Browse code
Fix heap overflow in pefromupx()
| ... | ... |
@@ -1,3 +1,8 @@ |
| 1 |
+Mon Aug 7 17:06:41 CEST 2006 (acab) |
|
| 2 |
+------------------------------------ |
|
| 3 |
+ * libclamav/upx.c: Fix heap overflow in pefromupx() |
|
| 4 |
+ (discovered by Damian Put) |
|
| 5 |
+ |
|
| 1 | 6 |
Sun Aug 6 18:32:04 BST 2006 (njh) |
| 2 | 7 |
---------------------------------- |
| 3 | 8 |
* clamav-milter: Guess the version information if daily.cvd doesn't |
| ... | ... |
@@ -177,6 +177,10 @@ int pefromupx (char *src, char *dst, uint32_t *dsize, uint32_t ep, uint32_t upx0 |
| 177 | 177 |
/* CBA restoring the imports they'll look different from the originals anyway... */ |
| 178 | 178 |
/* ...and yeap i miss the icon too :P */ |
| 179 | 179 |
|
| 180 |
+ if (foffset > *dsize) {
|
|
| 181 |
+ cli_dbgmsg("UPX: wrong raw size - giving up rebuild\n");
|
|
| 182 |
+ return 0; |
|
| 183 |
+ } |
|
| 180 | 184 |
memcpy(dst, newbuf, foffset); |
| 181 | 185 |
*dsize = foffset; |
| 182 | 186 |
free(newbuf); |