From 82a321a5898eae53ec0dda8d8f24fe834b8e2771 Mon Sep 17 00:00:00 2001 From: "Val S." Date: Mon, 13 Oct 2025 19:08:45 -0400 Subject: [PATCH] Fix embedded RAR archive extraction issue If the current layer has a file descriptor, ClamAV is passing the path for that file to the UnRAR module, even if the RAR we want to scan is just some small embedded bit (e.g. detected by RARSFX signature). We need to drop the RAR portion to a new file for the UnRAR module because it does not accept file buffers to be scanned, only file paths. CLAM-2900 --- libclamav/scanners.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/libclamav/scanners.c b/libclamav/scanners.c index 980182542..bc0aec3b2 100644 --- a/libclamav/scanners.c +++ b/libclamav/scanners.c @@ -534,9 +534,15 @@ static cl_error_t cli_scanrar(cli_ctx *ctx) int tmpfd = -1; #ifdef _WIN32 - if ((SCAN_UNPRIVILEGED) || (NULL == ctx->fmap->path) || (0 != _access_s(ctx->fmap->path, R_OK))) { + if ((SCAN_UNPRIVILEGED) || + (NULL == ctx->fmap->path) || + (0 != _access_s(ctx->fmap->path, R_OK)) || + (ctx->fmap->nested_offset > 0) || (ctx->fmap->len < ctx->fmap->real_len)) { #else - if ((SCAN_UNPRIVILEGED) || (NULL == ctx->fmap->path) || (0 != access(ctx->fmap->path, R_OK))) { + if ((SCAN_UNPRIVILEGED) || + (NULL == ctx->fmap->path) || + (0 != access(ctx->fmap->path, R_OK)) || + (ctx->fmap->nested_offset > 0) || (ctx->fmap->len < ctx->fmap->real_len)) { #endif /* If map is not file-backed have to dump to file for scanrar. */ status = fmap_dump_to_file(ctx->fmap, ctx->fmap->path, ctx->this_layer_tmpdir, &tmpname, &tmpfd, 0, SIZE_MAX);