git-svn: trunk@4033
Tomasz Kojm authored on 2008/07/31 00:20:30... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Wed Jul 30 17:02:40 CEST 2008 (tk) |
|
2 |
+---------------------------------- |
|
3 |
+ * clamscan, clamav-milter: catch and ignore SIGXFSZ; display warning if |
|
4 |
+ system limits are too restrictive (bb#994) |
|
5 |
+ |
|
1 | 6 |
Wed Jul 30 16:38:26 EEST 2008 (edwin) |
2 | 7 |
------------------------------------- |
3 | 8 |
* clamd, libclamav, shared: (bb #913, #916) |
... | ... |
@@ -80,6 +80,7 @@ static char const rcsid[] = "$Id: clamav-milter.c,v 1.312 2007/02/12 22:24:21 nj |
80 | 80 |
#endif |
81 | 81 |
#include <pthread.h> |
82 | 82 |
#include <sys/time.h> |
83 |
+#include <sys/resource.h> |
|
83 | 84 |
#include <signal.h> |
84 | 85 |
#include <fcntl.h> |
85 | 86 |
#include <pwd.h> |
... | ... |
@@ -691,6 +692,7 @@ main(int argc, char **argv) |
691 | 691 |
const struct cfgstruct *cpt; |
692 | 692 |
char version[VERSION_LENGTH + 1]; |
693 | 693 |
pthread_t tid; |
694 |
+ struct rlimit rlim; |
|
694 | 695 |
#ifdef CL_DEBUG |
695 | 696 |
int consolefd; |
696 | 697 |
#endif |
... | ... |
@@ -730,8 +732,6 @@ main(int argc, char **argv) |
730 | 730 |
}; |
731 | 731 |
|
732 | 732 |
#if defined(CL_DEBUG) && defined(C_LINUX) |
733 |
- struct rlimit rlim; |
|
734 |
- |
|
735 | 733 |
rlim.rlim_cur = rlim.rlim_max = RLIM_INFINITY; |
736 | 734 |
if(setrlimit(RLIMIT_CORE, &rlim) < 0) |
737 | 735 |
perror("setrlimit"); |
... | ... |
@@ -1967,6 +1967,13 @@ main(int argc, char **argv) |
1967 | 1967 |
else |
1968 | 1968 |
limits.maxfilesize = 10485760; |
1969 | 1969 |
|
1970 |
+ if(getrlimit(RLIMIT_FSIZE, &rlim) == 0) { |
|
1971 |
+ if((rlim.rlim_max < limits.maxfilesize) || (rlim.rlim_max < limits.maxscansize)) |
|
1972 |
+ logg("^System limit for file size is lower than maxfilesize or maxscansize\n"); |
|
1973 |
+ } else { |
|
1974 |
+ logg("^Cannot obtain resource limits for file size\n"); |
|
1975 |
+ } |
|
1976 |
+ |
|
1970 | 1977 |
if(((cpt = cfgopt(copt, "MaxRecursion")) != NULL) && cpt->enabled) |
1971 | 1978 |
limits.maxreclevel = cpt->numarg; |
1972 | 1979 |
else |
... | ... |
@@ -2099,6 +2106,7 @@ main(int argc, char **argv) |
2099 | 2099 |
#endif |
2100 | 2100 |
|
2101 | 2101 |
signal(SIGPIPE, SIG_IGN); /* libmilter probably does this as well */ |
2102 |
+ signal(SIGXFSZ, SIG_IGN); /* TODO: check if it's safe to call signal() here */ |
|
2102 | 2103 |
|
2103 | 2104 |
#ifdef SESSION |
2104 | 2105 |
pthread_mutex_lock(&version_mutex); |
... | ... |
@@ -35,6 +35,8 @@ |
35 | 35 |
#include <sys/types.h> |
36 | 36 |
#ifndef C_WINDOWS |
37 | 37 |
#include <sys/socket.h> |
38 |
+#include <sys/time.h> |
|
39 |
+#include <sys/resource.h> |
|
38 | 40 |
#endif |
39 | 41 |
#ifdef HAVE_UNISTD_H |
40 | 42 |
#include <unistd.h> |
... | ... |
@@ -272,12 +274,11 @@ int acceptloop_th(int *socketds, int nsockets, struct cl_engine *engine, unsigne |
272 | 272 |
char timestr[32]; |
273 | 273 |
#ifndef C_WINDOWS |
274 | 274 |
struct sigaction sigact; |
275 |
+ sigset_t sigset; |
|
276 |
+ struct rlimit rlim; |
|
275 | 277 |
#endif |
276 | 278 |
mode_t old_umask; |
277 | 279 |
struct cl_limits limits; |
278 |
-#ifndef C_WINDOWS |
|
279 |
- sigset_t sigset; |
|
280 |
-#endif |
|
281 | 280 |
client_conn_t *client_conn; |
282 | 281 |
const struct cfgstruct *cpt; |
283 | 282 |
#ifdef HAVE_STRERROR_R |
... | ... |
@@ -332,6 +333,15 @@ int acceptloop_th(int *socketds, int nsockets, struct cl_engine *engine, unsigne |
332 | 332 |
logg("^Limits: File size limit protection disabled.\n"); |
333 | 333 |
} |
334 | 334 |
|
335 |
+#ifndef C_WINDOWS |
|
336 |
+ if(getrlimit(RLIMIT_FSIZE, &rlim) == 0) { |
|
337 |
+ if((rlim.rlim_max < limits.maxfilesize) || (rlim.rlim_max < limits.maxscansize)) |
|
338 |
+ logg("^System limit for file size is lower than maxfilesize or maxscansize\n"); |
|
339 |
+ } else { |
|
340 |
+ logg("^Cannot obtain resource limits for file size\n"); |
|
341 |
+ } |
|
342 |
+#endif |
|
343 |
+ |
|
335 | 344 |
if((limits.maxreclevel = cfgopt(copt, "MaxRecursion")->numarg)) { |
336 | 345 |
logg("Limits: Recursion level limit set to %u.\n", limits.maxreclevel); |
337 | 346 |
} else { |
... | ... |
@@ -23,6 +23,8 @@ |
23 | 23 |
#include <stdio.h> |
24 | 24 |
#include <stdlib.h> |
25 | 25 |
#include <string.h> |
26 |
+#include <signal.h> |
|
27 |
+ |
|
26 | 28 |
#ifdef HAVE_UNISTD_H |
27 | 29 |
#include <unistd.h> |
28 | 30 |
#endif |
... | ... |
@@ -64,6 +66,7 @@ int main(int argc, char **argv) |
64 | 64 |
struct timeval t1, t2; |
65 | 65 |
#ifndef C_WINDOWS |
66 | 66 |
struct timezone tz; |
67 |
+ sigset_t sigset; |
|
67 | 68 |
#endif |
68 | 69 |
struct optstruct *opt; |
69 | 70 |
const char *pt; |
... | ... |
@@ -75,6 +78,12 @@ int main(int argc, char **argv) |
75 | 75 |
} |
76 | 76 |
#endif |
77 | 77 |
|
78 |
+#ifndef C_WINDOWS |
|
79 |
+ sigemptyset(&sigset); |
|
80 |
+ sigaddset(&sigset, SIGXFSZ); |
|
81 |
+ sigprocmask(SIG_SETMASK, &sigset, NULL); |
|
82 |
+#endif |
|
83 |
+ |
|
78 | 84 |
opt = opt_parse(argc, argv, clamscan_shortopt, clamscan_longopt, NULL); |
79 | 85 |
if(!opt) { |
80 | 86 |
mprintf("!Can't parse the command line\n"); |
... | ... |
@@ -36,6 +36,8 @@ |
36 | 36 |
#endif |
37 | 37 |
#ifndef C_WINDOWS |
38 | 38 |
#include <dirent.h> |
39 |
+#include <sys/time.h> |
|
40 |
+#include <sys/resource.h> |
|
39 | 41 |
#endif |
40 | 42 |
#include <fcntl.h> |
41 | 43 |
#ifdef HAVE_UNISTD_H |
... | ... |
@@ -343,6 +345,9 @@ int scanmanager(const struct optstruct *opt) |
343 | 343 |
struct cl_limits limits; |
344 | 344 |
struct stat sb; |
345 | 345 |
char *file, cwd[1024]; |
346 |
+#ifndef C_WINDOWS |
|
347 |
+ struct rlimit rlim; |
|
348 |
+#endif |
|
346 | 349 |
|
347 | 350 |
|
348 | 351 |
if(!opt_check(opt, "no-phishing-sigs")) |
... | ... |
@@ -424,6 +429,15 @@ int scanmanager(const struct optstruct *opt) |
424 | 424 |
} else |
425 | 425 |
limits.maxfilesize = 26214400; |
426 | 426 |
|
427 |
+#ifndef C_WINDOWS |
|
428 |
+ if(getrlimit(RLIMIT_FSIZE, &rlim) == 0) { |
|
429 |
+ if((rlim.rlim_max < limits.maxfilesize) || (rlim.rlim_max < limits.maxscansize)) |
|
430 |
+ logg("^System limit for file size is lower than maxfilesize or maxscansize\n"); |
|
431 |
+ } else { |
|
432 |
+ logg("^Cannot obtain resource limits for file size\n"); |
|
433 |
+ } |
|
434 |
+#endif |
|
435 |
+ |
|
427 | 436 |
if(opt_check(opt, "max-files")) |
428 | 437 |
limits.maxfiles = atoi(opt_arg(opt, "max-files")); |
429 | 438 |
else |