summary refs log tree commit diff
path: root/pkgs/tools/security/clamav
diff options
context:
space:
mode:
authorRobin Gloster <mail@glob.in>2018-01-26 18:01:26 +0100
committerRobin Gloster <mail@glob.in>2018-01-26 18:29:55 +0100
commit15ce244d0cb123648e6a99086d10af122834fc41 (patch)
tree2ea49f742fc07b3cb293614f4e0b4feb7bb48931 /pkgs/tools/security/clamav
parent31e388dff243efc6c0acd26a49ce59b1075a9a56 (diff)
downloadnixpkgs-15ce244d0cb123648e6a99086d10af122834fc41.tar
nixpkgs-15ce244d0cb123648e6a99086d10af122834fc41.tar.gz
nixpkgs-15ce244d0cb123648e6a99086d10af122834fc41.tar.bz2
nixpkgs-15ce244d0cb123648e6a99086d10af122834fc41.tar.lz
nixpkgs-15ce244d0cb123648e6a99086d10af122834fc41.tar.xz
nixpkgs-15ce244d0cb123648e6a99086d10af122834fc41.tar.zst
nixpkgs-15ce244d0cb123648e6a99086d10af122834fc41.zip
clamav: fix fd leakage
Diffstat (limited to 'pkgs/tools/security/clamav')
-rw-r--r--pkgs/tools/security/clamav/default.nix2


-rw-r--r--pkgs/tools/security/clamav/fd-leak.patch49


2 files changed, 51 insertions, 0 deletions
diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix
index 4222f7d33de..976c58eb1e3 100644
--- a/pkgs/tools/security/clamav/default.nix
+++ b/pkgs/tools/security/clamav/default.nix
@@ -21,6 +21,8 @@ stdenv.mkDerivation rec {
     zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre
   ];
 
+  patches = [ ./fd-leak.patch ];
+
   configureFlags = [
     "--sysconfdir=/etc/clamav"
     "--disable-llvm" # enabling breaks the build at the moment
diff --git a/pkgs/tools/security/clamav/fd-leak.patch b/pkgs/tools/security/clamav/fd-leak.patch
new file mode 100644
index 00000000000..2c147901e44
--- /dev/null
+++ b/pkgs/tools/security/clamav/fd-leak.patch
@@ -0,0 +1,49 @@
+--- a/libclamav/scanners.c	2018-01-26 16:59:00.820231425 +0100
++++ b/libclamav/scanners.c	2018-01-26 17:39:07.523633805 +0100
+@@ -1366,12 +1366,14 @@
+ 
+ 	if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) {
+ 		free(tmpname);
++		free(normalized);
+ 		return ret;
+ 	}
+ 
+ 	if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) {
+ 		cli_ac_freedata(&tmdata);
+ 		free(tmpname);
++		free(normalized);
+ 		return ret;
+ 	}
+ 
+@@ -1390,6 +1392,7 @@
+ 				cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname);
+ 				close(ofd);
+ 				free(tmpname);
++				free(normalized);
+ 				return CL_EWRITE;
+ 			}
+ 			text_normalize_reset(&state);
+@@ -1424,6 +1427,8 @@
+ 			if (ret) {
+ 				cli_ac_freedata(&tmdata);
+ 				free(tmpname);
++				free(normalized);
++				close(ofd);
+ 				return ret;
+ 			}
+ 		}
+@@ -1466,11 +1471,9 @@
+ 
+ 	}
+ 
+-	if(ctx->engine->keeptmp) {
+-		free(tmpname);
+-		if (ofd >= 0)
+-			close(ofd);
+-	}
++	if (ofd >= 0)
++		close(ofd);
++	free(tmpname);
+ 	free(normalized);
+ 
+ 	if(ret != CL_VIRUS || SCAN_ALL)  {

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-23 12:21:40 +0000