[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/etch-security, updated. 594a24f3c0e57e508385e31054db831241cfaa56
Stephen Gran
steve at lobefin.net
Fri Sep 5 16:07:48 UTC 2008
The following commit has been merged in the debian/etch-security branch:
commit 04a685cc282a0831b162a9219a2b576571ac5fbb
Author: Stephen Gran <steve at lobefin.net>
Date: Fri Sep 5 16:20:15 2008 +0100
[CVE-2008-3914]: various fd leaks
Signed-off-by: Stephen Gran <steve at lobefin.net>
diff --git a/debian/changelog b/debian/changelog
index 6b7ada6..5f3b679 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,8 +2,10 @@ clamav (0.90.1dfsg-4etch15) stable-security; urgency=low
* [CVE-2008-3912]: libclamav/mbox.c, libclamav/message.c: out-of-memory null
dereferences
+ * [CVE-2008-3914]: libclamav/htmlnorm.c, libclamav/others.c,
+ libclamav/sis.c: fd leaks
- -- Stephen Gran <sgran at debian.org> Fri, 05 Sep 2008 15:31:07 +0100
+ -- Stephen Gran <sgran at debian.org> Fri, 05 Sep 2008 16:19:21 +0100
clamav (0.90.1dfsg-3.1+etch14) stable-security; urgency=high
diff --git a/debian/patches/00list b/debian/patches/00list
index be5f1d3..fc5fe8e 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -21,3 +21,4 @@
43.spin.c.CVE-2008-1387.dpatch
44.petite.c.CVE-2008-2713.dpatch
45.mbox.c.CVE-2008-3912.dpatch
+46.fd-leak.CVE-2008-3914.dpatch
diff --git a/debian/patches/46.fd-leak.CVE-2008-3914.dpatch b/debian/patches/46.fd-leak.CVE-2008-3914.dpatch
new file mode 100644
index 0000000..75b8c21
--- /dev/null
+++ b/debian/patches/46.fd-leak.CVE-2008-3914.dpatch
@@ -0,0 +1,78 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 46.fd-leak.CVE-2008-3914.dpatch
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix various fd leaks
+
+ at DPATCH@
+diff --git a/libclamav/htmlnorm.c b/libclamav/htmlnorm.c
+index d06f370..a85ca99 100644
+--- a/libclamav/htmlnorm.c
++++ b/libclamav/htmlnorm.c
+@@ -1391,7 +1391,7 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag
+ cli_dbgmsg("RFC2397 data file: %s\n", tmp_file);
+ file_tmp_o1->fd = open(tmp_file, O_WRONLY|O_CREAT|O_TRUNC, S_IWUSR|S_IRUSR);
+ free(tmp_file);
+- if (!file_tmp_o1->fd) {
++ if (file_tmp_o1->fd < 0) {
+ cli_dbgmsg("open failed: %s\n", filename);
+ free(file_tmp_o1);
+ goto abort;
+@@ -1546,17 +1546,20 @@ abort:
+ }
+ if (file_buff_o1) {
+ html_output_flush(file_buff_o1);
+- close(file_buff_o1->fd);
++ if(file_buff_o1->fd != -1)
++ close(file_buff_o1->fd);
+ free(file_buff_o1);
+ }
+ if (file_buff_o2) {
+ html_output_flush(file_buff_o2);
+- close(file_buff_o2->fd);
++ if(file_buff_o2->fd != -1)
++ close(file_buff_o2->fd);
+ free(file_buff_o2);
+ }
+ if (file_buff_script) {
+ html_output_flush(file_buff_script);
+- close(file_buff_script->fd);
++ if(file_buff_script->fd != -1)
++ close(file_buff_script->fd);
+ free(file_buff_script);
+ }
+ return retval;
+@@ -1626,7 +1629,7 @@ int html_screnc_decode(int fd, const char *dirname)
+ file_buff.fd = open(filename, O_WRONLY|O_CREAT|O_TRUNC, S_IWUSR|S_IRUSR);
+ file_buff.length = 0;
+
+- if (!file_buff.fd) {
++ if (file_buff.fd < 0) {
+ cli_dbgmsg("open failed: %s\n", filename);
+ fclose(stream_in);
+ return FALSE;
+diff --git a/libclamav/others.c b/libclamav/others.c
+index 1ee20de..e9d9a86 100644
+--- a/libclamav/others.c
++++ b/libclamav/others.c
+@@ -812,6 +812,8 @@ int cli_filecopy(const char *src, const char *dest)
+ }
+
+ if(!(buffer = cli_malloc(FILEBUFF)))
++ close(s);
++ close(d);
+ return -1;
+
+ while((bytes = cli_readn(s, buffer, FILEBUFF)) > 0)
+diff --git a/libclamav/sis.c b/libclamav/sis.c
+index 2849265..8fd7192 100644
+--- a/libclamav/sis.c
++++ b/libclamav/sis.c
+@@ -325,6 +325,7 @@ static int sis_extract_simple(int fd, char *mfile, uint32_t length, uint32_t off
+ cli_errmsg("SIS: sis_extract_simple: Can't write %d bytes to %s\n", filelen, fname);
+ free(subdir);
+ free(fname);
++ close(desc);
+ if(compressed)
+ free(buff);
+ return CL_EIO;
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list