... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Tue May 8 15:31:51 CEST 2012 (acab) |
|
2 |
+------------------------------------ |
|
3 |
+ * libclamav: detect read races and abort the scan with an error |
|
4 |
+ (bb#4669) |
|
5 |
+ |
|
1 | 6 |
Tue Apr 10 17:04:20 CEST 2012 (tk) |
2 | 7 |
---------------------------------- |
3 | 8 |
* libclamav/pe.c: drop old header check (bb#4699) |
... | ... |
@@ -706,7 +706,7 @@ int cache_check(unsigned char *hash, cli_ctx *ctx) { |
706 | 706 |
const void *buf; |
707 | 707 |
size_t readme = todo < FILEBUFF ? todo : FILEBUFF; |
708 | 708 |
if(!(buf = fmap_need_off_once(map, at, readme))) |
709 |
- return CL_VIRUS; |
|
709 |
+ return CL_EREAD; |
|
710 | 710 |
todo -= readme; |
711 | 711 |
at += readme; |
712 | 712 |
cli_md5_update(&md5, buf, readme); |
... | ... |
@@ -2154,8 +2154,9 @@ static int magic_scandesc(cli_ctx *ctx, cli_file_t type) |
2154 | 2154 |
unsigned char hash[16]; |
2155 | 2155 |
bitset_t *old_hook_lsig_matches; |
2156 | 2156 |
const char *filetype; |
2157 |
- int cache_clean = 0; |
|
2157 |
+ int cache_clean = 0, res; |
|
2158 | 2158 |
|
2159 |
+ cli_dbgmsg("in magic_scandesc\n"); |
|
2159 | 2160 |
if(ctx->engine->maxreclevel && ctx->recursion > ctx->engine->maxreclevel) { |
2160 | 2161 |
cli_dbgmsg("cli_magic_scandesc: Archive recursion limit exceeded (%u, max: %u)\n", ctx->recursion, ctx->engine->maxreclevel); |
2161 | 2162 |
emax_reached(ctx); |
... | ... |
@@ -2190,10 +2191,12 @@ static int magic_scandesc(cli_ctx *ctx, cli_file_t type) |
2190 | 2190 |
CALL_PRESCAN_CB(cb_pre_cache); |
2191 | 2191 |
|
2192 | 2192 |
perf_start(ctx, PERFT_CACHE); |
2193 |
- if(cache_check(hash, ctx) == CL_CLEAN) { |
|
2193 |
+ res = cache_check(hash, ctx); |
|
2194 |
+ if(res != CL_VIRUS) { |
|
2194 | 2195 |
perf_stop(ctx, PERFT_CACHE); |
2195 |
- early_ret_from_magicscan(CL_CLEAN); |
|
2196 |
+ early_ret_from_magicscan(res); |
|
2196 | 2197 |
} |
2198 |
+ |
|
2197 | 2199 |
perf_stop(ctx, PERFT_CACHE); |
2198 | 2200 |
hashed_size = (*ctx->fmap)->len; |
2199 | 2201 |
old_hook_lsig_matches = ctx->hook_lsig_matches; |
... | ... |
@@ -2531,8 +2534,12 @@ static int magic_scandesc(cli_ctx *ctx, cli_file_t type) |
2531 | 2531 |
|
2532 | 2532 |
/* CL_TYPE_HTML: raw HTML files are not scanned, unless safety measure activated via DCONF */ |
2533 | 2533 |
if(type != CL_TYPE_IGNORED && (type != CL_TYPE_HTML || !(DCONF_DOC & DOC_CONF_HTML_SKIPRAW)) && !ctx->engine->sdb) { |
2534 |
- if(cli_scanraw(ctx, type, typercg, &dettype, hash) == CL_VIRUS) { |
|
2535 |
- ret = cli_checkfp(hash, hashed_size, ctx); |
|
2534 |
+ res = cli_scanraw(ctx, type, typercg, &dettype, hash); |
|
2535 |
+ if(res != CL_CLEAN) { |
|
2536 |
+ if(res == CL_VIRUS) |
|
2537 |
+ ret = cli_checkfp(hash, hashed_size, ctx); |
|
2538 |
+ else |
|
2539 |
+ ret = res; |
|
2536 | 2540 |
cli_bitset_free(ctx->hook_lsig_matches); |
2537 | 2541 |
ctx->hook_lsig_matches = old_hook_lsig_matches; |
2538 | 2542 |
ret_from_magicscan(ret); |