@@ -1,3 +1,8 @@

+Thu Aug 26 15:17:03 BST 2004 (trog)

+-----------------------------------

+  * libclamav/ole2_extract.c: sanitize filenames

+  * libclamav/chmunpack.c: properly skip unneeded chunks

+

 Thu Aug 26 15:33:50 CEST 2004 (tk)

 ----------------------------------

   * libclamav/filetypes.c: Improve e-mail detection

@@ -602,12 +602,12 @@ static int read_chunk(int fd, off_t offset, uint32_t chunk_len,

 		chunk_hdr->num_entries = (uint16_t)((((uint8_t const *)(chunk_hdr->chunk_data))[chunk_len-2] << 0)

 					| (((uint8_t const *)(chunk_hdr->chunk_data))[chunk_len-1] << 8));

+		read_chunk_entries(chunk_hdr->chunk_data, chunk_len,

+                        chunk_hdr->num_entries, file_l, sys_file_l);

 	} else if (memcmp(chunk_hdr->signature, "PMGI", 4) != 0) {

 		goto abort;

 	}

-	read_chunk_entries(chunk_hdr->chunk_data, chunk_len,

-			chunk_hdr->num_entries, file_l, sys_file_l);

-			

+

 	print_chunk(chunk_hdr);

 	retval=TRUE;

 abort:

@@ -592,8 +592,21 @@ static int handler_writefile(int fd, ole2_header_t *hdr, property_t *prop, const

 			return FALSE;

 		}

 		snprintf(name, 11, "%.10ld", i + (long int) prop);

+	} else {

+		/* Sanitize the file name */

+                for(newname = name; *newname; newname++) {

+#if     defined(MSDOS) || defined(C_CYGWIN) || defined(WIN32)

+                        if(strchr("/*?<>|\"+=,;: ", *newname))

+#elif   defined(C_DARWIN)

+                        if((*newname == '/') || (*newname >= '\200'))

+#else

+                        if(*newname == '/')

+#endif

+                                *newname = '_';

+                }

 	}

+

 	newname = (char *) cli_malloc(strlen(name) + strlen(dir) + 2);

 	if (!newname) {

 		free(name);