git-svn: trunk@135
Tomasz Kojm authored on 2003/12/02 07:55:35... | ... |
@@ -1,3 +1,10 @@ |
1 |
+Mon Dec 1 23:51:25 CET 2003 (tk) |
|
2 |
+--------------------------------- |
|
3 |
+ * libclamav: maxratio added to cl_limits |
|
4 |
+ * clamd: new directive ArchiveMaxCompressionRatio |
|
5 |
+ * configure: detect the type of setpgrp() (thanks to Eugene Crosser |
|
6 |
+ <crosser*rol.ru>) |
|
7 |
+ |
|
1 | 8 |
Mon Dec 1 20:26:45 CET 2003 (tk) |
2 | 9 |
--------------------------------- |
3 | 10 |
* A bunch of patches from Thomas Lamy <Thomas.Lamy*in-online.net>: |
... | ... |
@@ -81,7 +81,7 @@ dnl there is now a CREATE_PREFIX_TARGET_H in this file as a shorthand for |
81 | 81 |
dnl PREFIX_CONFIG_H from a target.h file, however w/o the target.h ever created |
82 | 82 |
dnl (the prefix is a bit different, since we add an extra -target- and -host-) |
83 | 83 |
dnl |
84 |
-dnl @version: $Id: aclocal.m4,v 1.12 2003/11/09 02:29:23 kojm Exp $ |
|
84 |
+dnl @version: $Id: aclocal.m4,v 1.13 2003/12/01 22:55:35 kojm Exp $ |
|
85 | 85 |
dnl @author Guido Draheim <guidod@gmx.de> STATUS: used often |
86 | 86 |
|
87 | 87 |
AC_DEFUN([AC_CREATE_TARGET_H], |
... | ... |
@@ -4041,7 +4041,7 @@ dnl AC_COMPILE_CHECK_SIZEOF(ptrdiff_t, $headers) |
4041 | 4041 |
dnl AC_COMPILE_CHECK_SIZEOF(off_t, $headers) |
4042 | 4042 |
dnl |
4043 | 4043 |
dnl @author Kaveh Ghazi <ghazi@caip.rutgers.edu> |
4044 |
-dnl @version $Id: aclocal.m4,v 1.12 2003/11/09 02:29:23 kojm Exp $ |
|
4044 |
+dnl @version $Id: aclocal.m4,v 1.13 2003/12/01 22:55:35 kojm Exp $ |
|
4045 | 4045 |
dnl |
4046 | 4046 |
AC_DEFUN([AC_COMPILE_CHECK_SIZEOF], |
4047 | 4047 |
[changequote(<<, >>)dnl |
... | ... |
@@ -50,6 +50,7 @@ struct cfgstruct *parsecfg(const char *cfgfile) |
50 | 50 |
{"ArchiveMaxFileSize", OPT_COMPSIZE}, |
51 | 51 |
{"ArchiveMaxRecursion", OPT_NUM}, |
52 | 52 |
{"ArchiveMaxFiles", OPT_NUM}, |
53 |
+ {"ArchiveMaxCompressionRatio", OPT_NUM}, |
|
53 | 54 |
{"ArchiveLimitMemoryUsage", OPT_NOARG}, |
54 | 55 |
{"DataDirectory", OPT_STR}, |
55 | 56 |
{"TCPAddr", OPT_STR}, |
... | ... |
@@ -153,6 +153,16 @@ int acceptloop_proc(int socketd, struct cl_node *root, const struct cfgstruct *c |
153 | 153 |
logg("^USING HARDCODED LIMIT: Archive: Files limit set to %d.\n", limits.maxfiles); |
154 | 154 |
} |
155 | 155 |
|
156 |
+ if((cpt = cfgopt(copt, "ArchiveMaxCompressionRatio"))) { |
|
157 |
+ if((limits.maxratio = cpt->numarg)) |
|
158 |
+ logg("Archive: Compression ratio limit set to %d.\n", limits.maxratio); |
|
159 |
+ else |
|
160 |
+ logg("^Archive: Compression ratio limit disabled.\n"); |
|
161 |
+ } else { |
|
162 |
+ limits.maxratio = 200; |
|
163 |
+ logg("^USING HARDCODED LIMIT: Archive: Compression ratio limit set to %d.\n", limits.maxratio); |
|
164 |
+ } |
|
165 |
+ |
|
156 | 166 |
if(cfgopt(copt, "ArchiveLimitMemoryUsage")) { |
157 | 167 |
limits.archivememlim = 1; |
158 | 168 |
logg("Archive: Limited memory usage.\n"); |
... | ... |
@@ -446,6 +446,16 @@ int acceptloop_th(int socketd, struct cl_node *root, const struct cfgstruct *cop |
446 | 446 |
logg("^USING HARDCODED LIMIT: Archive: Files limit set to %d.\n", limits.maxfiles); |
447 | 447 |
} |
448 | 448 |
|
449 |
+ if((cpt = cfgopt(copt, "ArchiveMaxCompressionRatio"))) { |
|
450 |
+ if((limits.maxratio = cpt->numarg)) |
|
451 |
+ logg("Archive: Compression ratio limit set to %d.\n", limits.maxratio); |
|
452 |
+ else |
|
453 |
+ logg("^Archive: Compression ratio limit disabled.\n"); |
|
454 |
+ } else { |
|
455 |
+ limits.maxratio = 200; |
|
456 |
+ logg("^USING HARDCODED LIMIT: Archive: Compression ratio limit set to %d.\n", limits.maxratio); |
|
457 |
+ } |
|
458 |
+ |
|
449 | 459 |
if(cfgopt(copt, "ArchiveLimitMemoryUsage")) { |
450 | 460 |
limits.archivememlim = 1; |
451 | 461 |
logg("Archive: Limited memory usage.\n"); |
... | ... |
@@ -8618,6 +8618,149 @@ fi |
8618 | 8618 |
|
8619 | 8619 |
fi |
8620 | 8620 |
|
8621 |
+ |
|
8622 |
+for ac_func in setsid |
|
8623 |
+do |
|
8624 |
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` |
|
8625 |
+echo "$as_me:$LINENO: checking for $ac_func" >&5 |
|
8626 |
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 |
|
8627 |
+if eval "test \"\${$as_ac_var+set}\" = set"; then |
|
8628 |
+ echo $ECHO_N "(cached) $ECHO_C" >&6 |
|
8629 |
+else |
|
8630 |
+ cat >conftest.$ac_ext <<_ACEOF |
|
8631 |
+#line $LINENO "configure" |
|
8632 |
+#include "confdefs.h" |
|
8633 |
+/* System header to define __stub macros and hopefully few prototypes, |
|
8634 |
+ which can conflict with char $ac_func (); below. */ |
|
8635 |
+#include <assert.h> |
|
8636 |
+/* Override any gcc2 internal prototype to avoid an error. */ |
|
8637 |
+#ifdef __cplusplus |
|
8638 |
+extern "C" |
|
8639 |
+#endif |
|
8640 |
+/* We use char because int might match the return type of a gcc2 |
|
8641 |
+ builtin and then its argument prototype would still apply. */ |
|
8642 |
+char $ac_func (); |
|
8643 |
+char (*f) (); |
|
8644 |
+ |
|
8645 |
+#ifdef F77_DUMMY_MAIN |
|
8646 |
+# ifdef __cplusplus |
|
8647 |
+ extern "C" |
|
8648 |
+# endif |
|
8649 |
+ int F77_DUMMY_MAIN() { return 1; } |
|
8650 |
+#endif |
|
8651 |
+int |
|
8652 |
+main () |
|
8653 |
+{ |
|
8654 |
+/* The GNU C library defines this for functions which it implements |
|
8655 |
+ to always fail with ENOSYS. Some functions are actually named |
|
8656 |
+ something starting with __ and the normal name is an alias. */ |
|
8657 |
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func) |
|
8658 |
+choke me |
|
8659 |
+#else |
|
8660 |
+f = $ac_func; |
|
8661 |
+#endif |
|
8662 |
+ |
|
8663 |
+ ; |
|
8664 |
+ return 0; |
|
8665 |
+} |
|
8666 |
+_ACEOF |
|
8667 |
+rm -f conftest.$ac_objext conftest$ac_exeext |
|
8668 |
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 |
|
8669 |
+ (eval $ac_link) 2>&5 |
|
8670 |
+ ac_status=$? |
|
8671 |
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 |
|
8672 |
+ (exit $ac_status); } && |
|
8673 |
+ { ac_try='test -s conftest$ac_exeext' |
|
8674 |
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 |
|
8675 |
+ (eval $ac_try) 2>&5 |
|
8676 |
+ ac_status=$? |
|
8677 |
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 |
|
8678 |
+ (exit $ac_status); }; }; then |
|
8679 |
+ eval "$as_ac_var=yes" |
|
8680 |
+else |
|
8681 |
+ echo "$as_me: failed program was:" >&5 |
|
8682 |
+cat conftest.$ac_ext >&5 |
|
8683 |
+eval "$as_ac_var=no" |
|
8684 |
+fi |
|
8685 |
+rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext |
|
8686 |
+fi |
|
8687 |
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 |
|
8688 |
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 |
|
8689 |
+if test `eval echo '${'$as_ac_var'}'` = yes; then |
|
8690 |
+ cat >>confdefs.h <<_ACEOF |
|
8691 |
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 |
|
8692 |
+_ACEOF |
|
8693 |
+ |
|
8694 |
+fi |
|
8695 |
+done |
|
8696 |
+ |
|
8697 |
+echo "$as_me:$LINENO: checking whether setpgrp takes no argument" >&5 |
|
8698 |
+echo $ECHO_N "checking whether setpgrp takes no argument... $ECHO_C" >&6 |
|
8699 |
+if test "${ac_cv_func_setpgrp_void+set}" = set; then |
|
8700 |
+ echo $ECHO_N "(cached) $ECHO_C" >&6 |
|
8701 |
+else |
|
8702 |
+ if test "$cross_compiling" = yes; then |
|
8703 |
+ { { echo "$as_me:$LINENO: error: cannot check setpgrp when cross compiling" >&5 |
|
8704 |
+echo "$as_me: error: cannot check setpgrp when cross compiling" >&2;} |
|
8705 |
+ { (exit 1); exit 1; }; } |
|
8706 |
+else |
|
8707 |
+ cat >conftest.$ac_ext <<_ACEOF |
|
8708 |
+#line $LINENO "configure" |
|
8709 |
+#include "confdefs.h" |
|
8710 |
+#if HAVE_UNISTD_H |
|
8711 |
+# include <unistd.h> |
|
8712 |
+#endif |
|
8713 |
+ |
|
8714 |
+#ifdef F77_DUMMY_MAIN |
|
8715 |
+# ifdef __cplusplus |
|
8716 |
+ extern "C" |
|
8717 |
+# endif |
|
8718 |
+ int F77_DUMMY_MAIN() { return 1; } |
|
8719 |
+#endif |
|
8720 |
+int |
|
8721 |
+main () |
|
8722 |
+{ |
|
8723 |
+/* If this system has a BSD-style setpgrp which takes arguments, |
|
8724 |
+ setpgrp(1, 1) will fail with ESRCH and return -1, in that case |
|
8725 |
+ exit successfully. */ |
|
8726 |
+ exit (setpgrp (1,1) == -1 ? 0 : 1); |
|
8727 |
+ ; |
|
8728 |
+ return 0; |
|
8729 |
+} |
|
8730 |
+_ACEOF |
|
8731 |
+rm -f conftest$ac_exeext |
|
8732 |
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 |
|
8733 |
+ (eval $ac_link) 2>&5 |
|
8734 |
+ ac_status=$? |
|
8735 |
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 |
|
8736 |
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext' |
|
8737 |
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 |
|
8738 |
+ (eval $ac_try) 2>&5 |
|
8739 |
+ ac_status=$? |
|
8740 |
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 |
|
8741 |
+ (exit $ac_status); }; }; then |
|
8742 |
+ ac_cv_func_setpgrp_void=no |
|
8743 |
+else |
|
8744 |
+ echo "$as_me: program exited with status $ac_status" >&5 |
|
8745 |
+echo "$as_me: failed program was:" >&5 |
|
8746 |
+cat conftest.$ac_ext >&5 |
|
8747 |
+( exit $ac_status ) |
|
8748 |
+ac_cv_func_setpgrp_void=yes |
|
8749 |
+fi |
|
8750 |
+rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext |
|
8751 |
+fi |
|
8752 |
+fi |
|
8753 |
+echo "$as_me:$LINENO: result: $ac_cv_func_setpgrp_void" >&5 |
|
8754 |
+echo "${ECHO_T}$ac_cv_func_setpgrp_void" >&6 |
|
8755 |
+if test $ac_cv_func_setpgrp_void = yes; then |
|
8756 |
+ |
|
8757 |
+cat >>confdefs.h <<\_ACEOF |
|
8758 |
+#define SETPGRP_VOID 1 |
|
8759 |
+_ACEOF |
|
8760 |
+ |
|
8761 |
+fi |
|
8762 |
+ |
|
8763 |
+ |
|
8621 | 8764 |
have_milter="no" |
8622 | 8765 |
if test "${ac_cv_header_libmilter_mfapi_h+set}" = set; then |
8623 | 8766 |
echo "$as_me:$LINENO: checking for libmilter/mfapi.h" >&5 |
... | ... |
@@ -167,6 +167,9 @@ ArchiveMaxRecursion 5 |
167 | 167 |
# Value of 0 disables the limit. |
168 | 168 |
ArchiveMaxFiles 1000 |
169 | 169 |
|
170 |
+# Mark potential archive bombs as viruses (0 disables the limit) |
|
171 |
+ArchiveMaxCompressionRatio 200 |
|
172 |
+ |
|
170 | 173 |
# Use slower decompression algorithm which uses less memory. This option |
171 | 174 |
# affects bzip2 decompressor only. |
172 | 175 |
#ArchiveLimitMemoryUsage |
... | ... |
@@ -60,6 +60,7 @@ int main(int argc, char **argv) |
60 | 60 |
} |
61 | 61 |
|
62 | 62 |
/* set up archive limits */ |
63 |
+ memset(&limits, 0, sizeof(struct cl_limits)); |
|
63 | 64 |
limits.maxfiles = 1000; /* max files */ |
64 | 65 |
limits.maxfilesize = 10 * 1048576; /* maximal archived file size == 10 Mb */ |
65 | 66 |
limits.maxreclevel = 8; /* maximal recursion level */ |
... | ... |
@@ -82,7 +82,7 @@ void cli_enqueue(struct nodelist **bfs, struct cl_node *n) |
82 | 82 |
new = (struct nodelist *) cli_calloc(1, sizeof(struct nodelist)); |
83 | 83 |
if (new == NULL) { |
84 | 84 |
cli_dbgmsg("Unable to allocate node list (%d)\n", sizeof(struct nodelist)); |
85 |
- return CL_EMEM; |
|
85 |
+ return; /* FIXME: should return CL_EMEM */ |
|
86 | 86 |
} |
87 | 87 |
|
88 | 88 |
new->next = *bfs; |
... | ... |
@@ -61,8 +61,6 @@ int cli_scanrar_inuse = 0; |
61 | 61 |
#define DELIVERED_MAGIC_STR "Delivered-To: " |
62 | 62 |
#define BZIP_MAGIC_STR "BZh" |
63 | 63 |
|
64 |
-#define ZIPOSDET 50 /* FIXME: Make it user definable */ |
|
65 |
- |
|
66 | 64 |
int cli_magic_scandesc(int desc, char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *reclev); |
67 | 65 |
|
68 | 66 |
int cli_scandesc(int desc, char **virname, long int *scanned, const struct |
... | ... |
@@ -274,7 +272,7 @@ int cli_scanzip(int desc, char **virname, long int *scanned, const struct cl_nod |
274 | 274 |
|
275 | 275 |
cli_dbgmsg("Zip -> %s, compressed: %d, normal: %d.\n", zdirent.d_name, zdirent.d_csize, zdirent.st_size); |
276 | 276 |
|
277 |
- if(source.st_size && (zdirent.st_size / source.st_size) >= ZIPOSDET) { |
|
277 |
+ if(limits && limits->maxratio > 0 && source.st_size && (zdirent.st_size / source.st_size) >= limits->maxratio) { |
|
278 | 278 |
*virname = "Oversized.Zip"; |
279 | 279 |
ret = CL_VIRUS; |
280 | 280 |
break; |