git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@657 77e5149b-7576-45b1-b177-96237e5ba77b
Tomasz Kojm authored on 2004/07/06 23:41:39... | ... |
@@ -1,7 +1,10 @@ |
1 |
+Tue Jul 6 16:37:34 CEST 2004 (tk) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav: pe: fix sanity check on uninitialised data (bug found by aCaB) |
|
4 |
+ |
|
1 | 5 |
Tue Jul 6 14:26:19 BST 2004 (trog) |
2 | 6 |
----------------------------------- |
3 | 7 |
* libclamav/vba_extract.c: remove unused PowerPoint functions. |
4 |
- |
|
5 | 8 |
* libclamav/ole2_extract.c: cleanup some warnings. Apply patch for |
6 | 9 |
clean 64bit compile (originally from Martin Brulisauer) |
7 | 10 |
|
... | ... |
@@ -367,7 +367,7 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c |
367 | 367 |
|
368 | 368 |
if(read(desc, §ion_hdr[i], sizeof(struct pe_image_section_hdr)) != sizeof(struct pe_image_section_hdr)) { |
369 | 369 |
cli_dbgmsg("Can't read section header\n"); |
370 |
- cli_warnmsg("Possibly broken PE file\n"); |
|
370 |
+ cli_dbgmsg("Possibly broken PE file\n"); |
|
371 | 371 |
free(section_hdr); |
372 | 372 |
return CL_CLEAN; |
373 | 373 |
} |
... | ... |
@@ -416,7 +416,8 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c |
416 | 416 |
|
417 | 417 |
ep = cli_rawaddr(EC32(optional_hdr.AddressOfEntryPoint), section_hdr, nsections); |
418 | 418 |
|
419 |
- if(EC32(section_hdr[i].PointerToRawData) + EC32(section_hdr[i].SizeOfRawData) > sb.st_size || ep == -1) { |
|
419 |
+ /* simple sanity check */ |
|
420 |
+ if(EC32(section_hdr[nsections - 1].PointerToRawData) + EC32(section_hdr[nsections - 1].SizeOfRawData) > sb.st_size || ep == -1) { |
|
420 | 421 |
cli_dbgmsg("Possibly broken PE file\n"); |
421 | 422 |
free(section_hdr); |
422 | 423 |
return CL_CLEAN; |