Browse code
sync with 0.93.3
- ChangeLog
- clamd/others.c
- configure
- configure.in
- docs/clamdoc.pdf
- docs/clamdoc.tex
- docs/html/clamdoc.html
- docs/html/index.html
- docs/html/node1.html
- docs/html/node10.html
- docs/html/node11.html
- docs/html/node12.html
- docs/html/node13.html
- docs/html/node14.html
- docs/html/node15.html
- docs/html/node16.html
- docs/html/node17.html
- docs/html/node18.html
- docs/html/node19.html
- docs/html/node2.html
- docs/html/node20.html
- docs/html/node21.html
- docs/html/node22.html
- docs/html/node23.html
- docs/html/node24.html
- docs/html/node25.html
- docs/html/node26.html
- docs/html/node27.html
- docs/html/node28.html
- docs/html/node29.html
- docs/html/node3.html
- docs/html/node30.html
- docs/html/node31.html
- docs/html/node32.html
- docs/html/node33.html
- docs/html/node34.html
- docs/html/node35.html
- docs/html/node36.html
- docs/html/node37.html
- docs/html/node38.html
- docs/html/node39.html
- docs/html/node4.html
- docs/html/node40.html
- docs/html/node41.html
- docs/html/node42.html
- docs/html/node43.html
- docs/html/node44.html
- docs/html/node45.html
- docs/html/node46.html
- docs/html/node47.html
- docs/html/node48.html
- docs/html/node49.html
- docs/html/node5.html
- docs/html/node50.html
- docs/html/node51.html
- docs/html/node52.html
- docs/html/node53.html
- docs/html/node54.html
- docs/html/node6.html
- docs/html/node7.html
- docs/html/node8.html
- docs/html/node9.html
- libclamav/mspack.c
- libclamav/others.c
- libclamav/petite.c
| ... | ... |
@@ -1,3 +1,12 @@ |
| 1 |
+Tue Jul 8 17:54:19 CEST 2008 |
|
| 2 |
+----------------------------- |
|
| 3 |
+ * libclamav/petite.c: fix another out of bounds memory read (bb#1000) |
|
| 4 |
+ Reported by Secunia (CVE-2008-2713) |
|
| 5 |
+ |
|
| 6 |
+Tue Jul 8 17:54:12 CEST 2008 |
|
| 7 |
+----------------------------- |
|
| 8 |
+ * clamd/others.c: add missing checks for recv() failures (bb#1079) |
|
| 9 |
+ |
|
| 1 | 10 |
Tue Jul 8 14:06:05 EEST 2008 (edwin) |
| 2 | 11 |
------------------------------------- |
| 3 | 12 |
* libclamav/dconf.[ch], htmlnorm.c, jsparse/js-norm.[ch], scanners.c: |
| ... | ... |
@@ -362,6 +362,8 @@ int readsock(int sockfd, char *buf, size_t size, unsigned char delim, int timeou |
| 362 | 362 |
break; |
| 363 | 363 |
} |
| 364 | 364 |
n = recv(sockfd, buf, size, MSG_PEEK); |
| 365 |
+ if(n < 0) |
|
| 366 |
+ return -1; |
|
| 365 | 367 |
if(read_command) {
|
| 366 | 368 |
if((n >= 1) && (buf[0] == 'n')) { /* Newline delimited command */
|
| 367 | 369 |
force_delim = 1; |
| ... | ... |
@@ -408,6 +410,8 @@ int readsock(int sockfd, char *buf, size_t size, unsigned char delim, int timeou |
| 408 | 408 |
if(n == 0) |
| 409 | 409 |
break; |
| 410 | 410 |
} |
| 411 |
+ if(n < 0) |
|
| 412 |
+ return -1; |
|
| 411 | 413 |
n += boff; |
| 412 | 414 |
if(read_command) {
|
| 413 | 415 |
if((n >= 1) && (buf[0] == 'n')) { /* Need to strip leading 'n' from command to attain standard command */
|
| ... | ... |
@@ -56,7 +56,7 @@ original version by: Nikos Drakos, CBLU, University of Leeds |
| 56 | 56 |
<BR> |
| 57 | 57 |
<BR> |
| 58 | 58 |
<DIV ALIGN="RIGHT"> |
| 59 |
-<BR> <BIG CLASS="HUGE">Clam AntiVirus 0.93.1 |
|
| 59 |
+<BR> <BIG CLASS="HUGE">Clam AntiVirus 0.93.3 |
|
| 60 | 60 |
<BR> <BIG CLASS="HUGE"><SPAN CLASS="textit">User Manual</SPAN> |
| 61 | 61 |
<BR> |
| 62 | 62 |
</BIG></BIG></DIV> |
| ... | ... |
@@ -211,7 +211,7 @@ original version by: Nikos Drakos, CBLU, University of Leeds |
| 211 | 211 |
<BR><HR> |
| 212 | 212 |
<ADDRESS> |
| 213 | 213 |
Tomasz Kojm |
| 214 |
-2008-06-04 |
|
| 214 |
+2008-07-07 |
|
| 215 | 215 |
</ADDRESS> |
| 216 | 216 |
</BODY> |
| 217 | 217 |
</HTML> |
| ... | ... |
@@ -56,7 +56,7 @@ original version by: Nikos Drakos, CBLU, University of Leeds |
| 56 | 56 |
<BR> |
| 57 | 57 |
<BR> |
| 58 | 58 |
<DIV ALIGN="RIGHT"> |
| 59 |
-<BR> <BIG CLASS="HUGE">Clam AntiVirus 0.93.1 |
|
| 59 |
+<BR> <BIG CLASS="HUGE">Clam AntiVirus 0.93.3 |
|
| 60 | 60 |
<BR> <BIG CLASS="HUGE"><SPAN CLASS="textit">User Manual</SPAN> |
| 61 | 61 |
<BR> |
| 62 | 62 |
</BIG></BIG></DIV> |
| ... | ... |
@@ -211,7 +211,7 @@ original version by: Nikos Drakos, CBLU, University of Leeds |
| 211 | 211 |
<BR><HR> |
| 212 | 212 |
<ADDRESS> |
| 213 | 213 |
Tomasz Kojm |
| 214 |
-2008-06-04 |
|
| 214 |
+2008-07-07 |
|
| 215 | 215 |
</ADDRESS> |
| 216 | 216 |
</BODY> |
| 217 | 217 |
</HTML> |
| ... | ... |
@@ -64,11 +64,11 @@ Mathematics Department, Macquarie University, Sydney. |
| 64 | 64 |
The command line arguments were: <BR> |
| 65 | 65 |
<STRONG>latex2html</STRONG> <TT>-local_icons clamdoc.tex</TT> |
| 66 | 66 |
<P> |
| 67 |
-The translation was initiated by Tomasz Kojm on 2008-06-04 |
|
| 67 |
+The translation was initiated by Tomasz Kojm on 2008-07-07 |
|
| 68 | 68 |
<BR><HR> |
| 69 | 69 |
<ADDRESS> |
| 70 | 70 |
Tomasz Kojm |
| 71 |
-2008-06-04 |
|
| 71 |
+2008-07-07 |
|
| 72 | 72 |
</ADDRESS> |
| 73 | 73 |
</BODY> |
| 74 | 74 |
</HTML> |
| ... | ... |
@@ -1286,6 +1286,8 @@ int lzx_decompress(struct lzx_stream *lzx, off_t out_bytes) {
|
| 1286 | 1286 |
} |
| 1287 | 1287 |
else {
|
| 1288 | 1288 |
runsrc = rundest - match_offset; |
| 1289 |
+ if(i > (int) lzx->window_size - window_posn) |
|
| 1290 |
+ i = lzx->window_size - window_posn; |
|
| 1289 | 1291 |
while (i-- > 0) *rundest++ = *runsrc++; |
| 1290 | 1292 |
} |
| 1291 | 1293 |
|
| ... | ... |
@@ -1900,6 +1902,8 @@ int qtm_decompress(struct qtm_stream *qtm, off_t out_bytes) {
|
| 1900 | 1900 |
} |
| 1901 | 1901 |
else {
|
| 1902 | 1902 |
runsrc = rundest - match_offset; |
| 1903 |
+ if(i > (int) qtm->window_size - window_posn) |
|
| 1904 |
+ i = qtm->window_size - window_posn; |
|
| 1903 | 1905 |
while (i-- > 0) *rundest++ = *runsrc++; |
| 1904 | 1906 |
} |
| 1905 | 1907 |
window_posn += match_length; |
| ... | ... |
@@ -87,7 +87,7 @@ static pthread_mutex_t cli_ctime_mutex = PTHREAD_MUTEX_INITIALIZER; |
| 87 | 87 |
#define P_tmpdir "C:\\WINDOWS\\TEMP" |
| 88 | 88 |
#endif |
| 89 | 89 |
|
| 90 |
-#define CL_FLEVEL 32 /* don't touch it */ |
|
| 90 |
+#define CL_FLEVEL 33 /* don't touch it */ |
|
| 91 | 91 |
|
| 92 | 92 |
uint8_t cli_debug_flag = 0, cli_leavetemps_flag = 0; |
| 93 | 93 |
|
| ... | ... |
@@ -214,8 +214,14 @@ int petite_inflate2x_1to9(char *buf, uint32_t minrva, uint32_t bufsz, struct cli |
| 214 | 214 |
/* Let's compact data */ |
| 215 | 215 |
for (t = 0; t < j ; t++) {
|
| 216 | 216 |
usects[t].raw = (t>0)?(usects[t-1].raw + usects[t-1].rsz):0; |
| 217 |
- if (usects[t].rsz != 0 && CLI_ISCONTAINED(buf, bufsz, buf + usects[t].raw, usects[t].rsz)) |
|
| 218 |
- memmove(buf + usects[t].raw, adjbuf + usects[t].rva, usects[t].rsz); |
|
| 217 |
+ if (usects[t].rsz != 0) |
|
| 218 |
+ if(CLI_ISCONTAINED(buf, bufsz, buf + usects[t].raw, usects[t].rsz)) {
|
|
| 219 |
+ memmove(buf + usects[t].raw, adjbuf + usects[t].rva, usects[t].rsz); |
|
| 220 |
+ } else {
|
|
| 221 |
+ cli_dbgmsg("Petite: Skipping section %d, Raw: %x, RSize:%x\n", t, usects[t].raw, usects[t].rsz);
|
|
| 222 |
+ usects[t].raw = t>0 ? usects[t-1].raw : 0; |
|
| 223 |
+ usects[t].rsz = 0; |
|
| 224 |
+ } |
|
| 219 | 225 |
} |
| 220 | 226 |
|
| 221 | 227 |
/* Showtime!!! */ |