... | ... |
@@ -1,8 +1,8 @@ |
1 |
-0.97.7 |
|
1 |
+0.97.8 |
|
2 | 2 |
------ |
3 |
-ClamAV 0.97.7 addresses several reported potential security bugs. Thanks to |
|
4 |
-Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google Security |
|
5 |
-Team for finding and reporting these issues. |
|
3 |
+ClamAV 0.97.8 addresses several reported potential security bugs. Thanks to |
|
4 |
+Felix Groebert of the Google Security Team for finding and reporting these |
|
5 |
+issues. |
|
6 | 6 |
|
7 | 7 |
-- |
8 | 8 |
The ClamAV team (http://www.clamav.net/team) |
... | ... |
@@ -1,6 +1,12 @@ |
1 | 1 |
Note: This README/NEWS file refers to the source tarball. Some things described |
2 | 2 |
here may not be available in binary packages. |
3 | 3 |
-- |
4 |
+0.97.8 |
|
5 |
+------ |
|
6 |
+ClamAV 0.97.8 addresses several reported potential security bugs. Thanks to |
|
7 |
+Felix Groebert of the Google Security Team for finding and reporting these |
|
8 |
+issues. |
|
9 |
+ |
|
4 | 10 |
0.97.7 |
5 | 11 |
------ |
6 | 12 |
ClamAV 0.97.7 addresses several reported potential security bugs. Thanks to |
... | ... |
@@ -1868,13 +1868,21 @@ int cli_scanpe(cli_ctx *ctx) |
1868 | 1868 |
|
1869 | 1869 |
if(epbuff[1] != '\xbe' || skew <= 0 || skew > 0xfff) { /* FIXME: legit skews?? */ |
1870 | 1870 |
skew = 0; |
1871 |
- if(upxfn(src, ssize, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >= 0) |
|
1872 |
- upx_success = 1; |
|
1873 |
- |
|
1874 |
- } else { |
|
1871 |
+ } |
|
1872 |
+ else if(skew > ssize) { |
|
1873 |
+ /* Ignore suggested skew larger than section size */ |
|
1874 |
+ cli_dbgmsg("UPX: Ignoring bad skew of %d bytes\n", skew); |
|
1875 |
+ skew = 0; |
|
1876 |
+ } |
|
1877 |
+ else { |
|
1875 | 1878 |
cli_dbgmsg("UPX: UPX1 seems skewed by %d bytes\n", skew); |
1876 |
- if(upxfn(src + skew, ssize - skew, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep-skew) >= 0 || upxfn(src, ssize, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >= 0) |
|
1877 |
- upx_success = 1; |
|
1879 |
+ } |
|
1880 |
+ |
|
1881 |
+ if(upxfn(src + skew, ssize - skew, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep-skew) >= 0 || upxfn(src, ssize, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >= 0) { |
|
1882 |
+ upx_success = 1; |
|
1883 |
+ } |
|
1884 |
+ else if(skew && (upxfn(src, ssize, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >= 0)) { |
|
1885 |
+ upx_success = 1; |
|
1878 | 1886 |
} |
1879 | 1887 |
|
1880 | 1888 |
if(upx_success) |