[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/etch-security, updated. 594a24f3c0e57e508385e31054db831241cfaa56
Stephen Gran
steve at lobefin.net
Fri Sep 5 16:07:49 UTC 2008
The following commit has been merged in the debian/etch-security branch:
commit 970df7ca708ccc17b25bb0926c317290a5e818dc
Author: Stephen Gran <steve at lobefin.net>
Date: Fri Sep 5 16:24:48 2008 +0100
freshclam/manager.c: fix error path memleaks - bb#1141
git-svn-id: http://svn.clamav.net/svn/clamav-devel/trunk@4126 77e5149b-7576-45b1-b177-96237e5ba77b
Signed-off-by: Stephen Gran <steve at lobefin.net>
diff --git a/debian/changelog b/debian/changelog
index 5f3b679..3986550 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,8 +4,9 @@ clamav (0.90.1dfsg-4etch15) stable-security; urgency=low
dereferences
* [CVE-2008-3914]: libclamav/htmlnorm.c, libclamav/others.c,
libclamav/sis.c: fd leaks
+ * [CVE-2008-3913]: freshclam/manager.c: memory leaks
- -- Stephen Gran <sgran at debian.org> Fri, 05 Sep 2008 16:19:21 +0100
+ -- Stephen Gran <sgran at debian.org> Fri, 05 Sep 2008 16:24:15 +0100
clamav (0.90.1dfsg-3.1+etch14) stable-security; urgency=high
diff --git a/debian/patches/00list b/debian/patches/00list
index fc5fe8e..f741f85 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -22,3 +22,4 @@
44.petite.c.CVE-2008-2713.dpatch
45.mbox.c.CVE-2008-3912.dpatch
46.fd-leak.CVE-2008-3914.dpatch
+47.manager.c.CVE-2008-3913.dpatch
diff --git a/debian/patches/47.manager.c.CVE-2008-3913.dpatch b/debian/patches/47.manager.c.CVE-2008-3913.dpatch
new file mode 100644
index 0000000..fa698f9
--- /dev/null
+++ b/debian/patches/47.manager.c.CVE-2008-3913.dpatch
@@ -0,0 +1,69 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 47.manager.c.CVE-2008-3913.dpatch
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: memory leaks in freshclam error paths
+
+ at DPATCH@
+diff --git a/freshclam/manager.c b/freshclam/manager.c
+index c60c00b..ac58ff6 100644
+--- a/freshclam/manager.c
++++ b/freshclam/manager.c
+@@ -302,6 +302,7 @@ static char *proxyauth(const char *user, const char *pass)
+ buf[len] = '\0';
+ auth = malloc(strlen(buf) + 30);
+ if(!auth) {
++ free(buf);
+ logg("!proxyauth: Can't allocate memory for 'authorization'\n");
+ return NULL;
+ }
+@@ -334,8 +335,10 @@ static struct cl_cvd *remote_cvdhead(const char *file, const char *hostname, cha
+
+ if(user) {
+ authorization = proxyauth(user, pass);
+- if(!authorization)
++ if(!authorization) {
++ free(remotename);
+ return NULL;
++ }
+ }
+ }
+
+@@ -499,8 +502,10 @@ static int getfile(const char *srcfile, const char *destfile, const char *hostna
+
+ if(user) {
+ authorization = proxyauth(user, pass);
+- if(!authorization)
++ if(!authorization) {
++ free(remotename);
+ return 75; /* FIXME */
++ }
+ }
+ }
+
+@@ -523,6 +528,12 @@ static int getfile(const char *srcfile, const char *destfile, const char *hostna
+ "Connection: close\r\n"
+ "\r\n", (remotename != NULL) ? remotename : "", srcfile, hostname, (authorization != NULL) ? authorization : "", agent);
+
++ if(remotename)
++ free(remotename);
++
++ if(authorization)
++ free(authorization);
++
+ memset(ipaddr, 0, sizeof(ipaddr));
+
+ if(ip[0]) /* use ip to connect */
+@@ -544,12 +555,6 @@ static int getfile(const char *srcfile, const char *destfile, const char *hostna
+ return 52;
+ }
+
+- if(remotename)
+- free(remotename);
+-
+- if(authorization)
+- free(authorization);
+-
+ /* read http headers */
+ ch = buffer;
+ i = 0;
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list