... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Fri Nov 4 00:52:21 CET 2011 (acab) |
|
2 |
+----------------------------------- |
|
3 |
+ * libclamav/pe.c: parse vinfo where varfileinfo occours before stringfileinfo |
|
4 |
+ (bb#3062) |
|
5 |
+ |
|
1 | 6 |
Fri Mar 2 19:48:36 CET 2012 (tk) |
2 | 7 |
--------------------------------- |
3 | 8 |
* clamd: add support for on-access scanning on OS X with ClamAuth (beta) |
... | ... |
@@ -2506,7 +2506,7 @@ int cli_peheader(fmap_t *map, struct cli_exe_info *peinfo) |
2506 | 2506 |
continue; |
2507 | 2507 |
|
2508 | 2508 |
while(res_sz>4) { /* look for version_info - NOT RESUMABLE (expecting exactly one versioninfo) */ |
2509 |
- uint32_t vinfo_sz, vinfo_val_sz; |
|
2509 |
+ uint32_t vinfo_sz, vinfo_val_sz, got_varfileinfo = 0; |
|
2510 | 2510 |
|
2511 | 2511 |
vinfo_sz = vinfo_val_sz = cli_readint32(vptr); |
2512 | 2512 |
vinfo_sz &= 0xffff; |
... | ... |
@@ -2535,7 +2535,14 @@ int cli_peheader(fmap_t *map, struct cli_exe_info *peinfo) |
2535 | 2535 |
if(sfi_sz > vinfo_sz) |
2536 | 2536 |
break; /* the content is larger than the container */ |
2537 | 2537 |
|
2538 |
- /* expecting stringfileinfo to always precede varfileinfo */ |
|
2538 |
+ if(!got_varfileinfo && sfi_sz > 6 + 0x18 && !memcmp(vptr+6, "V\0a\0r\0F\0i\0l\0e\0I\0n\0f\0o\0\0\0", 0x18)) { |
|
2539 |
+ /* skip varfileinfo as it sometimes appear before stringtableinfo */ |
|
2540 |
+ vptr += sfi_sz; |
|
2541 |
+ vinfo_sz -= sfi_sz; |
|
2542 |
+ got_varfileinfo = 1; |
|
2543 |
+ continue; |
|
2544 |
+ } |
|
2545 |
+ |
|
2539 | 2546 |
if(sfi_sz <= 6 + 0x1e || memcmp(vptr+6, "S\0t\0r\0i\0n\0g\0F\0i\0l\0e\0I\0n\0f\0o\0\0\0", 0x1e)) { |
2540 | 2547 |
/* - there should be enough room for the header(6) and the key "StringFileInfo"(1e) |
2541 | 2548 |
* - the key should match */ |