[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Tomasz Kojm
tkojm at clamav.net
Sun Apr 4 00:59:26 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit 039c95658d45e3c96c018863691f6020692be03b
Author: Tomasz Kojm <tkojm at clamav.net>
Date: Tue Aug 4 20:22:03 2009 +0200
libclamav/readdb.c: make the parser more sensitive to errors in numerical fields
diff --git a/ChangeLog b/ChangeLog
index 76e0225..56e4712 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Tue Aug 4 20:06:51 CEST 2009 (tk)
+----------------------------------
+ * libclamav/readdb.c: make the parser more sensitive to errors in
+ numerical fields
+
Tue Aug 4 15:10:12 CEST 2009 (tk)
----------------------------------
* freshclam, libclamav: work around possible race condition during
diff --git a/libclamav/readdb.c b/libclamav/readdb.c
index bd5cec9..293753f 100644
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@@ -642,7 +642,8 @@ static int cli_loadndb(FILE *fs, struct cl_engine *engine, unsigned int *signo,
if(tokens_count > 4) { /* min version */
pt = tokens[4];
- if(!isdigit(*pt)) {
+
+ if(!cli_isnumber(pt)) {
ret = CL_EMALFDB;
break;
}
@@ -654,7 +655,7 @@ static int cli_loadndb(FILE *fs, struct cl_engine *engine, unsigned int *signo,
if(tokens_count == 6) { /* max version */
pt = tokens[5];
- if(!isdigit(*pt)) {
+ if(!cli_isnumber(pt)) {
ret = CL_EMALFDB;
break;
}
@@ -665,7 +666,7 @@ static int cli_loadndb(FILE *fs, struct cl_engine *engine, unsigned int *signo,
}
}
- if(!(pt = tokens[1]) || !isdigit(*pt)) {
+ if(!(pt = tokens[1]) || (strcmp(pt, "*") && !cli_isnumber(pt))) {
ret = CL_EMALFDB;
break;
}
@@ -776,6 +777,10 @@ static int lsigattribs(char *attribs, struct cli_lsig_tdb *tdb)
switch(apt->type) {
case CLI_TDB_UINT:
+ if(!cli_isnumber(pt)) {
+ cli_errmsg("lsigattribs: Invalid argument for %s\n", tokens[i]);
+ return -1;
+ }
off[i] = cnt = tdb->cnt[CLI_TDB_UINT]++;
tdb->val = (uint32_t *) mpool_realloc2(tdb->mempool, tdb->val, tdb->cnt[CLI_TDB_UINT] * sizeof(uint32_t));
if(!tdb->val) {
@@ -798,6 +803,10 @@ static int lsigattribs(char *attribs, struct cli_lsig_tdb *tdb)
tdb->cnt[CLI_TDB_RANGE] = 0;
return -1;
}
+ if(!cli_isnumber(pt) || !cli_isnumber(pt2)) {
+ cli_errmsg("lsigattribs: Invalid argument for %s\n", tokens[i]);
+ return -1;
+ }
tdb->range[cnt] = atoi(pt);
tdb->range[cnt + 1] = atoi(pt2);
break;
@@ -1115,11 +1124,22 @@ static int cli_loadftm(FILE *fs, struct cl_engine *engine, unsigned int options,
break;
}
+ if(!cli_isnumber(tokens[0])) {
+ cli_errmsg("cli_loadftm: Invalid value for the first field\n");
+ ret = CL_EMALFDB;
+ break;
+ }
+
if(atoi(tokens[0]) == 1) { /* A-C */
if((ret = cli_parse_add(engine->root[0], tokens[3], tokens[2], rtype, type, strcmp(tokens[1], "*") ? tokens[1] : NULL, 0, NULL, options)))
break;
} else if(atoi(tokens[0]) == 0) { /* memcmp() */
+ if(!cli_isnumber(tokens[1])) {
+ cli_errmsg("cli_loadftm: Invalid offset\n");
+ ret = CL_EMALFDB;
+ break;
+ }
new = (struct cli_ftype *) mpool_malloc(engine->mempool, sizeof(struct cli_ftype));
if(!new) {
ret = CL_EMEM;
@@ -1191,6 +1211,12 @@ static int cli_loadign(FILE *fs, struct cl_engine *engine, unsigned int options,
break;
}
+ if(!cli_isnumber(tokens[1])) {
+ cli_errmsg("cli_loadign: Invalid entry for line number\n");
+ ret = CL_EMALFDB;
+ break;
+ }
+
new = (struct cli_ignsig *) mpool_calloc(engine->mempool, 1, sizeof(struct cli_ignsig));
if(!new) {
ret = CL_EMEM;
@@ -1319,6 +1345,11 @@ static int cli_loadmd5(FILE *fs, struct cl_engine *engine, unsigned int *signo,
ret = CL_EMALFDB;
break;
}
+ if(!cli_isnumber(tokens[size_field])) {
+ cli_errmsg("cli_loadmd5: Invalid value for the size field\n");
+ ret = CL_EMALFDB;
+ break;
+ }
pt = tokens[2]; /* virname */
if(engine->pua_cats && (options & CL_DB_PUA_MODE) && (options & (CL_DB_PUA_INCLUDE | CL_DB_PUA_EXCLUDE)))
@@ -1419,6 +1450,37 @@ static int cli_loadmd(FILE *fs, struct cl_engine *engine, unsigned int *signo, i
break;
}
+ if(strcmp(tokens[1], "*") && !cli_isnumber(tokens[1])) {
+ cli_errmsg("cli_loadmd: Invalid value for the 'encrypted' field\n");
+ ret = CL_EMALFDB;
+ break;
+ }
+ if(strcmp(tokens[3], "*") && !cli_isnumber(tokens[3])) {
+ cli_errmsg("cli_loadmd: Invalid value for the 'original size' field\n");
+ ret = CL_EMALFDB;
+ break;
+ }
+ if(strcmp(tokens[4], "*") && !cli_isnumber(tokens[4])) {
+ cli_errmsg("cli_loadmd: Invalid value for the 'compressed size' field\n");
+ ret = CL_EMALFDB;
+ break;
+ }
+ if(strcmp(tokens[6], "*") && !cli_isnumber(tokens[6])) {
+ cli_errmsg("cli_loadmd: Invalid value for the 'compression method' field\n");
+ ret = CL_EMALFDB;
+ break;
+ }
+ if(strcmp(tokens[7], "*") && !cli_isnumber(tokens[7])) {
+ cli_errmsg("cli_loadmd: Invalid value for the 'file number' field\n");
+ ret = CL_EMALFDB;
+ break;
+ }
+ if(strcmp(tokens[8], "*") && !cli_isnumber(tokens[8])) {
+ cli_errmsg("cli_loadmd: Invalid value for the 'max depth' field\n");
+ ret = CL_EMALFDB;
+ break;
+ }
+
new = (struct cli_meta_node *) mpool_calloc(engine->mempool, 1, sizeof(struct cli_meta_node));
if(!new) {
ret = CL_EMEM;
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list