Browse code

libclamav/readdb.c: add offset checks (bb#1615)

git-svn: trunk@5070

Tomasz Kojm authored on 2009/05/22 21:10:02
Showing 2 changed files
... ...
@@ -1,3 +1,7 @@
1
+Fri May 22 14:09:23 CEST 2009 (tk)
2
+----------------------------------
3
+ * libclamav/readdb.c: add offset checks (bb#1615)
4
+
1 5
 Thu May 21 15:41:36 CEST 2009 (tk)
2 6
 ----------------------------------
3 7
  * clamscan, clamdscan: add support for --file-list/-f
... ...
@@ -517,6 +517,27 @@ static int cli_loadpdb(FILE *fs, struct cl_engine *engine, unsigned int *signo,
517 517
     return CL_SUCCESS;
518 518
 }
519 519
 
520
+static int cli_checkoffset(const char *offset, unsigned int type)
521
+{
522
+	unsigned int foo;
523
+	const char *pt = offset;
524
+
525
+    if(isdigit(*offset)) {
526
+	while(*pt++)
527
+	    if(!strchr("0123456789,", *pt))
528
+		return 1;
529
+	return 0;
530
+    }
531
+
532
+    if(!strncmp(offset, "EOF-", 4))
533
+	return 0;
534
+
535
+    if((type == 1 || type == 6) && (!strncmp(offset, "EP+", 3) || !strncmp(offset, "EP-", 3) || (sscanf(offset, "SL+%u", &foo) == 1) || (sscanf(offset, "S%u+%u", &foo, &foo) == 2)))
536
+	return 0;
537
+
538
+    return 1;
539
+}
540
+
520 541
 #define NDB_TOKENS 6
521 542
 static int cli_loadndb(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigned short sdb, unsigned int options, struct cli_dbio *dbio, const char *dbname)
522 543
 {
... ...
@@ -602,6 +623,12 @@ static int cli_loadndb(FILE *fs, struct cl_engine *engine, unsigned int *signo,
602 602
 	if(!strcmp(offset, "*"))
603 603
 	    offset = NULL;
604 604
 
605
+	if(offset && cli_checkoffset(offset, target)) {
606
+	    cli_errmsg("Incorrect offset '%s' for signature type-%u\n", offset, target);
607
+	    ret = CL_EMALFDB;
608
+	    break;
609
+	}
610
+
605 611
 	sig = tokens[3];
606 612
 
607 613
 	if((ret = cli_parse_add(root, virname, sig, 0, 0, offset, target, NULL, options))) {
... ...
@@ -937,6 +964,12 @@ static int cli_loadldb(FILE *fs, struct cl_engine *engine, unsigned int *signo,
937 937
 		sig = tokens[3 + i];
938 938
 	    }
939 939
 
940
+	    if(offset && cli_checkoffset(offset, tdb.target[0])) {
941
+		cli_errmsg("Incorrect offset '%s' in subsignature id %u for signature type-%u\n", offset, i, tdb.target[0]);
942
+		ret = CL_EMALFDB;
943
+		break;
944
+	    }
945
+
940 946
 	    if((ret = cli_parse_add(root, virname, sig, 0, 0, offset, target, lsigid, options))) {
941 947
 		ret = CL_EMALFDB;
942 948
 		break;