packages/clamav
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clamav/CVE-2019-15961-2.patch

200 lines
8.5 KiB
Diff
Raw Normal View History

fix CVE-2019-15961
2021-02-18 17:40:20 +08:00
From 482fcd413b07e9fd3ef9850e6d01a45f4e187108 Mon Sep 17 00:00:00 2001
From: Andy Ragusa <aragusa@cisco.com>
Date: Tue, 19 Nov 2019 15:55:47 -0800
Subject: [PATCH] Modified mbox.c only mark files as infected with heuristic
alerts if heuristic alerts are enabled.
---
libclamav/mbox.c | 52 ++++++++++++++++++++++--------------------------
1 file changed, 24 insertions(+), 28 deletions(-)
diff --git a/libclamav/mbox.c b/libclamav/mbox.c
index 684f0d7e34..fc63245255 100644
--- a/libclamav/mbox.c
+++ b/libclamav/mbox.c
@@ -232,11 +232,11 @@ static blob *getHrefs(message *m, tag_arguments_t *hrefs);
static void hrefs_done(blob *b, tag_arguments_t *hrefs);
static void checkURLs(message *m, mbox_ctx *mctx, mbox_status *rc, int is_html);
-static bool haveTooManyMIMEPartsPerMessage(size_t mimePartCnt, cli_ctx *ctx);
-static bool hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx);
-static bool haveTooManyHeaderBytes(size_t totalLen, cli_ctx *ctx);
-static bool haveTooManyEmailHeaders(size_t totalHeaderCnt, cli_ctx *ctx);
-static bool haveTooManyMIMEArguments(size_t argCnt, cli_ctx *ctx);
+static bool haveTooManyMIMEPartsPerMessage(size_t mimePartCnt, cli_ctx *ctx, mbox_status * rc);
+static bool hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx, bool * heuristicFound);
+static bool haveTooManyHeaderBytes(size_t totalLen, cli_ctx *ctx, bool * heuristicFound);
+static bool haveTooManyEmailHeaders(size_t totalHeaderCnt, cli_ctx *ctx, bool * heuristicFound);
+static bool haveTooManyMIMEArguments(size_t argCnt, cli_ctx *ctx, bool * heuristicFound);
/* Maximum line length according to RFC2821 */
#define RFC2821LENGTH 1000
@@ -769,7 +769,7 @@ doContinueMultipleEmptyOptions(const char *const line, bool *lastWasOnlySemi)
}
static bool
-hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx)
+hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx, bool * heuristicFound)
{
if (line) {
@@ -782,6 +782,7 @@ hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx)
if ((*lineFoldCnt) >= HEURISTIC_EMAIL_MAX_LINE_FOLDS_PER_HEADER) {
if (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS) {
cli_append_virus(ctx, "Heuristics.Email.ExceedsMaxLineFoldCnt");
+ *heuristicFound = TRUE;
}
return TRUE;
@@ -791,12 +792,13 @@ hitLineFoldCnt(const char *const line, size_t *lineFoldCnt, cli_ctx *ctx)
}
static bool
-haveTooManyHeaderBytes(size_t totalLen, cli_ctx *ctx)
+haveTooManyHeaderBytes(size_t totalLen, cli_ctx *ctx, bool * heuristicFound)
{
if (totalLen > HEURISTIC_EMAIL_MAX_HEADER_BYTES) {
if (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS) {
cli_append_virus(ctx, "Heuristics.Email.ExceedsMaxHeaderBytes");
+ *heuristicFound = TRUE;
}
return TRUE;
@@ -805,12 +807,13 @@ haveTooManyHeaderBytes(size_t totalLen, cli_ctx *ctx)
}
static bool
-haveTooManyEmailHeaders(size_t totalHeaderCnt, cli_ctx *ctx)
+haveTooManyEmailHeaders(size_t totalHeaderCnt, cli_ctx *ctx, bool * heuristicFound)
{
if (totalHeaderCnt > HEURISTIC_EMAIL_MAX_HEADERS) {
if (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS) {
cli_append_virus(ctx, "Heuristics.Email.ExceedsMaxEmailHeaders");
+ *heuristicFound = TRUE;
}
return TRUE;
@@ -819,12 +822,13 @@ haveTooManyEmailHeaders(size_t totalHeaderCnt, cli_ctx *ctx)
}
static bool
-haveTooManyMIMEPartsPerMessage(size_t mimePartCnt, cli_ctx *ctx)
+haveTooManyMIMEPartsPerMessage(size_t mimePartCnt, cli_ctx *ctx, mbox_status * rc)
{
if (mimePartCnt >= HEURISTIC_EMAIL_MAX_MIME_PARTS_PER_MESSAGE) {
if (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS) {
cli_append_virus(ctx, "Heuristics.Email.ExceedsMaxMIMEPartsPerMessage");
+ *rc = VIRUS;
}
return TRUE;
@@ -833,12 +837,13 @@ haveTooManyMIMEPartsPerMessage(size_t mimePartCnt, cli_ctx *ctx)
}
static bool
-haveTooManyMIMEArguments(size_t argCnt, cli_ctx *ctx)
+haveTooManyMIMEArguments(size_t argCnt, cli_ctx *ctx, bool * heuristicFound)
{
if (argCnt >= HEURISTIC_EMAIL_MAX_ARGUMENTS_PER_HEADER) {
if (ctx->options->general & CL_SCAN_GENERAL_HEURISTICS) {
cli_append_virus(ctx, "Heuristics.Email.ExceedsMaxMIMEArguments");
+ *heuristicFound = TRUE;
}
return TRUE;
@@ -899,8 +904,7 @@ parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821, const char *first
continue;
}
- if (hitLineFoldCnt(line, &lineFoldCnt, ctx)) {
- *heuristicFound = TRUE;
+ if (hitLineFoldCnt(line, &lineFoldCnt, ctx, heuristicFound )) {
break;
}
@@ -947,8 +951,7 @@ parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821, const char *first
DO_VERIFY_POINTER(header);
totalHeaderCnt++;
- if (haveTooManyEmailHeaders(totalHeaderCnt, ctx)) {
- *heuristicFound = TRUE;
+ if (haveTooManyEmailHeaders(totalHeaderCnt, ctx, heuristicFound)) {
break;
}
needContinue = (parseEmailHeader(ret, header, rfc821, ctx, heuristicFound) < 0);
@@ -1037,8 +1040,7 @@ parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821, const char *first
if (lineAdded) {
totalHeaderBytes += strlen(line);
- if (haveTooManyHeaderBytes(totalHeaderBytes, ctx)) {
- *heuristicFound = TRUE;
+ if (haveTooManyHeaderBytes(totalHeaderBytes, ctx, heuristicFound)) {
break;
}
}
@@ -1069,8 +1071,7 @@ parseEmailFile(fmap_t *map, size_t *at, const table_t *rfc821, const char *first
if (0 == needContinue) {
totalHeaderCnt++;
- if (haveTooManyEmailHeaders(totalHeaderCnt, ctx)) {
- *heuristicFound = TRUE;
+ if (haveTooManyEmailHeaders(totalHeaderCnt, ctx, heuristicFound)) {
break;
}
needContinue = (parseEmailHeader(ret, header, rfc821, ctx, heuristicFound) < 0);
@@ -1205,8 +1206,7 @@ parseEmailHeaders(message *m, const table_t *rfc821, bool *heuristicFound)
continue;
}
- if (hitLineFoldCnt(line, &lineFoldCnt, m->ctx)) {
- *heuristicFound = TRUE;
+ if (hitLineFoldCnt(line, &lineFoldCnt, m->ctx, heuristicFound)) {
break;
}
@@ -1283,8 +1283,7 @@ parseEmailHeaders(message *m, const table_t *rfc821, bool *heuristicFound)
}
if (lineAdded) {
- if (haveTooManyHeaderBytes(fulllinelength, m->ctx)) {
- *heuristicFound = TRUE;
+ if (haveTooManyHeaderBytes(fulllinelength, m->ctx, heuristicFound)) {
break;
}
}
@@ -1306,8 +1305,7 @@ parseEmailHeaders(message *m, const table_t *rfc821, bool *heuristicFound)
}
totalHeaderCnt++;
- if (haveTooManyEmailHeaders(totalHeaderCnt, m->ctx)) {
- *heuristicFound = TRUE;
+ if (haveTooManyEmailHeaders(totalHeaderCnt, m->ctx, heuristicFound)) {
break;
}
if (parseEmailHeader(ret, fullline, rfc821, m->ctx, heuristicFound) < 0) {
@@ -2209,9 +2207,8 @@ parseEmailBody(message *messageIn, text *textIn, mbox_ctx *mctx, unsigned int re
free((char *)boundary);
- if (haveTooManyMIMEPartsPerMessage(multiparts, mctx->ctx)) {
+ if (haveTooManyMIMEPartsPerMessage(multiparts, mctx->ctx, &rc)) {
DO_FREE(messages);
- rc = VIRUS;
break;
}
@@ -3290,8 +3287,7 @@ parseMimeHeader(message *m, const char *cmd, const table_t *rfc821Table, const c
cli_dbgmsg("mimeArgs = '%s'\n", buf);
argCnt++;
- if (haveTooManyMIMEArguments(argCnt, ctx)) {
- *heuristicFound = TRUE;
+ if (haveTooManyMIMEArguments(argCnt, ctx, heuristicFound )) {
break;
}
messageAddArguments(m, buf);
Reference in New Issue Copy Permalink