From e00299261d88087ab1c9bce2e4a382c852d8ba52 Mon Sep 17 00:00:00 2001
From: Andy Ragusa <aragusa@cisco.com>
Date: Tue, 7 May 2024 09:07:56 -0700
Subject: [PATCH] Added checks for MaxRecursion

---
 clamd/server-th.c   | 7 +++++++
 clamscan/manager.c  | 8 ++++++++
 libclamav/default.h | 2 ++
 3 files changed, 17 insertions(+)

diff --git a/clamd/server-th.c b/clamd/server-th.c
index 7dd30d5fb6..e32d907bb7 100644
--- a/clamd/server-th.c
+++ b/clamd/server-th.c
@@ -50,6 +50,7 @@
 #include "clamav.h"
 #include "others.h"
 #include "readdb.h"
+#include "default.h"
 
 // common
 #include "output.h"
@@ -981,6 +982,12 @@ int recvloop(int *socketds, unsigned nsockets, struct cl_engine *engine, unsigne
 #endif
 
     if ((opt = optget(opts, "MaxRecursion"))->active) {
+        if ((0 == opt->numarg) || (opt->numarg > CLI_MAX_MAXRECLEVEL)){
+            logg(LOGG_ERROR, "MaxRecursion set to %u, but cannot be larger than %u, and cannot be 0.\n",
+                    opt->numarg, CLI_MAX_MAXRECLEVEL);
+            cl_engine_free(engine);
+            return 1;
+        }
         if ((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_RECURSION, opt->numarg))) {
             logg(LOGG_ERROR, "cl_engine_set_num(CL_ENGINE_MAX_RECURSION) failed: %s\n", cl_strerror(ret));
             cl_engine_free(engine);
diff --git a/clamscan/manager.c b/clamscan/manager.c
index db3a8f46b6..79491123f9 100644
--- a/clamscan/manager.c
+++ b/clamscan/manager.c
@@ -56,6 +56,7 @@
 #include "matcher-pcre.h"
 #include "str.h"
 #include "readdb.h"
+#include "default.h"
 
 // common
 #include "optparser.h"
@@ -1379,6 +1380,13 @@ int scanmanager(const struct optstruct *opts)
     }
 
     if ((opt = optget(opts, "max-recursion"))->active) {
+        uint32_t opt_value = opt->numarg;
+        if ((0 == opt_value) || (opt_value > CLI_MAX_MAXRECLEVEL)){
+            logg(LOGG_ERROR, "max-recursion set to %u, but  cannot be larger than %u, and cannot be 0.\n",
+                    opt_value, CLI_MAX_MAXRECLEVEL);
+            ret = 2;
+            goto done;
+        }
         if ((ret = cl_engine_set_num(engine, CL_ENGINE_MAX_RECURSION, opt->numarg))) {
             logg(LOGG_ERROR, "cli_engine_set_num(CL_ENGINE_MAX_RECURSION) failed: %s\n", cl_strerror(ret));
             ret = 2;
diff --git a/libclamav/default.h b/libclamav/default.h
index df50876090..caa1ad3e7b 100644
--- a/libclamav/default.h
+++ b/libclamav/default.h
@@ -58,6 +58,8 @@
 #define CLI_DEFAULT_PCRE_RECMATCH_LIMIT 2000
 #define CLI_DEFAULT_PCRE_MAX_FILESIZE   (1024 * 1024 * 100)   // 100 MB
 
+/* Maximums */
+#define CLI_MAX_MAXRECLEVEL     100
 // clang-format on
 
 #endif