diff options
author | Oliver Eikemeier <eik@FreeBSD.org> | 2004-02-10 14:06:49 +0000 |
---|---|---|
committer | Oliver Eikemeier <eik@FreeBSD.org> | 2004-02-10 14:06:49 +0000 |
commit | 0a6499308d194ca8a8cbc69c73dc179ea17a9aa0 (patch) | |
tree | 395ac438b6708529a8448c525cfca09f547fd4b1 /security/clamav/files | |
parent | Update to 0.04.01 (diff) |
*** SECURITY update ***
- fix a trivially remote exploitable DOS vulnerability
<http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/62586>
<http://www.securityfocus.com/archive/1/353186>
while I'm here, fix stale socket removal. Perhaps enabling
FixStaleSocket in clamav.conf would be a better idea, but
I don't want to overuse this security related commit.
PR: 62586, 62601
Submitted by: eik, Vivek Khera <vivek@khera.org>
Reviewed by: bugtraq mailing list
Approved by: security-officer
Diffstat (limited to 'security/clamav/files')
-rw-r--r-- | security/clamav/files/clamav-clamd.sh | 6 | ||||
-rw-r--r-- | security/clamav/files/patch-libclamav::message.c | 27 |
2 files changed, 30 insertions, 3 deletions
diff --git a/security/clamav/files/clamav-clamd.sh b/security/clamav/files/clamav-clamd.sh index add634772cea..154ecc436b1c 100644 --- a/security/clamav/files/clamav-clamd.sh +++ b/security/clamav/files/clamav-clamd.sh @@ -30,9 +30,9 @@ start_precmd=start_precmd start_precmd() { - if [ -S "$clamd_socket" ]; then - warn "Stale socket $clamd_socket removed." - rm "$clamd_socket" + if [ -S "$clamav_clamd_socket" ]; then + warn "Stale socket $clamav_clamd_socket removed." + rm "$clamav_clamd_socket" fi } diff --git a/security/clamav/files/patch-libclamav::message.c b/security/clamav/files/patch-libclamav::message.c new file mode 100644 index 000000000000..eb322ffb1b3e --- /dev/null +++ b/security/clamav/files/patch-libclamav::message.c @@ -0,0 +1,27 @@ +--- libclamav/message.c.orig Wed Nov 5 11:59:53 2003 ++++ libclamav/message.c Tue Feb 10 14:39:23 2004 +@@ -878,15 +878,20 @@ + if(strcasecmp(line, "end") == 0) + break; + +- assert(strlen(line) <= 62); + if((line[0] & 0x3F) == ' ') + break; + + len = *line++ - ' '; + +- assert((len >= 0) && (len <= 63)); +- +- ptr = decode(line, ptr, uudecode, (len & 3) == 0); ++ if(len < 0 || len > 63) ++ /* ++ * In practice this should never occur since ++ * the maximum length of a uuencoded line is ++ * 62 characters ++ */ ++ cli_warnmsg("uudecode: buffer overflow stopped, attempting to ignore but decoding may fail"); ++ else ++ ptr = decode(line, ptr, uudecode, (len & 3) == 0); + break; + + case BINARY: |