From 41d8be22a80841bf5e6f70263646021950c8bd41 Mon Sep 17 00:00:00 2001
From: Micah Snyder <micasnyd@cisco.com>
Date: Tue, 30 May 2023 15:35:55 -0700
Subject: [PATCH] Abort signature load for short signature patterns

If a signature has a pattern that is too short will fail to load the
siganture but does not cause the entire load process to abort.
This is bad for two reasons:
1) It is not immediately apparent that the signature is bad, and so it
could be published accidentally.
2) The signature is partially loaded by the time the bad pattern is
observed and that may cause a crash later.

Because of (1), it is not worth it to try to unload the first part of the
signature. Instead, we should just abort the signature load.

Fixes: https://github.com/Cisco-Talos/clamav/issues/923
---
 libclamav/matcher-ac.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libclamav/matcher-ac.c b/libclamav/matcher-ac.c
index 2ae8cdda19..708f79a458 100644
--- a/libclamav/matcher-ac.c
+++ b/libclamav/matcher-ac.c
@@ -2951,6 +2951,7 @@ cl_error_t cli_ac_addsig(struct cli_matcher *root, const char *virname, const ch
             cli_warnmsg("cli_ac_addsig: cannot use filter for trie\n");
             MPOOL_FREE(root->mempool, root->filter);
             root->filter = NULL;
+            return CL_EMALFDB;
         }
 
         /* TODO: should this affect maxpatlen? */