orion / rpms / clamav

Forked from rpms/clamav 4 years ago
Clone
Source Code
GIT

Files

  1.   ae74777314aec831d29d36eef9c0eeff8dc67dec
  2.   libclamav-pe-Use-endian-wrapper-in-more-places.patch
Blob Blame History Raw 
diff -up clamav-1.1.0-rc/libclamav/pe.c.big-endian clamav-1.1.0-rc/libclamav/pe.c
--- clamav-1.1.0-rc/libclamav/pe.c.big-endian	2023-03-30 13:21:27.000000000 -0600
+++ clamav-1.1.0-rc/libclamav/pe.c	2023-04-02 21:32:06.173149296 -0600
@@ -2422,22 +2422,22 @@ static cl_error_t hash_imptbl(cli_ctx *c
 
     /* If the PE doesn't have an import table then skip it. This is an
      * uncommon case but can happen. */
-    if (peinfo->dirs[1].VirtualAddress == 0 || peinfo->dirs[1].Size == 0) {
+    if (EC32(peinfo->dirs[1].VirtualAddress) == 0 || EC32(peinfo->dirs[1].Size) == 0) {
         cli_dbgmsg("scan_pe: import table data dir does not exist (skipping .imp scanning)\n");
         status = CL_BREAK;
         goto done;
     }
 
     // TODO Add EC32 wrappers
-    impoff = cli_rawaddr(peinfo->dirs[1].VirtualAddress, peinfo->sections, peinfo->nsections, &err, fsize, peinfo->hdr_size);
-    if (err || impoff + peinfo->dirs[1].Size > fsize) {
+    impoff = cli_rawaddr(EC32(peinfo->dirs[1].VirtualAddress), peinfo->sections, peinfo->nsections, &err, fsize, peinfo->hdr_size);
+    if (err || impoff + EC32(peinfo->dirs[1].Size) > fsize) {
         cli_dbgmsg("scan_pe: invalid rva for import table data\n");
         status = CL_BREAK;
         goto done;
     }
 
     // TODO Add EC32 wrapper
-    impdes = (const struct pe_image_import_descriptor *)fmap_need_off(map, impoff, peinfo->dirs[1].Size);
+    impdes = (const struct pe_image_import_descriptor *)fmap_need_off(map, impoff, EC32(peinfo->dirs[1].Size));
     if (impdes == NULL) {
         cli_dbgmsg("scan_pe: failed to acquire fmap buffer\n");
         status = CL_EREAD;
@@ -2447,7 +2447,7 @@ static cl_error_t hash_imptbl(cli_ctx *c
 
     /* Safety: We can trust peinfo->dirs[1].Size only because `fmap_need_off()` (above)
      * would have failed if the size exceeds the end of the fmap. */
-    left = peinfo->dirs[1].Size;
+    left = EC32(peinfo->dirs[1].Size);
 
     if (genhash[CLI_HASH_MD5]) {
         hashctx[CLI_HASH_MD5] = cl_hash_init("md5");
@@ -2546,7 +2546,7 @@ static cl_error_t hash_imptbl(cli_ctx *c
 
 done:
     if (needed_impoff) {
-        fmap_unneed_off(map, impoff, peinfo->dirs[1].Size);
+        fmap_unneed_off(map, impoff, EC32(peinfo->dirs[1].Size));
     }
 
     for (type = CLI_HASH_MD5; type < CLI_HASH_AVAIL_TYPES; type++) {
@@ -3250,7 +3250,7 @@ int cli_scanpe(cli_ctx *ctx)
 
     /* Trojan.Swizzor.Gen */
     if (SCAN_HEURISTICS && (DCONF & PE_CONF_SWIZZOR) && peinfo->nsections > 1 && fsize > 64 * 1024 && fsize < 4 * 1024 * 1024) {
-        if (peinfo->dirs[2].Size) {
+        if (EC32(peinfo->dirs[2].Size)) {
             struct swizz_stats *stats = cli_calloc(1, sizeof(*stats));
             unsigned int m            = 1000;
             ret                       = CL_CLEAN;
@@ -5300,13 +5300,13 @@ cl_error_t cli_peheader(fmap_t *map, str
         cli_dbgmsg("EntryPoint offset: 0x%x (%d)\n", peinfo->ep, peinfo->ep);
     }
 
-    if (is_dll || peinfo->ndatadirs < 3 || !peinfo->dirs[2].Size)
+    if (is_dll || peinfo->ndatadirs < 3 || !EC32(peinfo->dirs[2].Size))
         peinfo->res_addr = 0;
     else
         peinfo->res_addr = peinfo->dirs[2].VirtualAddress;
 
     while (opts & CLI_PEHEADER_OPT_EXTRACT_VINFO &&
-           peinfo->ndatadirs >= 3 && peinfo->dirs[2].Size) {
+           peinfo->ndatadirs >= 3 && EC32(peinfo->dirs[2].Size)) {
         struct vinfo_list vlist;
         const uint8_t *vptr, *baseptr;
         uint32_t rva, res_sz;
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.