Browse code
improve scanning of zip files
- clamav-devel/AUTHORS
- clamav-devel/ChangeLog
- clamav-devel/libclamav/scanners.c
- clamav-devel/libclamav/zziplib/zzip-file.c
- clamav-devel/libclamav/zziplib/zzip-zip.c
- clamav-devel/libclamav/zziplib/zziplib.h
| ... | ... |
@@ -108,6 +108,7 @@ James P. Dugal <jpd*louisiana.edu> |
| 108 | 108 |
Magnus Ekdahl <magnus*debian.org> |
| 109 | 109 |
Jens Elkner <elkner*linofee.org> |
| 110 | 110 |
Jason Englander <jason*englanders.cc> |
| 111 |
+Daniel Fahlgren <fahlgren*ardendo.se> |
|
| 111 | 112 |
Andy Fiddaman <clam*fiddaman.net> |
| 112 | 113 |
Tony Finch <dot*dotat.at> |
| 113 | 114 |
David Ford <david+cert*blue-labs.org> |
| ... | ... |
@@ -1,3 +1,8 @@ |
| 1 |
+Sun Aug 21 03:19:15 CEST 2005 (tk) |
|
| 2 |
+---------------------------------- |
|
| 3 |
+ * libclamav: improve scanning of zip files (patch by Daniel Fahlgren |
|
| 4 |
+ <fahlgren*ardendo.se>) |
|
| 5 |
+ |
|
| 1 | 6 |
Sun Aug 21 01:06:54 CEST 2005 (tk) |
| 2 | 7 |
---------------------------------- |
| 3 | 8 |
* clamd: use reentrant version of gethostbyname when available |
| ... | ... |
@@ -314,7 +314,7 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const |
| 314 | 314 |
*/ |
| 315 | 315 |
encrypted = (zdirent.d_flags & 0x2041 != 0); |
| 316 | 316 |
|
| 317 |
- cli_dbgmsg("Zip: %s, crc32: 0x%x, encrypted: %d, compressed: %u, normal: %u, method: %d, ratio: %d (max: %d)\n", zdirent.d_name, zdirent.d_crc32, encrypted, zdirent.d_csize, zdirent.st_size, zdirent.d_compr, zdirent.d_csize ? (zdirent.st_size / zdirent.d_csize) : 0, limits ? limits->maxratio : 0);
|
|
| 317 |
+ cli_dbgmsg("Zip: %s, crc32: 0x%x, offset: %d, encrypted: %d, compressed: %u, normal: %u, method: %d, ratio: %d (max: %d)\n", zdirent.d_name, zdirent.d_crc32, zdirent.d_off, encrypted, zdirent.d_csize, zdirent.st_size, zdirent.d_compr, zdirent.d_csize ? (zdirent.st_size / zdirent.d_csize) : 0, limits ? limits->maxratio : 0);
|
|
| 318 | 318 |
|
| 319 | 319 |
if(!zdirent.st_size) {
|
| 320 | 320 |
if(zdirent.d_crc32) {
|
| ... | ... |
@@ -425,7 +425,7 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const |
| 425 | 425 |
} |
| 426 | 426 |
} |
| 427 | 427 |
|
| 428 |
- if((zfp = zzip_file_open(zdir, zdirent.d_name, 0)) == NULL) {
|
|
| 428 |
+ if((zfp = zzip_file_open(zdir, zdirent.d_name, 0, zdirent.d_off)) == NULL) {
|
|
| 429 | 429 |
cli_dbgmsg("Zip: Can't open file %s\n", zdirent.d_name);
|
| 430 | 430 |
ret = CL_EZIP; |
| 431 | 431 |
break; |
| ... | ... |
@@ -153,7 +153,7 @@ static int zzip_inflate_init(ZZIP_FILE *, struct zzip_dir_hdr *); |
| 153 | 153 |
* memchunk here... just to be safe. |
| 154 | 154 |
*/ |
| 155 | 155 |
ZZIP_FILE * |
| 156 |
-zzip_file_open(ZZIP_DIR * dir, zzip_char_t* name, int o_mode) |
|
| 156 |
+zzip_file_open(ZZIP_DIR * dir, zzip_char_t* name, int o_mode, int d_off) |
|
| 157 | 157 |
{
|
| 158 | 158 |
zzip_error_t err = 0; |
| 159 | 159 |
struct zzip_file * fp = 0; |
| ... | ... |
@@ -185,7 +185,7 @@ zzip_file_open(ZZIP_DIR * dir, zzip_char_t* name, int o_mode) |
| 185 | 185 |
hdr->d_name, hdr->d_compr, hdr->d_usize); |
| 186 | 186 |
*/ |
| 187 | 187 |
|
| 188 |
- if (!cmp(hdr_name, name)) |
|
| 188 |
+ if (!cmp(hdr_name, name) && (d_off == -1 || d_off == hdr->d_off)) |
|
| 189 | 189 |
{
|
| 190 | 190 |
switch (hdr->d_compr) |
| 191 | 191 |
{
|
| ... | ... |
@@ -744,7 +744,7 @@ zzip_open_shared_io (ZZIP_FILE* stream, |
| 744 | 744 |
filename[len] == '/' && filename[len+1]) |
| 745 | 745 |
{
|
| 746 | 746 |
ZZIP_FILE* fp = |
| 747 |
- zzip_file_open (stream->dir, filename+len+1, o_modes); |
|
| 747 |
+ zzip_file_open (stream->dir, filename+len+1, o_modes, -1); // XXX d_off |
|
| 748 | 748 |
if (! fp) { errno = zzip_errno (stream->dir->errcode); }
|
| 749 | 749 |
return fp; |
| 750 | 750 |
} |
| ... | ... |
@@ -767,7 +767,7 @@ zzip_open_shared_io (ZZIP_FILE* stream, |
| 767 | 767 |
if (e) { errno = zzip_errno(e); io->close(fd); return 0; }
|
| 768 | 768 |
|
| 769 | 769 |
/* (p - basename) is the lenghtof zzip_dir part of the filename */ |
| 770 |
- fp = zzip_file_open(dir, filename + (p - basename) +1, o_modes); |
|
| 770 |
+ fp = zzip_file_open(dir, filename + (p - basename) +1, o_modes, -1); // XXX d_off |
|
| 771 | 771 |
if (! fp) { errno = zzip_errno(dir->errcode); }
|
| 772 | 772 |
else { if (! dir->realname) dir->realname = strdup (basename); }
|
| 773 | 773 |
|
| ... | ... |
@@ -418,6 +418,11 @@ __zzip_parse_root_directory(int fd, |
| 418 | 418 |
hdr->d_csize = ZZIP_GET32(d->z_csize); |
| 419 | 419 |
hdr->d_usize = ZZIP_GET32(d->z_usize); |
| 420 | 420 |
hdr->d_off = ZZIP_GET32(d->z_off); |
| 421 |
+ if(hdr->d_off < 0) |
|
| 422 |
+ {
|
|
| 423 |
+ free(hdr0); |
|
| 424 |
+ return ZZIP_DIR_READ; |
|
| 425 |
+ } |
|
| 421 | 426 |
hdr->d_compr = (uint8_t)ZZIP_GET16(d->z_compr); |
| 422 | 427 |
hdr->d_flags = u_flags; |
| 423 | 428 |
|
| ... | ... |
@@ -731,6 +736,7 @@ zzip_dir_read(ZZIP_DIR * dir, ZZIP_DIRENT * d ) |
| 731 | 731 |
d->st_size = dir->hdr->d_usize; |
| 732 | 732 |
d->d_name = dir->hdr->d_name; |
| 733 | 733 |
d->d_flags = dir->hdr->d_flags; |
| 734 |
+ d->d_off = dir->hdr->d_off; |
|
| 734 | 735 |
d->d_crc32 = (int) dir->hdr->d_crc32; |
| 735 | 736 |
|
| 736 | 737 |
if (! dir->hdr->d_reclen) |
| ... | ... |
@@ -102,6 +102,7 @@ struct zzip_dirent |
| 102 | 102 |
unsigned short d_flags; /* general purpose flags */ |
| 103 | 103 |
char * d_name; /* file name / strdupped name */ |
| 104 | 104 |
int d_crc32; /* the adler32-checksum */ |
| 105 |
+ int d_off; /* the offset in the file */ |
|
| 105 | 106 |
}; |
| 106 | 107 |
|
| 107 | 108 |
/* |
| ... | ... |
@@ -187,7 +188,7 @@ void zzip_seekdir(ZZIP_DIR * dir, zzip_off_t offset); |
| 187 | 187 |
* zzip/file.c |
| 188 | 188 |
*/ |
| 189 | 189 |
_zzip_export |
| 190 |
-ZZIP_FILE * zzip_file_open(ZZIP_DIR * dir, zzip_char_t* name, int modes); |
|
| 190 |
+ZZIP_FILE * zzip_file_open(ZZIP_DIR * dir, zzip_char_t* name, int modes, int d_off); |
|
| 191 | 191 |
_zzip_export |
| 192 | 192 |
int zzip_file_close(ZZIP_FILE * fp); |
| 193 | 193 |
_zzip_export |