July 16, 2019
View 0ba5d6f

Updates the NEWS.md document with libmspack update notes.

Micah Snyder authored on 2019/07/16 21:45:19
View ea08301

Updated libmspack 0.8alpha to 0.10.1alpha. Only different from vanilla is that we add a config.h.in file.

Micah Snyder (micasnyd) authored on 2019/07/16 04:24:06
July 15, 2019
View f590da0

Removed exported but unused symbols from .map files due to complaints by the compiler on Solaris 11, gcc 7.

Micah Snyder authored on 2019/07/15 00:38:55
July 13, 2019
View dcd26ea

Adds detection and heuristic alert for zips with overlapping files, preventing extraction of non-recursive zip bombs.

Micah Snyder authored on 2019/07/13 10:09:45
View 7f92726

Bumped version number to 0.101.3.

Micah Snyder authored on 2019/07/13 06:16:42
March 14, 2019
View 5e0e479

Incremented version numbers and functionality level for 0.101.2 patch release. Added release notes to NEWS.md

Micah Snyder (micasnyd) authored on 2019/03/14 03:19:08
March 7, 2019
View afb25cd

Correction to cli_vba_scandir to account for change from 0-indexed to 1-indexed hash counts, and to remove extraneous hashcnt--, an oversite from the commit fixing fuzz - 12166.

Micah Snyder authored on 2019/03/07 10:46:00
March 6, 2019
View e010ed3

Clean up of PDF object finding logic. Changes include recording object sizes as objects are found, identifying object streams in the object parsing section instead of the PDF parsing section, and limiting of stream and other object parsing to the size of the object instead of the size of the PDF. It is also easier to read and includes more inline documentation.

Micah Snyder authored on 2019/03/06 11:15:41
March 3, 2019
View 40e79bf


Micah Snyder authored on 2019/03/03 06:34:54
View 9180468

bb12284 - Fix to prevent path traversal when using cli_genfname() to generate filenames that may retain path and filename information. Changed scanrar so that it will no longer retain path information for extracted files.

Micah Snyder authored on 2019/03/03 03:05:17
February 18, 2019
View 5d319bc

Makefile changes for fuzz make targets to fix distcheck.

Micah Snyder authored on 2019/02/18 06:11:59
February 10, 2019
View 6bbe910

fuzz - 12124 - Added missing hash cleanup checks in Xx decoder.

Micah Snyder authored on 2019/02/10 15:22:03
February 3, 2019
View 5f4132b

fuzz - 12178 - Correction to LZW inflate algorithm where left-shift of a larger value would have have been too large for signed long.

Micah Snyder authored on 2019/02/03 08:59:10
View f1d82e2

fuzz - 12156 - Explicit cast to unsigned 32bit int because a signed int could not hold 0xffff << 16 bits.

Micah Snyder authored on 2019/02/03 04:29:53
January 31, 2019
View 75fa861

bb12262 - Fix to address potential use-after-free bug in scanner code relating to the filenames for nested files.

Micah Snyder authored on 2019/01/31 05:01:59