Browse code
fix leak in cli_unrar_extract_next_prepare (bb#352)
| ... | ... |
@@ -1,3 +1,8 @@ |
| 1 |
+Wed Feb 28 21:55:22 CET 2007 (tk) |
|
| 2 |
+--------------------------------- |
|
| 3 |
+ * libclamav/unrar/unrar.c: fix leak in cli_unrar_extract_next_prepare (bb#352) |
|
| 4 |
+ Patch from Edwin |
|
| 5 |
+ |
|
| 1 | 6 |
Wed Feb 28 21:48:59 CET 2007 (tk) |
| 2 | 7 |
--------------------------------- |
| 3 | 8 |
* libclamav/unrar/unrar.c: fix rarvm memory leak (bb#350), patch from Edwin |
| ... | ... |
@@ -1550,57 +1550,57 @@ int cli_unrar_extract_next_prepare(rar_state_t* state,const char* dirname) |
| 1550 | 1550 |
|
| 1551 | 1551 |
rar_metadata_t *new_metadata; |
| 1552 | 1552 |
state->file_header = read_block(state->fd, FILE_HEAD); |
| 1553 |
- if (!state->file_header) {
|
|
| 1553 |
+ if (!state->file_header) {
|
|
| 1554 | 1554 |
return CL_BREAK;/* end of archive */ |
| 1555 |
- } |
|
| 1556 |
- new_metadata = cli_malloc(sizeof(rar_metadata_t)); |
|
| 1557 |
- if (!new_metadata) {
|
|
| 1555 |
+ } |
|
| 1556 |
+ new_metadata = cli_malloc(sizeof(rar_metadata_t)); |
|
| 1557 |
+ if (!new_metadata) {
|
|
| 1558 | 1558 |
return CL_EMEM; |
| 1559 |
- } |
|
| 1560 |
- new_metadata->pack_size = state->file_header->high_pack_size * 0x100000000 + state->file_header->pack_size; |
|
| 1561 |
- new_metadata->unpack_size = state->file_header->high_unpack_size * 0x100000000 + state->file_header->unpack_size; |
|
| 1562 |
- new_metadata->crc = state->file_header->file_crc; |
|
| 1563 |
- new_metadata->method = state->file_header->method; |
|
| 1564 |
- new_metadata->filename = cli_strdup(state->file_header->filename); |
|
| 1565 |
- new_metadata->next = NULL; |
|
| 1566 |
- new_metadata->encrypted = FALSE; |
|
| 1559 |
+ } |
|
| 1560 |
+ new_metadata->pack_size = state->file_header->high_pack_size * 0x100000000 + state->file_header->pack_size; |
|
| 1561 |
+ new_metadata->unpack_size = state->file_header->high_unpack_size * 0x100000000 + state->file_header->unpack_size; |
|
| 1562 |
+ new_metadata->crc = state->file_header->file_crc; |
|
| 1563 |
+ new_metadata->method = state->file_header->method; |
|
| 1564 |
+ new_metadata->filename = cli_strdup(state->file_header->filename); |
|
| 1565 |
+ new_metadata->next = NULL; |
|
| 1566 |
+ new_metadata->encrypted = FALSE; |
|
| 1567 | 1567 |
if (state->metadata_tail == NULL) {
|
| 1568 | 1568 |
state->metadata_tail = state->metadata = new_metadata; |
| 1569 |
- } else {
|
|
| 1569 |
+ } else {
|
|
| 1570 | 1570 |
state->metadata_tail->next = new_metadata; |
| 1571 | 1571 |
state->metadata_tail = new_metadata; |
| 1572 |
- } |
|
| 1573 |
- if (state->file_header->flags & LHD_COMMENT) {
|
|
| 1574 |
- comment_header_t *comment_header; |
|
| 1575 |
- |
|
| 1576 |
- cli_dbgmsg("File comment present\n");
|
|
| 1572 |
+ } |
|
| 1573 |
+ if (state->file_header->flags & LHD_COMMENT) {
|
|
| 1574 |
+ comment_header_t *comment_header; |
|
| 1575 |
+ |
|
| 1576 |
+ cli_dbgmsg("File comment present\n");
|
|
| 1577 | 1577 |
comment_header = read_header(state->fd, COMM_HEAD); |
| 1578 |
- if (comment_header) {
|
|
| 1579 |
- cli_dbgmsg("Comment type: 0x%.2x\n", comment_header->head_type);
|
|
| 1580 |
- cli_dbgmsg("Head size: 0x%.4x\n", comment_header->head_size);
|
|
| 1581 |
- cli_dbgmsg("UnPack Size: 0x%.4x\n", comment_header->unpack_size);
|
|
| 1582 |
- cli_dbgmsg("UnPack Version: 0x%.2x\n", comment_header->unpack_ver);
|
|
| 1583 |
- cli_dbgmsg("Pack Method: 0x%.2x\n", comment_header->method);
|
|
| 1584 |
- |
|
| 1585 |
- if ((comment_header->unpack_ver < 15) || (comment_header->unpack_ver > 29) || |
|
| 1586 |
- (comment_header->method > 0x30)) {
|
|
| 1587 |
- cli_dbgmsg("Can't process file comment - skipping\n");
|
|
| 1588 |
- } else {
|
|
| 1578 |
+ if (comment_header) {
|
|
| 1579 |
+ cli_dbgmsg("Comment type: 0x%.2x\n", comment_header->head_type);
|
|
| 1580 |
+ cli_dbgmsg("Head size: 0x%.4x\n", comment_header->head_size);
|
|
| 1581 |
+ cli_dbgmsg("UnPack Size: 0x%.4x\n", comment_header->unpack_size);
|
|
| 1582 |
+ cli_dbgmsg("UnPack Version: 0x%.2x\n", comment_header->unpack_ver);
|
|
| 1583 |
+ cli_dbgmsg("Pack Method: 0x%.2x\n", comment_header->method);
|
|
| 1584 |
+ |
|
| 1585 |
+ if ((comment_header->unpack_ver < 15) || (comment_header->unpack_ver > 29) || |
|
| 1586 |
+ (comment_header->method > 0x30)) {
|
|
| 1587 |
+ cli_dbgmsg("Can't process file comment - skipping\n");
|
|
| 1588 |
+ } else {
|
|
| 1589 | 1589 |
snprintf(filename, 1024, "%s/%lu.cmt", state->comment_dir, state->file_count); |
| 1590 |
- ofd = open(filename, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, 0600); |
|
| 1591 |
- if (ofd < 0) {
|
|
| 1592 |
- free(comment_header); |
|
| 1593 |
- cli_dbgmsg("ERROR: Failed to open output file\n");
|
|
| 1594 |
- } else {
|
|
| 1595 |
- cli_dbgmsg("Copying file comment (not packed)\n");
|
|
| 1590 |
+ ofd = open(filename, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, 0600); |
|
| 1591 |
+ if (ofd < 0) {
|
|
| 1592 |
+ free(comment_header); |
|
| 1593 |
+ cli_dbgmsg("ERROR: Failed to open output file\n");
|
|
| 1594 |
+ } else {
|
|
| 1595 |
+ cli_dbgmsg("Copying file comment (not packed)\n");
|
|
| 1596 | 1596 |
copy_file_data(state->fd, ofd, comment_header->unpack_size); |
| 1597 |
- close(ofd); |
|
| 1598 |
- } |
|
| 1597 |
+ close(ofd); |
|
| 1599 | 1598 |
} |
| 1600 |
- free(comment_header); |
|
| 1601 | 1599 |
} |
| 1600 |
+ free(comment_header); |
|
| 1602 | 1601 |
} |
| 1603 |
- return CL_SUCCESS; |
|
| 1602 |
+ } |
|
| 1603 |
+ return CL_SUCCESS; |
|
| 1604 | 1604 |
} |
| 1605 | 1605 |
|
| 1606 | 1606 |
int cli_unrar_extract_next(rar_state_t* state,const char* dirname) |
| ... | ... |
@@ -1609,72 +1609,78 @@ int cli_unrar_extract_next(rar_state_t* state,const char* dirname) |
| 1609 | 1609 |
int retval; |
| 1610 | 1610 |
|
| 1611 | 1611 |
if (lseek(state->fd, state->file_header->start_offset+state->file_header->head_size, SEEK_SET) != |
| 1612 |
- state->file_header->start_offset+state->file_header->head_size) {
|
|
| 1612 |
+ state->file_header->start_offset+state->file_header->head_size) {
|
|
| 1613 | 1613 |
cli_dbgmsg("Seek failed: %ld\n", state->offset+state->file_header->head_size);
|
| 1614 |
- free(state->file_header->filename); |
|
| 1615 |
- free(state->file_header); |
|
| 1614 |
+ free(state->file_header->filename); |
|
| 1615 |
+ free(state->file_header); |
|
| 1616 | 1616 |
return CL_ERAR; |
| 1617 |
- } |
|
| 1618 |
- if (state->file_header->flags & LHD_PASSWORD) {
|
|
| 1619 |
- cli_dbgmsg("PASSWORDed file: %s\n", state->file_header->filename);
|
|
| 1617 |
+ } |
|
| 1618 |
+ if (state->file_header->flags & LHD_PASSWORD) {
|
|
| 1619 |
+ cli_dbgmsg("PASSWORDed file: %s\n", state->file_header->filename);
|
|
| 1620 | 1620 |
state->metadata_tail->encrypted = TRUE; |
| 1621 |
- } else /*if (file_header->unpack_size)*/ {
|
|
| 1621 |
+ } else /*if (file_header->unpack_size)*/ {
|
|
| 1622 | 1622 |
snprintf(state->filename, 1024, "%s/%lu.ura", dirname, state->file_count); |
| 1623 | 1623 |
ofd = open(state->filename, O_RDWR|O_CREAT|O_TRUNC|O_BINARY, 0600); |
| 1624 |
- if (ofd < 0) {
|
|
| 1625 |
- free(state->file_header->filename); |
|
| 1626 |
- free(state->file_header); |
|
| 1627 |
- cli_dbgmsg("ERROR: Failed to open output file\n");
|
|
| 1624 |
+ if (ofd < 0) {
|
|
| 1625 |
+ free(state->file_header->filename); |
|
| 1626 |
+ free(state->file_header); |
|
| 1627 |
+ cli_dbgmsg("ERROR: Failed to open output file\n");
|
|
| 1628 | 1628 |
return CL_EOPEN; |
| 1629 |
- } |
|
| 1629 |
+ } |
|
| 1630 | 1630 |
state->unpack_data->ofd = ofd; |
| 1631 |
- if (state->file_header->method == 0x30) {
|
|
| 1632 |
- cli_dbgmsg("Copying stored file (not packed)\n");
|
|
| 1631 |
+ if (state->file_header->method == 0x30) {
|
|
| 1632 |
+ cli_dbgmsg("Copying stored file (not packed)\n");
|
|
| 1633 | 1633 |
copy_file_data(state->fd, ofd, state->file_header->pack_size); |
| 1634 |
- } else {
|
|
| 1634 |
+ } else {
|
|
| 1635 | 1635 |
state->unpack_data->dest_unp_size = state->file_header->unpack_size; |
| 1636 | 1636 |
state->unpack_data->pack_size = state->file_header->pack_size; |
| 1637 |
- if (state->file_header->unpack_ver <= 15) {
|
|
| 1637 |
+ if (state->file_header->unpack_ver <= 15) {
|
|
| 1638 | 1638 |
retval = rar_unpack(state->fd, 15, (state->file_count>1) && |
| 1639 | 1639 |
((state->main_hdr->flags&MHD_SOLID)!=0), state->unpack_data); |
| 1640 |
- } else {
|
|
| 1640 |
+ } else {
|
|
| 1641 | 1641 |
if ((state->file_count == 1) && (state->file_header->flags & LHD_SOLID)) {
|
| 1642 |
- cli_warnmsg("RAR: First file can't be SOLID.\n");
|
|
| 1642 |
+ cli_warnmsg("RAR: First file can't be SOLID.\n");
|
|
| 1643 |
+ |
|
| 1644 |
+ free(state->file_header->filename); |
|
| 1645 |
+ free(state->file_header); |
|
| 1643 | 1646 |
return CL_ERAR; |
| 1644 |
- } else {
|
|
| 1647 |
+ } else {
|
|
| 1645 | 1648 |
retval = rar_unpack(state->fd, state->file_header->unpack_ver, |
| 1646 | 1649 |
state->file_header->flags & LHD_SOLID, state->unpack_data); |
| 1647 |
- } |
|
| 1648 | 1650 |
} |
| 1649 |
- cli_dbgmsg("Expected File CRC: 0x%x\n", state->file_header->file_crc);
|
|
| 1651 |
+ } |
|
| 1652 |
+ cli_dbgmsg("Expected File CRC: 0x%x\n", state->file_header->file_crc);
|
|
| 1650 | 1653 |
cli_dbgmsg("Computed File CRC: 0x%x\n", state->unpack_data->unp_crc^0xffffffff);
|
| 1651 | 1654 |
if (state->unpack_data->unp_crc != 0xffffffff) {
|
| 1652 | 1655 |
if (state->file_header->file_crc != (state->unpack_data->unp_crc^0xffffffff)) {
|
| 1653 |
- cli_warnmsg("RAR CRC error. Please report the bug at http://bugs.clamav.net/\n");
|
|
| 1654 |
- } |
|
| 1656 |
+ cli_warnmsg("RAR CRC error. Please report the bug at http://bugs.clamav.net/\n");
|
|
| 1655 | 1657 |
} |
| 1656 |
- if (!retval) {
|
|
| 1657 |
- cli_dbgmsg("Corrupt file detected\n");
|
|
| 1658 |
- if (state->file_header->flags & LHD_SOLID) {
|
|
| 1659 |
- cli_dbgmsg("SOLID archive, can't continue\n");
|
|
| 1658 |
+ } |
|
| 1659 |
+ if (!retval) {
|
|
| 1660 |
+ cli_dbgmsg("Corrupt file detected\n");
|
|
| 1661 |
+ if (state->file_header->flags & LHD_SOLID) {
|
|
| 1662 |
+ cli_dbgmsg("SOLID archive, can't continue\n");
|
|
| 1663 |
+ free(state->file_header->filename); |
|
| 1664 |
+ free(state->file_header); |
|
| 1665 |
+ |
|
| 1660 | 1666 |
return CL_ERAR; |
| 1661 |
- } |
|
| 1662 | 1667 |
} |
| 1663 | 1668 |
} |
| 1664 |
- |
|
| 1665 | 1669 |
} |
| 1670 |
+ |
|
| 1671 |
+ } |
|
| 1666 | 1672 |
if (lseek(state->fd, state->file_header->next_offset, SEEK_SET) != state->file_header->next_offset) {
|
| 1667 |
- cli_dbgmsg("ERROR: seek failed: %ld\n", state->file_header->next_offset);
|
|
| 1668 |
- free(state->file_header->filename); |
|
| 1669 |
- free(state->file_header); |
|
| 1670 |
- return CL_ERAR; |
|
| 1671 |
- } |
|
| 1673 |
+ cli_dbgmsg("ERROR: seek failed: %ld\n", state->file_header->next_offset);
|
|
| 1672 | 1674 |
free(state->file_header->filename); |
| 1673 | 1675 |
free(state->file_header); |
| 1676 |
+ return CL_ERAR; |
|
| 1677 |
+ } |
|
| 1678 |
+ free(state->file_header->filename); |
|
| 1679 |
+ free(state->file_header); |
|
| 1674 | 1680 |
unpack_free_data(state->unpack_data); |
| 1675 | 1681 |
state->file_count++; |
| 1676 | 1682 |
return CL_SUCCESS; |
| 1677 |
- } |
|
| 1683 |
+} |
|
| 1678 | 1684 |
|
| 1679 | 1685 |
void cli_unrar_close(rar_state_t* state) |
| 1680 | 1686 |
{
|