git-svn: trunk@3794
aCaB authored on 2008/04/17 03:09:47... | ... |
@@ -132,7 +132,7 @@ AC_LIB_PROG_LD_GNU |
132 | 132 |
|
133 | 133 |
# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- |
134 | 134 |
|
135 |
-# serial 52 Debian 1.5.26-1 AC_PROG_LIBTOOL |
|
135 |
+# serial 52 Debian 1.5.26-3 AC_PROG_LIBTOOL |
|
136 | 136 |
|
137 | 137 |
|
138 | 138 |
# AC_PROVIDE_IFELSE(MACRO-NAME, IF-PROVIDED, IF-NOT-PROVIDED) |
... | ... |
@@ -2793,7 +2793,7 @@ _ACEOF |
2793 | 2793 |
|
2794 | 2794 |
|
2795 | 2795 |
LC_CURRENT=4 |
2796 |
-LC_REVISION=0 |
|
2796 |
+LC_REVISION=1 |
|
2797 | 2797 |
LC_AGE=0 |
2798 | 2798 |
LIBCLAMAV_VERSION="$LC_CURRENT":"$LC_REVISION":"$LC_AGE" |
2799 | 2799 |
|
... | ... |
@@ -14533,17 +14533,147 @@ echo "${ECHO_T}$ac_cv_header_bzlib_h" >&6; } |
14533 | 14533 |
|
14534 | 14534 |
fi |
14535 | 14535 |
if test $ac_cv_header_bzlib_h = yes; then |
14536 |
- LIBCLAMAV_LIBS="$LIBCLAMAV_LIBS $LTLIBBZ2"; |
|
14536 |
+ { echo "$as_me:$LINENO: checking for CVE-2008-1372" >&5 |
|
14537 |
+echo $ECHO_N "checking for CVE-2008-1372... $ECHO_C" >&6; } |
|
14538 |
+if test "${ac_cv_c_cve_2008_1372+set}" = set; then |
|
14539 |
+ echo $ECHO_N "(cached) $ECHO_C" >&6 |
|
14540 |
+else |
|
14537 | 14541 |
|
14538 |
-cat >>confdefs.h <<\_ACEOF |
|
14539 |
-#define HAVE_BZLIB_H 1 |
|
14542 |
+save_LDFLAGS="$LDFLAGS" |
|
14543 |
+LDFLAGS="$LIBCLAMAV_LIBS $LTLIBBZ2" |
|
14544 |
+if test "$cross_compiling" = yes; then |
|
14545 |
+ ac_cv_c_cve_2008_1372=ok |
|
14546 |
+else |
|
14547 |
+ cat >conftest.$ac_ext <<_ACEOF |
|
14548 |
+/* confdefs.h. */ |
|
14540 | 14549 |
_ACEOF |
14550 |
+cat confdefs.h >>conftest.$ac_ext |
|
14551 |
+cat >>conftest.$ac_ext <<_ACEOF |
|
14552 |
+/* end confdefs.h. */ |
|
14553 |
+ |
|
14554 |
+#include <string.h> |
|
14555 |
+#include <stdlib.h> |
|
14556 |
+#include <bzlib.h> |
|
14557 |
+ |
|
14558 |
+#ifdef NOBZ2PREFIX |
|
14559 |
+#define BZ2_bzReadOpen bzReadOpen |
|
14560 |
+#define BZ2_bzReadClose bzReadClose |
|
14561 |
+#define BZ2_bzRead bzRead |
|
14562 |
+#endif |
|
14563 |
+ |
|
14564 |
+const unsigned char poc[] = { |
|
14565 |
+ 0x42, 0x5a, 0x68, 0x39, 0x31, 0x41, 0x59, 0x26, 0x53, 0x59, 0x20, 0x0c, |
|
14566 |
+ 0xa6, 0x9c, 0x00, 0x00, 0xc2, 0xfb, 0x90, 0xca, 0x10, 0x04, 0x00, 0x40, |
|
14567 |
+ 0x03, 0x77, 0x80, 0x06, 0x00, 0x7a, 0x2f, 0xde, 0x40, 0x04, 0x00, 0x40, |
|
14568 |
+ 0x08, 0x30, 0x00, 0xb9, 0xb0, 0x4a, 0x89, 0xa3, 0x43, 0x4d, 0x00, 0x00, |
|
14569 |
+ 0x01, 0xb5, 0x04, 0xa4, 0x6a, 0x19, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x91, |
|
14570 |
+ 0x00, 0x00, 0x00, 0x00, 0x2a, 0x91, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x00, |
|
14571 |
+ 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, |
|
14572 |
+ 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x2a, |
|
14573 |
+ 0x91, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x91, 0x00, 0x00, 0x00, 0x00, 0x2a, |
|
14574 |
+ 0x91, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x91, 0x2a, 0xad, 0x2a, 0x91, 0x32, |
|
14575 |
+ 0x9a, 0x32, 0x0d, 0x06, 0x8d, 0x00, 0x03, 0xf7, 0x13, 0xd2, 0xf5, 0x54, |
|
14576 |
+ 0x5b, 0x20, 0x4b, 0x34, 0x40, 0x8a, 0x6b, 0xaa, 0x64, 0xd8, 0x30, 0x9d, |
|
14577 |
+ 0x8a, 0x9a, 0x52, 0x44, 0x13, 0x46, 0x37, 0xd9, 0x0a, 0x3c, 0xa6, 0xee, |
|
14578 |
+ 0xe9, 0xee, 0xec, 0x6d, 0x4a, 0x65, 0xc2, 0x32, 0xcb, 0x43, 0x82, 0x48, |
|
14579 |
+ 0xa1, 0x26, 0xc3, 0x43, 0x11, 0x47, 0x0a, 0x5e, 0xc1, 0x30, 0x55, 0x84, |
|
14580 |
+ 0xb1, 0x25, 0x7a, 0x2b, 0x86, 0x0e, 0xc8, 0x1a, 0x45, 0x10, 0xf1, 0xa9, |
|
14581 |
+ 0x19, 0x00, 0x30, 0x3c, 0x2a, 0xeb, 0x16, 0x6a, 0x75, 0x86, 0x60, 0xd0, |
|
14582 |
+ 0xc7, 0xd0, 0x94, 0x34, 0xf1, 0x6b, 0x49, 0x9f, 0x30, 0x4e, 0x0f, 0x70, |
|
14583 |
+ 0xbe, 0x12, 0x28, 0xe9, 0x7d, 0x10, 0x80, 0x35, 0x53, 0xaf, 0x72, 0xe1, |
|
14584 |
+ 0x83, 0x90, 0xb8, 0xf8, 0x4b, 0x1a, 0xa4, 0x29, 0x1b, 0x90, 0xe1, 0x4a, |
|
14585 |
+ 0x0f, 0xc5, 0xdc, 0x91, 0x4e, 0x14, 0x24, 0x08, 0x03, 0x29, 0xa7, 0x00 |
|
14586 |
+}; |
|
14587 |
+const unsigned int poc_len = 252; |
|
14588 |
+ |
|
14589 |
+int main (int argc, char **argv) { |
|
14590 |
+ bz_stream bz; |
|
14591 |
+ char buf[1024]; |
|
14592 |
+ |
|
14593 |
+ memset(&bz, 0, sizeof(bz)); |
|
14594 |
+ bz.next_in = (char *)&poc; |
|
14595 |
+ bz.avail_in = poc_len; |
|
14596 |
+ bz.next_out = buf; |
|
14597 |
+ bz.avail_out = sizeof(buf); |
|
14598 |
+ if(BZ2_bzDecompressInit(&bz, 0, 0)!=BZ_OK) |
|
14599 |
+ return 1; |
|
14600 |
+ |
|
14601 |
+ while((BZ2_bzDecompress(&bz))==BZ_OK) { |
|
14602 |
+ bz.next_out = buf; |
|
14603 |
+ bz.avail_out = sizeof(buf); |
|
14604 |
+ } |
|
14605 |
+ BZ2_bzDecompressEnd(&bz); |
|
14606 |
+ return 0; |
|
14607 |
+} |
|
14541 | 14608 |
|
14609 |
+_ACEOF |
|
14610 |
+rm -f conftest$ac_exeext |
|
14611 |
+if { (ac_try="$ac_link" |
|
14612 |
+case "(($ac_try" in |
|
14613 |
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; |
|
14614 |
+ *) ac_try_echo=$ac_try;; |
|
14615 |
+esac |
|
14616 |
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 |
|
14617 |
+ (eval "$ac_link") 2>&5 |
|
14618 |
+ ac_status=$? |
|
14619 |
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 |
|
14620 |
+ (exit $ac_status); } && { ac_try='./conftest$ac_exeext' |
|
14621 |
+ { (case "(($ac_try" in |
|
14622 |
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; |
|
14623 |
+ *) ac_try_echo=$ac_try;; |
|
14624 |
+esac |
|
14625 |
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 |
|
14626 |
+ (eval "$ac_try") 2>&5 |
|
14627 |
+ ac_status=$? |
|
14628 |
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5 |
|
14629 |
+ (exit $ac_status); }; }; then |
|
14630 |
+ ac_cv_c_cve_2008_1372=ok |
|
14542 | 14631 |
else |
14543 |
- { echo "$as_me:$LINENO: WARNING: ****** bzip2 support disabled" >&5 |
|
14544 |
-echo "$as_me: WARNING: ****** bzip2 support disabled" >&2;} |
|
14632 |
+ echo "$as_me: program exited with status $ac_status" >&5 |
|
14633 |
+echo "$as_me: failed program was:" >&5 |
|
14634 |
+sed 's/^/| /' conftest.$ac_ext >&5 |
|
14635 |
+ |
|
14636 |
+( exit $ac_status ) |
|
14637 |
+ac_cv_c_cve_2008_1372=bugged |
|
14545 | 14638 |
fi |
14639 |
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext |
|
14640 |
+fi |
|
14641 |
+ |
|
14546 | 14642 |
|
14643 |
+LDFLAGS="$save_LDFLAGS" |
|
14644 |
+ |
|
14645 |
+fi |
|
14646 |
+{ echo "$as_me:$LINENO: result: $ac_cv_c_cve_2008_1372" >&5 |
|
14647 |
+echo "${ECHO_T}$ac_cv_c_cve_2008_1372" >&6; } |
|
14648 |
+ |
|
14649 |
+else |
|
14650 |
+ $ac_cv_c_cve_2008_1372="no" |
|
14651 |
+fi |
|
14652 |
+ |
|
14653 |
+ |
|
14654 |
+ if test "$ac_cv_c_cve_2008_1372" = "bugged"; then |
|
14655 |
+ { echo "$as_me:$LINENO: WARNING: ****** bzip2 libraries are affected by the CVE-2008-1372 bug" >&5 |
|
14656 |
+echo "$as_me: WARNING: ****** bzip2 libraries are affected by the CVE-2008-1372 bug" >&2;} |
|
14657 |
+ { echo "$as_me:$LINENO: WARNING: ****** We strongly suggest you to update to bzip2 1.0.5." >&5 |
|
14658 |
+echo "$as_me: WARNING: ****** We strongly suggest you to update to bzip2 1.0.5." >&2;} |
|
14659 |
+ { echo "$as_me:$LINENO: WARNING: ****** Please do not report stability problems to the ClamAV developers!" >&5 |
|
14660 |
+echo "$as_me: WARNING: ****** Please do not report stability problems to the ClamAV developers!" >&2;} |
|
14661 |
+ fi |
|
14662 |
+ |
|
14663 |
+ case "$ac_cv_c_cve_2008_1372" in |
|
14664 |
+ ok|bugged) |
|
14665 |
+ LIBCLAMAV_LIBS="$LIBCLAMAV_LIBS $LTLIBBZ2" |
|
14666 |
+ |
|
14667 |
+cat >>confdefs.h <<\_ACEOF |
|
14668 |
+#define HAVE_BZLIB_H 1 |
|
14669 |
+_ACEOF |
|
14670 |
+ |
|
14671 |
+ ;; |
|
14672 |
+ *) |
|
14673 |
+ { echo "$as_me:$LINENO: WARNING: ****** bzip2 support disabled" >&5 |
|
14674 |
+echo "$as_me: WARNING: ****** bzip2 support disabled" >&2;} |
|
14675 |
+ ;; |
|
14676 |
+ esac |
|
14547 | 14677 |
|
14548 | 14678 |
else |
14549 | 14679 |
{ echo "$as_me:$LINENO: WARNING: ****** bzip2 support disabled" >&5 |
... | ... |
@@ -408,9 +408,24 @@ then |
408 | 408 |
LDFLAGS="$save_LDFLAGS" |
409 | 409 |
if test "$HAVE_LIBBZ2" = "yes"; then |
410 | 410 |
AC_CHECK_HEADER([bzlib.h], |
411 |
- [LIBCLAMAV_LIBS="$LIBCLAMAV_LIBS $LTLIBBZ2"; |
|
412 |
- AC_DEFINE([HAVE_BZLIB_H],1,[have bzip2])], |
|
413 |
- [AC_MSG_WARN([****** bzip2 support disabled])]) |
|
411 |
+ [AC_C_CVE_2008_1372], |
|
412 |
+ [$ac_cv_c_cve_2008_1372="no"]) |
|
413 |
+ if test "$ac_cv_c_cve_2008_1372" = "bugged"; then |
|
414 |
+ AC_MSG_WARN([****** bzip2 libraries are affected by the CVE-2008-1372 bug]) |
|
415 |
+ AC_MSG_WARN([****** We strongly suggest you to update to bzip2 1.0.5.]) |
|
416 |
+ AC_MSG_WARN([****** Please do not report stability problems to the ClamAV developers!]) |
|
417 |
+ fi |
|
418 |
+ |
|
419 |
+ case "$ac_cv_c_cve_2008_1372" in |
|
420 |
+ ok|bugged) |
|
421 |
+ LIBCLAMAV_LIBS="$LIBCLAMAV_LIBS $LTLIBBZ2" |
|
422 |
+ AC_DEFINE([HAVE_BZLIB_H],1,[have bzip2]) |
|
423 |
+ ;; |
|
424 |
+ *) |
|
425 |
+ AC_MSG_WARN([****** bzip2 support disabled]) |
|
426 |
+ ;; |
|
427 |
+ esac |
|
428 |
+ |
|
414 | 429 |
else |
415 | 430 |
AC_MSG_WARN([****** bzip2 support disabled]) |
416 | 431 |
fi |
... | ... |
@@ -621,3 +621,70 @@ case $ac_cv_c_fpu_bigendian in |
621 | 621 |
esac |
622 | 622 |
]) |
623 | 623 |
|
624 |
+dnl AC_C_CVE_2008_1372 |
|
625 |
+dnl Checks DoS in bzlib |
|
626 |
+AC_DEFUN([AC_C_CVE_2008_1372], |
|
627 |
+[AC_CACHE_CHECK([for CVE-2008-1372], [ac_cv_c_cve_2008_1372], |
|
628 |
+[ |
|
629 |
+save_LDFLAGS="$LDFLAGS" |
|
630 |
+LDFLAGS="$LIBCLAMAV_LIBS $LTLIBBZ2" |
|
631 |
+AC_TRY_RUN([ |
|
632 |
+#include <string.h> |
|
633 |
+#include <stdlib.h> |
|
634 |
+#include <bzlib.h> |
|
635 |
+ |
|
636 |
+#ifdef NOBZ2PREFIX |
|
637 |
+#define BZ2_bzReadOpen bzReadOpen |
|
638 |
+#define BZ2_bzReadClose bzReadClose |
|
639 |
+#define BZ2_bzRead bzRead |
|
640 |
+#endif |
|
641 |
+ |
|
642 |
+const unsigned char poc[] = { |
|
643 |
+ 0x42, 0x5a, 0x68, 0x39, 0x31, 0x41, 0x59, 0x26, 0x53, 0x59, 0x20, 0x0c, |
|
644 |
+ 0xa6, 0x9c, 0x00, 0x00, 0xc2, 0xfb, 0x90, 0xca, 0x10, 0x04, 0x00, 0x40, |
|
645 |
+ 0x03, 0x77, 0x80, 0x06, 0x00, 0x7a, 0x2f, 0xde, 0x40, 0x04, 0x00, 0x40, |
|
646 |
+ 0x08, 0x30, 0x00, 0xb9, 0xb0, 0x4a, 0x89, 0xa3, 0x43, 0x4d, 0x00, 0x00, |
|
647 |
+ 0x01, 0xb5, 0x04, 0xa4, 0x6a, 0x19, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x91, |
|
648 |
+ 0x00, 0x00, 0x00, 0x00, 0x2a, 0x91, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x00, |
|
649 |
+ 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, |
|
650 |
+ 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x2a, |
|
651 |
+ 0x91, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x91, 0x00, 0x00, 0x00, 0x00, 0x2a, |
|
652 |
+ 0x91, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x91, 0x2a, 0xad, 0x2a, 0x91, 0x32, |
|
653 |
+ 0x9a, 0x32, 0x0d, 0x06, 0x8d, 0x00, 0x03, 0xf7, 0x13, 0xd2, 0xf5, 0x54, |
|
654 |
+ 0x5b, 0x20, 0x4b, 0x34, 0x40, 0x8a, 0x6b, 0xaa, 0x64, 0xd8, 0x30, 0x9d, |
|
655 |
+ 0x8a, 0x9a, 0x52, 0x44, 0x13, 0x46, 0x37, 0xd9, 0x0a, 0x3c, 0xa6, 0xee, |
|
656 |
+ 0xe9, 0xee, 0xec, 0x6d, 0x4a, 0x65, 0xc2, 0x32, 0xcb, 0x43, 0x82, 0x48, |
|
657 |
+ 0xa1, 0x26, 0xc3, 0x43, 0x11, 0x47, 0x0a, 0x5e, 0xc1, 0x30, 0x55, 0x84, |
|
658 |
+ 0xb1, 0x25, 0x7a, 0x2b, 0x86, 0x0e, 0xc8, 0x1a, 0x45, 0x10, 0xf1, 0xa9, |
|
659 |
+ 0x19, 0x00, 0x30, 0x3c, 0x2a, 0xeb, 0x16, 0x6a, 0x75, 0x86, 0x60, 0xd0, |
|
660 |
+ 0xc7, 0xd0, 0x94, 0x34, 0xf1, 0x6b, 0x49, 0x9f, 0x30, 0x4e, 0x0f, 0x70, |
|
661 |
+ 0xbe, 0x12, 0x28, 0xe9, 0x7d, 0x10, 0x80, 0x35, 0x53, 0xaf, 0x72, 0xe1, |
|
662 |
+ 0x83, 0x90, 0xb8, 0xf8, 0x4b, 0x1a, 0xa4, 0x29, 0x1b, 0x90, 0xe1, 0x4a, |
|
663 |
+ 0x0f, 0xc5, 0xdc, 0x91, 0x4e, 0x14, 0x24, 0x08, 0x03, 0x29, 0xa7, 0x00 |
|
664 |
+}; |
|
665 |
+const unsigned int poc_len = 252; |
|
666 |
+ |
|
667 |
+int main (int argc, char **argv) { |
|
668 |
+ bz_stream bz; |
|
669 |
+ char buf[1024]; |
|
670 |
+ |
|
671 |
+ memset(&bz, 0, sizeof(bz)); |
|
672 |
+ bz.next_in = (char *)&poc; |
|
673 |
+ bz.avail_in = poc_len; |
|
674 |
+ bz.next_out = buf; |
|
675 |
+ bz.avail_out = sizeof(buf); |
|
676 |
+ if(BZ2_bzDecompressInit(&bz, 0, 0)!=BZ_OK) |
|
677 |
+ return 1; |
|
678 |
+ |
|
679 |
+ while((BZ2_bzDecompress(&bz))==BZ_OK) { |
|
680 |
+ bz.next_out = buf; |
|
681 |
+ bz.avail_out = sizeof(buf); |
|
682 |
+ } |
|
683 |
+ BZ2_bzDecompressEnd(&bz); |
|
684 |
+ return 0; |
|
685 |
+} |
|
686 |
+], [ac_cv_c_cve_2008_1372=ok], [ac_cv_c_cve_2008_1372=bugged], [ac_cv_c_cve_2008_1372=ok]) |
|
687 |
+LDFLAGS="$save_LDFLAGS" |
|
688 |
+]) |
|
689 |
+]) |
|
690 |
+ |