Browse code
fix buffer size calculation in unfsg_133
| ... | ... |
@@ -1,3 +1,8 @@ |
| 1 |
+Thu Nov 3 22:33:20 CET 2005 (tk) |
|
| 2 |
+--------------------------------- |
|
| 3 |
+ * libclamav/fsg.c: fix buffer size calculation in unfsg_133 |
|
| 4 |
+ Reported by Zero Day Initiative (ZDI-CAN-004) |
|
| 5 |
+ |
|
| 1 | 6 |
Mon Oct 31 21:21:38 GMT 2005 (njh) |
| 2 | 7 |
---------------------------------- |
| 3 | 8 |
* libclamav/mbox.c: Scan attachments that have no filename |
| ... | ... |
@@ -235,7 +235,7 @@ int unfsg_133(char *source, char *dest, int ssize, int dsize, struct SECTION *se |
| 235 | 235 |
|
| 236 | 236 |
for (i = 0 ; i <= sectcount ; i++) {
|
| 237 | 237 |
char *startd=tdst; |
| 238 |
- if ( unfsg(tsrc, tdst, tsrc - source + ssize, tdst - dest + dsize, &tsrc, &tdst) == -1 ) |
|
| 238 |
+ if ( unfsg(tsrc, tdst, ssize - (tsrc - source), dsize - (tdst - dest), &tsrc, &tdst) == -1 ) |
|
| 239 | 239 |
return -1; |
| 240 | 240 |
|
| 241 | 241 |
/* RVA has been filled already in pe.c */ |