@@ -1,3 +1,9 @@

+Mon Mar 23 13:52:31 CET 2009 (tk)

+---------------------------------

+ * libclamunrar, libclamav: don't depend on the uncompressed size field

+			    in RAR headers (bb#1467)

+			    Reported by Thierry Zoller

+

 Mon Mar 23 13:12:08 EET 2009 (edwin)

 ------------------------------------

  * libclamav/mbox.c: fix extraction of embedded images (bb #1384).

@@ -319,12 +319,17 @@ static int cli_scanrar(int desc, cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_c

 		ret = CL_EUNPACK;

 	    break;

 	}

-	if((ret=cli_checklimits("RAR", ctx, rar_state.metadata_tail->unpack_size, rar_state.metadata_tail->pack_size, 0)!=CL_CLEAN)) {

+	if(ctx->engine->maxscansize && ctx->scansize >= ctx->engine->maxscansize) {

 	    free(rar_state.file_header->filename);

 	    free(rar_state.file_header);

 	    ret = CL_CLEAN;

-	    continue;

+	    break;

 	}

+	if(ctx->engine->maxscansize && ctx->scansize + ctx->engine->maxfilesize >= ctx->engine->maxscansize)

+	    rar_state.maxfilesize = ctx->engine->maxscansize - ctx->scansize;

+	else

+	    rar_state.maxfilesize = ctx->engine->maxfilesize;

+

 	ret = cli_unrar_extract_next(&rar_state,dir);

 	if(ret == UNRAR_OK)

 	    ret = CL_SUCCESS;

@@ -153,9 +153,18 @@ static void unp_write_data(unpack_data_t *unpack_data, uint8_t *data, int size)

 {

 	int ret;

 	rar_dbgmsg("in unp_write_data length=%d\n", size);

+

+	unpack_data->true_size += size;

+	unpack_data->unp_crc = rar_crc(unpack_data->unp_crc, data, size);

+	if(unpack_data->max_size) {

+	    if(unpack_data->written_size >= unpack_data->max_size)

+		return;

+

+	    if(unpack_data->written_size + size > unpack_data->max_size)

+		size = unpack_data->max_size - unpack_data->written_size;

+	}

 	if((ret = write(unpack_data->ofd, data, size)) > 0)

 	    unpack_data->written_size += ret;

-	unpack_data->unp_crc = rar_crc(unpack_data->unp_crc, data, size);

 }

 static void unp_write_area(unpack_data_t *unpack_data, unsigned int start_ptr, unsigned int end_ptr)

@@ -827,6 +836,7 @@ void rar_unpack_init_data(int solid, unpack_data_t *unpack_data)

 	unpack_data->read_top = 0;

 	unpack_data->read_border = 0;

 	unpack_data->written_size = 0;

+	unpack_data->true_size = 0;

 	rarvm_init(&unpack_data->rarvm_data);

 	unpack_data->unp_crc = 0xffffffff;

@@ -1067,7 +1077,6 @@ static int rar_unpack29(int fd, int solid, unpack_data_t *unpack_data)

 	if (retval) {

 		unp_write_buf(unpack_data);

 	}

-	rar_dbgmsg("Finished length: %ld\n", unpack_data->written_size);

 	return retval;

 }

@@ -1094,5 +1103,8 @@ int rar_unpack(int fd, int method, int solid, unpack_data_t *unpack_data)

 		}

 		break;

 	}

+	rar_dbgmsg("Written size: %ld\n", unpack_data->written_size);

+	rar_dbgmsg("True size: %ld\n", unpack_data->true_size);

+

 	return retval;

 }

@@ -217,6 +217,8 @@ typedef struct unpack_data_tag

 	int *old_filter_lengths;

 	int last_filter, old_filter_lengths_size;

 	int64_t written_size;

+	int64_t true_size;

+	int64_t max_size;

 	int64_t dest_unp_size;

 	rarvm_data_t rarvm_data;

 	unsigned int unp_crc;

@@ -308,6 +308,7 @@ int unrar_open(int fd, const char *dirname, unrar_state_t *state)

     unpack_data->PrgStack.array = unpack_data->Filters.array = NULL;

     unpack_data->PrgStack.num_items = unpack_data->Filters.num_items = 0;

     unpack_data->unp_crc = 0xffffffff;

+    unpack_data->max_size = 0;

     ppm_constructor(&unpack_data->ppm_data);

@@ -391,6 +392,7 @@ int unrar_extract_next_prepare(unrar_state_t *state, const char *dirname)

     new_metadata->pack_size = state->file_header->high_pack_size * 0x100000000ULL + state->file_header->pack_size;

     new_metadata->unpack_size = state->file_header->high_unpack_size * 0x100000000ULL + state->file_header->unpack_size;

+    new_metadata->unpack_size = state->file_header->unpack_size;

     new_metadata->crc = state->file_header->file_crc;

     new_metadata->method = state->file_header->method;

     new_metadata->filename = strdup((const char*)state->file_header->filename);

@@ -473,6 +475,7 @@ int unrar_extract_next(unrar_state_t *state, const char *dirname)

 	}

 	unpack_data = (unpack_data_t *) state->unpack_data;

 	state->ofd = unpack_data->ofd = ofd;

+	unpack_data->max_size = state->maxfilesize;

 	if(state->file_header->method == 0x30) {

 	    unrar_dbgmsg("UNRAR: Copying stored file (not packed)\n");

 	    copy_file_data(state->fd, ofd, state->file_header->pack_size);

@@ -110,6 +110,7 @@ typedef struct unrar_state_tag {

     unrar_main_header_t *main_hdr;

     char *comment_dir;

     unsigned long file_count;

+    uint64_t maxfilesize;

     int fd, ofd;

     char filename[1024];

 } unrar_state_t;