Browse code
fix possible infinite loop
| ... | ... |
@@ -1,3 +1,8 @@ |
| 1 |
+Thu Nov 3 22:44:00 CET 2005 (tk) |
|
| 2 |
+--------------------------------- |
|
| 3 |
+ * libclamav/tnef.c: fix possible infinite loop |
|
| 4 |
+ Reported by iDEFENSE (IDEF1169) |
|
| 5 |
+ |
|
| 1 | 6 |
Thu Nov 3 22:36:11 CET 2005 (tk) |
| 2 | 7 |
--------------------------------- |
| 3 | 8 |
* libclamav/petite.c: fix boundary checks, patch by aCaB |
| ... | ... |
@@ -24,7 +24,7 @@ |
| 24 | 24 |
#include "clamav-config.h" |
| 25 | 25 |
#endif |
| 26 | 26 |
|
| 27 |
-static char const rcsid[] = "$Id: tnef.c,v 1.27 2005/08/18 10:44:38 nigelhorne Exp $"; |
|
| 27 |
+static char const rcsid[] = "$Id: tnef.c,v 1.28 2005/11/03 21:45:18 kojm Exp $"; |
|
| 28 | 28 |
|
| 29 | 29 |
#include <stdio.h> |
| 30 | 30 |
#include <fcntl.h> |
| ... | ... |
@@ -203,7 +203,7 @@ static int |
| 203 | 203 |
tnef_message(FILE *fp, uint16_t type, uint16_t tag, int32_t length) |
| 204 | 204 |
{
|
| 205 | 205 |
uint16_t i16; |
| 206 |
- off_t offset; |
|
| 206 |
+ /* off_t offset; */ |
|
| 207 | 207 |
#if CL_DEBUG |
| 208 | 208 |
uint32_t i32; |
| 209 | 209 |
char *string; |
| ... | ... |
@@ -211,7 +211,7 @@ tnef_message(FILE *fp, uint16_t type, uint16_t tag, int32_t length) |
| 211 | 211 |
|
| 212 | 212 |
cli_dbgmsg("message tag 0x%x, type 0x%x, length %d\n", tag, type, length);
|
| 213 | 213 |
|
| 214 |
- offset = ftell(fp); |
|
| 214 |
+ /* offset = ftell(fp); */ |
|
| 215 | 215 |
|
| 216 | 216 |
/* |
| 217 | 217 |
* a lot of this stuff should be only discovered in debug mode... |
| ... | ... |
@@ -261,11 +261,11 @@ tnef_message(FILE *fp, uint16_t type, uint16_t tag, int32_t length) |
| 261 | 261 |
|
| 262 | 262 |
/*cli_dbgmsg("%lu %lu\n", (long)(offset + length), ftell(fp));*/
|
| 263 | 263 |
|
| 264 |
- fseek(fp, offset + length, SEEK_SET); |
|
| 264 |
+ /* fseek(fp, offset + length, SEEK_SET); */ |
|
| 265 | 265 |
|
| 266 | 266 |
/* Checksum - TODO, verify */ |
| 267 |
- if(fread(&i16, sizeof(uint16_t), 1, fp) != 1) |
|
| 268 |
- return -1; |
|
| 267 |
+ /* if(fread(&i16, sizeof(uint16_t), 1, fp) != 1) |
|
| 268 |
+ return -1; */ |
|
| 269 | 269 |
|
| 270 | 270 |
return 0; |
| 271 | 271 |
} |
| ... | ... |
@@ -275,12 +275,12 @@ tnef_attachment(FILE *fp, uint16_t type, uint16_t tag, int32_t length, const cha |
| 275 | 275 |
{
|
| 276 | 276 |
uint32_t todo; |
| 277 | 277 |
uint16_t i16; |
| 278 |
- off_t offset; |
|
| 278 |
+ /* off_t offset; */ |
|
| 279 | 279 |
char *string; |
| 280 | 280 |
|
| 281 | 281 |
cli_dbgmsg("attachment tag 0x%x, type 0x%x, length %d\n", tag, type, length);
|
| 282 | 282 |
|
| 283 |
- offset = ftell(fp); |
|
| 283 |
+ /* offset = ftell(fp); */ |
|
| 284 | 284 |
|
| 285 | 285 |
switch(tag) {
|
| 286 | 286 |
case attATTACHTITLE: |
| ... | ... |
@@ -336,11 +336,11 @@ tnef_attachment(FILE *fp, uint16_t type, uint16_t tag, int32_t length, const cha |
| 336 | 336 |
|
| 337 | 337 |
/*cli_dbgmsg("%lu %lu\n", (long)(offset + length), ftell(fp));*/
|
| 338 | 338 |
|
| 339 |
- fseek(fp, (long)(offset + length), SEEK_SET); /* shouldn't be needed */ |
|
| 339 |
+ /* fseek(fp, (long)(offset + length), SEEK_SET); */ /* shouldn't be needed */ |
|
| 340 | 340 |
|
| 341 | 341 |
/* Checksum - TODO, verify */ |
| 342 |
- if(fread(&i16, sizeof(uint16_t), 1, fp) != 1) |
|
| 343 |
- return -1; |
|
| 342 |
+ /* if(fread(&i16, sizeof(uint16_t), 1, fp) != 1) |
|
| 343 |
+ return -1; */ |
|
| 344 | 344 |
|
| 345 | 345 |
return 0; |
| 346 | 346 |
} |