Abort signature load for short signature patterns

If a signature has a pattern that is too short will fail to load the siganture but does not cause the entire load process to abort. This is bad for two reasons: 1) It is not immediately apparent that the signature is bad, and so it could be published accidentally. 2) The signature is partially loaded by the time the bad pattern is observed and that may cause a crash later. Because of (1), it is not worth it to try to unload the first part of the signature. Instead, we should just abort the signature load. Fixes: Cisco-Talos#923
micahsnyder · May 30, 2023 · 41d8be2 · 41d8be2
1 parent e70493c
commit 41d8be2
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/libclamav/matcher-ac.c b/libclamav/matcher-ac.c
@@ -2951,6 +2951,7 @@ cl_error_t cli_ac_addsig(struct cli_matcher *root, const char *virname, const ch
             cli_warnmsg("cli_ac_addsig: cannot use filter for trie\n");
             MPOOL_FREE(root->mempool, root->filter);
             root->filter = NULL;
+            return CL_EMALFDB;
         }
 
         /* TODO: should this affect maxpatlen? */