rpms/clamav/FC-6 clamav-0.88.7-bz-582.patch, NONE, 1.1 clamav.spec, 1.47, 1.48

Enrico Scholz (ensc) fedora-extras-commits at redhat.com
Sat Aug 25 09:11:24 UTC 2007 

Author: ensc

Update of /cvs/extras/rpms/clamav/FC-6
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2214

Modified Files:
	clamav.spec 
Added Files:
	clamav-0.88.7-bz-582.patch 
Log Message:
fixed DOS in HTML normalizer (backported from 0.91.2)

clamav-0.88.7-bz-582.patch:

--- NEW FILE clamav-0.88.7-bz-582.patch ---
--- clamav-0.88.7/libclamav/htmlnorm.c.bz-582
+++ clamav-0.88.7/libclamav/htmlnorm.c
@@ -1042,33 +1042,37 @@ static int cli_html_normalise(int fd, m_
 				}
 				break;
 			case HTML_RFC2397_INIT:
-				file_tmp_o1 = (file_buff_t *) cli_malloc(sizeof(file_buff_t));
-				if (!file_tmp_o1) {
-					goto abort;
-				}
-				snprintf(filename, 1024, "%s/rfc2397", dirname);
-				tmp_file = cli_gentemp(filename);
-				cli_dbgmsg("RFC2397 data file: %s\n", tmp_file);
-				file_tmp_o1->fd = open(tmp_file, O_WRONLY|O_CREAT|O_TRUNC, S_IWUSR|S_IRUSR);
-				free(tmp_file);
-				if (!file_tmp_o1->fd) {
-					cli_dbgmsg("open failed: %s\n", filename);
-					free(file_tmp_o1);
-					goto abort;
-				}
-				file_tmp_o1->length = 0;
+				if (dirname) {
+					file_tmp_o1 = (file_buff_t *) cli_malloc(sizeof(file_buff_t));
+					if (!file_tmp_o1) {
+						goto abort;
+					}
+					snprintf(filename, 1024, "%s/rfc2397", dirname);
+					tmp_file = cli_gentemp(filename);
+					cli_dbgmsg("RFC2397 data file: %s\n", tmp_file);
+					file_tmp_o1->fd = open(tmp_file, O_WRONLY|O_CREAT|O_TRUNC, S_IWUSR|S_IRUSR);
+					free(tmp_file);
+					if (!file_tmp_o1->fd) {
+						cli_dbgmsg("open failed: %s\n", filename);
+						free(file_tmp_o1);
+						goto abort;
+					}
+					file_tmp_o1->length = 0;
 				
-				html_output_str(file_tmp_o1, "From html-normalise\n", 20);
-				html_output_str(file_tmp_o1, "Content-type: ", 14);
-				if ((tag_val_length == 0) && (*tag_val == ';')) {
+					html_output_str(file_tmp_o1, "From html-normalise\n", 20);
+					html_output_str(file_tmp_o1, "Content-type: ", 14);
+					if ((tag_val_length == 0) && (*tag_val == ';')) {
 						html_output_str(file_tmp_o1, "text/plain\n", 11);
+					}
+					html_output_str(file_tmp_o1, tag_val, tag_val_length);
+					html_output_c(file_tmp_o1, NULL, '\n');
+					if (strstr(tag_val, ";base64") != NULL) {
+						html_output_str(file_tmp_o1, "Content-transfer-encoding: base64\n", 34);
+					}
+					html_output_c(file_tmp_o1, NULL, '\n');
+				} else {
+					file_tmp_o1 = NULL;
 				}
-				html_output_str(file_tmp_o1, tag_val, tag_val_length);
-				html_output_c(file_tmp_o1, NULL, '\n');
-				if (strstr(tag_val, ";base64") != NULL) {
-					html_output_str(file_tmp_o1, "Content-transfer-encoding: base64\n", 34);
-				}
-				html_output_c(file_tmp_o1, NULL, '\n');
 				state = HTML_RFC2397_DATA;
 				binary = TRUE;
 				break;
@@ -1118,9 +1122,11 @@ static int cli_html_normalise(int fd, m_
 				}
 				break;
 			case HTML_RFC2397_FINISH:
-				html_output_flush(file_tmp_o1);
-				close(file_tmp_o1->fd);
-				free(file_tmp_o1);
+				if(file_tmp_o1) {
+					html_output_flush(file_tmp_o1);
+					close(file_tmp_o1->fd);
+					free(file_tmp_o1);
+				}
 				state = HTML_SKIP_WS;
 				escape = FALSE;
 				quoted = NOT_QUOTED;


Index: clamav.spec
===================================================================
RCS file: /cvs/extras/rpms/clamav/FC-6/clamav.spec,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -r1.47 -r1.48
--- clamav.spec	31 May 2007 19:09:41 -0000	1.47
+++ clamav.spec	25 Aug 2007 09:10:51 -0000	1.48
@@ -19,7 +19,7 @@
 Summary:	End-user tools for the Clam Antivirus scanner
 Name:		clamav
 Version:	0.88.7
-Release:	%release_func 3
+Release:	%release_func 4
 
 License:	GPL
 Group:		Applications/File
@@ -44,6 +44,7 @@
 Patch52:	clamav-0.88.7-CVE-2007-0899.patch
 Patch53:	clamav-0.88.7-CVE-2007-2650.patch
 Patch54:	clamav-0.88.7-bz-515.patch
+Patch55:	clamav-0.88.7-bz-582.patch
 BuildRoot:	%_tmppath/%name-%version-%release-root
 Requires:	clamav-lib = %version-%release
 Requires:	data(clamav)
@@ -190,6 +191,7 @@
 %patch52 -p1 -b .cve-2007-0899
 %patch53 -p1 -b .cve-2007-2650
 %patch54 -p1 -b .bz-515
+%patch55 -p1 -b .bz-582
 
 %patch0  -p1 -b '.guys,please-read-the-compiler-warnings-before-doing-a-release.patch'
 %patch1  -p1 -b .strncpy
@@ -459,6 +461,9 @@
 
 
 %changelog
+* Sat Aug 25 2007 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.88.7-4
+- fixed DOS in HTML normalizer (backported from 0.91.2)
+
 * Thu May 31 2007 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.88.7-3
 - [SECURITY] fixed CVE-2007-2650 (OLE2 list loop) and Clamav bug #515
   (broken OOM handling)

More information about the fedora-extras-commits mailing list