Backported upstream patch to unbreak e2guardian vs. temp files

This commit is contained in:
Robert Scheck 2017-11-26 03:55:21 +01:00
parent f7d8e9087c
commit 4f3fd81e6a
2 changed files with 143 additions and 1 deletions

View File

@ -0,0 +1,137 @@
https://github.com/vrtadmin/clamav-devel/commit/f5bc94cf01e6a19d5255c0e5f9a5bc2336f5a2b1
backported (re-merge). See also:
- https://bugzilla.clamav.net/show_bug.cgi?id=11549
- https://github.com/e2guardian/e2guardian/issues/159
--- clamav-0.99.2/libclamav/scanners.c 2016-04-22 17:02:19.000000000 +0200
+++ clamav-0.99.2/libclamav/scanners.c.temp-cleanup 2017-11-17 00:59:14.295670694 +0100
@@ -1342,37 +1342,33 @@
return CL_CLEAN;
}
- /* dump to disk only if explicitly asked to
- * or if necessary to check relative offsets,
- * otherwise we can process just in-memory */
- if(ctx->engine->keeptmp || (troot && troot->ac_reloff_num > 0)) {
- if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &ofd))) {
- cli_dbgmsg("cli_scanscript: Can't generate temporary file/descriptor\n");
- return ret;
- }
- if (ctx->engine->keeptmp)
- cli_dbgmsg("cli_scanscript: saving normalized file to %s\n", tmpname);
- }
-
if(!(normalized = cli_malloc(SCANBUFF + maxpatlen))) {
cli_dbgmsg("cli_scanscript: Unable to malloc %u bytes\n", SCANBUFF);
- free(tmpname);
return CL_EMEM;
}
-
text_normalize_init(&state, normalized, SCANBUFF + maxpatlen);
- ret = CL_CLEAN;
-
if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) {
- free(tmpname);
- return ret;
+ free(normalized);
+ return ret;
}
if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) {
- cli_ac_freedata(&tmdata);
- free(tmpname);
- return ret;
+ cli_ac_freedata(&tmdata);
+ free(normalized);
+ return ret;
+ }
+
+ /* dump to disk only if explicitly asked to
+ * or if necessary to check relative offsets,
+ * otherwise we can process just in-memory */
+ if(ctx->engine->keeptmp || (troot && troot->ac_reloff_num > 0)) {
+ if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &ofd))) {
+ cli_dbgmsg("cli_scanscript: Can't generate temporary file/descriptor\n");
+ goto done;
+ }
+ if (ctx->engine->keeptmp)
+ cli_dbgmsg("cli_scanscript: saving normalized file to %s\n", tmpname);
}
mdata[0] = &tmdata;
@@ -1387,10 +1383,9 @@
map_off += written;
if (write(ofd, state.out, state.out_pos) == -1) {
- cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname);
- close(ofd);
- free(tmpname);
- return CL_EWRITE;
+ cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname);
+ ret = CL_EWRITE;
+ goto done;
}
text_normalize_reset(&state);
}
@@ -1409,11 +1404,6 @@
funmap(*ctx->fmap);
}
*ctx->fmap = map;
-
- /* If we aren't keeping temps, delete the normalized file after scan. */
- if(!(ctx->engine->keeptmp))
- if (cli_unlink(tmpname)) ret = CL_EUNLINK;
-
} else {
/* Since the above is moderately costly all in all,
* do the old stuff if there's no relative offsets. */
@@ -1421,11 +1411,8 @@
if (troot) {
cli_targetinfo(&info, 7, map);
ret = cli_ac_caloff(troot, &tmdata, &info);
- if (ret) {
- cli_ac_freedata(&tmdata);
- free(tmpname);
- return ret;
- }
+ if (ret)
+ goto done;
}
while(1) {
@@ -1466,13 +1453,6 @@
}
- if(ctx->engine->keeptmp) {
- free(tmpname);
- if (ofd >= 0)
- close(ofd);
- }
- free(normalized);
-
if(ret != CL_VIRUS || SCAN_ALL) {
if ((ret = cli_exp_eval(ctx, troot, &tmdata, NULL, NULL)) == CL_VIRUS)
viruses_found++;
@@ -1481,9 +1461,19 @@
viruses_found++;
}
+done:
+ free(normalized);
cli_ac_freedata(&tmdata);
cli_ac_freedata(&gmdata);
+ if (ofd != -1)
+ close(ofd);
+ if (tmpname != NULL) {
+ if (!ctx->engine->keeptmp)
+ cli_unlink(tmpname);
+ free(tmpname);
+ }
+
if (SCAN_ALL && viruses_found)
return CL_VIRUS;

View File

@ -5,7 +5,7 @@
Summary: Anti-virus software
Name: clamav
Version: 0.99.2
Release: 2%{?dist}
Release: 3%{?dist}
License: GPLv2
Group: Applications/System
URL: http://www.clamav.net/
@ -32,6 +32,7 @@ Source12: http://db.local.clamav.net/daily-21723.cvd
Source13: http://db.local.clamav.net/bytecode-278.cvd
Patch31: clamav-0.99.1-setsebool.patch
Patch32: clamav-0.99.2-temp-cleanup.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -131,6 +132,7 @@ you will need to install %{name}-devel.
%setup -q -T -c
xz -dc %{SOURCE0} | (cd .. ; tar xvvf -)
%patch31 -p1 -b .setsebool
%patch32 -p1 -b .temp-cleanup
%{__perl} -pi.orig -e 's|/lib\b|/%{_lib}|g;' configure
@ -410,6 +412,9 @@ rm -rf %{buildroot}
%exclude %{_libdir}/libclamav.la
%changelog
* Sun Nov 26 2017 Robert Scheck <robert@fedoraproject.org> - 0.99.2-3
- Backported upstream patch to unbreak e2guardian vs. temp files
* Tue Mar 28 2017 Robert Scheck <robert@fedoraproject.org> - 0.99.2-2
- Ensure that missing or invalid timezone configuration does not
mangle /etc/freshclam.conf in %%post (#1154756)