diff options
author | bouyer <bouyer@pkgsrc.org> | 2018-01-26 16:26:57 +0000 |
---|---|---|
committer | bouyer <bouyer@pkgsrc.org> | 2018-01-26 16:26:57 +0000 |
commit | 38469251f5250a98c3cff92f0fd14aacb2f9a208 (patch) | |
tree | 477553ec09485a7919cc1002a8c8fe8abef7ae86 | |
parent | 47eb69c3dc36aa61fc38aff9504d5322c0bbbe2b (diff) | |
download | pkgsrc-38469251f5250a98c3cff92f0fd14aacb2f9a208.tar.gz |
Fix memory/file descriptor leak in cli_scanscript().
Bump PKGREVISION.
-rw-r--r-- | security/clamav/Makefile | 3 | ||||
-rw-r--r-- | security/clamav/distinfo | 3 | ||||
-rw-r--r-- | security/clamav/patches/patch-libclamav_scanners.c | 92 |
3 files changed, 96 insertions, 2 deletions
diff --git a/security/clamav/Makefile b/security/clamav/Makefile index 685054fe3e6..a0f5e758877 100644 --- a/security/clamav/Makefile +++ b/security/clamav/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.41 2018/01/26 16:24:32 bouyer Exp $ +# $NetBSD: Makefile,v 1.42 2018/01/26 16:26:57 bouyer Exp $ .include "Makefile.common" COMMENT= Anti-virus toolkit +PKGREVISION= 1 USE_LANGUAGES= c c++ USE_LIBTOOL= yes diff --git a/security/clamav/distinfo b/security/clamav/distinfo index 458bfa0de42..3e6173e227f 100644 --- a/security/clamav/distinfo +++ b/security/clamav/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.24 2018/01/26 12:20:16 bouyer Exp $ +$NetBSD: distinfo,v 1.25 2018/01/26 16:26:57 bouyer Exp $ SHA1 (clamav-0.99.3.tar.gz) = 13b37de9bcd1c7c092cd3148db9886c556f12c8f RMD160 (clamav-0.99.3.tar.gz) = 0c999f266b496edc3ac3a59768262d9973363287 @@ -15,3 +15,4 @@ SHA1 (patch-etc_clamd.conf.sample) = 74c995c7df2d5b083bb4465d2ab4cb0cab8670b6 SHA1 (patch-etc_freshclam.conf.sample) = 520ffbca5421ef2dc270e3c5a13cfb36a469e676 SHA1 (patch-libclamav_fmap.c) = a4c08f96e3d3aae57533e8e8294358fcb26a6db4 SHA1 (patch-libclamav_fmap.h) = c486e4fd957f2cc9811c5a0422db69c85f0f9e0f +SHA1 (patch-libclamav_scanners.c) = cf118cd70100c2176738d06c01feb03b4c44a598 diff --git a/security/clamav/patches/patch-libclamav_scanners.c b/security/clamav/patches/patch-libclamav_scanners.c new file mode 100644 index 00000000000..f9d3cfdae89 --- /dev/null +++ b/security/clamav/patches/patch-libclamav_scanners.c @@ -0,0 +1,92 @@ +$NetBSD: patch-libclamav_scanners.c,v 1.1 2018/01/26 16:26:57 bouyer Exp $ + +avoid memory and file descriptor leak. +Submitted upstream as: +https://bugzilla.clamav.net/show_bug.cgi?id=12021 + +--- libclamav/scanners.c.orig 2018-01-26 14:46:31.000000000 +0100 ++++ libclamav/scanners.c 2018-01-26 15:07:28.000000000 +0100 +@@ -1356,8 +1356,8 @@ + + if(!(normalized = cli_malloc(SCANBUFF + maxpatlen))) { + cli_dbgmsg("cli_scanscript: Unable to malloc %u bytes\n", SCANBUFF); +- free(tmpname); +- return CL_EMEM; ++ ret = CL_EMEM; ++ goto out; + } + + text_normalize_init(&state, normalized, SCANBUFF + maxpatlen); +@@ -1365,14 +1365,12 @@ + + + if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) { +- free(tmpname); +- return ret; ++ goto out; + } + + if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) { + cli_ac_freedata(&tmdata); +- free(tmpname); +- return ret; ++ goto out; + } + + mdata[0] = &tmdata; +@@ -1388,9 +1386,8 @@ + + if (write(ofd, state.out, state.out_pos) == -1) { + cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname); +- close(ofd); +- free(tmpname); +- return CL_EWRITE; ++ ret = CL_EWRITE; ++ goto out; + } + text_normalize_reset(&state); + } +@@ -1410,10 +1407,6 @@ + } + *ctx->fmap = map; + +- /* If we aren't keeping temps, delete the normalized file after scan. */ +- if(!(ctx->engine->keeptmp)) +- if (cli_unlink(tmpname)) ret = CL_EUNLINK; +- + } else { + /* Since the above is moderately costly all in all, + * do the old stuff if there's no relative offsets. */ +@@ -1423,8 +1416,7 @@ + ret = cli_ac_caloff(troot, &tmdata, &info); + if (ret) { + cli_ac_freedata(&tmdata); +- free(tmpname); +- return ret; ++ goto out; + } + } + +@@ -1466,12 +1458,18 @@ + + } + +- if(ctx->engine->keeptmp) { ++out: ++ if (tmpname) { ++ if(!ctx->engine->keeptmp) { ++ cli_unlink(tmpname); ++ } + free(tmpname); +- if (ofd >= 0) +- close(ofd); + } +- free(normalized); ++ if (ofd >= 0) ++ close(ofd); ++ ++ if (normalized) ++ free(normalized); + + if(ret != CL_VIRUS || SCAN_ALL) { + if ((ret = cli_exp_eval(ctx, troot, &tmdata, NULL, NULL)) == CL_VIRUS) |