CVS commit: pkgsrc/security/clamav

["Manuel Bouyer" <bouyer%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   bouyer
Date:           Fri Jan 26 16:26:57 UTC 2018

Modified Files:
        pkgsrc/security/clamav: Makefile distinfo
Added Files:
        pkgsrc/security/clamav/patches: patch-libclamav_scanners.c

Log Message:
Fix memory/file descriptor leak in cli_scanscript().
Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.41 -r1.42 pkgsrc/security/clamav/Makefile
cvs rdiff -u -r1.24 -r1.25 pkgsrc/security/clamav/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/security/clamav/patches/patch-libclamav_scanners.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/clamav/Makefile
diff -u pkgsrc/security/clamav/Makefile:1.41 pkgsrc/security/clamav/Makefile:1.42
--- pkgsrc/security/clamav/Makefile:1.41        Fri Jan 26 16:24:32 2018
+++ pkgsrc/security/clamav/Makefile     Fri Jan 26 16:26:57 2018
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.41 2018/01/26 16:24:32 bouyer Exp $
+# $NetBSD: Makefile,v 1.42 2018/01/26 16:26:57 bouyer Exp $
 
 .include "Makefile.common"
 
 COMMENT=       Anti-virus toolkit
+PKGREVISION=   1
 
 USE_LANGUAGES=         c c++
 USE_LIBTOOL=           yes

Index: pkgsrc/security/clamav/distinfo
diff -u pkgsrc/security/clamav/distinfo:1.24 pkgsrc/security/clamav/distinfo:1.25
--- pkgsrc/security/clamav/distinfo:1.24        Fri Jan 26 12:20:16 2018
+++ pkgsrc/security/clamav/distinfo     Fri Jan 26 16:26:57 2018
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.24 2018/01/26 12:20:16 bouyer Exp $
+$NetBSD: distinfo,v 1.25 2018/01/26 16:26:57 bouyer Exp $
 
 SHA1 (clamav-0.99.3.tar.gz) = 13b37de9bcd1c7c092cd3148db9886c556f12c8f
 RMD160 (clamav-0.99.3.tar.gz) = 0c999f266b496edc3ac3a59768262d9973363287
@@ -15,3 +15,4 @@ SHA1 (patch-etc_clamd.conf.sample) = 74c
 SHA1 (patch-etc_freshclam.conf.sample) = 520ffbca5421ef2dc270e3c5a13cfb36a469e676
 SHA1 (patch-libclamav_fmap.c) = a4c08f96e3d3aae57533e8e8294358fcb26a6db4
 SHA1 (patch-libclamav_fmap.h) = c486e4fd957f2cc9811c5a0422db69c85f0f9e0f
+SHA1 (patch-libclamav_scanners.c) = cf118cd70100c2176738d06c01feb03b4c44a598

Added files:

Index: pkgsrc/security/clamav/patches/patch-libclamav_scanners.c
diff -u /dev/null pkgsrc/security/clamav/patches/patch-libclamav_scanners.c:1.1
--- /dev/null   Fri Jan 26 16:26:57 2018
+++ pkgsrc/security/clamav/patches/patch-libclamav_scanners.c   Fri Jan 26 16:26:57 2018
@@ -0,0 +1,92 @@
+$NetBSD: patch-libclamav_scanners.c,v 1.1 2018/01/26 16:26:57 bouyer Exp $
+
+avoid memory and file descriptor leak.
+Submitted upstream as:
+https://bugzilla.clamav.net/show_bug.cgi?id=12021
+
+--- libclamav/scanners.c.orig  2018-01-26 14:46:31.000000000 +0100
++++ libclamav/scanners.c       2018-01-26 15:07:28.000000000 +0100
+@@ -1356,8 +1356,8 @@
+ 
+       if(!(normalized = cli_malloc(SCANBUFF + maxpatlen))) {
+               cli_dbgmsg("cli_scanscript: Unable to malloc %u bytes\n", SCANBUFF);
+-              free(tmpname);
+-              return CL_EMEM;
++              ret = CL_EMEM;
++              goto out;
+       }
+ 
+       text_normalize_init(&state, normalized, SCANBUFF + maxpatlen);
+@@ -1365,14 +1365,12 @@
+ 
+ 
+       if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) {
+-              free(tmpname);
+-              return ret;
++              goto out;
+       }
+ 
+       if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) {
+               cli_ac_freedata(&tmdata);
+-              free(tmpname);
+-              return ret;
++              goto out;
+       }
+ 
+       mdata[0] = &tmdata;
+@@ -1388,9 +1386,8 @@
+ 
+                       if  (write(ofd, state.out, state.out_pos) == -1) {
+                               cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname);
+-                              close(ofd);
+-                              free(tmpname);
+-                              return CL_EWRITE;
++                              ret =  CL_EWRITE;
++                              goto out;
+                       }
+                       text_normalize_reset(&state);
+               }
+@@ -1410,10 +1407,6 @@
+               }
+               *ctx->fmap = map;
+ 
+-              /* If we aren't keeping temps, delete the normalized file after scan. */
+-              if(!(ctx->engine->keeptmp))
+-                      if (cli_unlink(tmpname)) ret = CL_EUNLINK;
+-
+       } else {
+               /* Since the above is moderately costly all in all,
+                * do the old stuff if there's no relative offsets. */
+@@ -1423,8 +1416,7 @@
+                       ret = cli_ac_caloff(troot, &tmdata, &info);
+                       if (ret) {
+                               cli_ac_freedata(&tmdata);
+-                              free(tmpname);
+-                              return ret;
++                              goto out;
+                       }
+               }
+ 
+@@ -1466,12 +1458,18 @@
+ 
+       }
+ 
+-      if(ctx->engine->keeptmp) {
++out:
++      if (tmpname) {
++              if(!ctx->engine->keeptmp) {
++                      cli_unlink(tmpname);
++              }
+               free(tmpname);
+-              if (ofd >= 0)
+-                      close(ofd);
+       }
+-      free(normalized);
++      if (ofd >= 0)
++              close(ofd);
++
++      if (normalized)
++              free(normalized);
+ 
+       if(ret != CL_VIRUS || SCAN_ALL)  {
+               if ((ret = cli_exp_eval(ctx, troot, &tmdata, NULL, NULL)) == CL_VIRUS)