Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Victor Stinner <victor.stinner <at> haypocalc.com>
Subject: Bug in OLE2 file parser
Newsgroups: gmane.comp.security.virus.clamav.devel
Date: Wednesday 18th April 2007 11:12:10 UTC (over 10 years ago)
Hi,

I'm doing fuzzing tests on many programs. Yesterdays I tried ClamAV. I
found a 
bug in ole2 parser which can lead to DoS: eat 2 GB on hard drive and use
CPU 
during many minutes.

I built a .doc file of 87 KB with a property of 2 GB. The problem is that 
property size is not checked. I don't know ClamAV but I think that size 
bigger than 1 GB (or smaller) may be rejected. So OLE2 file with a property

size bigger than N bytes have to be rejected (N = min(filesize, maxsize)).

There is two problem:
- max property size
- loop in block chain

To build a 87 KB with a 2 GB property I created an unlimited chain in FAT 
partition. So to fix the bug you can/should also check loop in block chain.

Contact me directly if you're a developer of ClamAV and you want my file.

Victor
-- 
Victor Stinner aka haypo
http://hachoir.org/
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
 
CD: 3ms