~ubuntu-branches/ubuntu/feisty/clamav/feisty

Committer: Bazaar Package Importer
Author(s): Martin Pitt
Date: 2006-04-11 10:27:47 UTC
mfrom: (1.1.4 upstream)
Revision ID: james.westby@ubuntu.com-20060411102747-neeoigoizk3gubgq

Tags: 0.88.1-1ubuntu1

* Synchronize to Debian to get new upstream microrelease (UVF exception
  approved by Daniel Holbach). This fixes the following vulnerabilities:
  - CVE-2006-1614: integer overflow in the PE header parser
  - CVE-2006-1615: format string vulnerabilities in logging code
  - CVE-2006-1630: DoS due to invalid memory access in cli_bitset_set()
* debian/clamav-base.init-stub: Protect 'x && y' with '|| true' to not break
  init script if it's run under set -e.

files added:
debian/patches/15_clamscan_typo_fixes.dpatch

debian/patches/16_freshclam_typos_fix.dpatch

debian/patches/17_freshclam.conf_typos_fix.dpatch

debian/patches/18_clamd.conf_typos_fix.dpatch

docs/man/clamd.8

docs/man/clamd.conf.5

docs/man/freshclam.1

docs/man/freshclam.conf.5

libclamav/uuencode.c

libclamav/uuencode.h

files modified:
ChangeLog

Makefile.in

NEWS

README

acinclude.m4

aclocal.m4

clamav-config.h.in

clamav-milter/Makefile.in

clamav-milter/clamav-milter.c

clamd/Makefile.in

clamd/scanner.c

clamd/server-th.c

clamdscan/Makefile.in

clamdscan/client.c

clamscan/Makefile.in

configure

configure.in

database/Makefile.in

database/daily.cvd

database/main.cvd

debian/changelog

debian/clamav-base.init-stub

debian/clamav-base.postrm

debian/clamav-base.templates

debian/clamav-daemon.init

debian/clamav-freshclam.postrm

debian/clamav-freshclam.templates

debian/patches/00list

debian/patches/02_milter_sendmail_version_patch

debian/patches/05_freshclam_manpage.dpatch

debian/po/cs.po

debian/rules

docs/Makefile.in

docs/clamav-mirror-howto.pdf

docs/clamdoc.pdf

docs/clamdoc.tex

docs/man/freshclam.conf.5.in

etc/Makefile.in

etc/clamd.conf

freshclam/Makefile.in

freshclam/manager.c

freshclam/options.c

libclamav/Makefile.am

libclamav/Makefile.in

libclamav/blob.c

libclamav/htmlnorm.c

libclamav/matcher.c

libclamav/mbox.c

libclamav/others.c

libclamav/others.h

libclamav/pe.c

libclamav/scanners.c

libclamav/tnef.c

libclamav/zziplib/zzip-file.c

libclamav/zziplib/zzip-zip.c

ltmain.sh

shared/cfgparser.c

shared/output.c

sigtool/Makefile.in

sigtool/sigtool.c

Show diffs side-by-side

added added

removed removed

libclamav/pe.c

315

}

316

317

nsections = EC16(file_hdr.NumberOfSections);

318

if(nsections < 1) {

318

if(nsections < 1 || nsections > 99) {

319

if(DETECT_BROKEN) {

320

if(virname)

321

*virname = "Broken.Executable";

322

return CL_VIRUS;

323

}

324

cli_warnmsg("PE file contains no sections\n");

324

if(nsections)

325

cli_warnmsg("PE file contains %d sections\n", nsections);

326

else

327

cli_warnmsg("PE file contains no sections\n");

325

328

return CL_CLEAN;

326

329

}

327

328

330

cli_dbgmsg("NumberOfSections: %d\n", nsections);

329

331

330

332

timestamp = (time_t) EC32(file_hdr.TimeDateStamp);

591

593

uint32_t newesi, newedi, newebx, newedx;

592

594

593

595

if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) {

594

cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize , limits->maxfilesize);

596

cli_dbgmsg("FSG: Sizes exceeded (ssize: %u, dsize: %u, max: %lu)\n", ssize, dsize , limits->maxfilesize);

595

597

free(section_hdr);

596

598

if(BLOCKMAX) {

597

599

*virname = "PE.FSG.ExceededFileSize";

745

747

746

748

747

749

if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) {

748

cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize, limits->maxfilesize);

750

cli_dbgmsg("FSG: Sizes exceeded (ssize: %u, dsize: %u, max: %lu)\n", ssize, dsize, limits->maxfilesize);

749

751

free(section_hdr);

750

752

if(BLOCKMAX) {

751

753

*virname = "PE.FSG.ExceededFileSize";

965

967

}

966

968

967

969

if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) {

968

cli_dbgmsg("FSG: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize, limits->maxfilesize);

970

cli_dbgmsg("FSG: Sizes exceeded (ssize: %u, dsize: %u, max: %lu)\n", ssize, dsize, limits->maxfilesize);

969

971

free(section_hdr);

970

972

if(BLOCKMAX) {

971

973

*virname = "PE.FSG.ExceededFileSize";

1155

1157

dsize = EC32(section_hdr[i].VirtualSize) + EC32(section_hdr[i + 1].VirtualSize);

1156

1158

1157

1159

if(limits && limits->maxfilesize && (ssize > limits->maxfilesize || dsize > limits->maxfilesize)) {

1158

cli_dbgmsg("UPX: Sizes exceeded (ssize: %d, dsize: %d, max: %lu)\n", ssize, dsize , limits->maxfilesize);

1160

cli_dbgmsg("UPX: Sizes exceeded (ssize: %u, dsize: %u, max: %lu)\n", ssize, dsize , limits->maxfilesize);

1159

1161

free(section_hdr);

1160

1162

if(BLOCKMAX) {

1161

1163

*virname = "PE.UPX.ExceededFileSize";

1177

1179

return CL_EMEM;

1178

1180

}

1179

1181

1182

if(dsize > CLI_MAX_ALLOCATION) {

1183

cli_errmsg("UPX: Too big value of dsize\n");

1184

free(section_hdr);

1185

free(src);

1186

return CL_EMEM;

1187

}

1188

1180

1189

if((dest = (char *) cli_calloc(dsize + 1024 + nsections * 40, sizeof(char))) == NULL) {

1181

1190

free(section_hdr);

1182

1191

free(src);

1349

1358

dsize = max - min;

1350

1359

1351

1360

if(limits && limits->maxfilesize && dsize > limits->maxfilesize) {

1352

cli_dbgmsg("Petite: Size exceeded (dsize: %d, max: %lu)\n", dsize, limits->maxfilesize);

1361

cli_dbgmsg("Petite: Size exceeded (dsize: %u, max: %lu)\n", dsize, limits->maxfilesize);

1353

1362

free(section_hdr);

1354

1363

if(BLOCKMAX) {

1355

1364

*virname = "PE.Petite.ExceededFileSize";

Older »