rpms
/
clamav
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add upstream patch clamonacc: Fix stack buffer overflow with old curl

This commit is contained in:
Sérgio M. Basto 2021-01-28 00:09:00 +00:00
parent 4cc598c314
commit fc271e6c07
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
2b46876dcccd95eeb329477ba6f413eb485703a8.patch Normal file
View File

@ -0,0 +1,38 @@
From 2b46876dcccd95eeb329477ba6f413eb485703a8 Mon Sep 17 00:00:00 2001
From: Emilio Pozuelo Monfort <pochu27@gmail.com>
Date: Tue, 8 Dec 2020 22:49:11 -0800
Subject: [PATCH] clamonacc: Fix stack buffer overflow with old curl
curl_easy_getinfo expects a long for CURLINFO_ACTIVESOCKET, but
curl_socket_t is an int, which was causing a stack buffer overflow
and crash.
---
clamonacc/client/communication.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/clamonacc/client/communication.c b/clamonacc/client/communication.c
index 2af46aa15a..1d2e53c03e 100644
--- a/clamonacc/client/communication.c
+++ b/clamonacc/client/communication.c
@@ -87,7 +87,9 @@ int onas_sendln(CURL *curl, const void *line, size_t len, int64_t timeout)
curlcode = curl_easy_getinfo(curl, CURLINFO_ACTIVESOCKET, &sockfd);
#else
/* Use deprecated CURLINFO_LASTSOCKET option */
- curlcode = curl_easy_getinfo(curl, CURLINFO_LASTSOCKET, &sockfd);
+ long long_sockfd;
+ curlcode = curl_easy_getinfo(curl, CURLINFO_LASTSOCKET, &long_sockfd);
+ sockfd = (curl_socket_t) long_sockfd;
#endif
if (CURLE_OK != curlcode) {
@@ -152,7 +154,9 @@ int onas_recvln(struct onas_rcvln *rcv_data, char **ret_bol, char **ret_eol, int
rcv_data->curlcode = curl_easy_getinfo(rcv_data->curl, CURLINFO_ACTIVESOCKET, &sockfd);
#else
/* Use deprecated CURLINFO_LASTSOCKET option */
- rcv_data->curlcode = curl_easy_getinfo(rcv_data->curl, CURLINFO_LASTSOCKET, &sockfd);
+ long long_sockfd;
+ rcv_data->curlcode = curl_easy_getinfo(rcv_data->curl, CURLINFO_LASTSOCKET, &long_sockfd);
+ sockfd = (curl_socket_t) long_sockfd;
#endif
if (CURLE_OK != rcv_data->curlcode) {

7
clamav.spec
View File

@ -42,7 +42,7 @@
Summary: End-user tools for the Clam Antivirus scanner
Name: clamav
Version: 0.103.0
Release: 2%{?dist}
Release: 3%{?dist}
License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
URL: https://www.clamav.net/
%if %{with unrar}
@ -93,6 +93,7 @@ Patch2: clamav-0.99-private.patch
Patch4: clamav-check.patch
# Modify clamav-clamonacc.service for Fedora compatibility
Patch5: clamav-clamonacc-service.patch
Patch6: https://github.com/Cisco-Talos/clamav-devel/commit/2b46876dcccd95eeb329477ba6f413eb485703a8.patch
BuildRequires: autoconf
BuildRequires: automake
@ -260,6 +261,7 @@ This package contains files which are needed to run the clamav-milter.
%patch2 -p1 -b .private
%patch4 -p1 -b .check
%patch5 -p1 -b .clamonacc-service
%patch6 -p1 -b .clamonacc-el7
install -p -m0644 %SOURCE300 clamav-milter/
@ -629,6 +631,9 @@ fi
%changelog
* Wed Jan 27 2021 Sérgio Basto <sergio@serjux.com> - 0.103.0-3
- Add upstream patch clamonacc: Fix stack buffer overflow with old curl
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.103.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild