[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b

[Török Edvin]

The following commit has been merged in the debian/unstable branch:
commit 9c92344b099c871d2ca66597d97bd62d919baffc
Author: Török Edvin <edwin at clamav.net>
Date:   Wed Mar 10 15:58:42 2010 +0200

    Only load signed bytecode by default.

diff --git a/etc/clamd.conf b/etc/clamd.conf
index e996d1a..3f00f8a 100644
--- a/etc/clamd.conf
+++ b/etc/clamd.conf
@@ -459,6 +459,8 @@ Example
 #                insert runtime safety checks for bytecode loaded from other sources
 #       Paranoid - don't trust any bytecode, insert runtime checks for all
 # Recommended: TrustSigned, because bytecode in .cvd files already has these checks
+# Note that by default only signed bytecode is loaded, currently you can only
+# load unsigned bytecode in --enable-debug mode.
 #
 # Default: TrustSigned
 #BytecodeSecurity TrustSigned
diff --git a/libclamav/readdb.c b/libclamav/readdb.c
index d0d4ac3..ce146de 100644
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@@ -1380,6 +1380,12 @@ static int cli_loadcbc(FILE *fs, struct cl_engine *engine, unsigned int *signo,
     if(!(engine->dconf->bytecode & BYTECODE_ENGINE_MASK)) {
 	return CL_SUCCESS;
     }
+#ifndef CL_DEBUG
+    if (!(options & CL_DB_SIGNED)) {
+	cli_warnmsg("Only loading signed bytecode, skipping load of unsigned bytecode!\n");
+	return CL_SUCCESS;
+    }
+#endif
     bcs->all_bcs = cli_realloc2(bcs->all_bcs, sizeof(*bcs->all_bcs)*(bcs->count+1));
     if (!bcs->all_bcs) {
 	cli_errmsg("cli_loadcbc: Can't allocate memory for bytecode entry\n");

-- 
Debian repository for ClamAV