@@ -1,3 +1,7 @@

+Tue Jan 30 16:31:37 CET 2007 (tk)

+---------------------------------

+  * libclamav/unrar/unrar.c: properly handle metadata for large files

+

 Mon Jan 29 16:17:53 CET 2007 (tk)

 ---------------------------------

   * libclamav/cab.c: improve format scoring

@@ -199,8 +199,8 @@ static int cli_unrar_checklimits(const cli_ctx *ctx, const rar_metadata_t *metad

 {

     if(ctx->limits) {

 	if(ctx->limits->maxratio && metadata->unpack_size && metadata->pack_size) {

-	    if((unsigned int) metadata->unpack_size / (unsigned int) metadata->pack_size >= ctx->limits->maxratio) {

-		cli_dbgmsg("RAR: Max ratio reached (normal: %u, compressed: %u, max: %ld)\n", metadata->unpack_size, metadata->pack_size, ctx->limits->maxratio);

+	    if(metadata->unpack_size / metadata->pack_size >= ctx->limits->maxratio) {

+		cli_dbgmsg("RAR: Max ratio reached (normal: %Lu, compressed: %Lu, max: %u)\n", metadata->unpack_size, metadata->pack_size, ctx->limits->maxratio);

 		if(BLOCKMAX) {

 		    *ctx->virname = "Oversized.RAR";

 		    return CL_VIRUS;

@@ -210,7 +210,7 @@ static int cli_unrar_checklimits(const cli_ctx *ctx, const rar_metadata_t *metad

 	}

 	if(ctx->limits->maxfilesize && (metadata->unpack_size > ctx->limits->maxfilesize)) {

-	    cli_dbgmsg("RAR: %s: Size exceeded (%u, max: %lu)\n", metadata->filename, metadata->unpack_size, ctx->limits->maxfilesize);

+	    cli_dbgmsg("RAR: %s: Size exceeded (%Lu, max: %lu)\n", metadata->filename, metadata->unpack_size, ctx->limits->maxfilesize);

 	    if(BLOCKMAX) {

 		*ctx->virname = "RAR.ExceededFileSize";

 		return CL_VIRUS;

@@ -219,7 +219,7 @@ static int cli_unrar_checklimits(const cli_ctx *ctx, const rar_metadata_t *metad

 	}

 	if(ctx->limits->maxfiles && (files > ctx->limits->maxfiles)) {

-	    cli_dbgmsg("RAR: Files limit reached (max: %d)\n", ctx->limits->maxfiles);

+	    cli_dbgmsg("RAR: Files limit reached (max: %u)\n", ctx->limits->maxfiles);

 	    if(BLOCKMAX) {

 		*ctx->virname = "RAR.ExceededFilesLimit";

 		return CL_VIRUS;

@@ -287,6 +287,18 @@ static void *read_header(int fd, header_type hdr_type)

 		file_hdr->unpack_size = rar_endian_convert_32(file_hdr->unpack_size);

 		file_hdr->file_crc = rar_endian_convert_32(file_hdr->file_crc);

 		file_hdr->name_size = rar_endian_convert_16(file_hdr->name_size);

+		if(file_hdr->flags & 0x100) {

+			if (cli_readn(fd, file_hdr + SIZEOF_NEWLHD, 8) != 8) {

+				free(file_hdr);

+				return NULL;

+			}

+			file_hdr->high_pack_size = rar_endian_convert_32(file_hdr->high_pack_size);

+			file_hdr->high_unpack_size = rar_endian_convert_32(file_hdr->high_unpack_size);

+		} else {

+			file_hdr->high_pack_size = 0;

+			file_hdr->high_unpack_size = 0;

+		}

+

 		return file_hdr;

 		}

 	case COMM_HEAD: {

@@ -1541,8 +1553,8 @@ int cli_unrar_extract_next_prepare(rar_state_t* state,const char* dirname)

 		if (!new_metadata) {

 		return CL_EMEM;

 		}

-		new_metadata->pack_size = state->file_header->pack_size;

-		new_metadata->unpack_size = state->file_header->unpack_size;

+		new_metadata->pack_size = state->file_header->high_pack_size * 0x100000000 + state->file_header->pack_size;

+		new_metadata->unpack_size = state->file_header->high_unpack_size * 0x100000000 + state->file_header->unpack_size;

 		new_metadata->crc = state->file_header->file_crc;

 		new_metadata->method = state->file_header->method;

 		new_metadata->filename = strdup(state->file_header->filename);

@@ -47,8 +47,8 @@ struct unpack_data_tag;

 typedef struct rar_metadata_tag

 {

-	uint32_t pack_size;

-	uint32_t unpack_size;

+	uint64_t pack_size;

+	uint64_t unpack_size;

 	uint32_t crc;

 	unsigned int encrypted;

 	uint8_t method;

@@ -143,6 +143,8 @@ typedef struct file_header_tag

 	uint8_t method __attribute__ ((packed));

 	uint16_t name_size __attribute__ ((packed));

 	uint32_t file_attr __attribute__ ((packed));

+	uint32_t high_pack_size __attribute__ ((packed));   /* optional */

+	uint32_t high_unpack_size __attribute__ ((packed)); /* optional */

 	unsigned char *filename __attribute__ ((packed));

 	off_t start_offset __attribute__ ((packed));

 	off_t next_offset __attribute__ ((packed));