Browse code
improve scanning of handcrafted/broken files
| ... | ... |
@@ -126,6 +126,7 @@ static int sis_extract_simple(int fd, char *mfile, uint32_t length, uint32_t off |
| 126 | 126 |
case 0x02: |
| 127 | 127 |
cli_dbgmsg("SIS: File type: Component file\n");
|
| 128 | 128 |
typedir = "component"; |
| 129 |
+ get_dname = 0; |
|
| 129 | 130 |
break; |
| 130 | 131 |
case 0x03: |
| 131 | 132 |
cli_dbgmsg("SIS: File type: Run file\n");
|
| ... | ... |
@@ -274,11 +275,12 @@ static int sis_extract_simple(int fd, char *mfile, uint32_t length, uint32_t off |
| 274 | 274 |
free(fname); |
| 275 | 275 |
return CL_VIRUS; |
| 276 | 276 |
} |
| 277 |
- free(subdir); |
|
| 278 |
- free(fname); |
|
| 279 |
- return CL_EFORMAT; |
|
| 277 |
+ /* osize is not reliable so continue */ |
|
| 280 | 278 |
} |
| 281 | 279 |
|
| 280 |
+ if((osize <= 3 * csize) || (ctx->limits && ctx->limits->maxfilesize && osize > ctx->limits->maxfilesize)) |
|
| 281 |
+ osize = 3 * csize; |
|
| 282 |
+ |
|
| 282 | 283 |
if(!(buff = cli_malloc((size_t) osize))) {
|
| 283 | 284 |
cli_errmsg("SIS: sis_extract_simple: Can't allocate decompression buffer\n");
|
| 284 | 285 |
free(subdir); |
| ... | ... |
@@ -294,6 +296,11 @@ static int sis_extract_simple(int fd, char *mfile, uint32_t length, uint32_t off |
| 294 | 294 |
return CL_EIO; |
| 295 | 295 |
} |
| 296 | 296 |
|
| 297 |
+ if(osize != (uLongf) filelen) {
|
|
| 298 |
+ cli_dbgmsg("SIS: WARNING: Real original size: %u\n", osize);
|
|
| 299 |
+ filelen = (uint32_t) osize; |
|
| 300 |
+ } |
|
| 301 |
+ |
|
| 297 | 302 |
} else {
|
| 298 | 303 |
buff = mfile + fileoff; |
| 299 | 304 |
} |