Browse code
0.95.1
| ... | ... |
@@ -1,3 +1,19 @@ |
| 1 |
+Wed Apr 8 16:49:32 CEST 2009 (tk) |
|
| 2 |
+---------------------------------- |
|
| 3 |
+ * V 0.95.1 |
|
| 4 |
+ |
|
| 5 |
+Wed Apr 8 16:40:19 CEST 2009 (tk) |
|
| 6 |
+---------------------------------- |
|
| 7 |
+ * libclamav/phishcheck.c: fix possible crash in cli_url_canon() (bb#1553) |
|
| 8 |
+ Patch by Edwin, reported by Nigel Horne |
|
| 9 |
+ <njh*bandsman.co.uk> |
|
| 10 |
+ |
|
| 11 |
+Wed Apr 8 16:35:23 CEST 2009 (tk) |
|
| 12 |
+---------------------------------- |
|
| 13 |
+ * libclamav/others.h: harden CLI_ISCONTAINED macro (bb#1552) |
|
| 14 |
+ Patch by aCaB, reported by Martin Olsen |
|
| 15 |
+ <marty*lightspeedsystems.com> |
|
| 16 |
+ |
|
| 1 | 17 |
Tue Apr 7 16:53:18 CEST 2009 (acab) |
| 2 | 18 |
------------------------------------ |
| 3 | 19 |
* clamav-milter/netcode.c: honour ReadTimeout=0 |
| ... | ... |
@@ -14962,8 +14962,8 @@ static struct v{
|
| 14962 | 14962 |
extern void abort(void); |
| 14963 | 14963 |
|
| 14964 | 14964 |
#define CLI_ISCONTAINED(bb, bb_size, sb, sb_size) \ |
| 14965 |
- (bb_size > 0 && sb_size > 0 && sb_size <= bb_size \ |
|
| 14966 |
- && sb >= bb && sb + sb_size <= bb + bb_size && sb + sb_size > bb) |
|
| 14965 |
+ ((bb_size) > 0 && (sb_size) > 0 && (size_t)(sb_size) <= (size_t)(bb_size) \ |
|
| 14966 |
+ && (sb) >= (bb) && ((sb) + (sb_size)) <= ((bb) + (bb_size)) && ((sb) + (sb_size)) > (bb) && (sb) < ((bb) + (bb_size))) |
|
| 14967 | 14967 |
|
| 14968 | 14968 |
int crashtest() |
| 14969 | 14969 |
{
|
| ... | ... |
@@ -191,8 +191,8 @@ static struct v{
|
| 191 | 191 |
extern void abort(void); |
| 192 | 192 |
|
| 193 | 193 |
#define CLI_ISCONTAINED(bb, bb_size, sb, sb_size) \ |
| 194 |
- (bb_size > 0 && sb_size > 0 && sb_size <= bb_size \ |
|
| 195 |
- && sb >= bb && sb + sb_size <= bb + bb_size && sb + sb_size > bb) |
|
| 194 |
+ ((bb_size) > 0 && (sb_size) > 0 && (size_t)(sb_size) <= (size_t)(bb_size) \ |
|
| 195 |
+ && (sb) >= (bb) && ((sb) + (sb_size)) <= ((bb) + (bb_size)) && ((sb) + (sb_size)) > (bb) && (sb) < ((bb) + (bb_size))) |
|
| 196 | 196 |
|
| 197 | 197 |
int crashtest() |
| 198 | 198 |
{
|
| ... | ... |
@@ -59,12 +59,12 @@ extern uint8_t cli_debug_flag; |
| 59 | 59 |
* The macro can be used to protect against wraps. |
| 60 | 60 |
*/ |
| 61 | 61 |
#define CLI_ISCONTAINED(bb, bb_size, sb, sb_size) \ |
| 62 |
- (bb_size > 0 && sb_size > 0 && (size_t)sb_size <= (size_t)bb_size \ |
|
| 63 |
- && sb >= bb && sb + sb_size <= bb + bb_size && sb + sb_size > bb) |
|
| 62 |
+ ((bb_size) > 0 && (sb_size) > 0 && (size_t)(sb_size) <= (size_t)(bb_size) \ |
|
| 63 |
+ && (sb) >= (bb) && ((sb) + (sb_size)) <= ((bb) + (bb_size)) && ((sb) + (sb_size)) > (bb) && (sb) < ((bb) + (bb_size))) |
|
| 64 | 64 |
|
| 65 | 65 |
#define CLI_ISCONTAINED2(bb, bb_size, sb, sb_size) \ |
| 66 |
- (bb_size > 0 && sb_size >= 0 && (size_t)sb_size <= (size_t)bb_size \ |
|
| 67 |
- && sb >= bb && sb + sb_size <= bb + bb_size && sb + sb_size >= bb) |
|
| 66 |
+ ((bb_size) > 0 && (sb_size) >= 0 && (size_t)(sb_size) <= (size_t)(bb_size) \ |
|
| 67 |
+ && (sb) >= (bb) && ((sb) + (sb_size)) <= ((bb) + (bb_size)) && ((sb) + (sb_size)) >= (bb) && (sb) < ((bb) + (bb_size))) |
|
| 68 | 68 |
|
| 69 | 69 |
#define CLI_MAX_ALLOCATION 184549376 |
| 70 | 70 |
|
| ... | ... |
@@ -1280,7 +1280,7 @@ int cli_url_canon(const char *inurl, size_t len, char *urlbuff, size_t dest_len, |
| 1280 | 1280 |
*p = '\0'; |
| 1281 | 1281 |
|
| 1282 | 1282 |
p = host_begin; |
| 1283 |
- while (p < urlend && p+2 < url + dest_len) {
|
|
| 1283 |
+ while (p < urlend && p+2 < url + dest_len && urlend < urlbuff+dest_len) {
|
|
| 1284 | 1284 |
unsigned char c = *p; |
| 1285 | 1285 |
if (c <= 32 || c >= 127 || c == '%' || c == '#') {
|
| 1286 | 1286 |
/* convert non-ascii characters back to % escaped */ |