[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
aCaB
acab at clamav.net
Sun Apr 4 01:08:08 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit fc355be43288271249dede07c07e50a0d94bfca9
Author: aCaB <acab at clamav.net>
Date: Fri Oct 23 20:49:12 2009 +0200
unarj leaks
diff --git a/ChangeLog b/ChangeLog
index c9ef7da..4962902 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Fri Oct 23 20:48:12 CEST 2009 (acab)
+------------------------------------
+ * libclamav/unarj: fix error path leaks and valgrind warnings
+
Wed Oct 21 17:50:05 CEST 2009 (acab)
------------------------------------
* win32: introduce safe_open() (sic!)
diff --git a/libclamav/scanners.c b/libclamav/scanners.c
index aba235a..2ee46e5 100644
--- a/libclamav/scanners.c
+++ b/libclamav/scanners.c
@@ -381,15 +381,16 @@ static int cli_scanarj(int desc, cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_c
return ret;
}
- metadata.filename = NULL;
-
do {
+ metadata.filename = NULL;
ret = cli_unarj_prepare_file(desc, dir, &metadata);
if (ret != CL_SUCCESS) {
break;
}
if ((ret = cli_checklimits("ARJ", ctx, metadata.orig_size, metadata.comp_size, 0))!=CL_CLEAN) {
ret = CL_SUCCESS;
+ if (metadata.filename)
+ free(metadata.filename);
continue;
}
ret = cli_unarj_extract_file(desc, dir, &metadata);
@@ -400,6 +401,10 @@ static int cli_scanarj(int desc, cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_c
if (rc == CL_VIRUS) {
cli_dbgmsg("ARJ: infected with %s\n",*ctx->virname);
ret = CL_VIRUS;
+ if (metadata.filename) {
+ free(metadata.filename);
+ metadata.filename = NULL;
+ }
break;
}
}
diff --git a/libclamav/unarj.c b/libclamav/unarj.c
index 7e510fd..bd2eb49 100644
--- a/libclamav/unarj.c
+++ b/libclamav/unarj.c
@@ -408,7 +408,7 @@ static int read_c_len(arj_decode_t *decode_data)
mask = 1 << 7;
do {
if (c >= (2 * NC - 1)) {
- cli_warnmsg("ERROR: bounds exceeded\n");
+ cli_dbgmsg("ERROR: bounds exceeded\n");
decode_data->status = CL_EFORMAT;
return CL_EFORMAT;
}
@@ -442,7 +442,7 @@ static int read_c_len(arj_decode_t *decode_data)
}
while (--c >= 0) {
if (i >= NC) {
- cli_warnmsg("ERROR: bounds exceeded\n");
+ cli_dbgmsg("ERROR: bounds exceeded\n");
decode_data->status = CL_EFORMAT;
return CL_EFORMAT;
}
@@ -450,7 +450,7 @@ static int read_c_len(arj_decode_t *decode_data)
}
} else {
if (i >= NC) {
- cli_warnmsg("ERROR: bounds exceeded\n");
+ cli_dbgmsg("ERROR: bounds exceeded\n");
decode_data->status = CL_EFORMAT;
return CL_EFORMAT;
}
@@ -484,7 +484,7 @@ static uint16_t decode_c(arj_decode_t *decode_data)
mask = 1 << 3;
do {
if (j >= (2 * NC - 1)) {
- cli_warnmsg("ERROR: bounds exceeded\n");
+ cli_dbgmsg("ERROR: bounds exceeded\n");
decode_data->status = CL_EUNPACK;
return 0;
}
@@ -509,7 +509,7 @@ static uint16_t decode_p(arj_decode_t *decode_data)
mask = 1 << 7;
do {
if (j >= (2 * NC - 1)) {
- cli_warnmsg("ERROR: bounds exceeded\n");
+ cli_dbgmsg("ERROR: bounds exceeded\n");
decode_data->status = CL_EUNPACK;
return 0;
}
@@ -537,7 +537,8 @@ static int decode(int fd, arj_metadata_t *metadata)
uint32_t count=0, out_ptr=0;
int16_t chr, i, j;
- decode_data.text = (unsigned char *) cli_malloc(DDICSIZ);
+ memset(&decode_data, 0, sizeof(decode_data));
+ decode_data.text = (unsigned char *) cli_calloc(DDICSIZ, 1);
if (!decode_data.text) {
return CL_EMEM;
}
@@ -569,7 +570,7 @@ static int decode(int fd, arj_metadata_t *metadata)
i += DDICSIZ;
}
if ((i >= DDICSIZ) || (i < 0)) {
- cli_warnmsg("UNARJ: bounds exceeded - probably a corrupted file.\n");
+ cli_dbgmsg("UNARJ: bounds exceeded - probably a corrupted file.\n");
break;
}
if (out_ptr > i && out_ptr < DDICSIZ - MAXMATCH - 1) {
@@ -661,7 +662,8 @@ static int decode_f(int fd, arj_metadata_t *metadata)
int16_t chr, i, j, pos;
dd = &decode_data;
- decode_data.text = (unsigned char *) cli_malloc(DDICSIZ);
+ memset(&decode_data, 0, sizeof(decode_data));
+ decode_data.text = (unsigned char *) cli_calloc(DDICSIZ, 1);
if (!decode_data.text) {
return CL_EMEM;
}
@@ -707,7 +709,7 @@ static int decode_f(int fd, arj_metadata_t *metadata)
i += DDICSIZ;
}
if ((i >= DDICSIZ) || (i < 0)) {
- cli_warnmsg("UNARJ: bounds exceeded - probably a corrupted file.\n");
+ cli_dbgmsg("UNARJ: bounds exceeded - probably a corrupted file.\n");
break;
}
while (j-- > 0) {
@@ -979,12 +981,18 @@ static int arj_read_file_header(int fd, arj_metadata_t *metadata)
/* Skip CRC */
if (lseek(fd, (off_t) 4, SEEK_CUR) == -1) {
+ if(metadata->filename)
+ free(metadata->filename);
+ metadata->filename = NULL;
return CL_EFORMAT;
}
/* Skip past any extended header data */
for (;;) {
if (cli_readn(fd, &count, 2) != 2) {
+ if(metadata->filename)
+ free(metadata->filename);
+ metadata->filename = NULL;
return CL_EFORMAT;
}
count = le16_to_host(count);
@@ -994,6 +1002,9 @@ static int arj_read_file_header(int fd, arj_metadata_t *metadata)
}
/* Skip extended header + 4byte CRC */
if (lseek(fd, (off_t) (count + 4), SEEK_CUR) == -1) {
+ if(metadata->filename)
+ free(metadata->filename);
+ metadata->filename = NULL;
return CL_EFORMAT;
}
}
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list