Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 18:33:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

bb-11203: Cleaning up code to ensure explicit handling of case where segment command names are the same length as the name buffer.

Browse source
This commit is contained in:
Mickey Sola 2015-06-02 10:25:24 -04:00
parent 7600b5cf6b
commit 52ca4bacde
1 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
libclamav/macho.c
View file

@ -347,7 +347,7 @@ int cli_scanmacho(cli_ctx *ctx, struct cli_exe_info *fileinfo)
at += sizeof(segment_cmd64);
nsects = EC32(segment_cmd64.nsects, conv);
strncpy(name, segment_cmd64.segname, sizeof(name));
name[sizeof(name)-1] = '\0';
name[sizeof(name)-1] = '\0';
} else {
if(fmap_readn(map, &segment_cmd, at, sizeof(segment_cmd)) != sizeof(segment_cmd)) {
cli_dbgmsg("cli_scanmacho: Can't read segment command\n");
@ -357,9 +357,9 @@ int cli_scanmacho(cli_ctx *ctx, struct cli_exe_info *fileinfo)
at += sizeof(segment_cmd);
nsects = EC32(segment_cmd.nsects, conv);
strncpy(name, segment_cmd.segname, sizeof(name));
name[sizeof(name)-1] = '\0';
}
if(!matcher) {
name[sizeof(name)-1] = '\0';
cli_dbgmsg("MACHO: Segment name: %s\n", name);
cli_dbgmsg("MACHO: Number of sections: %u\n", nsects);
}
@ -393,6 +393,7 @@ int cli_scanmacho(cli_ctx *ctx, struct cli_exe_info *fileinfo)
section64.align = 1 << EC32(section64.align, conv);
sections[sect].rsz = sections[sect].vsz + (section64.align - (sections[sect].vsz % section64.align)) % section64.align; /* most likely we can assume it's the same as .vsz */
strncpy(name, section64.sectname, sizeof(name));
name[sizeof(name)-1] = '\0';
} else {
if(fmap_readn(map, &section, at, sizeof(section)) != sizeof(section)) {
cli_dbgmsg("cli_scanmacho: Can't read section\n");
@ -406,9 +407,9 @@ int cli_scanmacho(cli_ctx *ctx, struct cli_exe_info *fileinfo)
section.align = 1 << EC32(section.align, conv);
sections[sect].rsz = sections[sect].vsz + (section.align - (sections[sect].vsz % section.align)) % section.align;
strncpy(name, section.sectname, sizeof(name));
name[sizeof(name)-1] = '\0';
}
if(!matcher) {
name[sizeof(name)-1] = '\0';
cli_dbgmsg("MACHO: --- Section %u ---\n", sect);
cli_dbgmsg("MACHO: Name: %s\n", name);
cli_dbgmsg("MACHO: Virtual address: 0x%x\n", (unsigned int) sections[sect].rva);