Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 10:23:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

libclamav: Have cli_map_scan check for truncation for dump-to-file case

Browse source
This commit is contained in:
David Raynor 2013-12-11 15:30:40 -05:00
parent 97a0759596
commit a4ce85ce6d
1 changed files with 19 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

20
libclamav/scanners.c
View file

@ -2987,7 +2987,7 @@ int cli_map_scan(cl_fmap_t *map, off_t offset, size_t length, cli_ctx *ctx)
cli_dbgmsg("cli_map_scan: [%ld, +%lu)\n",
(long)offset, (unsigned long)length);
if (offset < 0 || offset >= map->len) {
if (offset < 0 || offset >= old_len) {
cli_dbgmsg("Invalid offset: %ld\n", (long)offset);
return CL_CLEAN;
}
@ -2999,6 +2999,24 @@ int cli_map_scan(cl_fmap_t *map, off_t offset, size_t length, cli_ctx *ctx)
int fd = -1;
size_t nread = 0;
/* Then check length */
if (!length) length = old_len - offset;
if (length > old_len - offset) {
cli_dbgmsg("cli_map_scan: Data truncated: %lu -> %lu\n",
(unsigned long)length, (unsigned long)(old_len - offset));
length = old_len - offset;
}
if (length <= 5) {
cli_dbgmsg("cli_map_scan: Small data (%u bytes)\n", (unsigned int) length);
return CL_CLEAN;
}
if (!CLI_ISCONTAINED(old_off, old_len, old_off + offset, length)) {
cli_dbgmsg("cli_map_scan: map error occurred [%ld, %lu]\n",
(long)old_off, (unsigned long)old_len);
return CL_CLEAN;
}
/* Length checked, now get map */
mapdata = fmap_need_off_once_len(map, offset, length, &nread);
if (!mapdata || (nread != length)) {
cli_errmsg("cli_map_scan: could not map sub-file\n");