On 05/08/17 10:36, Stuart Caie wrote:
libmspack is wrong to convert to unsigned without checking for errors first.

When I get to my computer, I'll check all calls to mspack_system 
read/write/seek/tell methods, to be sure this doesn't happen anywhere else.
I checked all the other mspack_system calls, they're handled correctly.

Commited a fix: https://github.com/kyz/libmspack/commit/17038206fcc384dcee6dd9e3a75f08fd3ddc6a38

I'll put out a release in the near future.

Before fix, allowing N reads before always failing in cabd_memory.c sys->read():
Allow 3 reads -> mspack/cabd.c:528 (cabd_read_string) len=4294967295
Allow 4 reads -> mspack/cabd.c:528 (cabd_read_string) len=193
Allow 5 reads -> mspack/cabd.c:528 (cabd_read_string) len=193 mspack/cabd.c:528 (cabd_read_string) len=4294967295 Allow 6 reads -> mspack/cabd.c:528 (cabd_read_string) len=193 mspack/cabd.c:528 (cabd_read_string) len=169

After fix:
Allowing 3 reads -> error caught and no len printed
Allowing 4 reads -> mspack/cabd.c:531 (cabd_read_string) len=193
Allowing 5 reads -> mspack/cabd.c:531 (cabd_read_string) len=193, error caught and no len printed Allowing 6 reads -> mspack/cabd.c:531 (cabd_read_string) len=193 mspack/cabd.c:531 (cabd_read_string) len=169


Pkg-clamav-devel mailing list

Reply via email to