... | ... |
@@ -459,6 +459,8 @@ Example |
459 | 459 |
# insert runtime safety checks for bytecode loaded from other sources |
460 | 460 |
# Paranoid - don't trust any bytecode, insert runtime checks for all |
461 | 461 |
# Recommended: TrustSigned, because bytecode in .cvd files already has these checks |
462 |
+# Note that by default only signed bytecode is loaded, currently you can only |
|
463 |
+# load unsigned bytecode in --enable-debug mode. |
|
462 | 464 |
# |
463 | 465 |
# Default: TrustSigned |
464 | 466 |
#BytecodeSecurity TrustSigned |
... | ... |
@@ -1380,6 +1380,12 @@ static int cli_loadcbc(FILE *fs, struct cl_engine *engine, unsigned int *signo, |
1380 | 1380 |
if(!(engine->dconf->bytecode & BYTECODE_ENGINE_MASK)) { |
1381 | 1381 |
return CL_SUCCESS; |
1382 | 1382 |
} |
1383 |
+#ifndef CL_DEBUG |
|
1384 |
+ if (!(options & CL_DB_SIGNED)) { |
|
1385 |
+ cli_warnmsg("Only loading signed bytecode, skipping load of unsigned bytecode!\n"); |
|
1386 |
+ return CL_SUCCESS; |
|
1387 |
+ } |
|
1388 |
+#endif |
|
1383 | 1389 |
bcs->all_bcs = cli_realloc2(bcs->all_bcs, sizeof(*bcs->all_bcs)*(bcs->count+1)); |
1384 | 1390 |
if (!bcs->all_bcs) { |
1385 | 1391 |
cli_errmsg("cli_loadcbc: Can't allocate memory for bytecode entry\n"); |