dbgmsg("is_extract_cab: extracted to %s\n", tempfile);
|
| 769 |
- lseek(ofd, 0, SEEK_SET); |
|
| 769 |
+ if (lseek(ofd, 0, SEEK_SET) == -1) |
|
| 770 |
+ cli_dbgmsg("is_extract_cab: call to lseek() failed\n");
|
|
| 770 | 771 |
ret = cli_magic_scandesc(ofd, ctx); |
| 771 | 772 |
} |
| 772 | 773 |
|
| ... | ... |
@@ -512,7 +512,11 @@ int cli_scannulsft(cli_ctx *ctx, off_t offset) {
|
| 512 | 512 |
ret = cli_nsis_unpack(&nsist, ctx); |
| 513 | 513 |
if (ret == CL_SUCCESS) {
|
| 514 | 514 |
cli_dbgmsg("NSIS: Successully extracted file #%u\n", nsist.fno);
|
| 515 |
- lseek(nsist.ofd, 0, SEEK_SET); |
|
| 515 |
+ if (lseek(nsist.ofd, 0, SEEK_SET) == -1) {
|
|
| 516 |
+ cli_dbgmsg("NSIS: call to lseek() failed\n");
|
|
| 517 |
+ free(nsist.dir); |
|
| 518 |
+ return CL_ESEEK; |
|
| 519 |
+ } |
|
| 516 | 520 |
if(nsist.fno == 1) |
| 517 | 521 |
ret=cli_scandesc(nsist.ofd, ctx, 0, 0, NULL, AC_SCAN_VIR, NULL); |
| 518 | 522 |
else |
| ... | ... |
@@ -788,7 +788,10 @@ static int handler_otf(ole2_header_t *hdr, property_t *prop, const char *dir, cl |
| 788 | 788 |
} |
| 789 | 789 |
} |
| 790 | 790 |
|
| 791 |
- lseek(ofd, 0, SEEK_SET); |
|
| 791 |
+ if (lseek(ofd, 0, SEEK_SET) == -1) {
|
|
| 792 |
+ return CL_ESEEK; |
|
| 793 |
+ } |
|
| 794 |
+ |
|
| 792 | 795 |
ret=cli_magic_scandesc(ofd, ctx); |
| 793 | 796 |
close(ofd); |
| 794 | 797 |
free(buff); |
| ... | ... |
@@ -1951,7 +1951,14 @@ int cli_scanpe(cli_ctx *ctx) |
| 1951 | 1951 |
} |
| 1952 | 1952 |
|
| 1953 | 1953 |
free(dest); |
| 1954 |
- lseek(ndesc, 0, SEEK_SET); |
|
| 1954 |
+ if (lseek(ndesc, 0, SEEK_SET) == -1) {
|
|
| 1955 |
+ cli_dbgmsg("UPX/FSG: lseek() failed\n");
|
|
| 1956 |
+ close(ndesc); |
|
| 1957 |
+ CLI_TMPUNLK(); |
|
| 1958 |
+ free(tempfile); |
|
| 1959 |
+ SHA_RESET; |
|
| 1960 |
+ return CL_ESEEK; |
|
| 1961 |
+ } |
|
| 1955 | 1962 |
|
| 1956 | 1963 |
if(ctx->engine->keeptmp) |
| 1957 | 1964 |
cli_dbgmsg("UPX/FSG: Decompressed data saved in %s\n", tempfile);
|
| ... | ... |
@@ -247,7 +247,10 @@ static int cli_scanrar(int desc, cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_c |
| 247 | 247 |
if(ret == UNRAR_PASSWD) {
|
| 248 | 248 |
cli_dbgmsg("RAR: Encrypted main header\n");
|
| 249 | 249 |
if(DETECT_ENCRYPTED) {
|
| 250 |
- lseek(desc, 0, SEEK_SET); |
|
| 250 |
+ if (lseek(desc, 0, SEEK_SET) == -1) {
|
|
| 251 |
+ cli_dbgmsg("RAR: call to lseek() failed\n");
|
|
| 252 |
+ return CL_ESEEK; |
|
| 253 |
+ } |
|
| 251 | 254 |
ret = cli_scandesc(desc, ctx, 0, 0, NULL, AC_SCAN_VIR, NULL); |
| 252 | 255 |
if(ret != CL_VIRUS) |
| 253 | 256 |
cli_append_virus(ctx, "Heuristics.Encrypted.RAR"); |
| ... | ... |
@@ -294,7 +297,10 @@ static int cli_scanrar(int desc, cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_c |
| 294 | 294 |
ret = CL_EFORMAT; |
| 295 | 295 |
|
| 296 | 296 |
if(rar_state.ofd > 0) {
|
| 297 |
- lseek(rar_state.ofd,0,SEEK_SET); |
|
| 297 |
+ if (lseek(rar_state.ofd,0,SEEK_SET) == -1) {
|
|
| 298 |
+ cli_dbgmsg("RAR: Call to lseek() failed\n");
|
|
| 299 |
+ ret = CL_ESEEK; |
|
| 300 |
+ } |
|
| 298 | 301 |
rc = cli_magic_scandesc(rar_state.ofd,ctx); |
| 299 | 302 |
close(rar_state.ofd); |
| 300 | 303 |
if(!ctx->engine->keeptmp) |
| ... | ... |
@@ -396,7 +402,9 @@ static int cli_scanarj(cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_check) |
| 396 | 396 |
cli_dbgmsg("ARJ: cli_unarj_extract_file Error: %s\n", cl_strerror(ret));
|
| 397 | 397 |
} |
| 398 | 398 |
if (metadata.ofd >= 0) {
|
| 399 |
- lseek(metadata.ofd, 0, SEEK_SET); |
|
| 399 |
+ if (lseek(metadata.ofd, 0, SEEK_SET) == -1) {
|
|
| 400 |
+ cli_dbgmsg("ARJ: call to lseek() failed\n");
|
|
| 401 |
+ } |
|
| 400 | 402 |
rc = cli_magic_scandesc(metadata.ofd, ctx); |
| 401 | 403 |
close(metadata.ofd); |
| 402 | 404 |
if (rc == CL_VIRUS) {
|
| ... | ... |
@@ -2409,7 +2417,9 @@ static int magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 2409 | 2409 |
} |
| 2410 | 2410 |
} |
| 2411 | 2411 |
} while (len > 0); |
| 2412 |
- lseek(desc, 0, SEEK_SET); |
|
| 2412 |
+ if (lseek(desc, 0, SEEK_SET) == -1) {
|
|
| 2413 |
+ cli_dbgmsg("magic_scandesc: call to lseek() failed\n");
|
|
| 2414 |
+ } |
|
| 2413 | 2415 |
} |
| 2414 | 2416 |
ret = cli_scanrar(desc, ctx, 0, NULL); |
| 2415 | 2417 |
if (tmpname) {
|