@@ -1,3 +1,8 @@

+Wed Jul 30 17:02:40 CEST 2008 (tk)

+----------------------------------

+  * clamscan, clamav-milter: catch and ignore SIGXFSZ; display warning if

+			     system limits are too restrictive (bb#994)

+

 Wed Jul 30 16:38:26 EEST 2008 (edwin)

 -------------------------------------

   * clamd, libclamav, shared: (bb #913, #916)

@@ -80,6 +80,7 @@ static	char	const	rcsid[] = "$Id: clamav-milter.c,v 1.312 2007/02/12 22:24:21 nj

 #endif

 #include <pthread.h>

 #include <sys/time.h>

+#include <sys/resource.h>

 #include <signal.h>

 #include <fcntl.h>

 #include <pwd.h>

@@ -691,6 +692,7 @@ main(int argc, char **argv)

 	const struct cfgstruct *cpt;

 	char version[VERSION_LENGTH + 1];

 	pthread_t tid;

+	struct rlimit rlim;

 #ifdef	CL_DEBUG

 	int consolefd;

 #endif

@@ -730,8 +732,6 @@ main(int argc, char **argv)

 	};

 #if defined(CL_DEBUG) && defined(C_LINUX)

-	struct rlimit rlim;

-

 	rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY;

 	if(setrlimit(RLIMIT_CORE, &rlim) < 0)

 		perror("setrlimit");

@@ -1967,6 +1967,13 @@ main(int argc, char **argv)

 		else

 			limits.maxfilesize = 10485760;

+		if(getrlimit(RLIMIT_FSIZE, &rlim) == 0) {

+			if((rlim.rlim_max < limits.maxfilesize) || (rlim.rlim_max < limits.maxscansize))

+				logg("^System limit for file size is lower than maxfilesize or maxscansize\n");

+		} else {

+			logg("^Cannot obtain resource limits for file size\n");

+		}

+

 		if(((cpt = cfgopt(copt, "MaxRecursion")) != NULL) && cpt->enabled)

 			limits.maxreclevel = cpt->numarg;

 		else

@@ -2099,6 +2106,7 @@ main(int argc, char **argv)

 #endif

 	signal(SIGPIPE, SIG_IGN);	/* libmilter probably does this as well */

+	signal(SIGXFSZ, SIG_IGN); /* TODO: check if it's safe to call signal() here */

 #ifdef	SESSION

 	pthread_mutex_lock(&version_mutex);

@@ -35,6 +35,8 @@

 #include <sys/types.h>

 #ifndef	C_WINDOWS

 #include <sys/socket.h>

+#include <sys/time.h>

+#include <sys/resource.h>

 #endif

 #ifdef	HAVE_UNISTD_H

 #include <unistd.h>

@@ -272,12 +274,11 @@ int acceptloop_th(int *socketds, int nsockets, struct cl_engine *engine, unsigne

 	char timestr[32];

 #ifndef	C_WINDOWS

 	struct sigaction sigact;

+	sigset_t sigset;

+	struct rlimit rlim;

 #endif

 	mode_t old_umask;

 	struct cl_limits limits;

-#ifndef	C_WINDOWS

-	sigset_t sigset;

-#endif

 	client_conn_t *client_conn;

 	const struct cfgstruct *cpt;

 #ifdef HAVE_STRERROR_R

@@ -332,6 +333,15 @@ int acceptloop_th(int *socketds, int nsockets, struct cl_engine *engine, unsigne

 	logg("^Limits: File size limit protection disabled.\n");

     }

+#ifndef C_WINDOWS

+    if(getrlimit(RLIMIT_FSIZE, &rlim) == 0) {

+	if((rlim.rlim_max < limits.maxfilesize) || (rlim.rlim_max < limits.maxscansize))

+	    logg("^System limit for file size is lower than maxfilesize or maxscansize\n");

+    } else {

+	logg("^Cannot obtain resource limits for file size\n");

+    }

+#endif

+

     if((limits.maxreclevel = cfgopt(copt, "MaxRecursion")->numarg)) {

         logg("Limits: Recursion level limit set to %u.\n", limits.maxreclevel);

     } else {

@@ -23,6 +23,8 @@

 #include <stdio.h>

 #include <stdlib.h>

 #include <string.h>

+#include <signal.h>

+

 #ifdef	HAVE_UNISTD_H

 #include <unistd.h>

 #endif

@@ -64,6 +66,7 @@ int main(int argc, char **argv)

 	struct timeval t1, t2;

 #ifndef C_WINDOWS

 	struct timezone tz;

+	sigset_t sigset;

 #endif

 	struct optstruct *opt;

 	const char *pt;

@@ -75,6 +78,12 @@ int main(int argc, char **argv)

     }

 #endif

+#ifndef C_WINDOWS

+    sigemptyset(&sigset);

+    sigaddset(&sigset, SIGXFSZ);

+    sigprocmask(SIG_SETMASK, &sigset, NULL);

+#endif

+

     opt = opt_parse(argc, argv, clamscan_shortopt, clamscan_longopt, NULL);

     if(!opt) {

 	mprintf("!Can't parse the command line\n");

@@ -36,6 +36,8 @@

 #endif

 #ifndef C_WINDOWS

 #include <dirent.h>

+#include <sys/time.h>

+#include <sys/resource.h>

 #endif

 #include <fcntl.h>

 #ifdef	HAVE_UNISTD_H

@@ -343,6 +345,9 @@ int scanmanager(const struct optstruct *opt)

 	struct cl_limits limits;

 	struct stat sb;

 	char *file, cwd[1024];

+#ifndef C_WINDOWS

+	struct rlimit rlim;

+#endif

     if(!opt_check(opt, "no-phishing-sigs"))

@@ -424,6 +429,15 @@ int scanmanager(const struct optstruct *opt)

     } else

 	limits.maxfilesize = 26214400;

+#ifndef C_WINDOWS

+    if(getrlimit(RLIMIT_FSIZE, &rlim) == 0) {

+	if((rlim.rlim_max < limits.maxfilesize) || (rlim.rlim_max < limits.maxscansize))

+	    logg("^System limit for file size is lower than maxfilesize or maxscansize\n");

+    } else {

+	logg("^Cannot obtain resource limits for file size\n");

+    }

+#endif

+

     if(opt_check(opt, "max-files"))

 	limits.maxfiles = atoi(opt_arg(opt, "max-files"));

     else