Trog wrote:
On Thu, 2006-09-07 at 04:05 +0200, Gianluigi Tiesi wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
with this mod I've noticed the name clashes are a lot so I decided to rewrite it
in a more elegant way, the new patch over existing cvs is here:
Your patch breaks all MS Office scanning.
-trog
why? the only difference its:
i = lseek(fd, 0, SEEK_CUR);
that is also conditional (dunno why).
Should I need to add it somewhere?
On win32 name clashes is very frequent while scanning msi files.
On unix is less frequent because the changed char is only /, but
is still exploitable, think about a tweaked file with multiple files
with same name.
handler_writefile() only extract files the difference is the dest
filename... or I'm missing something?
Bye
--
Gianluigi Tiesi <[EMAIL PROTECTED]>
EDP Project Leader
Netfarm S.r.l. - http://www.netfarm.it/
Free Software: http://oss.netfarm.it/
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
