624
dnl AC_C_CVE_2008_1372
625
dnl Checks DoS in bzlib
626
AC_DEFUN([AC_C_CVE_2008_1372],
627
[AC_CACHE_CHECK([for CVE-2008-1372], [ac_cv_c_cve_2008_1372],
629
save_LDFLAGS="$LDFLAGS"
630
LDFLAGS="$LIBCLAMAV_LIBS $LTLIBBZ2"
637
#define BZ2_bzReadOpen bzReadOpen
638
#define BZ2_bzReadClose bzReadClose
639
#define BZ2_bzRead bzRead
642
const unsigned char poc[] = {
643
0x42, 0x5a, 0x68, 0x39, 0x31, 0x41, 0x59, 0x26, 0x53, 0x59, 0x20, 0x0c,
644
0xa6, 0x9c, 0x00, 0x00, 0xc2, 0xfb, 0x90, 0xca, 0x10, 0x04, 0x00, 0x40,
645
0x03, 0x77, 0x80, 0x06, 0x00, 0x7a, 0x2f, 0xde, 0x40, 0x04, 0x00, 0x40,
646
0x08, 0x30, 0x00, 0xb9, 0xb0, 0x4a, 0x89, 0xa3, 0x43, 0x4d, 0x00, 0x00,
647
0x01, 0xb5, 0x04, 0xa4, 0x6a, 0x19, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x91,
648
0x00, 0x00, 0x00, 0x00, 0x2a, 0x91, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x00,
649
0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00,
650
0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x00, 0x00, 0x00, 0x00, 0x2a,
651
0x91, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x91, 0x00, 0x00, 0x00, 0x00, 0x2a,
652
0x91, 0x00, 0x00, 0x00, 0x00, 0x2a, 0x91, 0x2a, 0xad, 0x2a, 0x91, 0x32,
653
0x9a, 0x32, 0x0d, 0x06, 0x8d, 0x00, 0x03, 0xf7, 0x13, 0xd2, 0xf5, 0x54,
654
0x5b, 0x20, 0x4b, 0x34, 0x40, 0x8a, 0x6b, 0xaa, 0x64, 0xd8, 0x30, 0x9d,
655
0x8a, 0x9a, 0x52, 0x44, 0x13, 0x46, 0x37, 0xd9, 0x0a, 0x3c, 0xa6, 0xee,
656
0xe9, 0xee, 0xec, 0x6d, 0x4a, 0x65, 0xc2, 0x32, 0xcb, 0x43, 0x82, 0x48,
657
0xa1, 0x26, 0xc3, 0x43, 0x11, 0x47, 0x0a, 0x5e, 0xc1, 0x30, 0x55, 0x84,
658
0xb1, 0x25, 0x7a, 0x2b, 0x86, 0x0e, 0xc8, 0x1a, 0x45, 0x10, 0xf1, 0xa9,
659
0x19, 0x00, 0x30, 0x3c, 0x2a, 0xeb, 0x16, 0x6a, 0x75, 0x86, 0x60, 0xd0,
660
0xc7, 0xd0, 0x94, 0x34, 0xf1, 0x6b, 0x49, 0x9f, 0x30, 0x4e, 0x0f, 0x70,
661
0xbe, 0x12, 0x28, 0xe9, 0x7d, 0x10, 0x80, 0x35, 0x53, 0xaf, 0x72, 0xe1,
662
0x83, 0x90, 0xb8, 0xf8, 0x4b, 0x1a, 0xa4, 0x29, 0x1b, 0x90, 0xe1, 0x4a,
663
0x0f, 0xc5, 0xdc, 0x91, 0x4e, 0x14, 0x24, 0x08, 0x03, 0x29, 0xa7, 0x00
665
const unsigned int poc_len = 252;
667
int main (int argc, char **argv) {
671
memset(&bz, 0, sizeof(bz));
672
bz.next_in = (char *)&poc;
673
bz.avail_in = poc_len;
675
bz.avail_out = sizeof(buf);
676
if(BZ2_bzDecompressInit(&bz, 0, 0)!=BZ_OK)
679
while((BZ2_bzDecompress(&bz))==BZ_OK) {
681
bz.avail_out = sizeof(buf);
683
BZ2_bzDecompressEnd(&bz);
686
], [ac_cv_c_cve_2008_1372=ok], [ac_cv_c_cve_2008_1372=bugged], [ac_cv_c_cve_2008_1372=ok])
687
LDFLAGS="$save_LDFLAGS"