Fix for CVE-2008-3914, applied upstream in 0.94
svn diff -c 4124 http://svn.clamav.net/svn/clamav-devel/trunk/
(revision 4123 does not affect clamav-0.92.1)
diff -pruN clamav-0.92.1.orig/libclamav/others.c clamav-0.92.1/libclamav/others.c
--- clamav-0.92.1.orig/libclamav/others.c 2008-02-06 16:49:25.000000000 +0100
+++ clamav-0.92.1/libclamav/others.c 2008-11-13 19:05:01.000000000 +0100
@@ -753,8 +753,11 @@ int cli_filecopy(const char *src, const
return -1;
}
- if(!(buffer = cli_malloc(FILEBUFF)))
+ if(!(buffer = cli_malloc(FILEBUFF))) {
+ close(s);
+ close(d);
return -1;
+ }
while((bytes = cli_readn(s, buffer, FILEBUFF)) > 0)
cli_writen(d, buffer, bytes);