Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 10:23:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

zip: Fix false negative w. HeuristicScanPrecedence

Browse source
This commit is contained in:
Jan Smutny 2020-06-11 16:42:08 +02:00 committed by Micah Snyder (micasnyd)
parent 76d60e5451
commit b33e4be3ea
1 changed files with 27 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

29
libclamav/unzip.c
View file

@ -957,6 +957,7 @@ cl_error_t index_the_central_directory(
struct zip_record *curr_record = NULL;
struct zip_record *prev_record = NULL;
uint32_t num_overlapping_files = 0;
int virus_found = 0;
if (NULL == catalogue || NULL == num_records) {
cli_errmsg("index_the_central_directory: Invalid NULL arguments\n");
@ -986,6 +987,15 @@ cl_error_t index_the_central_directory(
NULL, // tmpd not required
NULL,
&(zip_catalogue[records_count])))) {
if (ret == CL_VIRUS) {
if (SCAN_ALLMATCHES)
virus_found = 1;
else {
status = CL_VIRUS;
goto done;
}
}
index++;
if (cli_checktimelimit(ctx) != CL_SUCCESS) {
@ -1023,6 +1033,15 @@ cl_error_t index_the_central_directory(
}
}
if (ret == CL_VIRUS) {
if (SCAN_ALLMATCHES)
virus_found = 1;
else {
status = CL_VIRUS;
goto done;
}
}
if (records_count > 1) {
/*
* Sort the records by local file offset
@ -1090,6 +1109,8 @@ done:
}
}
if (virus_found) status = CL_VIRUS;
return status;
}
@ -1147,7 +1168,11 @@ cl_error_t cli_unzip(cli_ctx *ctx)
&zip_catalogue,
&records_count);
if (CL_SUCCESS != ret) {
goto done;
if (CL_VIRUS == ret && SCAN_ALLMATCHES)
virus_found = 1;
else {
goto done;
}
}
/*
@ -1227,7 +1252,7 @@ cl_error_t cli_unzip(cli_ctx *ctx)
if (virus_found == 1) {
ret = CL_VIRUS;
}
if (num_files_unzipped <= (file_count / 4)) { /* FIXME: make up a sane ratio or remove the whole logic */
if (0 < num_files_unzipped && num_files_unzipped <= (file_count / 4)) { /* FIXME: make up a sane ratio or remove the whole logic */
file_count = 0;
while ((ret == CL_CLEAN) &&
(lhoff < fsize) &&