deleted file mode 100644

@@ -1,82 +0,0 @@

-/*

- *  Copyright (C) 2015 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

- *  Copyright (C) 2007-2008 Sourcefire, Inc.

- *

- *  Authors: Tomasz Kojm

- *

- *  This program is free software; you can redistribute it and/or modify

- *  it under the terms of the GNU General Public License version 2 as

- *  published by the Free Software Foundation.

- *

- *  This program is distributed in the hope that it will be useful,

- *  but WITHOUT ANY WARRANTY; without even the implied warranty of

- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- *  GNU General Public License for more details.

- *

- *  You should have received a copy of the GNU General Public License

- *  along with this program; if not, write to the Free Software

- *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

- *  MA 02110-1301, USA.

- */

-

-#ifndef __CAB_H

-#define __CAB_H

-

-#include <sys/types.h>

-#include "cltypes.h"

-#include "fmap.h"

-

-#define CAB_BLOCKMAX 65535

-#define CAB_INPUTMAX (CAB_BLOCKMAX + 6144)

-

-struct cab_archive {

-    struct cab_folder *folders, *actfol;

-    struct cab_file *files;

-    struct cab_state *state;

-    fmap_t *map;

-    off_t cur_offset;

-    uint32_t length;

-    uint16_t nfolders;

-    uint16_t nfiles;

-    uint16_t flags;

-    uint16_t reshdr;

-    uint8_t resdata;

-};

-

-struct cab_state {

-    unsigned char *pt, *end;

-    void *stream;

-    unsigned char block[CAB_INPUTMAX];

-    uint16_t blklen;

-    uint16_t outlen;

-    uint16_t blknum;

-    uint16_t cmethod;

-};

-

-struct cab_file {

-    off_t offset;

-    char *name;

-    uint32_t length;

-    int error;

-    int lread;

-    int ofd;

-    struct cab_folder *folder;

-    struct cab_file *next;

-    struct cab_archive *cab;

-    uint16_t attribs;

-    uint64_t max_size, written_size;

-};

-

-struct cab_folder {

-    struct cab_archive *cab;

-    off_t offset;

-    struct cab_folder *next;

-    uint16_t cmethod;

-    uint16_t nblocks;

-};

-

-int cab_open(fmap_t *map, off_t offset, struct cab_archive *cab);

-int cab_extract(struct cab_file *file, const char *name);

-void cab_free(struct cab_archive *cab);

-

-#endif

@@ -67,7 +67,7 @@

  * more than 6144 bytes. Quantum has no documentation, but the largest

  * block seen in the wild is 337 bytes above uncompressed size.

  */

-#define CAB_BLOCKMAX (32768)

+#define CAB_BLOCKMAX (65535)

 #define CAB_INPUTMAX (CAB_BLOCKMAX+6144)

 /* There are no more than 65535 data blocks per folder, so a folder cannot

@@ -1247,7 +1247,7 @@ static int cabd_sys_read(struct mspack_file *file, void *buffer, int bytes) {

       }

       else {

 	/* not the last block */

-	if (outlen != CAB_BLOCKMAX) {

+	if (outlen < CAB_BLOCKMAX) {

 	  self->system->message(self->d->infh,

 				"WARNING; non-maximal data block");

 	}

@@ -1278,7 +1278,7 @@ static int cabd_sys_read_block(struct mspack_system *sys,

 {

   unsigned char hdr[cfdata_SIZEOF];

   unsigned int cksum;

-  int len;

+  unsigned int len;

   /* reset the input block pointer and end of block pointer */

   d->i_ptr = d->i_end = &d->input[0];

@@ -1300,27 +1300,19 @@ static int cabd_sys_read_block(struct mspack_system *sys,

     /* blocks must not be over CAB_INPUTMAX in size */

     len = EndGetI16(&hdr[cfdata_CompressedSize]);

     if (((d->i_end - d->i_ptr) + len) > CAB_INPUTMAX) {

-      D(("block size > CAB_INPUTMAX (%ld + %d)",

-          (long)(d->i_end - d->i_ptr), len))

-      /* Do not return -- 

-       * because malware may not conform exactly to the standard CAB format

-       * but we still want to scan it */

-      //return MSPACK_ERR_DATAFORMAT;

+      sys->message(NULL, "block size > CAB_INPUTMAX (%ld + %d)",

+          (long)(d->i_end - d->i_ptr), len);

+      return MSPACK_ERR_DATAFORMAT;

     }

      /* blocks must not expand to more than CAB_BLOCKMAX */

     if (EndGetI16(&hdr[cfdata_UncompressedSize]) > CAB_BLOCKMAX) {

-      D(("block size > CAB_BLOCKMAX"))

-      /* 

-       * Do not return -- 

-       * because malware may not conform exactly to the standard CAB format

-       * but we still want to scan it

-       */

-      //return MSPACK_ERR_DATAFORMAT;

+      sys->message(NULL, "block size > CAB_BLOCKMAX");

+      return MSPACK_ERR_DATAFORMAT;

     }

     /* read the block data */

-    if (sys->read(d->infh, d->i_end, len) != len) {

+    if (sys->read(d->infh, d->i_end, len) != (int)len) {

       return MSPACK_ERR_READ;

     }

@@ -191,7 +191,7 @@ static int inflate(struct mszipd_stream *zip) {

           if (read_input(BITS_VAR)) return BITS_VAR->error;

           i_ptr = BITS_VAR->i_ptr;

           i_end = BITS_VAR->i_end;

-          if(i_ptr == i_end) break;

+          if(i_ptr >= i_end) break;

         }

         lens_buf[i++] = *i_ptr++;

       }

@@ -66,6 +66,8 @@ static struct mspack_file *mspack_fmap_open(struct mspack_system *self,

 		cli_dbgmsg("%s() failed at %d\n", __func__, __LINE__);

 		return NULL;

 	}

+	memset(mspack_handle, 0, sizeof(*mspack_handle));

+

 	switch (mode) {

 	case MSPACK_SYS_OPEN_READ:

 		mspack_handle->type = FILETYPE_FMAP;

@@ -295,7 +297,11 @@ static void mspack_fmap_message(struct mspack_file *file, const char *fmt, ...)

 static void *mspack_fmap_alloc(struct mspack_system *self, size_t num)

 {

 	UNUSEDPARAM(self);

-	return malloc(num);

+	void * addr = malloc(num);

+	if (addr) {

+		memset(addr, 0, num);

+	}

+	return addr;

 }

 static void mspack_fmap_free(void *mem)