summaryrefslogtreecommitdiff
path: root/security/clamav/files
diff options
context:
space:
mode:
authorOliver Eikemeier <eik@FreeBSD.org>2004-02-10 14:06:49 +0000
committerOliver Eikemeier <eik@FreeBSD.org>2004-02-10 14:06:49 +0000
commit0a6499308d194ca8a8cbc69c73dc179ea17a9aa0 (patch)
tree395ac438b6708529a8448c525cfca09f547fd4b1 /security/clamav/files
parentUpdate to 0.04.01 (diff)
*** SECURITY update ***
- fix a trivially remote exploitable DOS vulnerability <http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/62586> <http://www.securityfocus.com/archive/1/353186> while I'm here, fix stale socket removal. Perhaps enabling FixStaleSocket in clamav.conf would be a better idea, but I don't want to overuse this security related commit. PR: 62586, 62601 Submitted by: eik, Vivek Khera <vivek@khera.org> Reviewed by: bugtraq mailing list Approved by: security-officer
Diffstat (limited to 'security/clamav/files')
-rw-r--r--security/clamav/files/clamav-clamd.sh6
-rw-r--r--security/clamav/files/patch-libclamav::message.c27
2 files changed, 30 insertions, 3 deletions
diff --git a/security/clamav/files/clamav-clamd.sh b/security/clamav/files/clamav-clamd.sh
index add634772cea..154ecc436b1c 100644
--- a/security/clamav/files/clamav-clamd.sh
+++ b/security/clamav/files/clamav-clamd.sh
@@ -30,9 +30,9 @@ start_precmd=start_precmd
start_precmd()
{
- if [ -S "$clamd_socket" ]; then
- warn "Stale socket $clamd_socket removed."
- rm "$clamd_socket"
+ if [ -S "$clamav_clamd_socket" ]; then
+ warn "Stale socket $clamav_clamd_socket removed."
+ rm "$clamav_clamd_socket"
fi
}
diff --git a/security/clamav/files/patch-libclamav::message.c b/security/clamav/files/patch-libclamav::message.c
new file mode 100644
index 000000000000..eb322ffb1b3e
--- /dev/null
+++ b/security/clamav/files/patch-libclamav::message.c
@@ -0,0 +1,27 @@
+--- libclamav/message.c.orig Wed Nov 5 11:59:53 2003
++++ libclamav/message.c Tue Feb 10 14:39:23 2004
+@@ -878,15 +878,20 @@
+ if(strcasecmp(line, "end") == 0)
+ break;
+
+- assert(strlen(line) <= 62);
+ if((line[0] & 0x3F) == ' ')
+ break;
+
+ len = *line++ - ' ';
+
+- assert((len >= 0) && (len <= 63));
+-
+- ptr = decode(line, ptr, uudecode, (len & 3) == 0);
++ if(len < 0 || len > 63)
++ /*
++ * In practice this should never occur since
++ * the maximum length of a uuencoded line is
++ * 62 characters
++ */
++ cli_warnmsg("uudecode: buffer overflow stopped, attempting to ignore but decoding may fail");
++ else
++ ptr = decode(line, ptr, uudecode, (len & 3) == 0);
+ break;
+
+ case BINARY: