clamav

mirror/clamav

Fork 0

mirror of https://github.com/Cisco-Talos/clamav.git synced 2026-02-02 11:01:38 -05:00

Commit Graph

Author	SHA1	Message	Date
Andrew	1eff784d51	cmake: Fix fuzzing fmap leak detection The fuzz targets should use malloc instead of mmap because libFuzzer doesn't seem to track mmap leaks. The ENABLE_FUZZ feature disables HAVE_MMAP which is supposed to disable use of mmap in favor of malloc, but it doesn't because checks for the ANONYMOUS_MAP feature execute even if HAVE_MMAP is disabled, and some mmap usage in libclamav only tests if ANONYMOUS_MAP is defined without checking HAVE_MMAP. This commit will only define ANONYMOUS_MAP if HAVE_MMAP is set.	2021-04-02 19:28:07 -07:00
Micah Snyder (micasnyd)	861153a656	Fix errors when scanning files > 4G This commit resolves https://bugzilla.clamav.net/show_bug.cgi?id=12673 Changes in 0.103 to order of operations for creating fmaps and performaing hashes of fmaps resulted errors when scanning files that are 4096M and a different (but related) error when scanning files > 4096M. This is despite the fact that scanning is supposed to be limited to --max-scansize (MaxScanSize) and was also apparently limited to INT_MAX - 2 (aka ~1.999999G) back in 2014 to alleviate reported crashes for a few large file formats. (see https://bugzilla.clamav.net/show_bug.cgi?id=10960) This last limitation was not documented, so I added it to the sample clamd.conf. Anyways, the main issue is that the fmap module was using "unsigned int" and was then enforcing a limitation (verbose error messages) when that a map length exceeded the capapacity of an unsigned int. This commit switches the associated variables over to uint64_t, and while fmaps are still limited to size_t in other places, the fmap module will at least work with files > 4G on 64bit systems. In testing this, I found that the time to hash a file, particularly when hashing a file on an NTFS partition from Linux was really slow because we were hashing in FILEBUFF chunks (about 8K) at a time. Increasing this to 10MB chunks speeds up scanning of large files. Finally, now that hashing is performed immediately when an fmap is created for a file, hashing of files larger than max-scansize was occuring. This commit adds checks to bail out early if the file size exceeds the maximum before creating an fmap. It will alert with the Heuristics.Limits.Exceeded name if the heuristic is enabled. Also fixed CheckFmapFeatures.cmake module that detects if sysconf(_SC_PAGESIZE) is available.	2021-03-31 12:16:41 -07:00
Micah Snyder	fca3220bb6	Mmap support detection fixes Remove use of sizeof() for malloced pointer. Error handling improvements, fix leaks.	2020-08-31 13:59:33 -07:00

Author

SHA1

Message

Date

Andrew

1eff784d51

cmake: Fix fuzzing fmap leak detection

The fuzz targets should use malloc instead of mmap because libFuzzer
doesn't seem to track mmap leaks.

The ENABLE_FUZZ feature disables HAVE_MMAP which is supposed to
disable use of mmap in favor of malloc, but it doesn't because
checks for the ANONYMOUS_MAP feature execute even if HAVE_MMAP
is disabled, and some mmap usage in libclamav only tests if
ANONYMOUS_MAP is defined without checking HAVE_MMAP.

This commit will only define ANONYMOUS_MAP if HAVE_MMAP is set.

2021-04-02 19:28:07 -07:00

Micah Snyder (micasnyd)

861153a656

Fix errors when scanning files > 4G

This commit resolves https://bugzilla.clamav.net/show_bug.cgi?id=12673

Changes in 0.103 to order of operations for creating fmaps and
performaing hashes of fmaps resulted errors when scanning files that are
4096M and a different (but related) error when scanning files > 4096M.
This is despite the fact that scanning is supposed to be limited to
--max-scansize (MaxScanSize) and was also apparently limited to
INT_MAX - 2 (aka ~1.999999G) back in 2014 to alleviate reported crashes
for a few large file formats.
(see https://bugzilla.clamav.net/show_bug.cgi?id=10960)
This last limitation was not documented, so I added it to the sample
clamd.conf.

Anyways, the main issue is that the fmap module was using "unsigned int"
and was then enforcing a limitation (verbose error messages) when that
a map length exceeded the capapacity of an unsigned int. This commit
switches the associated variables over to uint64_t, and while fmaps are
still limited to size_t in other places, the fmap module will at least
work with files > 4G on 64bit systems.

In testing this, I found that the time to hash a file, particularly when
hashing a file on an NTFS partition from Linux was really slow because
we were hashing in FILEBUFF chunks (about 8K) at a time.  Increasing
this to 10MB chunks speeds up scanning of large files.

Finally, now that hashing is performed immediately when an fmap is
created for a file, hashing of files larger than max-scansize was
occuring. This commit adds checks to bail out early if the file size
exceeds the maximum before creating an fmap. It will alert with the
Heuristics.Limits.Exceeded name if the heuristic is enabled.

Also fixed CheckFmapFeatures.cmake module that detects if
sysconf(_SC_PAGESIZE) is available.

2021-03-31 12:16:41 -07:00

Micah Snyder

fca3220bb6

Mmap support detection fixes

Remove use of sizeof() for malloced pointer.

Error handling improvements, fix leaks.

2020-08-31 13:59:33 -07:00

3 Commits