Browse code
libclamav: bb #7055
David Raynor authored on 2013/04/06 06:36:54Showing 3 changed files
| ... | ... |
@@ -1,8 +1,8 @@ |
| 1 |
-0.97.7 |
|
| 1 |
+0.97.8 |
|
| 2 | 2 |
------ |
| 3 |
-ClamAV 0.97.7 addresses several reported potential security bugs. Thanks to |
|
| 4 |
-Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google Security |
|
| 5 |
-Team for finding and reporting these issues. |
|
| 3 |
+ClamAV 0.97.8 addresses several reported potential security bugs. Thanks to |
|
| 4 |
+Felix Groebert of the Google Security Team for finding and reporting these |
|
| 5 |
+issues. |
|
| 6 | 6 |
|
| 7 | 7 |
-- |
| 8 | 8 |
The ClamAV team (http://www.clamav.net/team) |
| ... | ... |
@@ -1,6 +1,12 @@ |
| 1 | 1 |
Note: This README/NEWS file refers to the source tarball. Some things described |
| 2 | 2 |
here may not be available in binary packages. |
| 3 | 3 |
-- |
| 4 |
+0.97.8 |
|
| 5 |
+------ |
|
| 6 |
+ClamAV 0.97.8 addresses several reported potential security bugs. Thanks to |
|
| 7 |
+Felix Groebert of the Google Security Team for finding and reporting these |
|
| 8 |
+issues. |
|
| 9 |
+ |
|
| 4 | 10 |
0.97.7 |
| 5 | 11 |
------ |
| 6 | 12 |
ClamAV 0.97.7 addresses several reported potential security bugs. Thanks to |
| ... | ... |
@@ -1868,13 +1868,21 @@ int cli_scanpe(cli_ctx *ctx) |
| 1868 | 1868 |
|
| 1869 | 1869 |
if(epbuff[1] != '\xbe' || skew <= 0 || skew > 0xfff) { /* FIXME: legit skews?? */
|
| 1870 | 1870 |
skew = 0; |
| 1871 |
- if(upxfn(src, ssize, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >= 0) |
|
| 1872 |
- upx_success = 1; |
|
| 1873 |
- |
|
| 1874 |
- } else {
|
|
| 1871 |
+ } |
|
| 1872 |
+ else if(skew > ssize) {
|
|
| 1873 |
+ /* Ignore suggested skew larger than section size */ |
|
| 1874 |
+ cli_dbgmsg("UPX: Ignoring bad skew of %d bytes\n", skew);
|
|
| 1875 |
+ skew = 0; |
|
| 1876 |
+ } |
|
| 1877 |
+ else {
|
|
| 1875 | 1878 |
cli_dbgmsg("UPX: UPX1 seems skewed by %d bytes\n", skew);
|
| 1876 |
- if(upxfn(src + skew, ssize - skew, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep-skew) >= 0 || upxfn(src, ssize, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >= 0) |
|
| 1877 |
- upx_success = 1; |
|
| 1879 |
+ } |
|
| 1880 |
+ |
|
| 1881 |
+ if(upxfn(src + skew, ssize - skew, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep-skew) >= 0 || upxfn(src, ssize, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >= 0) {
|
|
| 1882 |
+ upx_success = 1; |
|
| 1883 |
+ } |
|
| 1884 |
+ else if(skew && (upxfn(src, ssize, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >= 0)) {
|
|
| 1885 |
+ upx_success = 1; |
|
| 1878 | 1886 |
} |
| 1879 | 1887 |
|
| 1880 | 1888 |
if(upx_success) |