[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b

[aCaB]

The following commit has been merged in the debian/unstable branch:
commit 9c5af32f40b9116ccfd10e2e57022dd14eab5046
Author: aCaB <acab at clamav.net>
Date:   Wed Jan 20 23:56:56 2010 +0100

    bb#1591

diff --git a/ChangeLog b/ChangeLog
index ad4e77d..febb5b9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Wed Jan 20 23:53:36 CET 2010 (acab)
+-----------------------------------
+ * libclamav/pe.c: fix handling of 15h byte skew in upx-lzma (bb#1591)
+
 Wed Jan 20 22:10:12 CET 2010 (tk)
 ---------------------------------
  * libclamav: check .info files while loading CVD/CLD
diff --git a/libclamav/pe.c b/libclamav/pe.c
index 2645d76..7db50f5 100644
--- a/libclamav/pe.c
+++ b/libclamav/pe.c
@@ -1874,13 +1874,21 @@ int cli_scanpe(cli_ctx *ctx, icon_groupset *iconset)
 	}
 
 	if(cli_memstr(UPX_LZMA2, 20, epbuff + 0x2f, 20)) {
-	  uint32_t strictdsize=cli_readint32(epbuff+0x21);
-	  if(strictdsize<=dsize)
-	    upx_success = upx_inflatelzma(src, ssize, dest, &strictdsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >=0;
+	    uint32_t strictdsize=cli_readint32(epbuff+0x21), skew = 0;
+	    if(ssize > 0x15 && epbuff[0] == '\x60' && epbuff[1] == '\xbe') {
+		skew = cli_readint32(epbuff+2) - exe_sections[i + 1].rva - optional_hdr32.ImageBase;
+		if(skew!=0x15) skew = 0;
+	    }
+	    if(strictdsize<=dsize)
+		upx_success = upx_inflatelzma(src+skew, ssize-skew, dest, &strictdsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >=0;
 	} else if (cli_memstr(UPX_LZMA1, 20, epbuff + 0x39, 20)) {
-	  uint32_t strictdsize=cli_readint32(epbuff+0x2b);
-	  if(strictdsize<=dsize)
-	    upx_success = upx_inflatelzma(src, ssize, dest, &strictdsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >=0;
+	    uint32_t strictdsize=cli_readint32(epbuff+0x2b), skew = 0;
+	    if(ssize > 0x15 && epbuff[0] == '\x60' && epbuff[1] == '\xbe') {
+		skew = cli_readint32(epbuff+2) - exe_sections[i + 1].rva - optional_hdr32.ImageBase;
+		if(skew!=0x15) skew = 0;
+	    }
+	    if(strictdsize<=dsize)
+		upx_success = upx_inflatelzma(src+skew, ssize-skew, dest, &strictdsize, exe_sections[i].rva, exe_sections[i + 1].rva, vep) >=0;
 	}
 
 	if(!upx_success) {

-- 
Debian repository for ClamAV