git-svn-id: file:///var/lib/svn/clamav-devel/branches/newlimits@3608 77e5149b-7576-45b1-b177-96237e5ba77b
aCaB authored on 2008/02/11 22:18:41... | ... |
@@ -163,7 +163,6 @@ static int nsis_decomp(struct nsis_st *n) { |
163 | 163 |
break; |
164 | 164 |
case Z_STREAM_END: |
165 | 165 |
ret = CL_BREAK; |
166 |
- /* FIXME: regression needed */ |
|
167 | 166 |
} |
168 | 167 |
n->nsis.avail_in = n->z.avail_in; |
169 | 168 |
n->nsis.next_in = n->z.next_in; |
... | ... |
@@ -184,10 +183,9 @@ static int nsis_unpack_next(struct nsis_st *n, cli_ctx *ctx) { |
184 | 184 |
cli_dbgmsg("NSIS: extraction complete\n"); |
185 | 185 |
return CL_BREAK; |
186 | 186 |
} |
187 |
- if (ctx->limits && ctx->limits->maxfiles && n->fno >= ctx->limits->maxfiles) { |
|
188 |
- cli_dbgmsg("NSIS: Files limit reached (max: %u)\n", ctx->limits->maxfiles); |
|
189 |
- return CL_EMAXFILES; |
|
190 |
- } |
|
187 |
+ |
|
188 |
+ if ((ret=cli_checklimits("NSIS", ctx 0, 0, 0))!=CL_CLEAN) |
|
189 |
+ return ret; |
|
191 | 190 |
|
192 | 191 |
if (n->fno) |
193 | 192 |
snprintf(n->ofn, 1023, "%s/content.%.3u", n->dir, n->fno); |
... | ... |
@@ -225,11 +223,10 @@ static int nsis_unpack_next(struct nsis_st *n, cli_ctx *ctx) { |
225 | 225 |
|
226 | 226 |
n->asz -= size+4; |
227 | 227 |
|
228 |
- if (ctx->limits && ctx->limits->maxfilesize && size > ctx->limits->maxfilesize) { |
|
229 |
- cli_dbgmsg("NSIS: Skipping file due to size limit (%u, max: %lu)\n", size, ctx->limits->maxfilesize); |
|
228 |
+ if ((ret=cli_checklimits("NSIS", ctx, size, 0, 0)!=CL_CLEAN) { |
|
230 | 229 |
close(n->ofd); |
231 | 230 |
if (lseek(n->ifd, size, SEEK_CUR)==-1) return CL_EIO; |
232 |
- return CL_EMAXSIZE; |
|
231 |
+ return ret; |
|
233 | 232 |
} |
234 | 233 |
if (!(ibuf= (unsigned char *) cli_malloc(size))) { |
235 | 234 |
cli_dbgmsg("NSIS: out of memory"__AT__"\n"); |
... | ... |
@@ -274,12 +271,11 @@ static int nsis_unpack_next(struct nsis_st *n, cli_ctx *ctx) { |
274 | 274 |
n->nsis.next_out = obuf; |
275 | 275 |
n->nsis.avail_out = BUFSIZ; |
276 | 276 |
loops=0; |
277 |
- if (ctx->limits && ctx->limits->maxfilesize && size > ctx->limits->maxfilesize) { |
|
278 |
- cli_dbgmsg("NSIS: Skipping file due to size limit (%u, max: %lu)\n", size, ctx->limits->maxfilesize); |
|
277 |
+ if ((ret=cli_checklimits("NSIS", ctx, size, 0, 0))!=CL_CLEAN) { |
|
279 | 278 |
free(ibuf); |
280 | 279 |
close(n->ofd); |
281 | 280 |
nsis_shutdown(n); |
282 |
- return CL_EMAXSIZE; |
|
281 |
+ return ret; |
|
283 | 282 |
} |
284 | 283 |
} else if (++loops > 10) { |
285 | 284 |
cli_dbgmsg("NSIS: xs looping, breaking out"__AT__"\n"); |
... | ... |
@@ -367,10 +363,9 @@ static int nsis_unpack_next(struct nsis_st *n, cli_ctx *ctx) { |
367 | 367 |
} |
368 | 368 |
|
369 | 369 |
size=cli_readint32(obuf); |
370 |
- if (ctx->limits && ctx->limits->maxfilesize && size > ctx->limits->maxfilesize) { |
|
371 |
- cli_dbgmsg("NSIS: Breaking out due to filesize limit (%u, max: %lu) in solid archive\n", size, ctx->limits->maxfilesize); |
|
370 |
+ if ((ret=cli_checklimits("NSIS", ctx, size, 0, 0))!=CL_CLEAN) { |
|
372 | 371 |
close(n->ofd); |
373 |
- return CL_EFORMAT; |
|
372 |
+ return ret; |
|
374 | 373 |
} |
375 | 374 |
|
376 | 375 |
n->nsis.next_out = obuf; |
... | ... |
@@ -536,7 +531,7 @@ int cli_scannulsft(int desc, cli_ctx *ctx, off_t offset) { |
536 | 536 |
} |
537 | 537 |
} while(ret == CL_SUCCESS); |
538 | 538 |
|
539 |
- if(ret == CL_BREAK) |
|
539 |
+ if(ret == CL_BREAK || ret == CL_EMAXFILES) |
|
540 | 540 |
ret = CL_CLEAN; |
541 | 541 |
|
542 | 542 |
cli_nsis_free(&nsist); |
... | ... |
@@ -475,7 +475,9 @@ static void ole2_walk_property_tree(int fd, ole2_header_t *hdr, const char *dir, |
475 | 475 |
if ((prop_index < 0) || (prop_index > (int32_t) hdr->max_block_no) || (rec_level > 100) || (*file_count > 100000)) { |
476 | 476 |
return; |
477 | 477 |
} |
478 |
- /* FIXMELIMITS */ |
|
478 |
+ /* FIXMELIMITS |
|
479 |
+ * DOES recursion on virtual object make sense ? |
|
480 |
+ * WHY no size checking ? */ |
|
479 | 481 |
if (limits && limits->maxfiles && (*file_count > limits->maxfiles)) { |
480 | 482 |
cli_dbgmsg("OLE2: File limit reached (max: %d)\n", limits->maxfiles); |
481 | 483 |
return; |
... | ... |
@@ -778,7 +780,7 @@ static int ole2_read_header(int fd, ole2_header_t *hdr) |
778 | 778 |
} |
779 | 779 |
#endif |
780 | 780 |
|
781 |
-int cli_ole2_extract(int fd, const char *dirname, const struct cl_limits *limits) |
|
781 |
+int cli_ole2_extract(int fd, const char *dirname, cli_ctx *ctx) |
|
782 | 782 |
{ |
783 | 783 |
ole2_header_t hdr; |
784 | 784 |
int hdr_size; |
... | ... |
@@ -878,7 +880,7 @@ int cli_ole2_extract(int fd, const char *dirname, const struct cl_limits *limits |
878 | 878 |
|
879 | 879 |
/* OR */ |
880 | 880 |
|
881 |
- ole2_walk_property_tree(fd, &hdr, dirname, 0, handler_writefile, 0, &file_count, limits); |
|
881 |
+ ole2_walk_property_tree(fd, &hdr, dirname, 0, handler_writefile, 0, &file_count, ctx->limits); |
|
882 | 882 |
|
883 | 883 |
abort: |
884 | 884 |
#ifdef HAVE_MMAP |
... | ... |
@@ -24,8 +24,8 @@ |
24 | 24 |
#ifndef __OLE2_EXTRACT_H |
25 | 25 |
#define __OLE2_EXTRACT_H |
26 | 26 |
|
27 |
-#include "clamav.h" |
|
27 |
+#include "others.h" |
|
28 | 28 |
|
29 |
-int cli_ole2_extract(int fd, const char *dirname, const struct cl_limits *limits); |
|
29 |
+int cli_ole2_extract(int fd, const char *dirname, cli_ctx *ctx); |
|
30 | 30 |
|
31 | 31 |
#endif |
... | ... |
@@ -102,9 +102,6 @@ |
102 | 102 |
#include <stddef.h> |
103 | 103 |
#endif |
104 | 104 |
|
105 |
-#define MAX_MAIL_RECURSION 15 |
|
106 |
- |
|
107 |
- |
|
108 | 105 |
static int cli_scanfile(const char *filename, cli_ctx *ctx); |
109 | 106 |
|
110 | 107 |
#ifdef ENABLE_UNRAR |
... | ... |
@@ -1077,6 +1074,9 @@ static int cli_scanole2(int desc, cli_ctx *ctx) |
1077 | 1077 |
|
1078 | 1078 |
cli_dbgmsg("in cli_scanole2()\n"); |
1079 | 1079 |
|
1080 |
+ if(ctx->limits && ctx->limits->maxreclevel && ctx->recursion >= ctx->limits->maxreclevel) |
|
1081 |
+ return CL_EMAXREC; |
|
1082 |
+ |
|
1080 | 1083 |
/* generate the temporary directory */ |
1081 | 1084 |
dir = cli_gentemp(NULL); |
1082 | 1085 |
if(mkdir(dir, 0700)) { |
... | ... |
@@ -1085,20 +1085,25 @@ static int cli_scanole2(int desc, cli_ctx *ctx) |
1085 | 1085 |
return CL_ETMPDIR; |
1086 | 1086 |
} |
1087 | 1087 |
|
1088 |
- if((ret = cli_ole2_extract(desc, dir, ctx->limits))) { |
|
1088 |
+ if((ret = cli_ole2_extract(desc, dir, ctx))) { |
|
1089 | 1089 |
cli_dbgmsg("OLE2: %s\n", cl_strerror(ret)); |
1090 | 1090 |
if(!cli_leavetemps_flag) |
1091 | 1091 |
cli_rmdirs(dir); |
1092 | 1092 |
free(dir); |
1093 |
+ ctx->recursion--; |
|
1093 | 1094 |
return ret; |
1094 | 1095 |
} |
1095 | 1096 |
|
1097 |
+ ctx->recursion++; |
|
1098 |
+ |
|
1096 | 1099 |
if((ret = cli_vba_scandir(dir, ctx)) != CL_VIRUS) { |
1097 | 1100 |
if(cli_scandir(dir, ctx) == CL_VIRUS) { |
1098 | 1101 |
ret = CL_VIRUS; |
1099 | 1102 |
} |
1100 | 1103 |
} |
1101 | 1104 |
|
1105 |
+ ctx->recursion--; |
|
1106 |
+ |
|
1102 | 1107 |
if(!cli_leavetemps_flag) |
1103 | 1108 |
cli_rmdirs(dir); |
1104 | 1109 |
free(dir); |
... | ... |
@@ -1758,7 +1763,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx) |
1758 | 1758 |
break; |
1759 | 1759 |
|
1760 | 1760 |
case CL_TYPE_NULSFT: |
1761 |
- if(SCAN_ARCHIVE) |
|
1761 |
+ if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_NSIS)) |
|
1762 | 1762 |
ret = cli_scannulsft(desc, ctx, 0); |
1763 | 1763 |
break; |
1764 | 1764 |
|
... | ... |
@@ -590,7 +590,7 @@ cli_decode_ole_object(int fd, const char *dir) |
590 | 590 |
int ofd; |
591 | 591 |
uint32_t object_size; |
592 | 592 |
struct stat statbuf; |
593 |
- char fullname[NAME_MAX + 1]; |
|
593 |
+ char *fullname; |
|
594 | 594 |
|
595 | 595 |
if(dir == NULL) |
596 | 596 |
return -1; |
... | ... |
@@ -629,15 +629,19 @@ cli_decode_ole_object(int fd, const char *dir) |
629 | 629 |
if(!read_uint32(fd, &object_size, FALSE)) |
630 | 630 |
return -1; |
631 | 631 |
} |
632 |
- snprintf(fullname, sizeof(fullname) - 1, "%s/_clam_ole_object", dir); |
|
632 |
+ if(!(fullname = cli_gentemp(dir))) { |
|
633 |
+ return -1; |
|
634 |
+ } |
|
633 | 635 |
ofd = open(fullname, O_RDWR|O_CREAT|O_TRUNC|O_BINARY|O_EXCL, |
634 | 636 |
S_IWUSR|S_IRUSR); |
635 | 637 |
if (ofd < 0) { |
636 |
- cli_warnmsg("cli_decode_ole_object: can't create %s\n", |
|
637 |
- fullname); |
|
638 |
+ cli_warnmsg("cli_decode_ole_object: can't create %s\n", fullname); |
|
639 |
+ free(fullname); |
|
638 | 640 |
return -1; |
641 |
+ } else { |
|
642 |
+ cli_dbgmsg("cli_decode_ole_object: decoding to %s\n", fullname); |
|
639 | 643 |
} |
640 |
- |
|
644 |
+ free(fullname); |
|
641 | 645 |
ole_copy_file_data(fd, ofd, object_size); |
642 | 646 |
lseek(ofd, 0, SEEK_SET); |
643 | 647 |
return ofd; |