git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@803 77e5149b-7576-45b1-b177-96237e5ba77b
Trog authored on 2004/08/26 23:19:35... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Thu Aug 26 15:17:03 BST 2004 (trog) |
|
2 |
+----------------------------------- |
|
3 |
+ * libclamav/ole2_extract.c: sanitize filenames |
|
4 |
+ * libclamav/chmunpack.c: properly skip unneeded chunks |
|
5 |
+ |
|
1 | 6 |
Thu Aug 26 15:33:50 CEST 2004 (tk) |
2 | 7 |
---------------------------------- |
3 | 8 |
* libclamav/filetypes.c: Improve e-mail detection |
... | ... |
@@ -602,12 +602,12 @@ static int read_chunk(int fd, off_t offset, uint32_t chunk_len, |
602 | 602 |
|
603 | 603 |
chunk_hdr->num_entries = (uint16_t)((((uint8_t const *)(chunk_hdr->chunk_data))[chunk_len-2] << 0) |
604 | 604 |
| (((uint8_t const *)(chunk_hdr->chunk_data))[chunk_len-1] << 8)); |
605 |
+ read_chunk_entries(chunk_hdr->chunk_data, chunk_len, |
|
606 |
+ chunk_hdr->num_entries, file_l, sys_file_l); |
|
605 | 607 |
} else if (memcmp(chunk_hdr->signature, "PMGI", 4) != 0) { |
606 | 608 |
goto abort; |
607 | 609 |
} |
608 |
- read_chunk_entries(chunk_hdr->chunk_data, chunk_len, |
|
609 |
- chunk_hdr->num_entries, file_l, sys_file_l); |
|
610 |
- |
|
610 |
+ |
|
611 | 611 |
print_chunk(chunk_hdr); |
612 | 612 |
retval=TRUE; |
613 | 613 |
abort: |
... | ... |
@@ -592,8 +592,21 @@ static int handler_writefile(int fd, ole2_header_t *hdr, property_t *prop, const |
592 | 592 |
return FALSE; |
593 | 593 |
} |
594 | 594 |
snprintf(name, 11, "%.10ld", i + (long int) prop); |
595 |
+ } else { |
|
596 |
+ /* Sanitize the file name */ |
|
597 |
+ for(newname = name; *newname; newname++) { |
|
598 |
+#if defined(MSDOS) || defined(C_CYGWIN) || defined(WIN32) |
|
599 |
+ if(strchr("/*?<>|\"+=,;: ", *newname)) |
|
600 |
+#elif defined(C_DARWIN) |
|
601 |
+ if((*newname == '/') || (*newname >= '\200')) |
|
602 |
+#else |
|
603 |
+ if(*newname == '/') |
|
604 |
+#endif |
|
605 |
+ *newname = '_'; |
|
606 |
+ } |
|
595 | 607 |
} |
596 | 608 |
|
609 |
+ |
|
597 | 610 |
newname = (char *) cli_malloc(strlen(name) + strlen(dir) + 2); |
598 | 611 |
if (!newname) { |
599 | 612 |
free(name); |