Browse code
fix sanity check on uninitialised data
git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@657 77e5149b-7576-45b1-b177-96237e5ba77b
Tomasz Kojm authored on 2004/07/06 23:41:39Showing 2 changed files
| ... | ... |
@@ -1,7 +1,10 @@ |
| 1 |
+Tue Jul 6 16:37:34 CEST 2004 (tk) |
|
| 2 |
+---------------------------------- |
|
| 3 |
+ * libclamav: pe: fix sanity check on uninitialised data (bug found by aCaB) |
|
| 4 |
+ |
|
| 1 | 5 |
Tue Jul 6 14:26:19 BST 2004 (trog) |
| 2 | 6 |
----------------------------------- |
| 3 | 7 |
* libclamav/vba_extract.c: remove unused PowerPoint functions. |
| 4 |
- |
|
| 5 | 8 |
* libclamav/ole2_extract.c: cleanup some warnings. Apply patch for |
| 6 | 9 |
clean 64bit compile (originally from Martin Brulisauer) |
| 7 | 10 |
|
| ... | ... |
@@ -367,7 +367,7 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c |
| 367 | 367 |
|
| 368 | 368 |
if(read(desc, §ion_hdr[i], sizeof(struct pe_image_section_hdr)) != sizeof(struct pe_image_section_hdr)) {
|
| 369 | 369 |
cli_dbgmsg("Can't read section header\n");
|
| 370 |
- cli_warnmsg("Possibly broken PE file\n");
|
|
| 370 |
+ cli_dbgmsg("Possibly broken PE file\n");
|
|
| 371 | 371 |
free(section_hdr); |
| 372 | 372 |
return CL_CLEAN; |
| 373 | 373 |
} |
| ... | ... |
@@ -416,7 +416,8 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c |
| 416 | 416 |
|
| 417 | 417 |
ep = cli_rawaddr(EC32(optional_hdr.AddressOfEntryPoint), section_hdr, nsections); |
| 418 | 418 |
|
| 419 |
- if(EC32(section_hdr[i].PointerToRawData) + EC32(section_hdr[i].SizeOfRawData) > sb.st_size || ep == -1) {
|
|
| 419 |
+ /* simple sanity check */ |
|
| 420 |
+ if(EC32(section_hdr[nsections - 1].PointerToRawData) + EC32(section_hdr[nsections - 1].SizeOfRawData) > sb.st_size || ep == -1) {
|
|
| 420 | 421 |
cli_dbgmsg("Possibly broken PE file\n");
|
| 421 | 422 |
free(section_hdr); |
| 422 | 423 |
return CL_CLEAN; |