@@ -161,15 +161,17 @@ void cab_free(struct cab_archive *cab)

     if(cab->state) {

-	switch(cab->state->cmethod & 0x000f) {

-	    case 0x0001:

-		mszip_free(cab->state->stream);

-		break;

-	    case 0x0002:

-		qtm_free(cab->state->stream);

-		break;

-	    case 0x0003:

-		lzx_free(cab->state->stream);

+	if(cab->state->stream) {

+	    switch(cab->state->cmethod & 0x000f) {

+		case 0x0001:

+		    mszip_free(cab->state->stream);

+		    break;

+		case 0x0002:

+		    qtm_free(cab->state->stream);

+		    break;

+		case 0x0003:

+		    lzx_free(cab->state->stream);

+	    }

 	}

 	free(cab->state);

     }

@@ -604,19 +606,21 @@ static int cab_unstore(struct cab_file *file, int bytes)

 #define CAB_CHGFOLDER							\

     if(!file->cab->actfol || (file->folder != file->cab->actfol)) {	\

 	if(file->cab->state) {						\

-	    switch(file->cab->state->cmethod & 0x000f) {		\

-		case 0x0001:						\

-		    mszip_free(file->cab->state->stream);		\

-		    break;						\

-		case 0x0002:						\

-		    qtm_free(file->cab->state->stream);			\

-		    break;						\

-		case 0x0003:						\

-		    lzx_free(file->cab->state->stream);			\

+	    if(file->cab->state->stream) {				\

+		switch(file->cab->state->cmethod & 0x000f) {		\

+		    case 0x0001:					\

+			mszip_free(file->cab->state->stream);		\

+			break;						\

+		    case 0x0002:					\

+			qtm_free(file->cab->state->stream);		\

+			break;						\

+		    case 0x0003:					\

+			lzx_free(file->cab->state->stream);		\

+		}							\

 	    }								\

 	    free(file->cab->state);					\

+	    file->cab->state = NULL;					\

 	}								\

-	file->cab->actfol = file->folder;				\

 	if(lseek(file->fd, file->folder->offset, SEEK_SET) == -1) {	\

 	    cli_dbgmsg("cab_extract: Can't lseek to %u\n", (unsigned int) file->folder->offset);							\

 	    return CL_EFORMAT; /* truncated file? */			\

@@ -638,10 +642,10 @@ static int cab_unstore(struct cab_file *file, int bytes)

 		file->cab->state->stream = (struct lzx_stream *) lzx_init(file->fd, file->ofd, (int) (file->folder->cmethod >> 8) & 0x1f, 0, 4096, 0, file, &cab_read);									\

 	}								\

 	if((file->folder->cmethod & 0x000f) && !file->cab->state->stream) { \

-	    free(file->cab->state);					\

 	    close(file->ofd);						\

 	    return CL_EMSCAB;						\

 	}								\

+	file->cab->actfol = file->folder;				\

     }

@@ -663,7 +667,6 @@ int cab_extract(struct cab_file *file, const char *name)

     file->ofd = open(name, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, S_IRWXU);

     if(file->ofd == -1) {

 	cli_errmsg("cab_extract: Can't open file %s in write mode\n", name);

-	free(file->cab->state);

 	return CL_EIO;

     }

@@ -196,6 +196,49 @@ const char *cl_strerror(int clerror)

     }

 }

+int cli_sizelimits(cli_ctx *ctx, unsigned long need1, unsigned long need2, unsigned long need3) {

+  int ret = CL_SUCCESS;

+  unsigned long needed;

+

+  /* if called without limits, go on, unpack */

+  if(!ctx || !ctx->limits) return CL_SUCCESS;

+

+  needed = (need1>need2)?need1:need2;

+  needed = (needed>need3)?needed:need3;

+

+  /* if we have global scan limits */

+  if(ctx->limits->maxscansize) {

+    /* if the remaining scansize is too small... */

+    if(ctx->limits->maxscansize-ctx->scansize<needed) {

+      cli_dbgmsg("cli_limits: scansize exceeded (initial: %u, remaining: %u, needed: %u)\n", ctx->limits->maxscansize, ctx->scansize, needed);

+      /* ... we return INFECTED only upon request */ 

+      if(BLOCKMAX) {

+	*ctx->virname = "Archive.ExceededScanSize";

+	return CL_VIRUS;

+      }

+      /* ... otherwise we tell the caller to skip this file */

+      ret = CL_BREAK;

+    } else {

+      /* if the remaining scanzise is big enough, we update it */

+      ctx->scansize+=needed;

+    }

+  }

+

+  /* if we have per-file size limits, and we are overlimit... */

+  if(ctx->limits->maxfilesize && ctx->limits->maxfilesize<needed) {

+    /* ... we return INFECTED only upon request */ 

+    if(BLOCKMAX) {

+      *ctx->virname = "Archive.ExceededFileSize";

+      return CL_VIRUS;

+    }

+    /* ... otherwise we tell the caller to skip this file */

+    ret = CL_BREAK;

+  }

+

+  return ret;

+  /* FIXME: set/check ctx->scanned in magic_scandesc */

+}

+

 unsigned char *cli_md5digest(int desc)

 {

 	unsigned char *digest;

@@ -628,11 +671,7 @@ int cli_rmdirs(const char *dirname)

 			    return -1;

 			}

-#ifdef	C_WINDOWS

-			sprintf(path, "%s\\%s", dirname, dent->d_name);

-#else

 			sprintf(path, "%s/%s", dirname, dent->d_name);

-#endif

 			/* stat the file */

 			if(lstat(path, &statbuf) != -1) {

@@ -82,7 +82,8 @@ typedef struct {

     const struct cl_limits *limits;

     unsigned long scansize;

     unsigned int options;

-    unsigned int arec;

+    unsigned int recursion;

+    unsigned int scanned;

     unsigned int found_possibly_unwanted;

     struct cli_dconf *dconf;

 } cli_ctx;

@@ -1969,16 +1969,18 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)

 int cl_scandesc(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options)

 {

     cli_ctx ctx;

+    cl_limits l_limits;

     int rc;

     memset(&ctx, '\0', sizeof(cli_ctx));

     ctx.engine = engine;

     ctx.virname = virname;

-    ctx.limits = limits;

+    ctx.limits = &l_limits;

     ctx.scanned = scanned;

     ctx.options = options;

     ctx.found_possibly_unwanted = 0;

     ctx.dconf = (struct cli_dconf *) engine->dconf;

+    memcpy(&l_limits, limits, sizeof(struct cl_limits));

     rc = cli_magic_scandesc(desc, &ctx);

     if(rc == CL_CLEAN && ctx.found_possibly_unwanted)