@@ -1,3 +1,7 @@

+Wed Apr 16 19:32:12 CEST 2008 (acab)

+------------------------------------

+  * configure: check for bzip2 CVE-2008-1372 - bb#903

+

 Tue Apr 15 18:34:11 CEST 2008 (acab)

 ------------------------------------

   * test: add clam-fsg.exe (bb#902)

@@ -132,7 +132,7 @@ AC_LIB_PROG_LD_GNU

 # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-

-# serial 52 Debian 1.5.26-1 AC_PROG_LIBTOOL

+# serial 52 Debian 1.5.26-3 AC_PROG_LIBTOOL

 # AC_PROVIDE_IFELSE(MACRO-NAME, IF-PROVIDED, IF-NOT-PROVIDED)

@@ -2793,7 +2793,7 @@ _ACEOF

 LC_CURRENT=4

-LC_REVISION=0

+LC_REVISION=1

 LC_AGE=0

 LIBCLAMAV_VERSION="$LC_CURRENT":"$LC_REVISION":"$LC_AGE"

@@ -14533,17 +14533,147 @@ echo "${ECHO_T}$ac_cv_header_bzlib_h" >&6; }

 fi

 if test $ac_cv_header_bzlib_h = yes; then

-  LIBCLAMAV_LIBS="$LIBCLAMAV_LIBS $LTLIBBZ2";

+  { echo "$as_me:$LINENO: checking for CVE-2008-1372" >&5

+echo $ECHO_N "checking for CVE-2008-1372... $ECHO_C" >&6; }

+if test "${ac_cv_c_cve_2008_1372+set}" = set; then

+  echo $ECHO_N "(cached) $ECHO_C" >&6

+else

-cat >>confdefs.h <<\_ACEOF

-#define HAVE_BZLIB_H 1

+save_LDFLAGS="$LDFLAGS"

+LDFLAGS="$LIBCLAMAV_LIBS $LTLIBBZ2"

+if test "$cross_compiling" = yes; then

+  ac_cv_c_cve_2008_1372=ok

+else

+  cat >conftest.$ac_ext <<_ACEOF

+/* confdefs.h.  */

 _ACEOF

+cat confdefs.h >>conftest.$ac_ext

+cat >>conftest.$ac_ext <<_ACEOF

+/* end confdefs.h.  */

+

+#include <string.h>

+#include <stdlib.h>

+#include <bzlib.h>

+

+#ifdef NOBZ2PREFIX

+#define BZ2_bzReadOpen bzReadOpen

+#define BZ2_bzReadClose bzReadClose

+#define BZ2_bzRead bzRead

+#endif

+

+const unsigned char poc[] = {

+  0x42, 0x5a, 0x68, 0x39, 0x31, 0x41, 0x59, 0x26, 0x53, 0x59, 0x20, 0x0c,

+  0xa6, 0x9c, 0x00, 0x00, 0xc2, 0xfb, 0x90, 0xca, 0x10, 0x04, 0x00, 0x40,

+  0x03, 0x77, 0x80, 0x06, 0x00, 0x7a, 0x2f, 0xde, 0x40, 0x04, 0x00, 0x40,

+  0x08, 0x30, 0x00, 0xb9, 0xb0, 0x4a, 0x89, 0xa3, 0x43, 0x4d, 0x00, 0x00,

+  0x01, 0xb5, 0x04, 0xa4, 0x6a, 0x19, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x91,

+  0x00, 0x00, 0x00, 0x00, 0x2a, 0x91, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x00,

+  0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00,

+  0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x2a,

+  0x91, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x91, 0x00, 0x00, 0x00, 0x00, 0x2a,

+  0x91, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x91, 0x2a, 0xad, 0x2a, 0x91, 0x32,

+  0x9a, 0x32, 0x0d, 0x06, 0x8d, 0x00, 0x03, 0xf7, 0x13, 0xd2, 0xf5, 0x54,

+  0x5b, 0x20, 0x4b, 0x34, 0x40, 0x8a, 0x6b, 0xaa, 0x64, 0xd8, 0x30, 0x9d,

+  0x8a, 0x9a, 0x52, 0x44, 0x13, 0x46, 0x37, 0xd9, 0x0a, 0x3c, 0xa6, 0xee,

+  0xe9, 0xee, 0xec, 0x6d, 0x4a, 0x65, 0xc2, 0x32, 0xcb, 0x43, 0x82, 0x48,

+  0xa1, 0x26, 0xc3, 0x43, 0x11, 0x47, 0x0a, 0x5e, 0xc1, 0x30, 0x55, 0x84,

+  0xb1, 0x25, 0x7a, 0x2b, 0x86, 0x0e, 0xc8, 0x1a, 0x45, 0x10, 0xf1, 0xa9,

+  0x19, 0x00, 0x30, 0x3c, 0x2a, 0xeb, 0x16, 0x6a, 0x75, 0x86, 0x60, 0xd0,

+  0xc7, 0xd0, 0x94, 0x34, 0xf1, 0x6b, 0x49, 0x9f, 0x30, 0x4e, 0x0f, 0x70,

+  0xbe, 0x12, 0x28, 0xe9, 0x7d, 0x10, 0x80, 0x35, 0x53, 0xaf, 0x72, 0xe1,

+  0x83, 0x90, 0xb8, 0xf8, 0x4b, 0x1a, 0xa4, 0x29, 0x1b, 0x90, 0xe1, 0x4a,

+  0x0f, 0xc5, 0xdc, 0x91, 0x4e, 0x14, 0x24, 0x08, 0x03, 0x29, 0xa7, 0x00

+};

+const unsigned int poc_len = 252;

+

+int main (int argc, char **argv) {

+        bz_stream bz;

+        char buf[1024];

+

+        memset(&bz, 0, sizeof(bz));

+        bz.next_in = (char *)&poc;

+        bz.avail_in = poc_len;

+        bz.next_out = buf;

+        bz.avail_out = sizeof(buf);

+        if(BZ2_bzDecompressInit(&bz, 0, 0)!=BZ_OK)

+                return 1;

+

+        while((BZ2_bzDecompress(&bz))==BZ_OK) {

+                bz.next_out = buf;

+                bz.avail_out = sizeof(buf);

+        }

+        BZ2_bzDecompressEnd(&bz);

+        return 0;

+}

+_ACEOF

+rm -f conftest$ac_exeext

+if { (ac_try="$ac_link"

+case "(($ac_try" in

+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;

+  *) ac_try_echo=$ac_try;;

+esac

+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5

+  (eval "$ac_link") 2>&5

+  ac_status=$?

+  echo "$as_me:$LINENO: \$? = $ac_status" >&5

+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'

+  { (case "(($ac_try" in

+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;

+  *) ac_try_echo=$ac_try;;

+esac

+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5

+  (eval "$ac_try") 2>&5

+  ac_status=$?

+  echo "$as_me:$LINENO: \$? = $ac_status" >&5

+  (exit $ac_status); }; }; then

+  ac_cv_c_cve_2008_1372=ok

 else

-  { echo "$as_me:$LINENO: WARNING: ****** bzip2 support disabled" >&5

-echo "$as_me: WARNING: ****** bzip2 support disabled" >&2;}

+  echo "$as_me: program exited with status $ac_status" >&5

+echo "$as_me: failed program was:" >&5

+sed 's/^/| /' conftest.$ac_ext >&5

+

+( exit $ac_status )

+ac_cv_c_cve_2008_1372=bugged

 fi

+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext

+fi

+

+LDFLAGS="$save_LDFLAGS"

+

+fi

+{ echo "$as_me:$LINENO: result: $ac_cv_c_cve_2008_1372" >&5

+echo "${ECHO_T}$ac_cv_c_cve_2008_1372" >&6; }

+

+else

+  $ac_cv_c_cve_2008_1372="no"

+fi

+

+

+	if test "$ac_cv_c_cve_2008_1372" = "bugged"; then

+		{ echo "$as_me:$LINENO: WARNING: ****** bzip2 libraries are affected by the CVE-2008-1372 bug" >&5

+echo "$as_me: WARNING: ****** bzip2 libraries are affected by the CVE-2008-1372 bug" >&2;}

+		{ echo "$as_me:$LINENO: WARNING: ****** We strongly suggest you to update to bzip2 1.0.5." >&5

+echo "$as_me: WARNING: ****** We strongly suggest you to update to bzip2 1.0.5." >&2;}

+		{ echo "$as_me:$LINENO: WARNING: ****** Please do not report stability problems to the ClamAV developers!" >&5

+echo "$as_me: WARNING: ****** Please do not report stability problems to the ClamAV developers!" >&2;}

+	fi

+

+	case "$ac_cv_c_cve_2008_1372" in

+	ok|bugged)

+		LIBCLAMAV_LIBS="$LIBCLAMAV_LIBS $LTLIBBZ2"

+

+cat >>confdefs.h <<\_ACEOF

+#define HAVE_BZLIB_H 1

+_ACEOF

+

+		;;

+	*)

+		{ echo "$as_me:$LINENO: WARNING: ****** bzip2 support disabled" >&5

+echo "$as_me: WARNING: ****** bzip2 support disabled" >&2;}

+		;;

+	esac

     else

 	{ echo "$as_me:$LINENO: WARNING: ****** bzip2 support disabled" >&5

@@ -408,9 +408,24 @@ then

     LDFLAGS="$save_LDFLAGS"

     if test "$HAVE_LIBBZ2" = "yes"; then

 	AC_CHECK_HEADER([bzlib.h],

-			[LIBCLAMAV_LIBS="$LIBCLAMAV_LIBS $LTLIBBZ2";

-			 AC_DEFINE([HAVE_BZLIB_H],1,[have bzip2])],

-			[AC_MSG_WARN([****** bzip2 support disabled])])

+			[AC_C_CVE_2008_1372],

+			[$ac_cv_c_cve_2008_1372="no"])

+	if test "$ac_cv_c_cve_2008_1372" = "bugged"; then

+		AC_MSG_WARN([****** bzip2 libraries are affected by the CVE-2008-1372 bug])

+		AC_MSG_WARN([****** We strongly suggest you to update to bzip2 1.0.5.])

+		AC_MSG_WARN([****** Please do not report stability problems to the ClamAV developers!])

+	fi

+

+	case "$ac_cv_c_cve_2008_1372" in

+	ok|bugged)

+		LIBCLAMAV_LIBS="$LIBCLAMAV_LIBS $LTLIBBZ2"

+		AC_DEFINE([HAVE_BZLIB_H],1,[have bzip2])

+		;;

+	*)

+		AC_MSG_WARN([****** bzip2 support disabled])

+		;;

+	esac

+

     else

 	AC_MSG_WARN([****** bzip2 support disabled])

     fi

@@ -621,3 +621,70 @@ case $ac_cv_c_fpu_bigendian in

 esac

 ])

+dnl AC_C_CVE_2008_1372

+dnl Checks DoS in bzlib 

+AC_DEFUN([AC_C_CVE_2008_1372],

+[AC_CACHE_CHECK([for CVE-2008-1372], [ac_cv_c_cve_2008_1372],

+[

+save_LDFLAGS="$LDFLAGS"

+LDFLAGS="$LIBCLAMAV_LIBS $LTLIBBZ2"

+AC_TRY_RUN([

+#include <string.h>

+#include <stdlib.h>

+#include <bzlib.h>

+

+#ifdef NOBZ2PREFIX

+#define BZ2_bzReadOpen bzReadOpen

+#define BZ2_bzReadClose bzReadClose

+#define BZ2_bzRead bzRead

+#endif

+

+const unsigned char poc[] = {

+  0x42, 0x5a, 0x68, 0x39, 0x31, 0x41, 0x59, 0x26, 0x53, 0x59, 0x20, 0x0c,

+  0xa6, 0x9c, 0x00, 0x00, 0xc2, 0xfb, 0x90, 0xca, 0x10, 0x04, 0x00, 0x40,

+  0x03, 0x77, 0x80, 0x06, 0x00, 0x7a, 0x2f, 0xde, 0x40, 0x04, 0x00, 0x40,

+  0x08, 0x30, 0x00, 0xb9, 0xb0, 0x4a, 0x89, 0xa3, 0x43, 0x4d, 0x00, 0x00,

+  0x01, 0xb5, 0x04, 0xa4, 0x6a, 0x19, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x91,

+  0x00, 0x00, 0x00, 0x00, 0x2a, 0x91, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x00,

+  0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00,

+  0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x2a,

+  0x91, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x91, 0x00, 0x00, 0x00, 0x00, 0x2a,

+  0x91, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x91, 0x2a, 0xad, 0x2a, 0x91, 0x32,

+  0x9a, 0x32, 0x0d, 0x06, 0x8d, 0x00, 0x03, 0xf7, 0x13, 0xd2, 0xf5, 0x54,

+  0x5b, 0x20, 0x4b, 0x34, 0x40, 0x8a, 0x6b, 0xaa, 0x64, 0xd8, 0x30, 0x9d,

+  0x8a, 0x9a, 0x52, 0x44, 0x13, 0x46, 0x37, 0xd9, 0x0a, 0x3c, 0xa6, 0xee,

+  0xe9, 0xee, 0xec, 0x6d, 0x4a, 0x65, 0xc2, 0x32, 0xcb, 0x43, 0x82, 0x48,

+  0xa1, 0x26, 0xc3, 0x43, 0x11, 0x47, 0x0a, 0x5e, 0xc1, 0x30, 0x55, 0x84,

+  0xb1, 0x25, 0x7a, 0x2b, 0x86, 0x0e, 0xc8, 0x1a, 0x45, 0x10, 0xf1, 0xa9,

+  0x19, 0x00, 0x30, 0x3c, 0x2a, 0xeb, 0x16, 0x6a, 0x75, 0x86, 0x60, 0xd0,

+  0xc7, 0xd0, 0x94, 0x34, 0xf1, 0x6b, 0x49, 0x9f, 0x30, 0x4e, 0x0f, 0x70,

+  0xbe, 0x12, 0x28, 0xe9, 0x7d, 0x10, 0x80, 0x35, 0x53, 0xaf, 0x72, 0xe1,

+  0x83, 0x90, 0xb8, 0xf8, 0x4b, 0x1a, 0xa4, 0x29, 0x1b, 0x90, 0xe1, 0x4a,

+  0x0f, 0xc5, 0xdc, 0x91, 0x4e, 0x14, 0x24, 0x08, 0x03, 0x29, 0xa7, 0x00

+};

+const unsigned int poc_len = 252;

+

+int main (int argc, char **argv) {

+        bz_stream bz;

+        char buf[1024];

+

+        memset(&bz, 0, sizeof(bz));

+        bz.next_in = (char *)&poc;

+        bz.avail_in = poc_len;

+        bz.next_out = buf;

+        bz.avail_out = sizeof(buf);

+        if(BZ2_bzDecompressInit(&bz, 0, 0)!=BZ_OK)

+                return 1;

+

+        while((BZ2_bzDecompress(&bz))==BZ_OK) {

+                bz.next_out = buf;

+                bz.avail_out = sizeof(buf);

+        }

+        BZ2_bzDecompressEnd(&bz);

+        return 0;

+}

+], [ac_cv_c_cve_2008_1372=ok], [ac_cv_c_cve_2008_1372=bugged], [ac_cv_c_cve_2008_1372=ok])

+LDFLAGS="$save_LDFLAGS"

+])

+])

+