[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/etch-security, updated. 594a24f3c0e57e508385e31054db831241cfaa56
Stephen Gran
steve at lobefin.net
Fri Sep 5 16:07:48 UTC 2008
The following commit has been merged in the debian/etch-security branch:
commit d5cd70074f598a80b7ee264779ba3bd57f3e86ed
Author: Stephen Gran <steve at lobefin.net>
Date: Fri Sep 5 16:57:42 2008 +0100
libclamav/message.c, mbox.c: fix out-of-memory null dereference in mbox/message (bb#1141)
git-svn-id: http://svn.clamav.net/svn/clamav-devel/trunk@4158 77e5149b-7576-45b1-b177-96237e5ba77b
Conflicts:
libclamav/message.h
Signed-off-by: Stephen Gran <steve at lobefin.net>
diff --git a/debian/changelog b/debian/changelog
index f8f6311..6b7ada6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+clamav (0.90.1dfsg-4etch15) stable-security; urgency=low
+
+ * [CVE-2008-3912]: libclamav/mbox.c, libclamav/message.c: out-of-memory null
+ dereferences
+
+ -- Stephen Gran <sgran at debian.org> Fri, 05 Sep 2008 15:31:07 +0100
+
clamav (0.90.1dfsg-3.1+etch14) stable-security; urgency=high
* Non-maintainer upload by the security team
diff --git a/debian/patches/00list b/debian/patches/00list
index 11edb49..be5f1d3 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -20,3 +20,4 @@
42.pe.c.CVE-2008-1100.dpatch
43.spin.c.CVE-2008-1387.dpatch
44.petite.c.CVE-2008-2713.dpatch
+45.mbox.c.CVE-2008-3912.dpatch
diff --git a/debian/patches/45.mbox.c.CVE-2008-3912.dpatch b/debian/patches/45.mbox.c.CVE-2008-3912.dpatch
new file mode 100644
index 0000000..0157a41
--- /dev/null
+++ b/debian/patches/45.mbox.c.CVE-2008-3912.dpatch
@@ -0,0 +1,104 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 45.mbox.c.CVE-2008-3912.dpatch
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: fix out-of-memory null dereference
+
+ at DPATCH@
+diff --git a/libclamav/mbox.c b/libclamav/mbox.c
+index 0b90329..dd85950 100644
+--- a/libclamav/mbox.c
++++ b/libclamav/mbox.c
+@@ -1528,6 +1528,8 @@ cli_parse_mbox(const char *dir, int desc, cli_ctx *ctx)
+ }
+ }
+
++ if(body->isTruncated && retcode == CL_SUCCESS)
++ retcode = CL_EMEM;
+ /*
+ * Tidy up and quit
+ */
+@@ -1684,6 +1686,11 @@ parseEmailFile(FILE *fin, const table_t *rfc821, const char *firstLine, const ch
+ }
+ fullline = cli_strdup(line);
+ fulllinelength = strlen(line) + 1;
++ if(!fullline) {
++ if(ret)
++ ret->isTruncated = TRUE;
++ break;
++ }
+ } else if(line != NULL) {
+ fulllinelength += strlen(line);
+ ptr = cli_realloc(fullline, fulllinelength);
+diff --git a/libclamav/message.c b/libclamav/message.c
+index a123955..bd87f11 100644
+--- a/libclamav/message.c
++++ b/libclamav/message.c
+@@ -1674,14 +1674,13 @@ messageToText(message *m)
+ for(t_line = messageGetBody(m); t_line; t_line = t_line->t_next) {
+ if(first == NULL)
+ first = last = cli_malloc(sizeof(text));
+- else {
++ else if (last) {
+ last->t_next = cli_malloc(sizeof(text));
+ last = last->t_next;
+ }
+
+ if(last == NULL) {
+ if(first) {
+- last->t_next = NULL;
+ textDestroy(first);
+ }
+ return NULL;
+@@ -1695,7 +1694,8 @@ messageToText(message *m)
+ case UUENCODE:
+ cli_errmsg("messageToText: Unexpected attempt to handle uuencoded file - report to http://bugs.clamav.net\n");
+ if(first) {
+- last->t_next = NULL;
++ if(last)
++ last->t_next = NULL;
+ textDestroy(first);
+ }
+ return NULL;
+@@ -1705,7 +1705,8 @@ messageToText(message *m)
+ if(t_line == NULL) {
+ /*cli_warnmsg("YENCODED attachment is missing begin statement\n");*/
+ if(first) {
+- last->t_next = NULL;
++ if(last)
++ last->t_next = NULL;
+ textDestroy(first);
+ }
+ return NULL;
+@@ -1741,7 +1742,7 @@ messageToText(message *m)
+
+ if(first == NULL)
+ first = last = cli_malloc(sizeof(text));
+- else {
++ else if (last) {
+ last->t_next = cli_malloc(sizeof(text));
+ last = last->t_next;
+ }
+@@ -1779,7 +1780,7 @@ messageToText(message *m)
+ if(decode(m, NULL, data, base64, FALSE) && data[0]) {
+ if(first == NULL)
+ first = last = cli_malloc(sizeof(text));
+- else {
++ else if (last) {
+ last->t_next = cli_malloc(sizeof(text));
+ last = last->t_next;
+ }
+diff --git a/libclamav/message.h b/libclamav/message.h
+index b8f30c0..ecef63a 100644
+--- a/libclamav/message.h
++++ b/libclamav/message.h
+@@ -44,6 +44,9 @@ typedef struct message {
+ text *yenc; /* start of a yEnc message */
+ text *encoding; /* is the non MIME message encoded? */
+ const text *dedupedThisFar;
++
++ unsigned int isTruncated : 1;
++
+ } message;
+
+ message *messageCreate(void);
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list