Index: debian/changelog =================================================================== --- debian/changelog (Revision 4529) +++ debian/changelog (Arbeitskopie) @@ -1,3 +1,12 @@ +squid (2.5.9-9.gibraltar.6) unstable; urgency=low + + * Security issue: Fix a vairable initialization error in clamavscan.c + that can lead to a file not being scanned when the maximum file size + parameter is != -1. Thanks to Robert Fischer and Josef Bergmann for + pointing it out that there is a problem. + + -- Rene Mayrhofer Mon, 13 Mar 2006 13:58:05 +0000 + squid (2.5.9-9.gibraltar.5) unstable; urgency=low * Turn up the debugging level of some ICAP log messages so that they Index: filters/clamavscan.c =================================================================== --- filters/clamavscan.c (Revision 4529) +++ filters/clamavscan.c (Arbeitskopie) @@ -65,7 +65,8 @@ #ifdef USE_SCANNING_BLOCKS int scanBlockSize; #endif - int maxFileSizeToScan; + int maxFileSizeToScan; + int lastTmpFileSize; })) #define CLAMAVSCAN_C @@ -148,7 +149,7 @@ bytes with each scanning, i.e. a sliding window of maxScanSize bytes over the whole file). Thus, any virus that is contained in these first maxScanSize bytes will be caught. */ - if (cf->maxFileSizeToScan == -1 || scan_stat.st_size <= cf->maxFileSizeToScan) { + if (cf->maxFileSizeToScan == -1 || cf->lastTmpFileSize < cf->maxFileSizeToScan) { // get the file name from the hash and update with the buffer #ifdef USE_SCANNING_BLOCKS @@ -178,6 +179,9 @@ (scan_stat.st_size - cf->maxScanSize), tmpfile, strerror(errno), errno); } } + /* Remember that file size for the next call to determine if the file + should be updated or not. */ + cf->lastTmpFileSize = scan_stat.st_size; /* only scan in block sizes (also for better performance), but always scan the complete file before returning it (see below) */ @@ -341,6 +345,7 @@ f->scanBlockSize = this->scanBlockSize; #endif f->maxFileSizeToScan = this->maxFileSizeToScan; + f->lastTmpFileSize = 0; return f; }