Refuse to map procfs files on Linux (VirusTotal#1848)

It makes no sense to try to mmap files for which the filesystem lies about the size (0). Clsoe VirusTotal#1838
hamarituc · Jan 2, 2023 · b5a0cfd · b5a0cfd
1 parent 68d9b65
commit b5a0cfd
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/libyara/filemap.c b/libyara/filemap.c
@@ -157,6 +157,11 @@ YR_API int yr_filemap_map_fd(
 
 #else  // POSIX
 
+#ifdef __linux__
+#include <sys/vfs.h>
+#include <linux/magic.h>
+#endif
+
 #define MAP_EXTRA_FLAGS 0
 
 #if defined(__APPLE__)
@@ -184,6 +189,9 @@ YR_API int yr_filemap_map_fd(
     YR_MAPPED_FILE* pmapped_file)
 {
   struct stat st;
+#ifdef __linux__
+  struct statfs stfs;
+#endif
 
   pmapped_file->file = file;
   pmapped_file->data = NULL;
@@ -199,6 +207,16 @@ YR_API int yr_filemap_map_fd(
   if (offset > st.st_size)
     return ERROR_COULD_NOT_MAP_FILE;
 
+#ifdef __linux__
+  if (fstatfs(file, &stfs) != 0)
+    return ERROR_COULD_NOT_OPEN_FILE;
+
+  switch (stfs.f_type) {
+  case PROC_SUPER_MAGIC:
+    return ERROR_COULD_NOT_OPEN_FILE;
+  }
+#endif
+
   if (size == 0)
     size = (size_t)(st.st_size - offset);