Adding modifications to continue scanning cab files that don't conform to cab size norms.

libclamav/libmspack-0.5alpha/mspack/cabd.c

@@ -155,7 +155,7 @@ struct mscab_decompressor *
     self->error           = MSPACK_ERR_OK;
 
     self->param[MSCABD_PARAM_SEARCHBUF] = 32768;
-    self->param[MSCABD_PARAM_FIXMSZIP]  = 0;
+    self->param[MSCABD_PARAM_FIXMSZIP]  = 1;
     self->param[MSCABD_PARAM_DECOMPBUF] = 4096;
   }
   return (struct mscab_decompressor *) self;
@@ -1302,13 +1302,21 @@ static int cabd_sys_read_block(struct mspack_system *sys,
     if (((d->i_end - d->i_ptr) + len) > CAB_INPUTMAX) {
       D(("block size > CAB_INPUTMAX (%ld + %d)",
           (long)(d->i_end - d->i_ptr), len))
-      return MSPACK_ERR_DATAFORMAT;
+      /* Do not return -- 
+       * because malware may not conform exactly to the standard CAB format
+       * but we still want to scan it */
+      //return MSPACK_ERR_DATAFORMAT;
     }
 
      /* blocks must not expand to more than CAB_BLOCKMAX */
     if (EndGetI16(&hdr[cfdata_UncompressedSize]) > CAB_BLOCKMAX) {
       D(("block size > CAB_BLOCKMAX"))
-      return MSPACK_ERR_DATAFORMAT;
+      /* 
+       * Do not return -- 
+       * because malware may not conform exactly to the standard CAB format
+       * but we still want to scan it
+       */
+      //return MSPACK_ERR_DATAFORMAT;
     }
 
     /* read the block data */
@@ -1320,8 +1328,13 @@ static int cabd_sys_read_block(struct mspack_system *sys,
     if ((cksum = EndGetI32(&hdr[cfdata_CheckSum]))) {
       unsigned int sum2 = cabd_checksum(d->i_end, (unsigned int) len, 0);
       if (cabd_checksum(&hdr[4], 4, sum2) != cksum) {
-	if (!ignore_cksum) return MSPACK_ERR_CHECKSUM;
-	sys->message(d->infh, "WARNING; bad block checksum found");
+        /* 
+         * Do not validate the checksum --
+         * Because the checksum does not necessarily matter
+         * and we still want to scan the block if possible
+         */
+        //if (!ignore_cksum) return MSPACK_ERR_CHECKSUM;
+        sys->message(d->infh, "WARNING; bad block checksum found: 0x%x", cksum);
       }
     }
 

libclamav/libmspack-0.5alpha/mspack/mszipd.c

@@ -187,9 +187,15 @@ static int inflate(struct mszipd_stream *zip) {
       }
       if (bits_left != 0) return INF_ERR_BITBUF;
       while (i < 4) {
-	READ_IF_NEEDED;
-	lens_buf[i++] = *i_ptr++;
+        if (i_ptr >= i_end) {
+          if (read_input(BITS_VAR)) return BITS_VAR->error;
+          i_ptr = BITS_VAR->i_ptr;
+          i_end = BITS_VAR->i_end;
+          if(i_ptr == i_end) break;
+        }
+        lens_buf[i++] = *i_ptr++;
       }
+      if (i < 4) return INF_ERR_BITBUF;
 
       /* get the length and its complement */
       length = lens_buf[0] | (lens_buf[1] << 8);
@@ -198,7 +204,12 @@ static int inflate(struct mszipd_stream *zip) {
 
       /* read and copy the uncompressed data into the window */
       while (length > 0) {
-	READ_IF_NEEDED;
+        if (i_ptr >= i_end) {
+          if (read_input(BITS_VAR)) return BITS_VAR->error;
+          i_ptr = BITS_VAR->i_ptr;
+          i_end = BITS_VAR->i_end;
+          if(i_ptr == i_end) break;
+        }
 
 	this_run = length;
 	if (this_run > (unsigned int)(i_end - i_ptr)) this_run = i_end - i_ptr;