diff options
| author |   Andrej Kacian <ticho@gentoo.org> | 2007-12-20 00:29:42 +0000 |
|---|---|---|
| committer | Andrej Kacian <ticho@gentoo.org> | 2007-12-20 00:29:42 +0000 |
| commit | 5b902e01e6967b5aec45c3dfe5ce2819673e33c0 (patch) | |
| tree | e67eed7984ea57135f5894476f7c2160199afb15 /app-antivirus/clamav/files | |
| parent | Stable on x86 wrt #202087 (diff) | |
| download | gentoo-2-5b902e01e6967b5aec45c3dfe5ce2819673e33c0.tar.gz gentoo-2-5b902e01e6967b5aec45c3dfe5ce2819673e33c0.tar.bz2 gentoo-2-5b902e01e6967b5aec45c3dfe5ce2819673e33c0.zip | |
Add patches collected by Robert Buchholz <rbu at gentoo.org> to backport fixes for CVE-2007-5759, CVE-2007-6336 and CVE-2007-6337.
(Portage version: 2.1.4_rc9)
Diffstat (limited to 'app-antivirus/clamav/files')
4 files changed, 100 insertions, 0 deletions
diff --git a/app-antivirus/clamav/files/clamav-0.91.2-CVE-2007-5759.patch b/app-antivirus/clamav/files/clamav-0.91.2-CVE-2007-5759.patch new file mode 100644 index 000000000000..d879eb7f65be --- /dev/null +++ b/app-antivirus/clamav/files/clamav-0.91.2-CVE-2007-5759.patch @@ -0,0 +1,52 @@ +Thu Dec 6 15:22:27 CET 2007 (tk) +--------------------------------- + * libclamav/pe.c: fix possible integer overflow in MEW related code + Reported by iDefense [IDEF2842] + + Backported by <sgran@debian.org> + + SVN r3376 + +Index: clamav-0.91.2/libclamav/pe.c +=================================================================== +--- clamav-0.91.2.orig/libclamav/pe.c ++++ clamav-0.91.2/libclamav/pe.c +@@ -80,6 +80,18 @@ + #define PEALIGN(o,a) (((a))?(((o)/(a))*(a)):(o)) + #define PESALIGN(o,a) (((a))?(((o)/(a)+((o)%(a)!=0))*(a)):(o)) + ++#define CLI_UNPSIZELIMITS(NAME,CHK) \ ++if(ctx->limits && ctx->limits->maxfilesize && (CHK) > ctx->limits->maxfilesize) { \ ++ cli_dbgmsg(NAME": Sizes exceeded (%lu > %lu)\n", (CHK), ctx->limits->maxfilesize); \ ++ free(exe_sections); \ ++ if(BLOCKMAX) { \ ++ *ctx->virname = "PE."NAME".ExceededFileSize"; \ ++ return CL_VIRUS; \ ++ } else { \ ++ return CL_CLEAN; \ ++ } \ ++} ++ + extern short cli_leavetemps_flag; + + struct offset_list { +@@ -1153,16 +1165,9 @@ int cli_scanpe(int desc, cli_ctx *ctx) + dsize = exe_sections[i].vsz; + + cli_dbgmsg("MEW: ssize %08x dsize %08x offdiff: %08x\n", ssize, dsize, offdiff); +- if(ctx->limits && ctx->limits->maxfilesize && (ssize + dsize > ctx->limits->maxfilesize || exe_sections[i + 1].rsz > ctx->limits->maxfilesize)) { +- cli_dbgmsg("MEW: Sizes exceeded (ssize: %u, dsize: %u, max: %lu)\n", ssize, dsize , ctx->limits->maxfilesize); +- free(exe_sections); +- if(BLOCKMAX) { +- *ctx->virname = "PE.MEW.ExceededFileSize"; +- return CL_VIRUS; +- } else { +- return CL_CLEAN; +- } +- } ++ ++ CLI_UNPSIZELIMITS("MEW", MAX(ssize, dsize)); ++ CLI_UNPSIZELIMITS("MEW", MAX(ssize + dsize, exe_sections[i + 1].rsz)); + + /* allocate needed buffer */ + if (!(src = cli_calloc (ssize + dsize, sizeof(char)))) { diff --git a/app-antivirus/clamav/files/clamav-0.91.2-CVE-2007-6336.patch b/app-antivirus/clamav/files/clamav-0.91.2-CVE-2007-6336.patch new file mode 100644 index 000000000000..41cc474888c2 --- /dev/null +++ b/app-antivirus/clamav/files/clamav-0.91.2-CVE-2007-6336.patch @@ -0,0 +1,21 @@ +Thu Dec 6 15:15:45 CET 2007 (tk) +--------------------------------- + * libclamav/mspack.c: fix off-by-one error in LZX_READ_HUFFSYM() (bb#663) + + https://wwws.clamav.net/bugzilla/show_bug.cgi?id=663 + + SVN r3374 + +Index: clamav-0.91.2/libclamav/mspack.c +=================================================================== +--- clamav-0.91.2.orig/libclamav/mspack.c ++++ clamav-0.91.2/libclamav/mspack.c +@@ -734,7 +734,7 @@ void mszip_free(struct mszip_stream *zip + + #define LZX_ENSURE_BITS(nbits) \ + while (bits_left < (nbits)) { \ +- if (i_ptr >= i_end) { \ ++ if (i_ptr + 1 >= i_end) { \ + if (lzx_read_input(lzx)) return lzx->error; \ + i_ptr = lzx->i_ptr; \ + i_end = lzx->i_end; \ diff --git a/app-antivirus/clamav/files/clamav-0.91.2-CVE-2007-6337.patch b/app-antivirus/clamav/files/clamav-0.91.2-CVE-2007-6337.patch new file mode 100644 index 000000000000..71edc47c61c3 --- /dev/null +++ b/app-antivirus/clamav/files/clamav-0.91.2-CVE-2007-6337.patch @@ -0,0 +1,24 @@ +Mon Dec 10 15:54:20 CET 2007 (tk) +--------------------------------- + * libclamav/nsis/bzlib_private.h: fix bzlib bug (aCaB) + + SVN r3387 + +Index: clamav-0.91.2/libclamav/nsis/bzlib_private.h +=================================================================== +--- clamav-0.91.2.orig/libclamav/nsis/bzlib_private.h ++++ clamav-0.91.2/libclamav/nsis/bzlib_private.h +@@ -422,11 +422,13 @@ typedef + /*-- Macros for decompression. --*/ + + #define BZ_GET_FAST(cccc) \ ++ if (s->tPos >= s->blockSize100k * 100000) return True; \ + s->tPos = s->tt[s->tPos]; \ + cccc = (UChar)(s->tPos & 0xff); \ + s->tPos >>= 8; + + #define BZ_GET_FAST_C(cccc) \ ++ if (c_tPos >= s->blockSize100k * 100000) return True; \ + c_tPos = c_tt[c_tPos]; \ + cccc = (UChar)(c_tPos & 0xff); \ + c_tPos >>= 8; diff --git a/app-antivirus/clamav/files/digest-clamav-0.91.2-r1 b/app-antivirus/clamav/files/digest-clamav-0.91.2-r1 new file mode 100644 index 000000000000..dff507b523df --- /dev/null +++ b/app-antivirus/clamav/files/digest-clamav-0.91.2-r1 @@ -0,0 +1,3 @@ +MD5 2a7265d17cfa80c32858978f16a3f47b clamav-0.91.2.tar.gz 13394538 +RMD160 9e181a7a4fd08377ff47663aed27f8cc97249a21 clamav-0.91.2.tar.gz 13394538 +SHA256 dac9de86dff5ef4c9a6e4962da24988e1aa74948a21b7fb7b7fed17867ddf2a0 clamav-0.91.2.tar.gz 13394538 |