git-svn: trunk@1742
Tomasz Kojm authored on 2005/11/04 06:45:18... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Thu Nov 3 22:44:00 CET 2005 (tk) |
|
2 |
+--------------------------------- |
|
3 |
+ * libclamav/tnef.c: fix possible infinite loop |
|
4 |
+ Reported by iDEFENSE (IDEF1169) |
|
5 |
+ |
|
1 | 6 |
Thu Nov 3 22:36:11 CET 2005 (tk) |
2 | 7 |
--------------------------------- |
3 | 8 |
* libclamav/petite.c: fix boundary checks, patch by aCaB |
... | ... |
@@ -24,7 +24,7 @@ |
24 | 24 |
#include "clamav-config.h" |
25 | 25 |
#endif |
26 | 26 |
|
27 |
-static char const rcsid[] = "$Id: tnef.c,v 1.27 2005/08/18 10:44:38 nigelhorne Exp $"; |
|
27 |
+static char const rcsid[] = "$Id: tnef.c,v 1.28 2005/11/03 21:45:18 kojm Exp $"; |
|
28 | 28 |
|
29 | 29 |
#include <stdio.h> |
30 | 30 |
#include <fcntl.h> |
... | ... |
@@ -203,7 +203,7 @@ static int |
203 | 203 |
tnef_message(FILE *fp, uint16_t type, uint16_t tag, int32_t length) |
204 | 204 |
{ |
205 | 205 |
uint16_t i16; |
206 |
- off_t offset; |
|
206 |
+ /* off_t offset; */ |
|
207 | 207 |
#if CL_DEBUG |
208 | 208 |
uint32_t i32; |
209 | 209 |
char *string; |
... | ... |
@@ -211,7 +211,7 @@ tnef_message(FILE *fp, uint16_t type, uint16_t tag, int32_t length) |
211 | 211 |
|
212 | 212 |
cli_dbgmsg("message tag 0x%x, type 0x%x, length %d\n", tag, type, length); |
213 | 213 |
|
214 |
- offset = ftell(fp); |
|
214 |
+ /* offset = ftell(fp); */ |
|
215 | 215 |
|
216 | 216 |
/* |
217 | 217 |
* a lot of this stuff should be only discovered in debug mode... |
... | ... |
@@ -261,11 +261,11 @@ tnef_message(FILE *fp, uint16_t type, uint16_t tag, int32_t length) |
261 | 261 |
|
262 | 262 |
/*cli_dbgmsg("%lu %lu\n", (long)(offset + length), ftell(fp));*/ |
263 | 263 |
|
264 |
- fseek(fp, offset + length, SEEK_SET); |
|
264 |
+ /* fseek(fp, offset + length, SEEK_SET); */ |
|
265 | 265 |
|
266 | 266 |
/* Checksum - TODO, verify */ |
267 |
- if(fread(&i16, sizeof(uint16_t), 1, fp) != 1) |
|
268 |
- return -1; |
|
267 |
+ /* if(fread(&i16, sizeof(uint16_t), 1, fp) != 1) |
|
268 |
+ return -1; */ |
|
269 | 269 |
|
270 | 270 |
return 0; |
271 | 271 |
} |
... | ... |
@@ -275,12 +275,12 @@ tnef_attachment(FILE *fp, uint16_t type, uint16_t tag, int32_t length, const cha |
275 | 275 |
{ |
276 | 276 |
uint32_t todo; |
277 | 277 |
uint16_t i16; |
278 |
- off_t offset; |
|
278 |
+ /* off_t offset; */ |
|
279 | 279 |
char *string; |
280 | 280 |
|
281 | 281 |
cli_dbgmsg("attachment tag 0x%x, type 0x%x, length %d\n", tag, type, length); |
282 | 282 |
|
283 |
- offset = ftell(fp); |
|
283 |
+ /* offset = ftell(fp); */ |
|
284 | 284 |
|
285 | 285 |
switch(tag) { |
286 | 286 |
case attATTACHTITLE: |
... | ... |
@@ -336,11 +336,11 @@ tnef_attachment(FILE *fp, uint16_t type, uint16_t tag, int32_t length, const cha |
336 | 336 |
|
337 | 337 |
/*cli_dbgmsg("%lu %lu\n", (long)(offset + length), ftell(fp));*/ |
338 | 338 |
|
339 |
- fseek(fp, (long)(offset + length), SEEK_SET); /* shouldn't be needed */ |
|
339 |
+ /* fseek(fp, (long)(offset + length), SEEK_SET); */ /* shouldn't be needed */ |
|
340 | 340 |
|
341 | 341 |
/* Checksum - TODO, verify */ |
342 |
- if(fread(&i16, sizeof(uint16_t), 1, fp) != 1) |
|
343 |
- return -1; |
|
342 |
+ /* if(fread(&i16, sizeof(uint16_t), 1, fp) != 1) |
|
343 |
+ return -1; */ |
|
344 | 344 |
|
345 | 345 |
return 0; |
346 | 346 |
} |