From 15ce244d0cb123648e6a99086d10af122834fc41 Mon Sep 17 00:00:00 2001
From: Robin Gloster <mail@glob.in>
Date: Fri, 26 Jan 2018 18:01:26 +0100
Subject: clamav: fix fd leakage

---
 pkgs/tools/security/clamav/default.nix   |  2 ++
 pkgs/tools/security/clamav/fd-leak.patch | 49 ++++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+)
 create mode 100644 pkgs/tools/security/clamav/fd-leak.patch

(limited to 'pkgs/tools/security/clamav')

diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix
index 4222f7d33de..976c58eb1e3 100644
--- a/pkgs/tools/security/clamav/default.nix
+++ b/pkgs/tools/security/clamav/default.nix
@@ -21,6 +21,8 @@ stdenv.mkDerivation rec {
     zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre
   ];
 
+  patches = [ ./fd-leak.patch ];
+
   configureFlags = [
     "--sysconfdir=/etc/clamav"
     "--disable-llvm" # enabling breaks the build at the moment
diff --git a/pkgs/tools/security/clamav/fd-leak.patch b/pkgs/tools/security/clamav/fd-leak.patch
new file mode 100644
index 00000000000..2c147901e44
--- /dev/null
+++ b/pkgs/tools/security/clamav/fd-leak.patch
@@ -0,0 +1,49 @@
+--- a/libclamav/scanners.c	2018-01-26 16:59:00.820231425 +0100
++++ b/libclamav/scanners.c	2018-01-26 17:39:07.523633805 +0100
+@@ -1366,12 +1366,14 @@
+ 
+ 	if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) {
+ 		free(tmpname);
++		free(normalized);
+ 		return ret;
+ 	}
+ 
+ 	if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) {
+ 		cli_ac_freedata(&tmdata);
+ 		free(tmpname);
++		free(normalized);
+ 		return ret;
+ 	}
+ 
+@@ -1390,6 +1392,7 @@
+ 				cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname);
+ 				close(ofd);
+ 				free(tmpname);
++				free(normalized);
+ 				return CL_EWRITE;
+ 			}
+ 			text_normalize_reset(&state);
+@@ -1424,6 +1427,8 @@
+ 			if (ret) {
+ 				cli_ac_freedata(&tmdata);
+ 				free(tmpname);
++				free(normalized);
++				close(ofd);
+ 				return ret;
+ 			}
+ 		}
+@@ -1466,11 +1471,9 @@
+ 
+ 	}
+ 
+-	if(ctx->engine->keeptmp) {
+-		free(tmpname);
+-		if (ofd >= 0)
+-			close(ofd);
+-	}
++	if (ofd >= 0)
++		close(ofd);
++	free(tmpname);
+ 	free(normalized);
+ 
+ 	if(ret != CL_VIRUS || SCAN_ALL)  {
-- 
cgit 1.4.1