Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 18:33:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

respect CL_SCAN_BLOCKMAX

Browse source 
git-svn: trunk@1763
This commit is contained in:
Tomasz Kojm 2005-11-17 12:54:14 +00:00
parent 042d65a3c0
commit ec99a10fbe
2 changed files with 47 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

4
clamav-devel/ChangeLog
View file

@ -1,3 +1,7 @@
Thu Nov 17 13:52:43 CET 2005 (tk)
---------------------------------
* libclamav/pe.c: respect CL_SCAN_BLOCKMAX
Wed Nov 16 18:47:31 CET 2005 (tk) Wed Nov 16 18:47:31 CET 2005 (tk)
--------------------------------- ---------------------------------
* libclamav/zziplib: improve handling of incorrectly created/handcrafted zip * libclamav/zziplib: improve handling of incorrectly created/handcrafted zip

50
clamav-devel/libclamav/pe.c
View file

@ -50,6 +50,7 @@
#define IMAGE_OPTIONAL_SIGNATURE 0x010b #define IMAGE_OPTIONAL_SIGNATURE 0x010b
#define DETECT_BROKEN (options & CL_SCAN_BLOCKBROKEN) #define DETECT_BROKEN (options & CL_SCAN_BLOCKBROKEN)
#define BLOCKMAX (options & CL_SCAN_BLOCKMAX)
#define UPX_NRV2B "\x11\xdb\x11\xc9\x01\xdb\x75\x07\x8b\x1e\x83\xee\xfc\x11\xdb\x11\xc9\x11\xc9\x75\x20\x41\x01\xdb" #define UPX_NRV2B "\x11\xdb\x11\xc9\x01\xdb\x75\x07\x8b\x1e\x83\xee\xfc\x11\xdb\x11\xc9\x11\xc9\x75\x20\x41\x01\xdb"
#define UPX_NRV2D "\x83\xf0\xff\x74\x78\xd1\xf8\x89\xc5\xeb\x0b\x01\xdb\x75\x07\x8b\x1e\x83\xee\xfc\x11\xdb\x11\xc9" #define UPX_NRV2D "\x83\xf0\xff\x74\x78\xd1\xf8\x89\xc5\xeb\x0b\x01\xdb\x75\x07\x8b\x1e\x83\xee\xfc\x11\xdb\x11\xc9"
@ -599,7 +600,12 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c
if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) { if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) {
cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize , limits->maxfilesize); cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize , limits->maxfilesize);
free(section_hdr); free(section_hdr);
return CL_CLEAN; if(BLOCKMAX) {
*virname = "PE.FSG.ExceededFileSize";
return CL_VIRUS;
} else {
return CL_CLEAN;
}
} }
if(ssize <= 0x19 || dsize <= ssize) { if(ssize <= 0x19 || dsize <= ssize) {
@ -751,7 +757,12 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c
if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) { if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) {
cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize, limits->maxfilesize); cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize, limits->maxfilesize);
free(section_hdr); free(section_hdr);
return CL_CLEAN; if(BLOCKMAX) {
*virname = "PE.FSG.ExceededFileSize";
return CL_VIRUS;
} else {
return CL_CLEAN;
}
} }
if(ssize <= 0x19 || dsize <= ssize) { if(ssize <= 0x19 || dsize <= ssize) {
@ -771,7 +782,12 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c
if(limits && limits->maxfilesize && (unsigned int) gp > limits->maxfilesize) { if(limits && limits->maxfilesize && (unsigned int) gp > limits->maxfilesize) {
cli_dbgmsg("FSG: Buffer size exceeded (size: %d, max: %lu)\n", gp, limits->maxfilesize); cli_dbgmsg("FSG: Buffer size exceeded (size: %d, max: %lu)\n", gp, limits->maxfilesize);
free(section_hdr); free(section_hdr);
return CL_CLEAN; if(BLOCKMAX) {
*virname = "PE.FSG.ExceededFileSize";
return CL_VIRUS;
} else {
return CL_CLEAN;
}
} }
if((support = (char *) cli_malloc(gp)) == NULL) { if((support = (char *) cli_malloc(gp)) == NULL) {
@ -961,7 +977,12 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c
if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) { if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) {
cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize, limits->maxfilesize); cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize, limits->maxfilesize);
free(section_hdr); free(section_hdr);
return CL_CLEAN; if(BLOCKMAX) {
*virname = "PE.FSG.ExceededFileSize";
return CL_VIRUS;
} else {
return CL_CLEAN;
}
} }
if(ssize <= 0x19 || dsize <= ssize) { if(ssize <= 0x19 || dsize <= ssize) {
@ -981,7 +1002,12 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c
if(limits && limits->maxfilesize && (unsigned int) gp > limits->maxfilesize) { if(limits && limits->maxfilesize && (unsigned int) gp > limits->maxfilesize) {
cli_dbgmsg("FSG: Buffer size exceeded (size: %d, max: %lu)\n", gp, limits->maxfilesize); cli_dbgmsg("FSG: Buffer size exceeded (size: %d, max: %lu)\n", gp, limits->maxfilesize);
free(section_hdr); free(section_hdr);
return CL_CLEAN; if(BLOCKMAX) {
*virname = "PE.FSG.ExceededFileSize";
return CL_VIRUS;
} else {
return CL_CLEAN;
}
} }
if((support = (char *) cli_malloc(gp)) == NULL) { if((support = (char *) cli_malloc(gp)) == NULL) {
@ -1141,7 +1167,12 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c
if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) { if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) {
cli_dbgmsg("UPX: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize , limits->maxfilesize); cli_dbgmsg("UPX: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize , limits->maxfilesize);
free(section_hdr); free(section_hdr);
return CL_CLEAN; if(BLOCKMAX) {
*virname = "PE.UPX.ExceededFileSize";
return CL_VIRUS;
} else {
return CL_CLEAN;
}
} }
if(ssize <= 0x19 || dsize <= ssize) { /* FIXME: What are reasonable values? */ if(ssize <= 0x19 || dsize <= ssize) { /* FIXME: What are reasonable values? */
@ -1330,7 +1361,12 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c
if(limits && limits->maxfilesize && dsize > limits->maxfilesize) { if(limits && limits->maxfilesize && dsize > limits->maxfilesize) {
cli_dbgmsg("Petite: Size exceeded (dsize: %d, max: %lu)\n", dsize, limits->maxfilesize); cli_dbgmsg("Petite: Size exceeded (dsize: %d, max: %lu)\n", dsize, limits->maxfilesize);
free(section_hdr); free(section_hdr);
return CL_CLEAN; if(BLOCKMAX) {
*virname = "PE.Petite.ExceededFileSize";
return CL_VIRUS;
} else {
return CL_CLEAN;
}
} }
if((dest = (char *) cli_calloc(dsize, sizeof(char))) == NULL) { if((dest = (char *) cli_calloc(dsize, sizeof(char))) == NULL) {