rpms / clamav

Clone
Source Code
GIT

Files

  1.   c4e8dc89829a8f2be924f5e3e1f289158f327105
  2.   clamav-0.93.3-CVE-2008-3912.diff
Blob Blame History Raw 
Fix for CVE-2008-3912, applied upstream in 0.94
svn diff -c 4158 http://svn.clamav.net/svn/clamav-devel/trunk/

diff -pruN clamav-0.93.3.orig/libclamav/mbox.c clamav-0.93.3/libclamav/mbox.c
--- clamav-0.93.3.orig/libclamav/mbox.c	2008-06-04 14:13:34.000000000 +0200
+++ clamav-0.93.3/libclamav/mbox.c	2008-11-13 18:10:37.000000000 +0100
@@ -1463,6 +1463,8 @@ cli_parse_mbox(const char *dir, int desc
 			}
 		}
 
+		if(body->isTruncated && retcode == CL_SUCCESS)
+			retcode = CL_EMEM;
 		/*
 		 * Tidy up and quit
 		 */
@@ -1639,6 +1641,11 @@ parseEmailFile(FILE *fin, const table_t 
 					}
 					fullline = cli_strdup(line);
 					fulllinelength = strlen(line) + 1;
+					if(!fullline) {
+						if(ret)
+							ret->isTruncated = TRUE;
+						break;
+					}
 				} else if(line != NULL) {
 					fulllinelength += strlen(line);
 					ptr = cli_realloc(fullline, fulllinelength);
diff -pruN clamav-0.93.3.orig/libclamav/message.c clamav-0.93.3/libclamav/message.c
--- clamav-0.93.3.orig/libclamav/message.c	2008-04-14 21:03:06.000000000 +0200
+++ clamav-0.93.3/libclamav/message.c	2008-11-13 18:10:37.000000000 +0100
@@ -1819,14 +1819,13 @@ messageToText(message *m)
 				for(t_line = messageGetBody(m); t_line; t_line = t_line->t_next) {
 					if(first == NULL)
 						first = last = cli_malloc(sizeof(text));
-					else {
+					else if (last) {
 						last->t_next = cli_malloc(sizeof(text));
 						last = last->t_next;
 					}
 
 					if(last == NULL) {
 						if(first) {
-							last->t_next = NULL;
 							textDestroy(first);
 						}
 						return NULL;
@@ -1840,7 +1839,8 @@ messageToText(message *m)
 			case UUENCODE:
 				cli_errmsg("messageToText: Unexpected attempt to handle uuencoded file - report to http://bugs.clamav.net\n");
 				if(first) {
-					last->t_next = NULL;
+					if(last)
+						last->t_next = NULL;
 					textDestroy(first);
 				}
 				return NULL;
@@ -1850,7 +1850,8 @@ messageToText(message *m)
 				if(t_line == NULL) {
 					/*cli_warnmsg("YENCODED attachment is missing begin statement\n");*/
 					if(first) {
-						last->t_next = NULL;
+						if(last)
+							last->t_next = NULL;
 						textDestroy(first);
 					}
 					return NULL;
@@ -1886,7 +1887,7 @@ messageToText(message *m)
 
 			if(first == NULL)
 				first = last = cli_malloc(sizeof(text));
-			else {
+			else if (last) {
 				last->t_next = cli_malloc(sizeof(text));
 				last = last->t_next;
 			}
@@ -1924,7 +1925,7 @@ messageToText(message *m)
 			if(decode(m, NULL, data, base64, FALSE) && data[0]) {
 				if(first == NULL)
 					first = last = cli_malloc(sizeof(text));
-				else {
+				else if (last) {
 					last->t_next = cli_malloc(sizeof(text));
 					last = last->t_next;
 				}
diff -pruN clamav-0.93.3.orig/libclamav/message.h clamav-0.93.3/libclamav/message.h
--- clamav-0.93.3.orig/libclamav/message.h	2008-04-02 22:17:27.000000000 +0200
+++ clamav-0.93.3/libclamav/message.h	2008-11-13 18:10:37.000000000 +0100
@@ -46,6 +46,7 @@ typedef struct message {
 
 	char	base64_1, base64_2, base64_3;
 	unsigned	int	isInfected : 1;
+	unsigned        int     isTruncated  : 1;
 
 } message;
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.