mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2025-10-19 18:33:16 +00:00
respect CL_SCAN_BLOCKMAX
git-svn: trunk@1763
This commit is contained in:
Tomasz Kojm
parent
042d65a3c0
commit
ec99a10fbe
2 changed files with 47 additions and 7 deletions
|
|
@ -1,3 +1,7 @@
|
|||
Thu Nov 17 13:52:43 CET 2005 (tk)
|
||||
---------------------------------
|
||||
* libclamav/pe.c: respect CL_SCAN_BLOCKMAX
|
||||
|
||||
Wed Nov 16 18:47:31 CET 2005 (tk)
|
||||
---------------------------------
|
||||
* libclamav/zziplib: improve handling of incorrectly created/handcrafted zip
|
||||
|
|
|
|||
|
|
@ -50,6 +50,7 @@
|
|||
#define IMAGE_OPTIONAL_SIGNATURE 0x010b
|
||||
|
||||
#define DETECT_BROKEN (options & CL_SCAN_BLOCKBROKEN)
|
||||
#define BLOCKMAX (options & CL_SCAN_BLOCKMAX)
|
||||
|
||||
#define UPX_NRV2B "\x11\xdb\x11\xc9\x01\xdb\x75\x07\x8b\x1e\x83\xee\xfc\x11\xdb\x11\xc9\x11\xc9\x75\x20\x41\x01\xdb"
|
||||
#define UPX_NRV2D "\x83\xf0\xff\x74\x78\xd1\xf8\x89\xc5\xeb\x0b\x01\xdb\x75\x07\x8b\x1e\x83\xee\xfc\x11\xdb\x11\xc9"
|
||||
|
|
@ -599,8 +600,13 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c
|
|||
if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) {
|
||||
cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize , limits->maxfilesize);
|
||||
free(section_hdr);
|
||||
if(BLOCKMAX) {
|
||||
*virname = "PE.FSG.ExceededFileSize";
|
||||
return CL_VIRUS;
|
||||
} else {
|
||||
return CL_CLEAN;
|
||||
}
|
||||
}
|
||||
|
||||
if(ssize <= 0x19 || dsize <= ssize) {
|
||||
cli_dbgmsg("FSG: Size mismatch (ssize: %d, dsize: %d)\n", ssize, dsize);
|
||||
|
|
@ -751,8 +757,13 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c
|
|||
if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) {
|
||||
cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize, limits->maxfilesize);
|
||||
free(section_hdr);
|
||||
if(BLOCKMAX) {
|
||||
*virname = "PE.FSG.ExceededFileSize";
|
||||
return CL_VIRUS;
|
||||
} else {
|
||||
return CL_CLEAN;
|
||||
}
|
||||
}
|
||||
|
||||
if(ssize <= 0x19 || dsize <= ssize) {
|
||||
cli_dbgmsg("FSG: Size mismatch (ssize: %d, dsize: %d)\n", ssize, dsize);
|
||||
|
|
@ -771,8 +782,13 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c
|
|||
if(limits && limits->maxfilesize && (unsigned int) gp > limits->maxfilesize) {
|
||||
cli_dbgmsg("FSG: Buffer size exceeded (size: %d, max: %lu)\n", gp, limits->maxfilesize);
|
||||
free(section_hdr);
|
||||
if(BLOCKMAX) {
|
||||
*virname = "PE.FSG.ExceededFileSize";
|
||||
return CL_VIRUS;
|
||||
} else {
|
||||
return CL_CLEAN;
|
||||
}
|
||||
}
|
||||
|
||||
if((support = (char *) cli_malloc(gp)) == NULL) {
|
||||
free(section_hdr);
|
||||
|
|
@ -961,8 +977,13 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c
|
|||
if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) {
|
||||
cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize, limits->maxfilesize);
|
||||
free(section_hdr);
|
||||
if(BLOCKMAX) {
|
||||
*virname = "PE.FSG.ExceededFileSize";
|
||||
return CL_VIRUS;
|
||||
} else {
|
||||
return CL_CLEAN;
|
||||
}
|
||||
}
|
||||
|
||||
if(ssize <= 0x19 || dsize <= ssize) {
|
||||
cli_dbgmsg("FSG: Size mismatch (ssize: %d, dsize: %d)\n", ssize, dsize);
|
||||
|
|
@ -981,8 +1002,13 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c
|
|||
if(limits && limits->maxfilesize && (unsigned int) gp > limits->maxfilesize) {
|
||||
cli_dbgmsg("FSG: Buffer size exceeded (size: %d, max: %lu)\n", gp, limits->maxfilesize);
|
||||
free(section_hdr);
|
||||
if(BLOCKMAX) {
|
||||
*virname = "PE.FSG.ExceededFileSize";
|
||||
return CL_VIRUS;
|
||||
} else {
|
||||
return CL_CLEAN;
|
||||
}
|
||||
}
|
||||
|
||||
if((support = (char *) cli_malloc(gp)) == NULL) {
|
||||
free(section_hdr);
|
||||
|
|
@ -1141,8 +1167,13 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c
|
|||
if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) {
|
||||
cli_dbgmsg("UPX: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize , limits->maxfilesize);
|
||||
free(section_hdr);
|
||||
if(BLOCKMAX) {
|
||||
*virname = "PE.UPX.ExceededFileSize";
|
||||
return CL_VIRUS;
|
||||
} else {
|
||||
return CL_CLEAN;
|
||||
}
|
||||
}
|
||||
|
||||
if(ssize <= 0x19 || dsize <= ssize) { /* FIXME: What are reasonable values? */
|
||||
cli_dbgmsg("UPX: Size mismatch (ssize: %d, dsize: %d)\n", ssize, dsize);
|
||||
|
|
@ -1330,8 +1361,13 @@ int cli_scanpe(int desc, const char **virname, long int *scanned, const struct c
|
|||
if(limits && limits->maxfilesize && dsize > limits->maxfilesize) {
|
||||
cli_dbgmsg("Petite: Size exceeded (dsize: %d, max: %lu)\n", dsize, limits->maxfilesize);
|
||||
free(section_hdr);
|
||||
if(BLOCKMAX) {
|
||||
*virname = "PE.Petite.ExceededFileSize";
|
||||
return CL_VIRUS;
|
||||
} else {
|
||||
return CL_CLEAN;
|
||||
}
|
||||
}
|
||||
|
||||
if((dest = (char *) cli_calloc(dsize, sizeof(char))) == NULL) {
|
||||
cli_dbgmsg("Petite: Can't allocate %d bytes\n", dsize);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue