Browse code
Only load signed bytecode by default.
Török Edvin authored on 2010/03/10 22:58:42Showing 2 changed files
| ... | ... |
@@ -459,6 +459,8 @@ Example |
| 459 | 459 |
# insert runtime safety checks for bytecode loaded from other sources |
| 460 | 460 |
# Paranoid - don't trust any bytecode, insert runtime checks for all |
| 461 | 461 |
# Recommended: TrustSigned, because bytecode in .cvd files already has these checks |
| 462 |
+# Note that by default only signed bytecode is loaded, currently you can only |
|
| 463 |
+# load unsigned bytecode in --enable-debug mode. |
|
| 462 | 464 |
# |
| 463 | 465 |
# Default: TrustSigned |
| 464 | 466 |
#BytecodeSecurity TrustSigned |
| ... | ... |
@@ -1380,6 +1380,12 @@ static int cli_loadcbc(FILE *fs, struct cl_engine *engine, unsigned int *signo, |
| 1380 | 1380 |
if(!(engine->dconf->bytecode & BYTECODE_ENGINE_MASK)) {
|
| 1381 | 1381 |
return CL_SUCCESS; |
| 1382 | 1382 |
} |
| 1383 |
+#ifndef CL_DEBUG |
|
| 1384 |
+ if (!(options & CL_DB_SIGNED)) {
|
|
| 1385 |
+ cli_warnmsg("Only loading signed bytecode, skipping load of unsigned bytecode!\n");
|
|
| 1386 |
+ return CL_SUCCESS; |
|
| 1387 |
+ } |
|
| 1388 |
+#endif |
|
| 1383 | 1389 |
bcs->all_bcs = cli_realloc2(bcs->all_bcs, sizeof(*bcs->all_bcs)*(bcs->count+1)); |
| 1384 | 1390 |
if (!bcs->all_bcs) {
|
| 1385 | 1391 |
cli_errmsg("cli_loadcbc: Can't allocate memory for bytecode entry\n");
|