1 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,82 +0,0 @@ |
1 |
-/* |
|
2 |
- * Copyright (C) 2015 Cisco Systems, Inc. and/or its affiliates. All rights reserved. |
|
3 |
- * Copyright (C) 2007-2008 Sourcefire, Inc. |
|
4 |
- * |
|
5 |
- * Authors: Tomasz Kojm |
|
6 |
- * |
|
7 |
- * This program is free software; you can redistribute it and/or modify |
|
8 |
- * it under the terms of the GNU General Public License version 2 as |
|
9 |
- * published by the Free Software Foundation. |
|
10 |
- * |
|
11 |
- * This program is distributed in the hope that it will be useful, |
|
12 |
- * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
13 |
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
14 |
- * GNU General Public License for more details. |
|
15 |
- * |
|
16 |
- * You should have received a copy of the GNU General Public License |
|
17 |
- * along with this program; if not, write to the Free Software |
|
18 |
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, |
|
19 |
- * MA 02110-1301, USA. |
|
20 |
- */ |
|
21 |
- |
|
22 |
-#ifndef __CAB_H |
|
23 |
-#define __CAB_H |
|
24 |
- |
|
25 |
-#include <sys/types.h> |
|
26 |
-#include "cltypes.h" |
|
27 |
-#include "fmap.h" |
|
28 |
- |
|
29 |
-#define CAB_BLOCKMAX 65535 |
|
30 |
-#define CAB_INPUTMAX (CAB_BLOCKMAX + 6144) |
|
31 |
- |
|
32 |
-struct cab_archive { |
|
33 |
- struct cab_folder *folders, *actfol; |
|
34 |
- struct cab_file *files; |
|
35 |
- struct cab_state *state; |
|
36 |
- fmap_t *map; |
|
37 |
- off_t cur_offset; |
|
38 |
- uint32_t length; |
|
39 |
- uint16_t nfolders; |
|
40 |
- uint16_t nfiles; |
|
41 |
- uint16_t flags; |
|
42 |
- uint16_t reshdr; |
|
43 |
- uint8_t resdata; |
|
44 |
-}; |
|
45 |
- |
|
46 |
-struct cab_state { |
|
47 |
- unsigned char *pt, *end; |
|
48 |
- void *stream; |
|
49 |
- unsigned char block[CAB_INPUTMAX]; |
|
50 |
- uint16_t blklen; |
|
51 |
- uint16_t outlen; |
|
52 |
- uint16_t blknum; |
|
53 |
- uint16_t cmethod; |
|
54 |
-}; |
|
55 |
- |
|
56 |
-struct cab_file { |
|
57 |
- off_t offset; |
|
58 |
- char *name; |
|
59 |
- uint32_t length; |
|
60 |
- int error; |
|
61 |
- int lread; |
|
62 |
- int ofd; |
|
63 |
- struct cab_folder *folder; |
|
64 |
- struct cab_file *next; |
|
65 |
- struct cab_archive *cab; |
|
66 |
- uint16_t attribs; |
|
67 |
- uint64_t max_size, written_size; |
|
68 |
-}; |
|
69 |
- |
|
70 |
-struct cab_folder { |
|
71 |
- struct cab_archive *cab; |
|
72 |
- off_t offset; |
|
73 |
- struct cab_folder *next; |
|
74 |
- uint16_t cmethod; |
|
75 |
- uint16_t nblocks; |
|
76 |
-}; |
|
77 |
- |
|
78 |
-int cab_open(fmap_t *map, off_t offset, struct cab_archive *cab); |
|
79 |
-int cab_extract(struct cab_file *file, const char *name); |
|
80 |
-void cab_free(struct cab_archive *cab); |
|
81 |
- |
|
82 |
-#endif |
... | ... |
@@ -67,7 +67,7 @@ |
67 | 67 |
* more than 6144 bytes. Quantum has no documentation, but the largest |
68 | 68 |
* block seen in the wild is 337 bytes above uncompressed size. |
69 | 69 |
*/ |
70 |
-#define CAB_BLOCKMAX (32768) |
|
70 |
+#define CAB_BLOCKMAX (65535) |
|
71 | 71 |
#define CAB_INPUTMAX (CAB_BLOCKMAX+6144) |
72 | 72 |
|
73 | 73 |
/* There are no more than 65535 data blocks per folder, so a folder cannot |
... | ... |
@@ -1247,7 +1247,7 @@ static int cabd_sys_read(struct mspack_file *file, void *buffer, int bytes) { |
1247 | 1247 |
} |
1248 | 1248 |
else { |
1249 | 1249 |
/* not the last block */ |
1250 |
- if (outlen != CAB_BLOCKMAX) { |
|
1250 |
+ if (outlen < CAB_BLOCKMAX) { |
|
1251 | 1251 |
self->system->message(self->d->infh, |
1252 | 1252 |
"WARNING; non-maximal data block"); |
1253 | 1253 |
} |
... | ... |
@@ -1278,7 +1278,7 @@ static int cabd_sys_read_block(struct mspack_system *sys, |
1278 | 1278 |
{ |
1279 | 1279 |
unsigned char hdr[cfdata_SIZEOF]; |
1280 | 1280 |
unsigned int cksum; |
1281 |
- int len; |
|
1281 |
+ unsigned int len; |
|
1282 | 1282 |
|
1283 | 1283 |
/* reset the input block pointer and end of block pointer */ |
1284 | 1284 |
d->i_ptr = d->i_end = &d->input[0]; |
... | ... |
@@ -1300,27 +1300,19 @@ static int cabd_sys_read_block(struct mspack_system *sys, |
1300 | 1300 |
/* blocks must not be over CAB_INPUTMAX in size */ |
1301 | 1301 |
len = EndGetI16(&hdr[cfdata_CompressedSize]); |
1302 | 1302 |
if (((d->i_end - d->i_ptr) + len) > CAB_INPUTMAX) { |
1303 |
- D(("block size > CAB_INPUTMAX (%ld + %d)", |
|
1304 |
- (long)(d->i_end - d->i_ptr), len)) |
|
1305 |
- /* Do not return -- |
|
1306 |
- * because malware may not conform exactly to the standard CAB format |
|
1307 |
- * but we still want to scan it */ |
|
1308 |
- //return MSPACK_ERR_DATAFORMAT; |
|
1303 |
+ sys->message(NULL, "block size > CAB_INPUTMAX (%ld + %d)", |
|
1304 |
+ (long)(d->i_end - d->i_ptr), len); |
|
1305 |
+ return MSPACK_ERR_DATAFORMAT; |
|
1309 | 1306 |
} |
1310 | 1307 |
|
1311 | 1308 |
/* blocks must not expand to more than CAB_BLOCKMAX */ |
1312 | 1309 |
if (EndGetI16(&hdr[cfdata_UncompressedSize]) > CAB_BLOCKMAX) { |
1313 |
- D(("block size > CAB_BLOCKMAX")) |
|
1314 |
- /* |
|
1315 |
- * Do not return -- |
|
1316 |
- * because malware may not conform exactly to the standard CAB format |
|
1317 |
- * but we still want to scan it |
|
1318 |
- */ |
|
1319 |
- //return MSPACK_ERR_DATAFORMAT; |
|
1310 |
+ sys->message(NULL, "block size > CAB_BLOCKMAX"); |
|
1311 |
+ return MSPACK_ERR_DATAFORMAT; |
|
1320 | 1312 |
} |
1321 | 1313 |
|
1322 | 1314 |
/* read the block data */ |
1323 |
- if (sys->read(d->infh, d->i_end, len) != len) { |
|
1315 |
+ if (sys->read(d->infh, d->i_end, len) != (int)len) { |
|
1324 | 1316 |
return MSPACK_ERR_READ; |
1325 | 1317 |
} |
1326 | 1318 |
|
... | ... |
@@ -191,7 +191,7 @@ static int inflate(struct mszipd_stream *zip) { |
191 | 191 |
if (read_input(BITS_VAR)) return BITS_VAR->error; |
192 | 192 |
i_ptr = BITS_VAR->i_ptr; |
193 | 193 |
i_end = BITS_VAR->i_end; |
194 |
- if(i_ptr == i_end) break; |
|
194 |
+ if(i_ptr >= i_end) break; |
|
195 | 195 |
} |
196 | 196 |
lens_buf[i++] = *i_ptr++; |
197 | 197 |
} |
... | ... |
@@ -66,6 +66,8 @@ static struct mspack_file *mspack_fmap_open(struct mspack_system *self, |
66 | 66 |
cli_dbgmsg("%s() failed at %d\n", __func__, __LINE__); |
67 | 67 |
return NULL; |
68 | 68 |
} |
69 |
+ memset(mspack_handle, 0, sizeof(*mspack_handle)); |
|
70 |
+ |
|
69 | 71 |
switch (mode) { |
70 | 72 |
case MSPACK_SYS_OPEN_READ: |
71 | 73 |
mspack_handle->type = FILETYPE_FMAP; |
... | ... |
@@ -295,7 +297,11 @@ static void mspack_fmap_message(struct mspack_file *file, const char *fmt, ...) |
295 | 295 |
static void *mspack_fmap_alloc(struct mspack_system *self, size_t num) |
296 | 296 |
{ |
297 | 297 |
UNUSEDPARAM(self); |
298 |
- return malloc(num); |
|
298 |
+ void * addr = malloc(num); |
|
299 |
+ if (addr) { |
|
300 |
+ memset(addr, 0, num); |
|
301 |
+ } |
|
302 |
+ return addr; |
|
299 | 303 |
} |
300 | 304 |
|
301 | 305 |
static void mspack_fmap_free(void *mem) |