Update to 0.102.3 (bz#1834910)
Security fixes CVE-2020-3341
This commit is contained in:
Orion Poplawski
parent
c899b0eb29
commit
ff339dd10d
|
|
@ -1,89 +0,0 @@
|
|||
From 0e865c4f0e5ea5c4879681d843a9b93fc871fd90 Mon Sep 17 00:00:00 2001
|
||||
From: "Micah Snyder (micasnyd)" <micasnyd@cisco.com>
|
||||
Date: Mon, 6 Apr 2020 15:03:20 -0700
|
||||
Subject: [PATCH] PDF: Fix error Attempt to allocate 0 bytes
|
||||
|
||||
The PDF parser currently prints verbose error messages when attempting
|
||||
to shrink a buffer down to actual data length after decoding if it turns
|
||||
out that the decoded stream was empty (0 bytes). With exception to the
|
||||
verbose error messages, there's no real behavior issue.
|
||||
|
||||
This commit fixes the issue by checking if any bytes were decoded before
|
||||
attempting to shrink the buffer.
|
||||
---
|
||||
libclamav/pdfdecode.c | 27 ++++++++++++++++++---------
|
||||
1 file changed, 18 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/libclamav/pdfdecode.c b/libclamav/pdfdecode.c
|
||||
index 8315f3a761..d63f7b1cd4 100644
|
||||
--- a/libclamav/pdfdecode.c
|
||||
+++ b/libclamav/pdfdecode.c
|
||||
@@ -638,8 +638,11 @@ static cl_error_t filter_rldecode(struct pdf_struct *pdf, struct pdf_obj *obj, s
|
||||
}
|
||||
|
||||
if (rc == CL_SUCCESS) {
|
||||
- /* Shrink output buffer to final the decoded data length to minimize RAM usage */
|
||||
- if (!(temp = cli_realloc(decoded, declen))) {
|
||||
+ if (declen == 0) {
|
||||
+ cli_dbgmsg("cli_pdf: empty stream after inflation completed.\n");
|
||||
+ rc = CL_BREAK;
|
||||
+ } else if (!(temp = cli_realloc(decoded, declen))) {
|
||||
+ /* Shrink output buffer to final the decoded data length to minimize RAM usage */
|
||||
cli_errmsg("cli_pdf: cannot reallocate memory for decoded output\n");
|
||||
rc = CL_EMEM;
|
||||
} else {
|
||||
@@ -647,7 +650,7 @@ static cl_error_t filter_rldecode(struct pdf_struct *pdf, struct pdf_obj *obj, s
|
||||
}
|
||||
}
|
||||
|
||||
- if (rc == CL_SUCCESS) {
|
||||
+ if (rc == CL_SUCCESS || rc == CL_BREAK) {
|
||||
free(token->content);
|
||||
|
||||
cli_dbgmsg("cli_pdf: decoded %lu bytes from %lu total bytes\n",
|
||||
@@ -817,8 +820,11 @@ static cl_error_t filter_flatedecode(struct pdf_struct *pdf, struct pdf_obj *obj
|
||||
(void)inflateEnd(&stream);
|
||||
|
||||
if (rc == CL_SUCCESS) {
|
||||
- /* Shrink output buffer to final the decoded data length to minimize RAM usage */
|
||||
- if (!(temp = cli_realloc(decoded, declen))) {
|
||||
+ if (declen == 0) {
|
||||
+ cli_dbgmsg("cli_pdf: empty stream after inflation completed.\n");
|
||||
+ rc = CL_BREAK;
|
||||
+ } else if (!(temp = cli_realloc(decoded, declen))) {
|
||||
+ /* Shrink output buffer to final the decoded data length to minimize RAM usage */
|
||||
cli_errmsg("cli_pdf: cannot reallocate memory for decoded output\n");
|
||||
rc = CL_EMEM;
|
||||
} else {
|
||||
@@ -826,7 +832,7 @@ static cl_error_t filter_flatedecode(struct pdf_struct *pdf, struct pdf_obj *obj
|
||||
}
|
||||
}
|
||||
|
||||
- if (rc == CL_SUCCESS) {
|
||||
+ if (rc == CL_SUCCESS || rc == CL_BREAK) {
|
||||
free(token->content);
|
||||
|
||||
token->content = decoded;
|
||||
@@ -1099,8 +1105,11 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
|
||||
(void)lzwInflateEnd(&stream);
|
||||
|
||||
if (rc == CL_SUCCESS) {
|
||||
- /* Shrink output buffer to final the decoded data length to minimize RAM usage */
|
||||
- if (!(temp = cli_realloc(decoded, declen))) {
|
||||
+ if (declen == 0) {
|
||||
+ cli_dbgmsg("cli_pdf: empty stream after inflation completed.\n");
|
||||
+ rc = CL_BREAK;
|
||||
+ } else if (!(temp = cli_realloc(decoded, declen))) {
|
||||
+ /* Shrink output buffer to final the decoded data length to minimize RAM usage */
|
||||
cli_errmsg("cli_pdf: cannot reallocate memory for decoded output\n");
|
||||
rc = CL_EMEM;
|
||||
} else {
|
||||
@@ -1108,7 +1117,7 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
|
||||
}
|
||||
}
|
||||
|
||||
- if (rc == CL_SUCCESS) {
|
||||
+ if (rc == CL_SUCCESS || rc == CL_BREAK) {
|
||||
free(token->content);
|
||||
|
||||
token->content = decoded;
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
VERSION=0.102.2
|
||||
VERSION=0.102.3
|
||||
NAME=clamav
|
||||
TARBALL_CLEAN=${NAME}-${VERSION}-norar.tar.xz
|
||||
TARBALL=${NAME}-${VERSION}.tar.gz
|
||||
|
|
|
|||
13
clamav.spec
13
clamav.spec
|
|
@ -40,8 +40,8 @@
|
|||
|
||||
Summary: End-user tools for the Clam Antivirus scanner
|
||||
Name: clamav
|
||||
Version: 0.102.2
|
||||
Release: 9%{?dist}
|
||||
Version: 0.102.3
|
||||
Release: 1%{?dist}
|
||||
License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
|
||||
URL: https://www.clamav.net/
|
||||
%if %{with unrar}
|
||||
|
|
@ -64,7 +64,7 @@ Source5: clamd-README
|
|||
#http://database.clamav.net/main.cvd
|
||||
Source10: main-59.cvd
|
||||
#http://database.clamav.net/daily.cvd
|
||||
Source11: daily-25719.cvd
|
||||
Source11: daily-25811.cvd
|
||||
#http://database.clamav.net/bytecode.cvd
|
||||
Source12: bytecode-331.cvd
|
||||
#for clamonacc
|
||||
|
|
@ -91,8 +91,6 @@ Patch1: clamav-default_confs.patch
|
|||
Patch2: clamav-0.99-private.patch
|
||||
# Patch to use EL7 libcurl
|
||||
Patch3: clamav-curl.patch
|
||||
# Upstream fix for "Attempt to allocate 0 bytes" while scanning PDFs
|
||||
Patch4: https://github.com/Cisco-Talos/clamav-devel/commit/0e865c4f0e5ea5c4879681d843a9b93fc871fd90.patch
|
||||
|
||||
BuildRequires: autoconf automake gettext-devel libtool libtool-ltdl-devel
|
||||
BuildRequires: gcc-c++
|
||||
|
|
@ -255,7 +253,6 @@ This package contains files which are needed to run the clamav-milter.
|
|||
%patch2 -p1 -b .private
|
||||
# Patch to use older libcurl
|
||||
%{?el7:%patch3 -p1 -b .curl}
|
||||
%patch4 -p1 -b .pdf
|
||||
|
||||
install -p -m0644 %SOURCE300 clamav-milter/
|
||||
|
||||
|
|
@ -618,6 +615,10 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Thu May 14 2020 Orion Poplawski <orion@nwra.com> - 0.102.3-1
|
||||
- Update to 0.102.3 (bz#1834910)
|
||||
- Security fixes CVE-2020-3341
|
||||
|
||||
* Sat May 02 2020 Orion Poplawski <orion@nwra.com> - 0.102.2-9
|
||||
- Add upstream patch to fix "Attempt to allocate 0 bytes" errors while scanning
|
||||
certain PDFs
|
||||
|
|
|
|||
6
sources
6
sources
|
|
@ -1,4 +1,4 @@
|
|||
SHA512 (clamav-0.102.2-norar.tar.xz) = e03368f37a3d98c6301924c21cf5af815e01238a022d87f572fcbc8452844e83c5fca92135a88e967a67671fb3b3e3ecb9b621f4937aa4ce44ba4b1c1fe1eedc
|
||||
SHA512 (main-59.cvd) = c01792bdb9e07889af04ead91ba49f440cd4510b81b1c83bdfb10c65f099cf29416699f5485cc13b07c4d24195c81abc0b1c4439f5ba6d5d391b7406ba9fe26c
|
||||
SHA512 (clamav-0.102.3-norar.tar.xz) = edf7c8405159c5230331e410d45208770b3fa7d4763990dffec20dd2842c92624dcc1ee1ec455e09b61632c2023a4046b8fd73b64baa9babfa4505da6cca9f4a
|
||||
SHA512 (bytecode-331.cvd) = 41957106337cb28fd0eb6459bd70ab23b4ce218b3691d592e0f1bc14841696b36b1fbbc4feaef64f7b572b6cbe400f5d44fc4efedd07afe37921a9044a1a8f53
|
||||
SHA512 (daily-25719.cvd) = 652320ff562862d7daa93020173ff43791c4b34618b725879b6ce520f8b364687a8ad7a851a4ffe6d4d4631ec2d527641c70c5678a15bf3733b0914ad9c57822
|
||||
SHA512 (daily-25811.cvd) = 938bf443d59cbb946aefcd2eabfdb856c8cd6f98ec54f1f8c62fe0633e136e56ca20024ecfb04606e4a5265a5a83d86a76819e66d51e948d8a81cbdcabd5226d
|
||||
SHA512 (main-59.cvd) = c01792bdb9e07889af04ead91ba49f440cd4510b81b1c83bdfb10c65f099cf29416699f5485cc13b07c4d24195c81abc0b1c4439f5ba6d5d391b7406ba9fe26c
|
||||
|
|
|
|||
Loading…
Reference in New Issue