Permalink
Browse files

libclamav: bb #7055

  • Loading branch information...
1 parent 24ff855 commit 270e368b99e93aa5447d46c797c92c3f9f39f375 @TheRaynMan TheRaynMan committed Apr 5, 2013
Showing with 24 additions and 10 deletions.
  1. +4 −4 NEWS
  2. +6 −0 README
  3. +14 −6 libclamav/pe.c
View
8 NEWS
@@ -1,8 +1,8 @@
-0.97.7
+0.97.8
------
-ClamAV 0.97.7 addresses several reported potential security bugs. Thanks to
-Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google Security
-Team for finding and reporting these issues.
+ClamAV 0.97.8 addresses several reported potential security bugs. Thanks to
+Felix Groebert of the Google Security Team for finding and reporting these
+issues.
--
The ClamAV team (http://www.clamav.net/team)
View
6 README
@@ -1,6 +1,12 @@
Note: This README/NEWS file refers to the source tarball. Some things described
here may not be available in binary packages.
--
+0.97.8
+------
+ClamAV 0.97.8 addresses several reported potential security bugs. Thanks to
+Felix Groebert of the Google Security Team for finding and reporting these
+issues.
+
0.97.7
------
ClamAV 0.97.7 addresses several reported potential security bugs. Thanks to
View
@@ -1868,13 +1868,21 @@ int cli_scanpe(cli_ctx *ctx)
if(epbuff[1] != '\xbe' || skew <= 0 || skew > 0xfff) { /* FIXME: legit skews?? */
skew = 0;
- if(upxfn(src, ssize, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >= 0)
- upx_success = 1;
-
- } else {
+ }
+ else if(skew > ssize) {
+ /* Ignore suggested skew larger than section size */
+ cli_dbgmsg("UPX: Ignoring bad skew of %d bytes\n", skew);
+ skew = 0;
+ }
+ else {
cli_dbgmsg("UPX: UPX1 seems skewed by %d bytes\n", skew);
- if(upxfn(src + skew, ssize - skew, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep-skew) >= 0 || upxfn(src, ssize, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >= 0)
- upx_success = 1;
+ }
+
+ if(upxfn(src + skew, ssize - skew, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep-skew) >= 0 || upxfn(src, ssize, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >= 0) {
+ upx_success = 1;
+ }
+ else if(skew && (upxfn(src, ssize, dest, &dsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >= 0)) {
+ upx_success = 1;
}
if(upx_success)

0 comments on commit 270e368

Please sign in to comment.