try to detect zip archives with modified information in local header

git-svn: trunk@1105
21 years ago · d3779101c5
parent 399815d9ed
commit d3779101c5
5 changed files with 16 additions and 4 deletions
--- a/clamav-devel/ChangeLog
+++ b/clamav-devel/ChangeLog
@ -1,3 +1,8 @@
+Thu Nov 18 11:03:14 CET 2004 (tk)
+---------------------------------
+  * libclamav: try to detect (and mark as Suspected.Zip) zip archives with
+	       modified information in local header
+
 Thu Nov 18 00:05:37 CET 2004 (tk)
 ---------------------------------
  * libclamav/pe.c: recognize more subsystem/machine types
--- a/clamav-devel/libclamav/scanners.c
+++ b/clamav-devel/libclamav/scanners.c
@ -321,19 +321,21 @@ static int cli_scanzip(int desc, const char **virname, long int *scanned, const

 	cli_dbgmsg("Zip: %s, compressed: %u, normal: %u, ratio: %d (max: %d)\n", zdirent.d_name, zdirent.d_csize, zdirent.st_size, zdirent.st_size / (zdirent.d_csize+1), limits ? limits->maxratio : -1 );

-	/*
 	if(!zdirent.st_size) {
 	    files++;
+	    if(zdirent.d_crc32) {
+		cli_dbgmsg("Zip: Broken file or modified information in local header part of archive\n");
+		*virname = "Suspected.Zip";
+		ret = CL_VIRUS;
+		break;
+	    }
 	    continue;
 	}
-	*/

 	/* work-around for problematic zips (zziplib crashes with them) */
 	if(zdirent.d_csize <= 0 || zdirent.st_size < 0) {
 	    files++;
 	    cli_dbgmsg("Zip: Malformed archive detected.\n");
-	    /* ret = CL_EMALFZIP; */
-	    /* report it as a virus */
 	    *virname = "Suspected.Zip";
 	    ret = CL_VIRUS;
 	    break;
--- a/clamav-devel/libclamav/zziplib/zzip-dir.c
+++ b/clamav-devel/libclamav/zziplib/zzip-dir.c
@ -1,3 +1,4 @@
+#include <stdio.h>
 /*
 * Author: 
 *	Guido Draheim <guidod@gmx.de>
@ -145,6 +146,8 @@ zzip_readdir(ZZIP_DIR * dir)

 	dir->dirent.d_flags = dir->hdr->d_flags;

+        dir->dirent.d_crc32 = (int) dir->hdr->d_crc32;
+
        if (! dir->hdr->d_reclen) dir->hdr = 0;
        else  dir->hdr = (struct zzip_dir_hdr *)
 		  ((char *)dir->hdr + dir->hdr->d_reclen);
--- a/clamav-devel/libclamav/zziplib/zzip-zip.c
+++ b/clamav-devel/libclamav/zziplib/zzip-zip.c
@ -730,6 +730,7 @@ zzip_dir_read(ZZIP_DIR * dir, ZZIP_DIRENT * d )
    d->st_size = dir->hdr->d_usize;
    d->d_name  = dir->hdr->d_name;
    d->d_flags = dir->hdr->d_flags;
+    d->d_crc32 = (int) dir->hdr->d_crc32;

    if (! dir->hdr->d_reclen) 
    { dir->hdr = 0; }
--- a/clamav-devel/libclamav/zziplib/zziplib.h
+++ b/clamav-devel/libclamav/zziplib/zziplib.h
@ -93,6 +93,7 @@ struct zzip_dirent
    int	 	st_size;	/* file size / decompressed size */
    unsigned short d_flags;	/* general purpose flags */
    char * 	d_name;		/* file name / strdupped name */
+    int	        d_crc32;        /* the adler32-checksum */
 };

 /*