[Pkg-clamav-devel] Bug#507624: Fix prepared

Stephen Gran sgran at debian.org
Wed Dec 3 19:28:11 UTC 2008 

This one time, at band camp, Michael Tautschnig said:
> > On Wednesday 03 December 2008 01:37, Michael Tautschnig wrote:
> > > tag 507624 + pending
> > > thanks
> > >
> > > A patch for this bug has been prepared and is sitting in our git repo,
> > > ready to get uploaded once we get approval.
> > >
> > One other issue that ought to be looked at ....
> > 
> > Leonel Nunez (who helps me out on Ubunt clamav stuff and commented on this 
> > bug) is reviewing older changes to pick up some security fixes from the 0.93 
> > series that I know we missed.  He noticed that the Debian patch is different 
> > than upstreams with the unfortunate affect that the second line of the change 
> > doesn't get executed (I don't do C, so that's how I understood the impact).
> > 
> > See:
> > 
> > http://paste.ubuntu.com/79576/
> > 
> > and 
> > 
> > http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2Flibclamav%2Fothers.c&rev=0&sc=0
> > 
> > Assuming I understand correctly, this ought to be corrected in the next update 
> > too.
> 
> Hmm, I don't really understand what the difference should be. The patch in the
> above paste adds two lines which aren't there in etch's version (which we are
> patching); they might already exist in some 0.92 version being released by
> Ubuntu, though. 

The patch in Debian (most likely my fault) semantically amounts to this:

     if(!(buffer = cli_malloc(FILEBUFF))){
        close(s);
     }
     close(d);
     return -1;

Instead of this:

     if(!(buffer = cli_malloc(FILEBUFF))){
        close(s);
        close(d);
        return -1;
     }

In other words, the buggy version in Debian always closes the fd d and
returns -1 from that block of code, rather than only doing those two
thing if the malloc fails.

Hope that makes it clearer.
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran at debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20081203/24de7229/attachment.pgp

More information about the Pkg-clamav-devel mailing list