Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 138927 Details for
Bug 202762
app-antivirus/clamav < 0.91.2-r1 Multiple vulnerabilities (CVE-2007-{6335,6336,6337})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
clamav-0.91.2-CVE-2007-5759.patch
clamav-0.91.2-CVE-2007-5759.patch (text/plain), 1.81 KB, created by
Robert Buchholz (RETIRED)
on 2007-12-19 23:18:18 UTC
(
hide
)
Description:
clamav-0.91.2-CVE-2007-5759.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2007-12-19 23:18:18 UTC
Size:
1.81 KB
patch
obsolete
>Thu Dec 6 15:22:27 CET 2007 (tk) >--------------------------------- > * libclamav/pe.c: fix possible integer overflow in MEW related code > Reported by iDefense [IDEF2842] > > Backported by <sgran@debian.org> > > SVN r3376 > >Index: clamav-0.91.2/libclamav/pe.c >=================================================================== >--- clamav-0.91.2.orig/libclamav/pe.c >+++ clamav-0.91.2/libclamav/pe.c >@@ -80,6 +80,18 @@ > #define PEALIGN(o,a) (((a))?(((o)/(a))*(a)):(o)) > #define PESALIGN(o,a) (((a))?(((o)/(a)+((o)%(a)!=0))*(a)):(o)) > >+#define CLI_UNPSIZELIMITS(NAME,CHK) \ >+if(ctx->limits && ctx->limits->maxfilesize && (CHK) > ctx->limits->maxfilesize) { \ >+ cli_dbgmsg(NAME": Sizes exceeded (%lu > %lu)\n", (CHK), ctx->limits->maxfilesize); \ >+ free(exe_sections); \ >+ if(BLOCKMAX) { \ >+ *ctx->virname = "PE."NAME".ExceededFileSize"; \ >+ return CL_VIRUS; \ >+ } else { \ >+ return CL_CLEAN; \ >+ } \ >+} >+ > extern short cli_leavetemps_flag; > > struct offset_list { >@@ -1153,16 +1165,9 @@ int cli_scanpe(int desc, cli_ctx *ctx) > dsize = exe_sections[i].vsz; > > cli_dbgmsg("MEW: ssize %08x dsize %08x offdiff: %08x\n", ssize, dsize, offdiff); >- if(ctx->limits && ctx->limits->maxfilesize && (ssize + dsize > ctx->limits->maxfilesize || exe_sections[i + 1].rsz > ctx->limits->maxfilesize)) { >- cli_dbgmsg("MEW: Sizes exceeded (ssize: %u, dsize: %u, max: %lu)\n", ssize, dsize , ctx->limits->maxfilesize); >- free(exe_sections); >- if(BLOCKMAX) { >- *ctx->virname = "PE.MEW.ExceededFileSize"; >- return CL_VIRUS; >- } else { >- return CL_CLEAN; >- } >- } >+ >+ CLI_UNPSIZELIMITS("MEW", MAX(ssize, dsize)); >+ CLI_UNPSIZELIMITS("MEW", MAX(ssize + dsize, exe_sections[i + 1].rsz)); > > /* allocate needed buffer */ > if (!(src = cli_calloc (ssize + dsize, sizeof(char)))) {
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 202762
: 138927 |
138929
|
138930