[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
aCaB
acab at clamav.net
Sun Apr 4 01:16:07 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit 9c5af32f40b9116ccfd10e2e57022dd14eab5046
Author: aCaB <acab at clamav.net>
Date: Wed Jan 20 23:56:56 2010 +0100
bb#1591
diff --git a/ChangeLog b/ChangeLog
index ad4e77d..febb5b9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Wed Jan 20 23:53:36 CET 2010 (acab)
+-----------------------------------
+ * libclamav/pe.c: fix handling of 15h byte skew in upx-lzma (bb#1591)
+
Wed Jan 20 22:10:12 CET 2010 (tk)
---------------------------------
* libclamav: check .info files while loading CVD/CLD
diff --git a/libclamav/pe.c b/libclamav/pe.c
index 2645d76..7db50f5 100644
--- a/libclamav/pe.c
+++ b/libclamav/pe.c
@@ -1874,13 +1874,21 @@ int cli_scanpe(cli_ctx *ctx, icon_groupset *iconset)
}
if(cli_memstr(UPX_LZMA2, 20, epbuff + 0x2f, 20)) {
- uint32_t strictdsize=cli_readint32(epbuff+0x21);
- if(strictdsize<=dsize)
- upx_success = upx_inflatelzma(src, ssize, dest, &strictdsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >=0;
+ uint32_t strictdsize=cli_readint32(epbuff+0x21), skew = 0;
+ if(ssize > 0x15 && epbuff[0] == '\x60' && epbuff[1] == '\xbe') {
+ skew = cli_readint32(epbuff+2) - exe_sections[i + 1].rva - optional_hdr32.ImageBase;
+ if(skew!=0x15) skew = 0;
+ }
+ if(strictdsize<=dsize)
+ upx_success = upx_inflatelzma(src+skew, ssize-skew, dest, &strictdsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >=0;
} else if (cli_memstr(UPX_LZMA1, 20, epbuff + 0x39, 20)) {
- uint32_t strictdsize=cli_readint32(epbuff+0x2b);
- if(strictdsize<=dsize)
- upx_success = upx_inflatelzma(src, ssize, dest, &strictdsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >=0;
+ uint32_t strictdsize=cli_readint32(epbuff+0x2b), skew = 0;
+ if(ssize > 0x15 && epbuff[0] == '\x60' && epbuff[1] == '\xbe') {
+ skew = cli_readint32(epbuff+2) - exe_sections[i + 1].rva - optional_hdr32.ImageBase;
+ if(skew!=0x15) skew = 0;
+ }
+ if(strictdsize<=dsize)
+ upx_success = upx_inflatelzma(src+skew, ssize-skew, dest, &strictdsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >=0;
}
if(!upx_success) {
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list