← Back to branch summary

~ubuntu-branches/ubuntu/dapper/clamav/dapper-updates

« back to all changes in this revision

Viewing changes to libclamav/unarj.c

  • Committer: Bazaar Package Importer
  • Author(s): Michael Tautschnig, Michael Tautschnig
  • Date: 2009-11-02 10:24:35 UTC
  • mfrom: (0.11.5 squeeze)
  • mto: (12.1.9 dapper-security)
  • mto: This revision was merged to the branch mainline in revision 22.
  • Revision ID: james.westby@ubuntu.com-20091102102435-yzkn3jdvo4gank3q
Tags: 0.95.3+dfsg-1
http://bugs.debian.org/537629
http://bugs.debian.org/534443
http://bugs.debian.org/553333
[ Michael Tautschnig ]
* New upstream version
* Should fix clamd segfault on startup (closes: #537629)
* Updated info in clamd.conf man page (closes: #534443)
* Proper socket ownership setup, no chgrp in make_dir (closes: #553333)

Show diffs side-by-side

added added

removed removed

Lines of Context:
libclamav/unarj.c
416
416
                                mask = 1 << 7;
417
417
                                do {
418
418
                                        if (c >= (2 * NC - 1)) {
419
 
                                                cli_warnmsg("ERROR: bounds exceeded\n");
 
419
                                                cli_dbgmsg("ERROR: bounds exceeded\n");
420
420
                                                decode_data->status = CL_EFORMAT;
421
421
                                                return CL_EFORMAT;
422
422
                                        }
450
450
                                }               
451
451
                                while (--c >= 0) {
452
452
                                        if (i >= NC) {
453
 
                                                cli_warnmsg("ERROR: bounds exceeded\n");
 
453
                                                cli_dbgmsg("ERROR: bounds exceeded\n");
454
454
                                                decode_data->status = CL_EFORMAT;
455
455
                                                return CL_EFORMAT;
456
456
                                        }
458
458
                                }
459
459
                        } else {
460
460
                                if (i >= NC) {
461
 
                                        cli_warnmsg("ERROR: bounds exceeded\n");
 
461
                                        cli_dbgmsg("ERROR: bounds exceeded\n");
462
462
                                        decode_data->status = CL_EFORMAT;
463
463
                                        return CL_EFORMAT;
464
464
                                }
492
492
                mask = 1 << 3;
493
493
                do {
494
494
                        if (j >= (2 * NC - 1)) {
495
 
                                cli_warnmsg("ERROR: bounds exceeded\n");
 
495
                                cli_dbgmsg("ERROR: bounds exceeded\n");
496
496
                                decode_data->status = CL_EUNPACK;
497
497
                                return 0;
498
498
                        }
517
517
                mask = 1 << 7;
518
518
                do {
519
519
                        if (j >= (2 * NC - 1)) {
520
 
                                cli_warnmsg("ERROR: bounds exceeded\n");
 
520
                                cli_dbgmsg("ERROR: bounds exceeded\n");
521
521
                                decode_data->status = CL_EUNPACK;
522
522
                                return 0;
523
523
                        }
545
545
        uint32_t count=0, out_ptr=0;
546
546
        int16_t chr, i, j;
547
547
 
548
 
        decode_data.text = (unsigned char *) cli_malloc(DDICSIZ);
 
548
        memset(&decode_data, 0, sizeof(decode_data));
 
549
        decode_data.text = (unsigned char *) cli_calloc(DDICSIZ, 1);
549
550
        if (!decode_data.text) {
550
551
                return CL_EMEM;
551
552
        }
577
578
                                i += DDICSIZ;
578
579
                        }
579
580
                        if ((i >= DDICSIZ) || (i < 0)) {
580
 
                                cli_warnmsg("UNARJ: bounds exceeded - probably a corrupted file.\n");
 
581
                                cli_dbgmsg("UNARJ: bounds exceeded - probably a corrupted file.\n");
581
582
                                break;
582
583
                        }
583
584
                        if (out_ptr > i && out_ptr < DDICSIZ - MAXMATCH - 1) {
669
670
        int16_t chr, i, j, pos;
670
671
 
671
672
        dd = &decode_data;
672
 
        decode_data.text = (unsigned char *) cli_malloc(DDICSIZ);
 
673
        memset(&decode_data, 0, sizeof(decode_data));
 
674
        decode_data.text = (unsigned char *) cli_calloc(DDICSIZ, 1);
673
675
        if (!decode_data.text) {
674
676
                return CL_EMEM;
675
677
        }
715
717
                                i += DDICSIZ;
716
718
                        }
717
719
                        if ((i >= DDICSIZ) || (i < 0)) {
718
 
                                cli_warnmsg("UNARJ: bounds exceeded - probably a corrupted file.\n");
 
720
                                cli_dbgmsg("UNARJ: bounds exceeded - probably a corrupted file.\n");
719
721
                                break;
720
722
                        }
721
723
                        while (j-- > 0) {
987
989
 
988
990
        /* Skip CRC */
989
991
        if (lseek(fd, (off_t) 4, SEEK_CUR) == -1) {
 
992
                if(metadata->filename)
 
993
                    free(metadata->filename);
 
994
                metadata->filename = NULL;
990
995
                return CL_EFORMAT;
991
996
        }
992
997
        
993
998
        /* Skip past any extended header data */
994
999
        for (;;) {
995
1000
                if (cli_readn(fd, &count, 2) != 2) {
 
1001
                        if(metadata->filename)
 
1002
                            free(metadata->filename);
 
1003
                        metadata->filename = NULL;
996
1004
                        return CL_EFORMAT;
997
1005
                }
998
1006
                count = le16_to_host(count);
1002
1010
                }
1003
1011
                /* Skip extended header + 4byte CRC */
1004
1012
                if (lseek(fd, (off_t) (count + 4), SEEK_CUR) == -1) {
 
1013
                        if(metadata->filename)
 
1014
                            free(metadata->filename);
 
1015
                        metadata->filename = NULL;
1005
1016
                        return CL_EFORMAT;
1006
1017
                }
1007
1018
        }
1061
1072
        if (metadata->encrypted) {
1062
1073
                cli_dbgmsg("PASSWORDed file (skipping)\n");
1063
1074
                offset = lseek(fd, 0, SEEK_CUR) + metadata->comp_size;
1064
 
                cli_dbgmsg("Target offset: %ld\n", offset);
 
1075
                cli_dbgmsg("Target offset: %lu\n", (unsigned long int) offset);
1065
1076
                if (lseek(fd, offset, SEEK_SET) != offset) {
1066
1077
                        return CL_ESEEK;
1067
1078
                }