@@ -1,3 +1,13 @@

+Mon Apr 14 21:35:11 CEST 2008 (tk)

+----------------------------------

+  * Check in 0.93 patches:

+    - libclamunrar: bb#541 (RAR - Version required to extract - Evasion)

+    - libclamav/spin.c: bb#876 (PeSpin Heap Overflow Vulnerability)

+    - libclamav/pe.c: bb#878 (Upack Buffer Overflow Vulnerability)

+    - libclamav/message.c: bb#881 (message.c: read beyond allocated region)

+    - libclamav/unarj.c: bb#897 (ARJ: Sample from CERT-FI hangs clamav)

+    - libclamunrar: bb#898 (RAR crashes on some fuzzed files from CERT-FI)

+

 Mon Apr 14 13:19:17 CEST 2008 (tk)

 ----------------------------------

   * test: add clam-aspack.exe, clam-pespin.exe and clam-upx.exe (bb#902)

@@ -1,5 +1,5 @@

-0.93rc1

+0.93

+----

 This release introduces many new features and engine enhancements, please

 see the notes below for the list of major changes. The most visible one

@@ -2,8 +2,8 @@ Note: This README/NEWS file refers to the source tarball. Some things described

 here may not be available in binary packages.

 --

-0.93rc1

+0.93

+----

 This release introduces many new features and engine enhancements, please

 see the notes below for the list of major changes. The most visible one

@@ -45,7 +45,7 @@ dnl VERSION="0.93rc1"

 AC_DEFINE_UNQUOTED([VERSION],"$VERSION",[Version number of package])

 LC_CURRENT=4

-LC_REVISION=0

+LC_REVISION=1

 LC_AGE=0

 LIBCLAMAV_VERSION="$LC_CURRENT":"$LC_REVISION":"$LC_AGE"

 AC_SUBST([LIBCLAMAV_VERSION])

Binary files a/docs/clamdoc.pdf and b/docs/clamdoc.pdf differ

@@ -71,7 +71,7 @@

     \vspace{3cm}

     \begin{flushright}

 	\rule[-1ex]{8cm}{3pt}\\

-	\huge Clam AntiVirus 0.93rc1\\

+	\huge Clam AntiVirus 0.93\\

 	\huge \emph{User Manual}\\

     \end{flushright}

@@ -56,7 +56,7 @@ original version by:  Nikos Drakos, CBLU, University of Leeds

 <BR>

 <BR>

     <DIV ALIGN="RIGHT">

-<BR>	<BIG CLASS="HUGE">Clam AntiVirus 0.93rc1

+<BR>	<BIG CLASS="HUGE">Clam AntiVirus 0.93

 <BR>	<BIG CLASS="HUGE"><SPAN  CLASS="textit">User Manual</SPAN>

 <BR>    

 </BIG></BIG></DIV>

@@ -209,7 +209,7 @@ original version by:  Nikos Drakos, CBLU, University of Leeds

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -56,7 +56,7 @@ original version by:  Nikos Drakos, CBLU, University of Leeds

 <BR>

 <BR>

     <DIV ALIGN="RIGHT">

-<BR>	<BIG CLASS="HUGE">Clam AntiVirus 0.93rc1

+<BR>	<BIG CLASS="HUGE">Clam AntiVirus 0.93

 <BR>	<BIG CLASS="HUGE"><SPAN  CLASS="textit">User Manual</SPAN>

 <BR>    

 </BIG></BIG></DIV>

@@ -209,7 +209,7 @@ original version by:  Nikos Drakos, CBLU, University of Leeds

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -179,7 +179,7 @@ ClamAV and Clam AntiVirus are trademarks of Sourcefire, Inc.

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -96,7 +96,7 @@ A note for Solaris/SPARC users: you must set the <SPAN  CLASS="textit">ABI</SPAN

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -75,7 +75,7 @@ Installing on shell account</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -69,7 +69,7 @@ Adding new system user and group</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -75,7 +75,7 @@ Compilation of base package</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -64,7 +64,7 @@ Compilation with clamav-milter enabled</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -83,7 +83,7 @@ Configuration</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -79,7 +79,7 @@ clamd</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -90,7 +90,7 @@ On-access scanning</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -81,7 +81,7 @@ define(`confINPUT_MAIL_FILTERS', `clmilter')

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -75,7 +75,7 @@ Testing</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -79,7 +79,7 @@ Introduction</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -139,7 +139,7 @@ N * * * *	/usr/local/bin/freshclam --quiet

 <!--End of Navigation Panel-->

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -77,7 +77,7 @@ Closest mirrors</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -80,7 +80,7 @@ Usage</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -160,7 +160,7 @@ Start/end a <code>clamd</code> session - you can do multiple commands

 <!--End of Navigation Panel-->

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -76,7 +76,7 @@ Clam<SPAN  CLASS="textbf">d</SPAN>scan</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -92,7 +92,7 @@ SIGTERM signal. In other case you can lose access

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -70,7 +70,7 @@ Output format</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -94,7 +94,7 @@ clamscan</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -83,7 +83,7 @@ Error messages are printed in the following format:

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -124,7 +124,7 @@ LibClamAV</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -183,7 +183,7 @@ Features</A>

 <!--End of Navigation Panel-->

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -65,7 +65,7 @@ Licence</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -77,7 +77,7 @@ Supported formats</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -87,7 +87,7 @@ Executables</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -62,7 +62,7 @@ Mail files</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -90,7 +90,7 @@ Archives and compressed files</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -73,7 +73,7 @@ Documents</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -75,7 +75,7 @@ Others</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -75,7 +75,7 @@ API</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -64,7 +64,7 @@ Header file</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -111,7 +111,7 @@ Load CVD files directly without unpacking them into a temporary

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -86,7 +86,7 @@ Alternatively you can try asking on the <code>#clamav</code> IRC channel - launc

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -68,7 +68,7 @@ Error handling</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -74,7 +74,7 @@ Engine structure</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -101,7 +101,7 @@ Database reloading</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -214,7 +214,7 @@ Phishing module: always block cloaked URLs.

 <!--End of Navigation Panel-->

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -62,7 +62,7 @@ Memory</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -67,7 +67,7 @@ clamav-config</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -65,7 +65,7 @@ Example</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -82,7 +82,7 @@ Verification OK.

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -613,7 +613,7 @@ Contributors</A>

 <!--End of Navigation Panel-->

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -459,7 +459,7 @@ Donors</A>

 <!--End of Navigation Panel-->

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -65,7 +65,7 @@ Virus submitting</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -63,7 +63,7 @@ Graphics</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -62,7 +62,7 @@ OpenAntiVirus</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -134,7 +134,7 @@ Role: coder

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -64,11 +64,11 @@ Mathematics Department, Macquarie University, Sydney.

 The command line arguments were: <BR>

  <STRONG>latex2html</STRONG> <TT>-local_icons clamdoc.tex</TT>

 <P>

-The translation was initiated by Tomasz Kojm on 2008-03-18

+The translation was initiated by Tomasz Kojm on 2008-04-09

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -71,7 +71,7 @@ Base package</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -80,7 +80,7 @@ Supported platforms</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -61,7 +61,7 @@ Binary packages</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -77,7 +77,7 @@ Installation</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-18

+2008-04-09

 </ADDRESS>

 </BODY>

 </HTML>

@@ -2563,6 +2563,7 @@ rfc2231(const char *in)

 						in++;

 						continue;

 					}

+					*p = '\0';

 					break;

 				case '=':

 					/*strcpy(p, in);*/

@@ -87,7 +87,7 @@ static pthread_mutex_t cli_ctime_mutex = PTHREAD_MUTEX_INITIALIZER;

 #define       P_tmpdir        "C:\\WINDOWS\\TEMP"

 #endif

-#define CL_FLEVEL 28 /* don't touch it */

+#define CL_FLEVEL 29 /* don't touch it */

 uint8_t cli_debug_flag = 0, cli_leavetemps_flag = 0;

@@ -1261,7 +1261,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)

 	    CLI_UNPSIZELIMITS("Upack", MAX(MAX(dsize, ssize), exe_sections[1].ursz));

-	    if (exe_sections[1].rva - off > dsize || exe_sections[1].rva - off > dsize - exe_sections[1].ursz || (upack && (exe_sections[2].rva - exe_sections[0].rva > dsize || exe_sections[2].rva - exe_sections[0].rva > dsize - ssize)) || ssize > dsize) {

+	    if (!CLI_ISCONTAINED(0, dsize, exe_sections[1].rva - off, exe_sections[1].ursz) || (upack && !CLI_ISCONTAINED(0, dsize, exe_sections[2].rva - exe_sections[0].rva, ssize)) || ssize > dsize) {

 	        cli_dbgmsg("Upack: probably malformed pe-header, skipping to next unpacker\n");

 		break;

 	    }

@@ -435,7 +435,7 @@ int unspin(char *src, int ssize, struct cli_exe_section *sections, int sectcnt,

     /*    len = cli_readint32(ep+0x2fc8); -- Using vsizes instead */

     for (j=0; j<sectcnt; j++) {

-      if (sections[j].rva <= key32 && sections[j].rva+sections[j].rsz > key32)

+      if (sections[j].rva <= key32 && key32-sections[j].rva < sections[j].vsz && CLI_ISCONTAINED(src + sections[j].raw, sections[j].rsz, src + sections[j].raw, key32 - sections[j].rva))

 	break;

     }

@@ -162,6 +162,7 @@ typedef struct arj_decode_tag {

 	unsigned char pt_len[NPT];

 	unsigned char sub_bit_buf;

 	uint16_t pt_table[PTABLESIZE];

+	int status;

 } arj_decode_t;

 static int fill_buf(arj_decode_t *decode_data, int n)

@@ -172,6 +173,7 @@ static int fill_buf(arj_decode_t *decode_data, int n)

 		if (decode_data->comp_size != 0) {

 			decode_data->comp_size--;

 			if (cli_readn(decode_data->fd, &decode_data->sub_bit_buf, 1) != 1) {

+				decode_data->status = CL_EIO;

 				return CL_EIO;

 			}

 		} else {

@@ -230,6 +232,7 @@ static int make_table(arj_decode_t *decode_data, int nchar, unsigned char *bitle

 	for (i = 0; (int)i < nchar; i++) {

 		if (bitlen[i] >= 17) {

 			cli_dbgmsg("UNARJ: bounds exceeded\n");

+			decode_data->status = CL_EARJ;

 			return CL_EARJ;

 		}

 		count[bitlen[i]]++;

@@ -240,12 +243,14 @@ static int make_table(arj_decode_t *decode_data, int nchar, unsigned char *bitle

 		start[i+1] = start[i] + (count[i] << (16 - i));

 	}

 	if (start[17] != (unsigned short) (1 << 16)) {

+		decode_data->status = CL_EARJ;

 		return CL_EARJ;

 	}

 	jutbits = 16 - tablebits;

 	if (tablebits >= 17) {

 		cli_dbgmsg("UNARJ: bounds exceeded\n");

+		decode_data->status = CL_EARJ;

 		return CL_EARJ;

 	}

 	for (i = 1; (int)i <= tablebits; i++) {

@@ -263,6 +268,7 @@ static int make_table(arj_decode_t *decode_data, int nchar, unsigned char *bitle

 		while (i != k) {

 			if (i >= tablesize) {

 				cli_dbgmsg("UNARJ: bounds exceeded\n");

+				decode_data->status = CL_EARJ;

 				return CL_EARJ;

 			}

 			table[i++] = 0;

@@ -277,12 +283,14 @@ static int make_table(arj_decode_t *decode_data, int nchar, unsigned char *bitle

 		}

 		if (len >= 17) {

 			cli_dbgmsg("UNARJ: bounds exceeded\n");

+			decode_data->status = CL_EARJ;

 			return CL_EARJ;

 		}

 		k = start[len];

 		nextcode = k + weight[len];

 		if ((int)len <= tablebits) {

 			if (nextcode > (unsigned int) tablesize) {

+				decode_data->status = CL_EARJ;

 				return CL_EARJ;

 			}

 			for (i = start[len]; i < nextcode; i++) {

@@ -295,6 +303,7 @@ static int make_table(arj_decode_t *decode_data, int nchar, unsigned char *bitle

 				if (*p == 0) {

 					if (avail >= (2 * NC - 1)) {

 						cli_dbgmsg("UNARJ: bounds exceeded\n");

+						decode_data->status = CL_EARJ;

 						return CL_EARJ;

 					}

 					decode_data->right[avail] = decode_data->left[avail] = 0;

@@ -302,6 +311,7 @@ static int make_table(arj_decode_t *decode_data, int nchar, unsigned char *bitle

 				}

 				if (*p >= (2 * NC - 1)) {

 					cli_dbgmsg("UNARJ: bounds exceeded\n");

+					decode_data->status = CL_EARJ;

 					return CL_EARJ;

 				}

 				if (k & mask) {

@@ -319,7 +329,7 @@ static int make_table(arj_decode_t *decode_data, int nchar, unsigned char *bitle

 	return CL_SUCCESS;

 }

-static void read_pt_len(arj_decode_t *decode_data, int nn, int nbit, int i_special)

+static int read_pt_len(arj_decode_t *decode_data, int nn, int nbit, int i_special)

 {

 	int i, n;

 	short c;

@@ -329,7 +339,8 @@ static void read_pt_len(arj_decode_t *decode_data, int nn, int nbit, int i_speci

 	if (n == 0) {

 		if (nn > NPT) {

 			cli_dbgmsg("UNARJ: bounds exceeded\n");

-			return;

+			decode_data->status = CL_EARJ;

+			return CL_EARJ;

 		}

 		c = arj_getbits(decode_data, nbit);

 		for (i = 0; i < nn; i++) {

@@ -350,9 +361,15 @@ static void read_pt_len(arj_decode_t *decode_data, int nn, int nbit, int i_speci

 				}

 			}

 			fill_buf(decode_data, (c < 7) ? 3 : (int)(c - 3));

+			if (decode_data->status != CL_SUCCESS) {

+				return decode_data->status;

+			}

 			decode_data->pt_len[i++] = (unsigned char) c;

 			if (i == i_special) {

 				c = arj_getbits(decode_data, 2);

+				if (decode_data->status != CL_SUCCESS) {

+					return decode_data->status;

+				}

 				while ((--c >= 0) && (i < NPT)) {

 					decode_data->pt_len[i++] = 0;

 				}

@@ -361,8 +378,11 @@ static void read_pt_len(arj_decode_t *decode_data, int nn, int nbit, int i_speci

 		while ((i < nn) && (i < NPT)) {

 			decode_data->pt_len[i++] = 0;

 		}

-		make_table(decode_data, nn, decode_data->pt_len, 8, decode_data->pt_table, PTABLESIZE);

+		if (make_table(decode_data, nn, decode_data->pt_len, 8, decode_data->pt_table, PTABLESIZE) != CL_SUCCESS) {

+			return CL_EARJ;

+		}

 	}

+	return CL_SUCCESS;

 }

 static int read_c_len(arj_decode_t *decode_data)

@@ -371,8 +391,14 @@ static int read_c_len(arj_decode_t *decode_data)

 	unsigned short mask;

 	n = arj_getbits(decode_data, CBIT);

+	if (decode_data->status != CL_SUCCESS) {

+		return decode_data->status;

+	}

 	if (n == 0) {

 		c = arj_getbits(decode_data, CBIT);

+		if (decode_data->status != CL_SUCCESS) {

+			return decode_data->status;

+		}

 		for (i = 0; i < NC; i++) {

 			decode_data->c_len[i] = 0;

 		}

@@ -388,6 +414,7 @@ static int read_c_len(arj_decode_t *decode_data)

 				do {

 					if (c >= (2 * NC - 1)) {

 						cli_warnmsg("ERROR: bounds exceeded\n");

+						decode_data->status = CL_EFORMAT;

 						return CL_EFORMAT;

 					}

 					if (decode_data->bit_buf & mask) {

@@ -400,9 +427,13 @@ static int read_c_len(arj_decode_t *decode_data)

 			}

 			if (c >= 19) {

 				cli_dbgmsg("UNARJ: bounds exceeded\n");

+				decode_data->status = CL_EARJ;

 				return CL_EARJ;

 			}

 			fill_buf(decode_data, (int)(decode_data->pt_len[c]));

+			if (decode_data->status != CL_SUCCESS) {

+				return decode_data->status;

+			}	

 			if (c <= 2) {

 				if (c == 0) {

 					c = 1;

@@ -411,9 +442,13 @@ static int read_c_len(arj_decode_t *decode_data)

 				} else {

 					c = arj_getbits(decode_data, CBIT) + 20;

 				}

+				if (decode_data->status != CL_SUCCESS) {

+					return decode_data->status;

+				}		

 				while (--c >= 0) {

 					if (i >= NC) {

 						cli_warnmsg("ERROR: bounds exceeded\n");

+						decode_data->status = CL_EFORMAT;

 						return CL_EFORMAT;

 					}

 					decode_data->c_len[i++] = 0;

@@ -421,6 +456,7 @@ static int read_c_len(arj_decode_t *decode_data)

 			} else {

 				if (i >= NC) {

 					cli_warnmsg("ERROR: bounds exceeded\n");

+					decode_data->status = CL_EFORMAT;

 					return CL_EFORMAT;

 				}

 				decode_data->c_len[i++] = (unsigned char) (c - 2);