@@ -1,3 +1,7 @@

+Wed Jan 30 20:45:38 CET 2008 (tk)

+---------------------------------

+  * libclamav/readdb.c: make the parser more sensitive to syntax errors (bb#238)

+

 Wed Jan 30 20:23:20 EET 2008 (edwin)

 ------------------------------------

   * libclamav/phishcheck.c, regex_list.c: when domain matchers, preserve full

@@ -46,6 +46,8 @@

 #include "shared/output.h"

 #include "shared/options.h"

+#include "libclamav/str.h"

+

 void help(void);

 #if defined(C_WINDOWS) && defined(CL_DEBUG)

@@ -147,7 +149,7 @@ int main(int argc, char **argv)

     if(opt_check(opt, "max-space")) {

 	pt = opt_arg(opt, "max-space");

 	if(!strchr(pt, 'M') && !strchr(pt, 'm')) {

-	    if(!isnumb(pt)) {

+	    if(!cli_isnumber(pt)) {

 		logg("!--max-space requires a natural number\n");

 		opt_free(opt);

 		return 40;

@@ -156,7 +158,7 @@ int main(int argc, char **argv)

     }

     if(opt_check(opt, "max-files")) {

-	if(!isnumb(opt_arg(opt, "max-files"))) {

+	if(!cli_isnumber(opt_arg(opt, "max-files"))) {

 	    logg("!--max-files requires a natural number\n");

 	    opt_free(opt);

 	    return 40;

@@ -164,7 +166,7 @@ int main(int argc, char **argv)

     }

     if(opt_check(opt, "max-recursion")) {

-	if(!isnumb(opt_arg(opt, "max-recursion"))) {

+	if(!cli_isnumber(opt_arg(opt, "max-recursion"))) {

 	    logg("!--max-recursion requires a natural number\n");

 	    opt_free(opt);

 	    return 40;

@@ -172,7 +174,7 @@ int main(int argc, char **argv)

     }

     if(opt_check(opt, "max-mail-recursion")) {

-	if(!isnumb(opt_arg(opt, "max-mail-recursion"))) {

+	if(!cli_isnumber(opt_arg(opt, "max-mail-recursion"))) {

 	    logg("!--max-mail-recursion requires a natural number\n");

 	    opt_free(opt);

 	    return 40;

@@ -180,7 +182,7 @@ int main(int argc, char **argv)

     }

     if(opt_check(opt, "max-dir-recursion")) {

-	if(!isnumb(opt_arg(opt, "max-dir-recursion"))) {

+	if(!cli_isnumber(opt_arg(opt, "max-dir-recursion"))) {

 	    logg("!--max-dir-recursion requires a natural number\n");

 	    opt_free(opt);

 	    return 40;

@@ -188,7 +190,7 @@ int main(int argc, char **argv)

     }

     if(opt_check(opt, "max-ratio")) {

-	if(!isnumb(opt_arg(opt, "max-ratio"))) {

+	if(!cli_isnumber(opt_arg(opt, "max-ratio"))) {

 	    logg("!--max-ratio requires a natural number\n");

 	    opt_free(opt);

 	    return 40;

@@ -969,7 +969,7 @@ static int updatedb(const char *dbname, const char *hostname, char *ip, int *sig

 	}

 	if(field && (pt = cli_strtok(dnsreply, field, ":"))) {

-	    if(!isnumb(pt)) {

+	    if(!cli_isnumber(pt)) {

 		logg("^Broken database version in TXT record.\n");

 	    } else {

 		newver = atoi(pt);

@@ -34,6 +34,7 @@ CLAMAV_PRIVATE {

     cli_regfree;

     cli_strrcpy;

     cli_strbcasestr;

+    cli_isnumber;

     cli_gentemp;

     cli_gentempfd;

     cli_rmdirs;

@@ -149,13 +149,13 @@ int cli_parse_add(struct cli_matcher *root, const char *virname, const char *hex

 	    }

 	    if(!strchr(pt, '-')) {

-		if((mindist = maxdist = atoi(pt)) < 0) {

+		if(!cli_isnumber(pt) || (mindist = maxdist = atoi(pt)) < 0) {

 		    error = 1;

 		    break;

 		}

 	    } else {

 		if((n = cli_strtok(pt, 0, "-"))) {

-		    if((mindist = atoi(n)) < 0) {

+		    if(!cli_isnumber(n) || (mindist = atoi(n)) < 0) {

 			error = 1;

 			free(n);

 			break;

@@ -164,13 +164,18 @@ int cli_parse_add(struct cli_matcher *root, const char *virname, const char *hex

 		}

 		if((n = cli_strtok(pt, 1, "-"))) {

-		    if((maxdist = atoi(n)) < 0) {

+		    if(!cli_isnumber(n) || (maxdist = atoi(n)) < 0) {

 			error = 1;

 			free(n);

 			break;

 		    }

 		    free(n);

 		}

+

+		if((n = cli_strtok(pt, 2, "-"))) { /* strict check */

+		    error = 1;

+		    free(n);

+		}

 	    }

 	}

@@ -406,7 +411,6 @@ static int cli_loaddb(FILE *fs, struct cl_engine **engine, unsigned int *signo,

 	if(*pt == '=') continue;

 	if((ret = cli_parse_add(root, start, pt, 0, NULL, 0))) {

-	    cli_errmsg("Problem parsing signature at line %d\n", line);

 	    ret = CL_EMALFDB;

 	    break;

 	}

@@ -586,7 +590,6 @@ static int cli_loadndb(FILE *fs, struct cl_engine **engine, unsigned int *signo,

 	}

 	if((ret = cli_parse_add(root, virname, sig, 0, offset, target))) {

-	    cli_errmsg("Problem parsing signature at line %d\n", line);

 	    ret = CL_EMALFDB;

 	    break;

 	}

@@ -437,3 +437,12 @@ void cli_strtokenize(char *buffer, const char delim, const size_t token_count, c

 	}

     }

 }

+

+int cli_isnumber(const char *str)

+{

+    while(*str++)

+	if(!strchr("0123456789", *str))

+	    return 0;

+

+    return 1;

+}

@@ -41,4 +41,5 @@ char *cli_strtokbuf(const char *input, int fieldno, const char *delim, char *out

 const char *cli_memstr(const char *haystack, int hs, const char *needle, int ns);

 char *cli_strrcpy(char *dest, const char *source);

 void cli_strtokenize(char *buffer, const char delim, const size_t token_count, const char **tokens);

+int cli_isnumber(const char *str);

 #endif

@@ -258,7 +258,7 @@ struct cfgstruct *getcfg(const char *cfgfile, int verbose)

 				}

 				break;

 			    case OPT_NUM:

-				if(!arg || !isnumb(arg)) {

+				if(!arg || !cli_isnumber(arg)) {

 				    if(verbose)

 					fprintf(stderr, "ERROR: Parse error at line %d: Option %s requires numerical argument.\n", line, name);

 				    fclose(fs);

@@ -290,7 +290,7 @@ struct cfgstruct *getcfg(const char *cfgfile, int verbose)

 				if(ctype == 'm' || ctype == 'k') {

 				    char *cpy = (char *) calloc(strlen(arg), 1);

 				    strncpy(cpy, arg, strlen(arg) - 1);

-				    if(!isnumb(cpy)) {

+				    if(!cli_isnumber(cpy)) {

 					if(verbose)

 					    fprintf(stderr, "ERROR: Parse error at line %d: Option %s requires numerical (raw/K/M) argument.\n", line, name);

 					fclose(fs);

@@ -305,7 +305,7 @@ struct cfgstruct *getcfg(const char *cfgfile, int verbose)

 					calc = atoi(cpy) * 1024;

 				    free(cpy);

 				} else {

-				    if(!isnumb(arg)) {

+				    if(!cli_isnumber(arg)) {

 					if(verbose)

 					    fprintf(stderr, "ERROR: Parse error at line %d: Option %s requires numerical (raw/K/M) argument.\n", line, name);

 					fclose(fs);

@@ -248,17 +248,6 @@ int dircopy(const char *src, const char *dest)

 }

 #endif

-int isnumb(const char *str)

-{

-    while(*str) {

-	if(!isdigit(*str & 0xff))

-	    return 0;

-	str++;

-    }

-

-    return 1;

-}

-

 #ifndef CL_NOLIBCLAMAV

 int cvd_unpack(const char *cvd, const char *destdir)

 {

@@ -35,7 +35,6 @@

 char *freshdbdir(void);

 void print_version(const char *dbdir);

 int filecopy(const char *src, const char *dest);

-int isnumb(const char *str);

 int dircopy(const char *src, const char *dest);

 int cvd_unpack(const char *cvd, const char *destdir);

 int daemonize(void);