Skip to content

Fix: TNEF dump hanging#1445

Merged
val-ms merged 1 commit intoCisco-Talos:mainfrom
ylecuyer:patch-1
Feb 3, 2025
Merged

Fix: TNEF dump hanging#1445
val-ms merged 1 commit intoCisco-Talos:mainfrom
ylecuyer:patch-1

Conversation

@ylecuyer
Copy link
Contributor

@ylecuyer ylecuyer commented Jan 30, 2025

Hello, while running clamav in debug mode, we found a file that was hanging the process.

After investigation, it turns out it is an eml with a winmail.data attachment > 8kb

So, in order to dump, it loops over the file with BUFSIZ chunks using fmap_readn

fmap_readn can return either -1 or 0 (

clamav/libclamav/fmap.h

Line 301 in 86a3835

return 0;
) but in the dump code only the -1 case is handled

It is hard to add a test, we can't share the original file and I found no way to create a similar file

val-ms
val-ms approved these changes Feb 3, 2025
View reviewed changes
Copy link
Contributor

@val-ms val-ms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix! As we confirmed in direct message conversation, this issue only affects running in debug mode (i.e. clamscan's --debug or clamd's Debug yes options).

With the latest update, your fix looks good to me. Thanks again!

@val-ms val-ms merged commit f60e2db into Cisco-Talos:main Feb 3, 2025
23 checks passed
@ylecuyer ylecuyer deleted the patch-1 branch February 4, 2025 08:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@val-ms val-ms val-ms approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ylecuyer @val-ms