On 05/08/17 10:36, Stuart Caie wrote:
libmspack is wrong to convert to unsigned without checking for errors first.
When I get to my computer, I'll check all calls to mspack_system
read/write/seek/tell methods, to be sure this doesn't happen anywhere else.
I checked all the other mspack_system calls, they're handled correctly.
Commited a fix:
https://github.com/kyz/libmspack/commit/17038206fcc384dcee6dd9e3a75f08fd3ddc6a38
I'll put out a release in the near future.
Before fix, allowing N reads before always failing in cabd_memory.c
sys->read():
Allow 3 reads -> mspack/cabd.c:528 (cabd_read_string) len=4294967295
Allow 4 reads -> mspack/cabd.c:528 (cabd_read_string) len=193
Allow 5 reads -> mspack/cabd.c:528 (cabd_read_string) len=193
mspack/cabd.c:528 (cabd_read_string) len=4294967295
Allow 6 reads -> mspack/cabd.c:528 (cabd_read_string) len=193
mspack/cabd.c:528 (cabd_read_string) len=169
After fix:
Allowing 3 reads -> error caught and no len printed
Allowing 4 reads -> mspack/cabd.c:531 (cabd_read_string) len=193
Allowing 5 reads -> mspack/cabd.c:531 (cabd_read_string) len=193, error
caught and no len printed
Allowing 6 reads -> mspack/cabd.c:531 (cabd_read_string) len=193
mspack/cabd.c:531 (cabd_read_string) len=169
Regards
Stuart
_______________________________________________
Pkg-clamav-devel mailing list
Pkg-clamav-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel
