Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 10:23:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix embedded RAR archive extraction issue

Browse source 
If the current layer has a file descriptor, ClamAV is passing the path
for that file to the UnRAR module, even if the RAR we want to scan is
just some small embedded bit (e.g. detected by RARSFX signature).

We need to drop the RAR portion to a new file for the UnRAR module
because it does not accept file buffers to be scanned, only file paths.

CLAM-2900
This commit is contained in:
Val S. 2025-10-13 19:08:45 -04:00
parent 4395c4bac1
commit 82a321a589
No known key found for this signature in database
GPG key ID: 3A7D293D8274CA1B
1 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

10
libclamav/scanners.c
View file

@ -534,9 +534,15 @@ static cl_error_t cli_scanrar(cli_ctx *ctx)
int tmpfd = -1; int tmpfd = -1;
#ifdef _WIN32 #ifdef _WIN32
if ((SCAN_UNPRIVILEGED) || (NULL == ctx->fmap->path) || (0 != _access_s(ctx->fmap->path, R_OK))) { if ((SCAN_UNPRIVILEGED) ||
(NULL == ctx->fmap->path) ||
(0 != _access_s(ctx->fmap->path, R_OK)) ||
(ctx->fmap->nested_offset > 0) || (ctx->fmap->len < ctx->fmap->real_len)) {
#else #else
if ((SCAN_UNPRIVILEGED) || (NULL == ctx->fmap->path) || (0 != access(ctx->fmap->path, R_OK))) { if ((SCAN_UNPRIVILEGED) ||
(NULL == ctx->fmap->path) ||
(0 != access(ctx->fmap->path, R_OK)) ||
(ctx->fmap->nested_offset > 0) || (ctx->fmap->len < ctx->fmap->real_len)) {
#endif #endif
/* If map is not file-backed have to dump to file for scanrar. */ /* If map is not file-backed have to dump to file for scanrar. */
status = fmap_dump_to_file(ctx->fmap, ctx->fmap->path, ctx->this_layer_tmpdir, &tmpname, &tmpfd, 0, SIZE_MAX); status = fmap_dump_to_file(ctx->fmap, ctx->fmap->path, ctx->this_layer_tmpdir, &tmpname, &tmpfd, 0, SIZE_MAX);