-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 the ole extract code is exploitable, when extracting files without name a name is generated, on unix / is converted in \ on windows more chars when a name is the same of another file it should bail out, the current code ignores it and overwrites the first file, ignoring a possible virus. this code adds \ to invalid chars on windows and bail out if the file exists http://svn.sourceforge.net/viewvc/clamwin/trunk/clamav-devel/libclamav/ole2_extract.c?r1=499&r2=580&view=patch
please not the code doesn't patch unix since O_EXCL is not suitable for nfs. It's not a good idea anyway to use "garbage" as filename, I suggest to generate from scratch a random name, it's more safe. Regards - -- Gianluigi Tiesi <[EMAIL PROTECTED]> EDP Project Leader Netfarm S.r.l. - http://www.netfarm.it/ Free Software: http://oss.netfarm.it/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE/2h03UE5cRfnO04RAoWeAJ9dtz7uWQHRPVMhJi7md75N3r4+6wCgnJ4P nwOcg6FSp1RUzbuoKiq/i5w= =FYN6 -----END PGP SIGNATURE----- _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html
