Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 10:23:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

libclamav/special.c: respect recursion limits in cli_check_jpeg_exploit() (bb#1266)

Browse source 
git-svn: trunk@4483
This commit is contained in:
Tomasz Kojm 2008-11-26 13:02:37 +00:00
parent 06be0521fe
commit be63d0adc5
4 changed files with 23 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -1,3 +1,8 @@
Wed Nov 26 14:04:33 CET 2008 (tk)
---------------------------------
* libclamav/special.c: respect recursion limits in cli_check_jpeg_exploit()
(bb#1266)
Tue Nov 25 21:51:30 CET 2008 (tk)
---------------------------------
* freshclam/manager.c: in non-dns mode use date from cvd header instead of

8
libclamav/scanners.c
View file

@ -1323,13 +1323,13 @@ static int cli_scanriff(int desc, const char **virname)
return ret;
}
static int cli_scanjpeg(int desc, const char **virname)
static int cli_scanjpeg(int desc, cli_ctx *ctx)
{
int ret = CL_CLEAN;
if(cli_check_jpeg_exploit(desc) == 1) {
if(cli_check_jpeg_exploit(desc, ctx) == 1) {
ret = CL_VIRUS;
*virname = "Exploit.W32.MS04-028";
*ctx->virname = "Exploit.W32.MS04-028";
}
return ret;
@ -2000,7 +2000,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
case CL_TYPE_GRAPHICS:
if(SCAN_ALGO && (DCONF_OTHER & OTHER_CONF_JPEG))
ret = cli_scanjpeg(desc, ctx->virname);
ret = cli_scanjpeg(desc, ctx);
break;
case CL_TYPE_PDF: /* FIXMELIMITS: pdf should be an archive! */

18
libclamav/special.c
View file

@ -85,7 +85,7 @@ int cli_check_mydoom_log(int desc, const char **virname)
return retval;
}
static int jpeg_check_photoshop_8bim(int fd)
static int jpeg_check_photoshop_8bim(int fd, cli_ctx *ctx)
{
unsigned char bim[5];
uint16_t id, ntmp;
@ -140,7 +140,7 @@ static int jpeg_check_photoshop_8bim(int fd)
/* Jump past header */
lseek(fd, 28, SEEK_CUR);
retval = cli_check_jpeg_exploit(fd);
retval = cli_check_jpeg_exploit(fd, ctx);
if (retval == 1) {
cli_dbgmsg("Exploit found in thumbnail\n");
}
@ -149,7 +149,7 @@ static int jpeg_check_photoshop_8bim(int fd)
return retval;
}
static int jpeg_check_photoshop(int fd)
static int jpeg_check_photoshop(int fd, cli_ctx *ctx)
{
int retval;
unsigned char buffer[14];
@ -166,7 +166,7 @@ static int jpeg_check_photoshop(int fd)
cli_dbgmsg("Found Photoshop segment\n");
do {
old = lseek(fd, 0, SEEK_CUR);
retval = jpeg_check_photoshop_8bim(fd);
retval = jpeg_check_photoshop_8bim(fd, ctx);
new = lseek(fd, 0, SEEK_CUR);
if(new <= old)
break;
@ -178,7 +178,7 @@ static int jpeg_check_photoshop(int fd)
return retval;
}
int cli_check_jpeg_exploit(int fd)
int cli_check_jpeg_exploit(int fd, cli_ctx *ctx)
{
unsigned char buffer[4];
off_t offset;
@ -186,6 +186,8 @@ int cli_check_jpeg_exploit(int fd)
cli_dbgmsg("in cli_check_jpeg_exploit()\n");
if(ctx->recursion > ctx->engine->maxreclevel)
return CL_EMAXREC;
if (cli_readn(fd, buffer, 2) != 2) {
return 0;
@ -229,9 +231,11 @@ int cli_check_jpeg_exploit(int fd)
if (buffer[1] == 0xed) {
/* Possible Photoshop file */
if ((retval=jpeg_check_photoshop(fd)) != 0) {
ctx->recursion++;
retval=jpeg_check_photoshop(fd, ctx);
ctx->recursion--;
if (retval != 0)
return retval;
}
}
if (lseek(fd, offset, SEEK_SET) != offset) {

4
libclamav/special.h
View file

@ -21,8 +21,10 @@
#ifndef __SPECIAL_H
#define __SPECIAL_H
#include "others.h"
int cli_check_mydoom_log(int desc, const char **virname);
int cli_check_jpeg_exploit(int fd);
int cli_check_jpeg_exploit(int fd, cli_ctx *ctx);
int cli_check_riff_exploit(int fd);
#endif