Browse code
bb#4669
aCaB authored on 2012/05/08 22:34:27Showing 3 changed files
| ... | ... |
@@ -1,3 +1,8 @@ |
| 1 |
+Tue May 8 15:31:51 CEST 2012 (acab) |
|
| 2 |
+------------------------------------ |
|
| 3 |
+ * libclamav: detect read races and abort the scan with an error |
|
| 4 |
+ (bb#4669) |
|
| 5 |
+ |
|
| 1 | 6 |
Tue Apr 10 17:04:20 CEST 2012 (tk) |
| 2 | 7 |
---------------------------------- |
| 3 | 8 |
* libclamav/pe.c: drop old header check (bb#4699) |
| ... | ... |
@@ -706,7 +706,7 @@ int cache_check(unsigned char *hash, cli_ctx *ctx) {
|
| 706 | 706 |
const void *buf; |
| 707 | 707 |
size_t readme = todo < FILEBUFF ? todo : FILEBUFF; |
| 708 | 708 |
if(!(buf = fmap_need_off_once(map, at, readme))) |
| 709 |
- return CL_VIRUS; |
|
| 709 |
+ return CL_EREAD; |
|
| 710 | 710 |
todo -= readme; |
| 711 | 711 |
at += readme; |
| 712 | 712 |
cli_md5_update(&md5, buf, readme); |
| ... | ... |
@@ -2154,8 +2154,9 @@ static int magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 2154 | 2154 |
unsigned char hash[16]; |
| 2155 | 2155 |
bitset_t *old_hook_lsig_matches; |
| 2156 | 2156 |
const char *filetype; |
| 2157 |
- int cache_clean = 0; |
|
| 2157 |
+ int cache_clean = 0, res; |
|
| 2158 | 2158 |
|
| 2159 |
+ cli_dbgmsg("in magic_scandesc\n");
|
|
| 2159 | 2160 |
if(ctx->engine->maxreclevel && ctx->recursion > ctx->engine->maxreclevel) {
|
| 2160 | 2161 |
cli_dbgmsg("cli_magic_scandesc: Archive recursion limit exceeded (%u, max: %u)\n", ctx->recursion, ctx->engine->maxreclevel);
|
| 2161 | 2162 |
emax_reached(ctx); |
| ... | ... |
@@ -2190,10 +2191,12 @@ static int magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 2190 | 2190 |
CALL_PRESCAN_CB(cb_pre_cache); |
| 2191 | 2191 |
|
| 2192 | 2192 |
perf_start(ctx, PERFT_CACHE); |
| 2193 |
- if(cache_check(hash, ctx) == CL_CLEAN) {
|
|
| 2193 |
+ res = cache_check(hash, ctx); |
|
| 2194 |
+ if(res != CL_VIRUS) {
|
|
| 2194 | 2195 |
perf_stop(ctx, PERFT_CACHE); |
| 2195 |
- early_ret_from_magicscan(CL_CLEAN); |
|
| 2196 |
+ early_ret_from_magicscan(res); |
|
| 2196 | 2197 |
} |
| 2198 |
+ |
|
| 2197 | 2199 |
perf_stop(ctx, PERFT_CACHE); |
| 2198 | 2200 |
hashed_size = (*ctx->fmap)->len; |
| 2199 | 2201 |
old_hook_lsig_matches = ctx->hook_lsig_matches; |
| ... | ... |
@@ -2531,8 +2534,12 @@ static int magic_scandesc(cli_ctx *ctx, cli_file_t type) |
| 2531 | 2531 |
|
| 2532 | 2532 |
/* CL_TYPE_HTML: raw HTML files are not scanned, unless safety measure activated via DCONF */ |
| 2533 | 2533 |
if(type != CL_TYPE_IGNORED && (type != CL_TYPE_HTML || !(DCONF_DOC & DOC_CONF_HTML_SKIPRAW)) && !ctx->engine->sdb) {
|
| 2534 |
- if(cli_scanraw(ctx, type, typercg, &dettype, hash) == CL_VIRUS) {
|
|
| 2535 |
- ret = cli_checkfp(hash, hashed_size, ctx); |
|
| 2534 |
+ res = cli_scanraw(ctx, type, typercg, &dettype, hash); |
|
| 2535 |
+ if(res != CL_CLEAN) {
|
|
| 2536 |
+ if(res == CL_VIRUS) |
|
| 2537 |
+ ret = cli_checkfp(hash, hashed_size, ctx); |
|
| 2538 |
+ else |
|
| 2539 |
+ ret = res; |
|
| 2536 | 2540 |
cli_bitset_free(ctx->hook_lsig_matches); |
| 2537 | 2541 |
ctx->hook_lsig_matches = old_hook_lsig_matches; |
| 2538 | 2542 |
ret_from_magicscan(ret); |