...
|
...
|
@@ -319,16 +319,18 @@ int cli_scanpe(int desc, cli_ctx *ctx)
|
319
|
319
|
}
|
320
|
320
|
|
321
|
321
|
nsections = EC16(file_hdr.NumberOfSections);
|
322
|
|
- if(nsections < 1) {
|
|
322
|
+ if(nsections < 1 || nsections > 99) {
|
323
|
323
|
if(DETECT_BROKEN) {
|
324
|
324
|
if(ctx->virname)
|
325
|
325
|
*ctx->virname = "Broken.Executable";
|
326
|
326
|
return CL_VIRUS;
|
327
|
327
|
}
|
328
|
|
- cli_warnmsg("PE file contains no sections\n");
|
|
328
|
+ if(nsections)
|
|
329
|
+ cli_warnmsg("PE file contains %d sections\n", nsections);
|
|
330
|
+ else
|
|
331
|
+ cli_warnmsg("PE file contains no sections\n");
|
329
|
332
|
return CL_CLEAN;
|
330
|
333
|
}
|
331
|
|
-
|
332
|
334
|
cli_dbgmsg("NumberOfSections: %d\n", nsections);
|
333
|
335
|
|
334
|
336
|
timestamp = (time_t) EC32(file_hdr.TimeDateStamp);
|
...
|
...
|
@@ -668,7 +670,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
|
668
|
668
|
uint32_t newesi, newedi, newebx, newedx;
|
669
|
669
|
|
670
|
670
|
if(ctx->limits && ctx->limits->maxfilesize && (ssize > ctx->limits->maxfilesize || dsize > ctx->limits->maxfilesize)) {
|
671
|
|
- cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize , ctx->limits->maxfilesize);
|
|
671
|
+ cli_dbgmsg("FSG: Sizes exceeded (ssize: %u, dsize: %u, max: %lu)\n", ssize, dsize , ctx->limits->maxfilesize);
|
672
|
672
|
free(section_hdr);
|
673
|
673
|
if(BLOCKMAX) {
|
674
|
674
|
*ctx->virname = "PE.FSG.ExceededFileSize";
|
...
|
...
|
@@ -827,7 +829,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
|
827
|
827
|
|
828
|
828
|
|
829
|
829
|
if(ctx->limits && ctx->limits->maxfilesize && (ssize > ctx->limits->maxfilesize || dsize > ctx->limits->maxfilesize)) {
|
830
|
|
- cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize, ctx->limits->maxfilesize);
|
|
830
|
+ cli_dbgmsg("FSG: Sizes exceeded (ssize: %u, dsize: %u, max: %lu)\n", ssize, dsize, ctx->limits->maxfilesize);
|
831
|
831
|
free(section_hdr);
|
832
|
832
|
if(BLOCKMAX) {
|
833
|
833
|
*ctx->virname = "PE.FSG.ExceededFileSize";
|
...
|
...
|
@@ -1049,7 +1051,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
|
1049
|
1049
|
}
|
1050
|
1050
|
|
1051
|
1051
|
if(ctx->limits && ctx->limits->maxfilesize && (ssize > ctx->limits->maxfilesize || dsize > ctx->limits->maxfilesize)) {
|
1052
|
|
- cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize, ctx->limits->maxfilesize);
|
|
1052
|
+ cli_dbgmsg("FSG: Sizes exceeded (ssize: %u, dsize: %u, max: %lu)\n", ssize, dsize, ctx->limits->maxfilesize);
|
1053
|
1053
|
free(section_hdr);
|
1054
|
1054
|
if(BLOCKMAX) {
|
1055
|
1055
|
*ctx->virname = "PE.FSG.ExceededFileSize";
|
...
|
...
|
@@ -1241,7 +1243,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
|
1241
|
1241
|
dsize = EC32(section_hdr[i].VirtualSize) + EC32(section_hdr[i + 1].VirtualSize);
|
1242
|
1242
|
|
1243
|
1243
|
if(ctx->limits && ctx->limits->maxfilesize && (ssize > ctx->limits->maxfilesize || dsize > ctx->limits->maxfilesize)) {
|
1244
|
|
- cli_dbgmsg("UPX: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize , ctx->limits->maxfilesize);
|
|
1244
|
+ cli_dbgmsg("UPX: Sizes exceeded (ssize: %u, dsize: %u, max: %lu)\n", ssize, dsize , ctx->limits->maxfilesize);
|
1245
|
1245
|
free(section_hdr);
|
1246
|
1246
|
if(BLOCKMAX) {
|
1247
|
1247
|
*ctx->virname = "PE.UPX.ExceededFileSize";
|
...
|
...
|
@@ -1263,6 +1265,13 @@ int cli_scanpe(int desc, cli_ctx *ctx)
|
1263
|
1263
|
return CL_EMEM;
|
1264
|
1264
|
}
|
1265
|
1265
|
|
|
1266
|
+ if(dsize > CLI_MAX_ALLOCATION) {
|
|
1267
|
+ cli_errmsg("UPX: Too big value of dsize\n");
|
|
1268
|
+ free(section_hdr);
|
|
1269
|
+ free(src);
|
|
1270
|
+ return CL_EMEM;
|
|
1271
|
+ }
|
|
1272
|
+
|
1266
|
1273
|
if((dest = (char *) cli_calloc(dsize + 1024 + nsections * 40, sizeof(char))) == NULL) {
|
1267
|
1274
|
free(section_hdr);
|
1268
|
1275
|
free(src);
|
...
|
...
|
@@ -1437,7 +1446,7 @@ int cli_scanpe(int desc, cli_ctx *ctx)
|
1437
|
1437
|
dsize = max - min;
|
1438
|
1438
|
|
1439
|
1439
|
if(ctx->limits && ctx->limits->maxfilesize && dsize > ctx->limits->maxfilesize) {
|
1440
|
|
- cli_dbgmsg("Petite: Size exceeded (dsize: %d, max: %lu)\n", dsize, ctx->limits->maxfilesize);
|
|
1440
|
+ cli_dbgmsg("Petite: Size exceeded (dsize: %u, max: %lu)\n", dsize, ctx->limits->maxfilesize);
|
1441
|
1441
|
free(section_hdr);
|
1442
|
1442
|
if(BLOCKMAX) {
|
1443
|
1443
|
*ctx->virname = "PE.Petite.ExceededFileSize";
|