Browse code
fix possible infinite loop in cabd_find
| ... | ... |
@@ -1,3 +1,8 @@ |
| 1 |
+Thu Nov 3 22:46:21 CET 2005 (tk) |
|
| 2 |
+--------------------------------- |
|
| 3 |
+ * libclamav/mspack/cabd.c: fix possible infinite loop in cabd_find |
|
| 4 |
+ Reported by iDEFENSE (IDEF1180) |
|
| 5 |
+ |
|
| 1 | 6 |
Thu Nov 3 22:44:00 CET 2005 (tk) |
| 2 | 7 |
--------------------------------- |
| 3 | 8 |
* libclamav/tnef.c: fix possible infinite loop |
| ... | ... |
@@ -827,7 +827,9 @@ static int cabd_find(struct mscab_decompressor_p *this, unsigned char *buf, |
| 827 | 827 |
|
| 828 | 828 |
/* cause the search to restart after this cab's data. */ |
| 829 | 829 |
offset = caboff + cablen; |
| 830 |
- |
|
| 830 |
+ if (!offset) |
|
| 831 |
+ return MSPACK_ERR_DATAFORMAT; |
|
| 832 |
+ |
|
| 831 | 833 |
/* link the cab into the list */ |
| 832 | 834 |
if (!link) *firstcab = cab; |
| 833 | 835 |
else link->base.next = (struct mscabd_cabinet *) cab; |