git-svn: trunk@2180
aCaB authored on 2006/08/08 00:47:20... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Mon Aug 7 17:06:41 CEST 2006 (acab) |
|
2 |
+------------------------------------ |
|
3 |
+ * libclamav/upx.c: Fix heap overflow in pefromupx() |
|
4 |
+ (discovered by Damian Put) |
|
5 |
+ |
|
1 | 6 |
Sun Aug 6 18:32:04 BST 2006 (njh) |
2 | 7 |
---------------------------------- |
3 | 8 |
* clamav-milter: Guess the version information if daily.cvd doesn't |
... | ... |
@@ -177,6 +177,10 @@ int pefromupx (char *src, char *dst, uint32_t *dsize, uint32_t ep, uint32_t upx0 |
177 | 177 |
/* CBA restoring the imports they'll look different from the originals anyway... */ |
178 | 178 |
/* ...and yeap i miss the icon too :P */ |
179 | 179 |
|
180 |
+ if (foffset > *dsize) { |
|
181 |
+ cli_dbgmsg("UPX: wrong raw size - giving up rebuild\n"); |
|
182 |
+ return 0; |
|
183 |
+ } |
|
180 | 184 |
memcpy(dst, newbuf, foffset); |
181 | 185 |
*dsize = foffset; |
182 | 186 |
free(newbuf); |