GitList

Browse code

adding check prior to call to isalnum to avoid assert error in windows when random data that is < -1 or > 255 is fed into isalnum(). see https://stackoverflow.com/questions/28589051/using-isalnum-with-signed-character-inputs-visual-c

Micah Snyder authored on 2017/11/09 10:27:19
Showing 1 changed files

libclamav/libmspack-0.5alpha/mspack/cabd.c index 7ea8490..9c885f1 100644

libclamav/libmspack-0.5alpha/mspack/cabd.c

@@ -314,7 +314,7 @@ static int cab_chkname(
       sys->message(NULL, "cab_chkname: File name contains disallowed characters");
       return 1;
     }
-    else if (san && !isalnum(name[i]))
+    else if (san && ((name[i] < -1 || name[i] > 255) || !isalnum((unsigned char*)name[i])))
     {
       name[i] = '*';
     }

...	...	@@ -314,7 +314,7 @@ static int cab_chkname(
314	314	sys->message(NULL, "cab_chkname: File name contains disallowed characters");
315	315	return 1;
316	316	}
317		- else if (san && !isalnum(name[i]))
	317	+ else if (san && ((name[i] < -1 \|\| name[i] > 255) \|\| !isalnum((unsigned char*)name[i])))
318	318	{
319	319	name[i] = '*';
320	320	}