Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clam 1607 fix benign overflow & leaks loading PDB & WDB databases #530

Merged
merged 1 commit into from
May 17, 2022

Conversation

ragusaa
Copy link
Contributor

@ragusaa ragusaa commented Apr 4, 2022

Fixes a benign overflow loading PDB or WDB databases, reported by Michał Dardas.

This fix also resolves:

This commit also fixes a minor leak of pattern matching trans nodes that was observed when testing with the MPOOL module disabled.

The fix changed const char pointers to uint8_t pointers when they are to be used with data, as well as removing asserts and adding additional error checking.

@ragusaa
Copy link
Contributor Author

ragusaa commented Apr 4, 2022

This PR replaces #462

@micahsnyder micahsnyder self-requested a review April 4, 2022 22:32
@micahsnyder micahsnyder self-assigned this Apr 4, 2022
libclamav/regex_list.c Outdated Show resolved Hide resolved
Copy link
Contributor

@micahsnyder micahsnyder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 error handling thing to tidy up, otherwise is good

@micahsnyder
Copy link
Contributor

From offline conversations: this PR is presently held up because the cleanup code added is slow and is causing timeouts in the test environment. @ragusaa is working on finding a faster way to track those pointers for cleanup.

Copy link
Contributor

@micahsnyder micahsnyder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With exception to these minor changes requested, this all looks really great. It went through the test pipelines nicely. I used the internal-fuzz-corpus PR to verify that it resolves CLAM-1607 and the related ones (1642, 1649, 1653) and with manual testing, confirmed that 1691 is resolved as well.

libclamav/matcher-ac.c Outdated Show resolved Hide resolved
libclamav/matcher-ac.c Outdated Show resolved Hide resolved
libclamav/regex_list.c Outdated Show resolved Hide resolved
libclamav/regex_list.c Outdated Show resolved Hide resolved
@micahsnyder
Copy link
Contributor

Just rebased for you to same some effort, since I did it for testing locally.

There is a possible overflow read when loading PDB and WDB phishing
signatures.

This issue is not a vulnerability.

Changed const char pointers to uint8_t pointers when they are to be used
with data, as well as removing asserts and adding additional error
checking.

Thank you Michał Dardas for reporting this issue.
Copy link
Contributor

@micahsnyder micahsnyder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@micahsnyder micahsnyder merged commit 1c67468 into Cisco-Talos:main May 17, 2022
@micahsnyder micahsnyder changed the title Changed data pointers to use unsigned types Clam 1607 fix benign overflow & leaks loading PDB & WDB databases May 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants