32 lines
1.2 KiB
Diff
32 lines
1.2 KiB
Diff
From 9a6bb57f89721db637f4ddb5b233c1c4e23d223a Mon Sep 17 00:00:00 2001
|
|
From: Micah Snyder <micasnyd@cisco.com>
|
|
Date: Wed, 15 Sep 2021 15:51:53 -0700
|
|
Subject: [PATCH] OOXML: Fix invalid pointer dereference
|
|
|
|
The OOXML parser in libclamav may try to extract an entry that is
|
|
missing a file name. This results in an invalid 0x1 pointer dereference
|
|
in the ZIP parser that is likely to crash the scanning application.
|
|
|
|
This commit fixes the issue by requiring both the PartName (PN) *and*
|
|
the ContentType (CT) variables to be non-NULL or else the entry will be
|
|
skipped.
|
|
|
|
Thank you Laurent Delosieres for reporting this issue.
|
|
---
|
|
libclamav/ooxml.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/libclamav/ooxml.c b/libclamav/ooxml.c
|
|
index 16c436f1a5..644779432c 100644
|
|
--- a/libclamav/ooxml.c
|
|
+++ b/libclamav/ooxml.c
|
|
@@ -245,7 +245,7 @@ static cl_error_t ooxml_content_cb(int fd, const char *filepath, cli_ctx *ctx, c
|
|
cli_dbgmsg("%s: %s\n", localname, value);
|
|
}
|
|
|
|
- if (!CT && !PN) continue;
|
|
+ if (!CT || !PN) continue;
|
|
|
|
if (!xmlStrcmp(CT, (const xmlChar *)"application/vnd.openxmlformats-package.core-properties+xml")) {
|
|
/* default: /docProps/core.xml*/
|