bb11274 - adds out of bounds check for petite packed files. Patch from Sebastian Andrzej Siewior.

10 years ago · 8aeedf3c42
parent 77afff9682
commit 8aeedf3c42
1 changed files with 15 additions and 1 deletions
--- a/libclamav/pe.c
+++ b/libclamav/pe.c
@ -2457,7 +2457,21 @@ int cli_scanpe(cli_ctx *ctx)

            for(i = 0 ; i < nsections; i++) {
                if(exe_sections[i].raw) {
-                    if(!exe_sections[i].rsz || (unsigned int)fmap_readn(map, dest + exe_sections[i].rva - min, exe_sections[i].raw, exe_sections[i].ursz) != exe_sections[i].ursz) {
+			unsigned int r_ret;
+
+			if (!exe_sections[i].rsz)
+				goto out_no_petite;
+
+			if (!CLI_ISCONTAINED(dest, dsize,
+					     dest + exe_sections[i].rva - min,
+					     exe_sections[i].ursz))
+				goto out_no_petite;
+
+			r_ret = fmap_readn(map, dest + exe_sections[i].rva - min,
+					exe_sections[i].raw,
+					exe_sections[i].ursz);
+		    if (r_ret != exe_sections[i].ursz) {
+out_no_petite:
                        free(exe_sections);
                        free(dest);
                        return CL_CLEAN;