From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id DFCD31382C5 for ; Fri, 26 Jan 2018 15:23:53 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 04EE5E0973; Fri, 26 Jan 2018 15:23:53 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C4513E0973 for ; Fri, 26 Jan 2018 15:23:52 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 04492335C0C for ; Fri, 26 Jan 2018 15:23:51 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 8C1601BB for ; Fri, 26 Jan 2018 15:23:49 +0000 (UTC) From: "Thomas Deutschmann" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Thomas Deutschmann" Message-ID: <1516980223.194c79e18139961a9411a22566eb29d764081ef2.whissi@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: app-antivirus/clamav/clamav-0.99.3-r1.ebuild app-antivirus/clamav/clamav-0.99.3.ebuild app-antivirus/clamav/files/clamav-0.99.3-fix-fd-leaks-in-cli_scanscript.patch X-VCS-Directories: app-antivirus/clamav/files/ app-antivirus/clamav/ X-VCS-Committer: whissi X-VCS-Committer-Name: Thomas Deutschmann X-VCS-Revision: 194c79e18139961a9411a22566eb29d764081ef2 X-VCS-Branch: master Date: Fri, 26 Jan 2018 15:23:49 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 35669fb0-8954-46dc-bcbd-84741a9dc52c X-Archives-Hash: c03eeb9d9f72148c39ad602dd1f7b08c commit: 194c79e18139961a9411a22566eb29d764081ef2 Author: Thomas Deutschmann gentoo org> AuthorDate: Fri Jan 26 15:23:29 2018 +0000 Commit: Thomas Deutschmann gentoo org> CommitDate: Fri Jan 26 15:23:43 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=194c79e1 app-antivirus/clamav: rev bump to fix fd leak in cli_scanscript Package-Manager: Portage-2.3.20, Repoman-2.3.6 ...lamav-0.99.3.ebuild => clamav-0.99.3-r1.ebuild} | 1 + ...mav-0.99.3-fix-fd-leaks-in-cli_scanscript.patch | 132 +++++++++++++++++++++ 2 files changed, 133 insertions(+) diff --git a/app-antivirus/clamav/clamav-0.99.3.ebuild b/app-antivirus/clamav/clamav-0.99.3-r1.ebuild similarity index 98% rename from app-antivirus/clamav/clamav-0.99.3.ebuild rename to app-antivirus/clamav/clamav-0.99.3-r1.ebuild index 3a577d05ac2..adb446d1472 100644 --- a/app-antivirus/clamav/clamav-0.99.3.ebuild +++ b/app-antivirus/clamav/clamav-0.99.3-r1.ebuild @@ -40,6 +40,7 @@ PATCHES=( "${FILESDIR}"/${PN}-0.99.2-tinfo.patch "${FILESDIR}"/${PN}-0.99.2-bytecode_api.patch "${FILESDIR}"/${PN}-0.99.2-pcre2-compile-erroffset.patch + "${FILESDIR}"/${PN}-0.99.3-fix-fd-leaks-in-cli_scanscript.patch ) pkg_setup() { diff --git a/app-antivirus/clamav/files/clamav-0.99.3-fix-fd-leaks-in-cli_scanscript.patch b/app-antivirus/clamav/files/clamav-0.99.3-fix-fd-leaks-in-cli_scanscript.patch new file mode 100644 index 00000000000..a457a71758c --- /dev/null +++ b/app-antivirus/clamav/files/clamav-0.99.3-fix-fd-leaks-in-cli_scanscript.patch @@ -0,0 +1,132 @@ +Author: Manuel Mausz + +http://lists.clamav.net/pipermail/clamav-users/2018-January/005687.html + +--- clamav-0.99.3/libclamav/scanners.c.orig 2018-01-26 14:35:23.299386703 +0100 ++++ clamav-0.99.3/libclamav/scanners.c 2018-01-26 14:47:44.422451335 +0100 +@@ -1342,39 +1342,35 @@ + return CL_CLEAN; + } + +- /* dump to disk only if explicitly asked to +- * or if necessary to check relative offsets, +- * otherwise we can process just in-memory */ +- if(ctx->engine->keeptmp || (troot && troot->ac_reloff_num > 0)) { +- if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &ofd))) { +- cli_dbgmsg("cli_scanscript: Can't generate temporary file/descriptor\n"); +- return ret; +- } +- if (ctx->engine->keeptmp) +- cli_dbgmsg("cli_scanscript: saving normalized file to %s\n", tmpname); +- } +- + if(!(normalized = cli_malloc(SCANBUFF + maxpatlen))) { + cli_dbgmsg("cli_scanscript: Unable to malloc %u bytes\n", SCANBUFF); +- free(tmpname); + return CL_EMEM; + } +- + text_normalize_init(&state, normalized, SCANBUFF + maxpatlen); +- ret = CL_CLEAN; +- + + if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) { +- free(tmpname); ++ free(normalized); + return ret; + } + + if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) { + cli_ac_freedata(&tmdata); +- free(tmpname); ++ free(normalized); + return ret; + } + ++ /* dump to disk only if explicitly asked to ++ * or if necessary to check relative offsets, ++ * otherwise we can process just in-memory */ ++ if(ctx->engine->keeptmp || (troot && troot->ac_reloff_num > 0)) { ++ if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &ofd))) { ++ cli_dbgmsg("cli_scanscript: Can't generate temporary file/descriptor\n"); ++ goto done; ++ } ++ if (ctx->engine->keeptmp) ++ cli_dbgmsg("cli_scanscript: saving normalized file to %s\n", tmpname); ++ } ++ + mdata[0] = &tmdata; + mdata[1] = &gmdata; + +@@ -1388,9 +1384,8 @@ + + if (write(ofd, state.out, state.out_pos) == -1) { + cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname); +- close(ofd); +- free(tmpname); +- return CL_EWRITE; ++ ret = CL_EWRITE; ++ goto done; + } + text_normalize_reset(&state); + } +@@ -1409,11 +1404,6 @@ + funmap(*ctx->fmap); + } + *ctx->fmap = map; +- +- /* If we aren't keeping temps, delete the normalized file after scan. */ +- if(!(ctx->engine->keeptmp)) +- if (cli_unlink(tmpname)) ret = CL_EUNLINK; +- + } else { + /* Since the above is moderately costly all in all, + * do the old stuff if there's no relative offsets. */ +@@ -1421,11 +1411,8 @@ + if (troot) { + cli_targetinfo(&info, 7, map); + ret = cli_ac_caloff(troot, &tmdata, &info); +- if (ret) { +- cli_ac_freedata(&tmdata); +- free(tmpname); +- return ret; +- } ++ if (ret) ++ goto done; + } + + while(1) { +@@ -1466,13 +1453,6 @@ + + } + +- if(ctx->engine->keeptmp) { +- free(tmpname); +- if (ofd >= 0) +- close(ofd); +- } +- free(normalized); +- + if(ret != CL_VIRUS || SCAN_ALL) { + if ((ret = cli_exp_eval(ctx, troot, &tmdata, NULL, NULL)) == CL_VIRUS) + viruses_found++; +@@ -1481,9 +1461,19 @@ + viruses_found++; + } + ++done: ++ free(normalized); + cli_ac_freedata(&tmdata); + cli_ac_freedata(&gmdata); + ++ if (ofd != -1) ++ close(ofd); ++ if (tmpname != NULL) { ++ if (!ctx->engine->keeptmp) ++ if (cli_unlink(tmpname)) ret = CL_EUNLINK; ++ free(tmpname); ++ } ++ + if (SCAN_ALL && viruses_found) + return CL_VIRUS; +