... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Tue May 8 15:31:51 CEST 2012 (acab) |
|
2 |
+------------------------------------ |
|
3 |
+ * libclamav: detect read races and abort the scan with an error |
|
4 |
+ (bb#4669) |
|
5 |
+ |
|
1 | 6 |
Tue Apr 10 17:04:20 CEST 2012 (tk) |
2 | 7 |
---------------------------------- |
3 | 8 |
* libclamav/pe.c: drop old header check (bb#4699) |
... | ... |
@@ -706,7 +706,7 @@ int cache_check(unsigned char *hash, cli_ctx *ctx) { |
706 | 706 |
void *buf; |
707 | 707 |
size_t readme = todo < FILEBUFF ? todo : FILEBUFF; |
708 | 708 |
if(!(buf = fmap_need_off_once(map, at, readme))) |
709 |
- return CL_VIRUS; |
|
709 |
+ return CL_EREAD; |
|
710 | 710 |
todo -= readme; |
711 | 711 |
at += readme; |
712 | 712 |
cli_md5_update(&md5, buf, readme); |
... | ... |
@@ -1965,7 +1965,7 @@ static void emax_reached(cli_ctx *ctx) { |
1965 | 1965 |
|
1966 | 1966 |
static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type) |
1967 | 1967 |
{ |
1968 |
- int ret = CL_CLEAN; |
|
1968 |
+ int ret = CL_CLEAN, res; |
|
1969 | 1969 |
cli_file_t dettype = 0; |
1970 | 1970 |
struct stat sb; |
1971 | 1971 |
uint8_t typercg = 1; |
... | ... |
@@ -2038,10 +2038,11 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type) |
2038 | 2038 |
} |
2039 | 2039 |
} |
2040 | 2040 |
|
2041 |
- if(cache_check(hash, ctx) == CL_CLEAN) { |
|
2041 |
+ res = cache_check(hash, ctx); |
|
2042 |
+ if(res != CL_VIRUS) { |
|
2042 | 2043 |
funmap(*ctx->fmap); |
2043 | 2044 |
ctx->fmap--; |
2044 |
- ret_from_magicscan(CL_CLEAN); |
|
2045 |
+ ret_from_magicscan(res); |
|
2045 | 2046 |
} |
2046 | 2047 |
hashed_size = (*ctx->fmap)->len; |
2047 | 2048 |
old_hook_lsig_matches = ctx->hook_lsig_matches; |
... | ... |
@@ -2358,8 +2359,12 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type) |
2358 | 2358 |
|
2359 | 2359 |
/* CL_TYPE_HTML: raw HTML files are not scanned, unless safety measure activated via DCONF */ |
2360 | 2360 |
if(type != CL_TYPE_IGNORED && (type != CL_TYPE_HTML || !(DCONF_DOC & DOC_CONF_HTML_SKIPRAW)) && !ctx->engine->sdb) { |
2361 |
- if(cli_scanraw(ctx, type, typercg, &dettype, hash) == CL_VIRUS) { |
|
2362 |
- ret = cli_checkfp(hash, hashed_size, ctx); |
|
2361 |
+ res = cli_scanraw(ctx, type, typercg, &dettype, hash); |
|
2362 |
+ if(res != CL_CLEAN) { |
|
2363 |
+ if(res == CL_VIRUS) |
|
2364 |
+ ret = cli_checkfp(hash, hashed_size, ctx); |
|
2365 |
+ else |
|
2366 |
+ ret = res; |
|
2363 | 2367 |
funmap(*ctx->fmap); |
2364 | 2368 |
ctx->fmap--; |
2365 | 2369 |
cli_bitset_free(ctx->hook_lsig_matches); |