Defer or avoid file MD5 calculation when cache is disabled#1167
Merged
val-ms merged 2 commits intoCisco-Talos:mainfrom May 6, 2024
antchan2:optimize_clam_cache_disabled_
Merged
Defer or avoid file MD5 calculation when cache is disabled#1167val-ms merged 2 commits intoCisco-Talos:mainfrom antchan2:optimize_clam_cache_disabled_
val-ms merged 2 commits intoCisco-Talos:mainfrom
antchan2:optimize_clam_cache_disabled_
Conversation
val-ms
approved these changes
Apr 29, 2024
If SCAN_COLLECT_METADATA is enabled, and caching is disabled, we zero-out the hash after recording it. This results in a non-NULL and invalid-hash that may be passed to `cli_scan_fmap()` for the "raw mode" scan. It's an uncommon code path, but would result in comparing hash-sigs with a zeroed hash rather than the valid hash. This bug could result in a missed hash-based sig matches. There is no reason to invalidate or zero-out the hash if we happen to calculate it. We avoid the cache-lookup by checking the engine setting, not by checking if we have a hash.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
If the clean cache is not used (
CL_ENGINE_DISABLE_CACHE=1), it is not necessary to calculate the file's MD5 checksum in preparation for cache lookup. This change modifiescli_magic_scanto skip the MD5 calculation if the cache is disabled.