[Pkg-clamav-devel] Bug#507624: Fix prepared
Michael Tautschnig
mt at debian.org
Wed Dec 3 19:52:47 UTC 2008
> [...]
> >
> > The patch in Debian (most likely my fault) semantically amounts to this:
> >
> > if(!(buffer = cli_malloc(FILEBUFF))){
> > close(s);
> > }
> > close(d);
> > return -1;
> >
> > Instead of this:
> >
> > if(!(buffer = cli_malloc(FILEBUFF))){
> > close(s);
> > close(d);
> > return -1;
> > }
> >
> > In other words, the buggy version in Debian always closes the fd d and
> > returns -1 from that block of code, rather than only doing those two
> > thing if the malloc fails.
> >
> > Hope that makes it clearer.
>
> OMG, I forgot about the missing { } -- I guess we should ask the security team
> to wait for another upload fixing this? I can do it, but would like to get your
> ok.
>
Well, that is a bug indeed, but the cli_filecopy function (which contains that
code) is never actually called!? So, should we fix it or not?
Best,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20081203/e7872e21/attachment.pgp
More information about the Pkg-clamav-devel
mailing list