From 89711e1dfdc605df571f5afc23994fcc2746d46a Mon Sep 17 00:00:00 2001 From: Micah Snyder Date: Wed, 30 Oct 2024 16:01:25 -0400 Subject: [PATCH] Fix a possible crash when loading a malformed logical signature If the 'hexsig' for an image fuzzy hash subsignature has invalid unicode it may cause a crash. The problem is we fail to allocate an error message in this instance, so when it tries to print that message it gets a NULL dereference. This is not a security issue. Fixes: https://issues.oss-fuzz.com/issues/376331488 --- libclamav_rust/src/evidence.rs | 2 +- libclamav_rust/src/ffi_util.rs | 28 ++++++++++++++++++++++++++++ libclamav_rust/src/fuzzy_hash.rs | 2 +- 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/libclamav_rust/src/evidence.rs b/libclamav_rust/src/evidence.rs index e91bc7a991..e03ce93131 100644 --- a/libclamav_rust/src/evidence.rs +++ b/libclamav_rust/src/evidence.rs @@ -209,7 +209,7 @@ pub unsafe extern "C" fn _evidence_add_indicator( indicator_type: IndicatorType, err: *mut *mut FFIError, ) -> bool { - let name_str = validate_str_param!(name); + let name_str = validate_str_param!(name, err = err); let mut evidence = ManuallyDrop::new(Box::from_raw(evidence as *mut Evidence)); diff --git a/libclamav_rust/src/ffi_util.rs b/libclamav_rust/src/ffi_util.rs index 64a737b6ab..aaaa9d2842 100644 --- a/libclamav_rust/src/ffi_util.rs +++ b/libclamav_rust/src/ffi_util.rs @@ -288,6 +288,13 @@ mod tests { /// let blah = validate_str_param!(blah); /// # } /// ``` +/// ```edition2018 +/// use util::validate_str_param; +/// +/// # pub extern "C" fn _my_c_interface(blah: *const c_char) -> sys::cl_error_t { +/// let blah = validate_str_param!(blah, err = err); +/// # } +/// ``` #[macro_export] macro_rules! validate_str_param { ($ptr:ident) => { @@ -305,4 +312,25 @@ macro_rules! validate_str_param { } } }; + + ($ptr:ident, err=$err:ident) => { + if $err.is_null() { + warn!("{} is NULL", stringify!($err)); + return false; + } else if $ptr.is_null() { + warn!("{} is NULL", stringify!($ptr)); + return false; + } else { + #[allow(unused_unsafe)] + match unsafe { CStr::from_ptr($ptr) }.to_str() { + Err(e) => { + warn!("{} is not valid unicode: {}", stringify!($ptr), e); + + *$err = Box::into_raw(Box::new(e.into())); + return false; + } + Ok(s) => s, + } + } + }; } diff --git a/libclamav_rust/src/fuzzy_hash.rs b/libclamav_rust/src/fuzzy_hash.rs index 6d848370ae..63983133f6 100644 --- a/libclamav_rust/src/fuzzy_hash.rs +++ b/libclamav_rust/src/fuzzy_hash.rs @@ -181,7 +181,7 @@ pub unsafe extern "C" fn _fuzzy_hash_load_subsignature( subsig_id: u32, err: *mut *mut FFIError, ) -> bool { - let hexsig = validate_str_param!(hexsig); + let hexsig = validate_str_param!(hexsig, err=err); let mut hashmap = ManuallyDrop::new(Box::from_raw(fuzzy_hashmap as *mut FuzzyHashMap));