mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2025-10-19 10:23:17 +00:00
902623972d
The cli_max_malloc, cli_max_calloc, and cli_max_realloc functions provide a way to protect against allocating too much memory when the size of the allocation is derived from the untrusted input. Specifically, we worry about values in the file being scanned being manipulated to exhaust the RAM and crash the application. There is no need to check the limits if the size of the allocation is fixed, or if the size of the allocation is necessary for signature loading, or the general operation of the applications. E.g. checking the max-allocation limit for the size of a hash, or for the size of the scan recursion stack, is a complete waste of time. Although we significantly increased the max-allocation limit in a recent release, it is best not to check an allocation if the allocation will be safe. It would be a waste of time. I am also hopeful that if we can reduce the number allocations that require a limit-check to those that require it for the safe scan of a file, then eventually we can store the limit in the scan- context, and make it configurable. |
||
|---|---|---|
| .. | ||
| clamscan | ||
| examples | ||
| input | ||
| check_bytecode.c | ||
| check_clamav.c | ||
| check_clamav_skip.c | ||
| check_clamd.c | ||
| check_disasm.c | ||
| check_fpu_endian.c | ||
| check_htmlnorm.c | ||
| check_jsnorm.c | ||
| check_matchers.c | ||
| check_regex.c | ||
| check_str.c | ||
| check_uniq.c | ||
| checks.h | ||
| clamd_test.py | ||
| CMakeLists.txt | ||
| freshclam_test.py | ||
| libclamav_test.py | ||
| Run-GetLibs.ctest | ||
| sigtool_test.py | ||
| testcase.py | ||
| valgrind.supp | ||