[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Török Edvin
edwin at clamav.net
Sun Apr 4 01:22:39 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit 9c92344b099c871d2ca66597d97bd62d919baffc
Author: Török Edvin <edwin at clamav.net>
Date: Wed Mar 10 15:58:42 2010 +0200
Only load signed bytecode by default.
diff --git a/etc/clamd.conf b/etc/clamd.conf
index e996d1a..3f00f8a 100644
--- a/etc/clamd.conf
+++ b/etc/clamd.conf
@@ -459,6 +459,8 @@ Example
# insert runtime safety checks for bytecode loaded from other sources
# Paranoid - don't trust any bytecode, insert runtime checks for all
# Recommended: TrustSigned, because bytecode in .cvd files already has these checks
+# Note that by default only signed bytecode is loaded, currently you can only
+# load unsigned bytecode in --enable-debug mode.
#
# Default: TrustSigned
#BytecodeSecurity TrustSigned
diff --git a/libclamav/readdb.c b/libclamav/readdb.c
index d0d4ac3..ce146de 100644
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@@ -1380,6 +1380,12 @@ static int cli_loadcbc(FILE *fs, struct cl_engine *engine, unsigned int *signo,
if(!(engine->dconf->bytecode & BYTECODE_ENGINE_MASK)) {
return CL_SUCCESS;
}
+#ifndef CL_DEBUG
+ if (!(options & CL_DB_SIGNED)) {
+ cli_warnmsg("Only loading signed bytecode, skipping load of unsigned bytecode!\n");
+ return CL_SUCCESS;
+ }
+#endif
bcs->all_bcs = cli_realloc2(bcs->all_bcs, sizeof(*bcs->all_bcs)*(bcs->count+1));
if (!bcs->all_bcs) {
cli_errmsg("cli_loadcbc: Can't allocate memory for bytecode entry\n");
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list