rpms/clamav
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 0.102.3 (bz#1834910)

Browse Source 
Security fixes CVE-2020-3341
This commit is contained in:
Orion Poplawski 2020-05-13 18:34:25 -06:00
parent c899b0eb29
commit ff339dd10d
4 changed files with 11 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
0e865c4f0e5ea5c4879681d843a9b93fc871fd90.patch
View File

@ -1,89 +0,0 @@
From 0e865c4f0e5ea5c4879681d843a9b93fc871fd90 Mon Sep 17 00:00:00 2001
From: "Micah Snyder (micasnyd)" <micasnyd@cisco.com>
Date: Mon, 6 Apr 2020 15:03:20 -0700
Subject: [PATCH] PDF: Fix error Attempt to allocate 0 bytes
The PDF parser currently prints verbose error messages when attempting
to shrink a buffer down to actual data length after decoding if it turns
out that the decoded stream was empty (0 bytes). With exception to the
verbose error messages, there's no real behavior issue.
This commit fixes the issue by checking if any bytes were decoded before
attempting to shrink the buffer.
---
libclamav/pdfdecode.c | 27 ++++++++++++++++++---------
1 file changed, 18 insertions(+), 9 deletions(-)
diff --git a/libclamav/pdfdecode.c b/libclamav/pdfdecode.c
index 8315f3a761..d63f7b1cd4 100644
--- a/libclamav/pdfdecode.c
+++ b/libclamav/pdfdecode.c
@@ -638,8 +638,11 @@ static cl_error_t filter_rldecode(struct pdf_struct *pdf, struct pdf_obj *obj, s
}
if (rc == CL_SUCCESS) {
- /* Shrink output buffer to final the decoded data length to minimize RAM usage */
- if (!(temp = cli_realloc(decoded, declen))) {
+ if (declen == 0) {
+ cli_dbgmsg("cli_pdf: empty stream after inflation completed.\n");
+ rc = CL_BREAK;
+ } else if (!(temp = cli_realloc(decoded, declen))) {
+ /* Shrink output buffer to final the decoded data length to minimize RAM usage */
cli_errmsg("cli_pdf: cannot reallocate memory for decoded output\n");
rc = CL_EMEM;
} else {
@@ -647,7 +650,7 @@ static cl_error_t filter_rldecode(struct pdf_struct *pdf, struct pdf_obj *obj, s
}
}
- if (rc == CL_SUCCESS) {
+ if (rc == CL_SUCCESS || rc == CL_BREAK) {
free(token->content);
cli_dbgmsg("cli_pdf: decoded %lu bytes from %lu total bytes\n",
@@ -817,8 +820,11 @@ static cl_error_t filter_flatedecode(struct pdf_struct *pdf, struct pdf_obj *obj
(void)inflateEnd(&stream);
if (rc == CL_SUCCESS) {
- /* Shrink output buffer to final the decoded data length to minimize RAM usage */
- if (!(temp = cli_realloc(decoded, declen))) {
+ if (declen == 0) {
+ cli_dbgmsg("cli_pdf: empty stream after inflation completed.\n");
+ rc = CL_BREAK;
+ } else if (!(temp = cli_realloc(decoded, declen))) {
+ /* Shrink output buffer to final the decoded data length to minimize RAM usage */
cli_errmsg("cli_pdf: cannot reallocate memory for decoded output\n");
rc = CL_EMEM;
} else {
@@ -826,7 +832,7 @@ static cl_error_t filter_flatedecode(struct pdf_struct *pdf, struct pdf_obj *obj
}
}
- if (rc == CL_SUCCESS) {
+ if (rc == CL_SUCCESS || rc == CL_BREAK) {
free(token->content);
token->content = decoded;
@@ -1099,8 +1105,11 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
(void)lzwInflateEnd(&stream);
if (rc == CL_SUCCESS) {
- /* Shrink output buffer to final the decoded data length to minimize RAM usage */
- if (!(temp = cli_realloc(decoded, declen))) {
+ if (declen == 0) {
+ cli_dbgmsg("cli_pdf: empty stream after inflation completed.\n");
+ rc = CL_BREAK;
+ } else if (!(temp = cli_realloc(decoded, declen))) {
+ /* Shrink output buffer to final the decoded data length to minimize RAM usage */
cli_errmsg("cli_pdf: cannot reallocate memory for decoded output\n");
rc = CL_EMEM;
} else {
@@ -1108,7 +1117,7 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
}
}
- if (rc == CL_SUCCESS) {
+ if (rc == CL_SUCCESS || rc == CL_BREAK) {
free(token->content);
token->content = decoded;

2
clamav-clean.sh
View File

@ -1,4 +1,4 @@
VERSION=0.102.2 VERSION=0.102.3
NAME=clamav NAME=clamav
TARBALL_CLEAN=${NAME}-${VERSION}-norar.tar.xz TARBALL_CLEAN=${NAME}-${VERSION}-norar.tar.xz
TARBALL=${NAME}-${VERSION}.tar.gz TARBALL=${NAME}-${VERSION}.tar.gz

13
clamav.spec
View File

@ -40,8 +40,8 @@
Summary: End-user tools for the Clam Antivirus scanner Summary: End-user tools for the Clam Antivirus scanner
Name: clamav Name: clamav
Version: 0.102.2 Version: 0.102.3
Release: 9%{?dist} Release: 1%{?dist}
License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2} License: %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
URL: https://www.clamav.net/ URL: https://www.clamav.net/
%if %{with unrar} %if %{with unrar}
@ -64,7 +64,7 @@ Source5: clamd-README
#http://database.clamav.net/main.cvd #http://database.clamav.net/main.cvd
Source10: main-59.cvd Source10: main-59.cvd
#http://database.clamav.net/daily.cvd #http://database.clamav.net/daily.cvd
Source11: daily-25719.cvd Source11: daily-25811.cvd
#http://database.clamav.net/bytecode.cvd #http://database.clamav.net/bytecode.cvd
Source12: bytecode-331.cvd Source12: bytecode-331.cvd
#for clamonacc #for clamonacc
@ -91,8 +91,6 @@ Patch1: clamav-default_confs.patch
Patch2: clamav-0.99-private.patch Patch2: clamav-0.99-private.patch
# Patch to use EL7 libcurl # Patch to use EL7 libcurl
Patch3: clamav-curl.patch Patch3: clamav-curl.patch
# Upstream fix for "Attempt to allocate 0 bytes" while scanning PDFs
Patch4: https://github.com/Cisco-Talos/clamav-devel/commit/0e865c4f0e5ea5c4879681d843a9b93fc871fd90.patch
BuildRequires: autoconf automake gettext-devel libtool libtool-ltdl-devel BuildRequires: autoconf automake gettext-devel libtool libtool-ltdl-devel
BuildRequires: gcc-c++ BuildRequires: gcc-c++
@ -255,7 +253,6 @@ This package contains files which are needed to run the clamav-milter.
%patch2 -p1 -b .private %patch2 -p1 -b .private
# Patch to use older libcurl # Patch to use older libcurl
%{?el7:%patch3 -p1 -b .curl} %{?el7:%patch3 -p1 -b .curl}
%patch4 -p1 -b .pdf
install -p -m0644 %SOURCE300 clamav-milter/ install -p -m0644 %SOURCE300 clamav-milter/
@ -618,6 +615,10 @@ fi
%changelog %changelog
* Thu May 14 2020 Orion Poplawski <orion@nwra.com> - 0.102.3-1
- Update to 0.102.3 (bz#1834910)
- Security fixes CVE-2020-3341
* Sat May 02 2020 Orion Poplawski <orion@nwra.com> - 0.102.2-9 * Sat May 02 2020 Orion Poplawski <orion@nwra.com> - 0.102.2-9
- Add upstream patch to fix "Attempt to allocate 0 bytes" errors while scanning - Add upstream patch to fix "Attempt to allocate 0 bytes" errors while scanning
certain PDFs certain PDFs

6
sources
View File

@ -1,4 +1,4 @@
SHA512 (clamav-0.102.2-norar.tar.xz) = e03368f37a3d98c6301924c21cf5af815e01238a022d87f572fcbc8452844e83c5fca92135a88e967a67671fb3b3e3ecb9b621f4937aa4ce44ba4b1c1fe1eedc SHA512 (clamav-0.102.3-norar.tar.xz) = edf7c8405159c5230331e410d45208770b3fa7d4763990dffec20dd2842c92624dcc1ee1ec455e09b61632c2023a4046b8fd73b64baa9babfa4505da6cca9f4a
SHA512 (main-59.cvd) = c01792bdb9e07889af04ead91ba49f440cd4510b81b1c83bdfb10c65f099cf29416699f5485cc13b07c4d24195c81abc0b1c4439f5ba6d5d391b7406ba9fe26c
SHA512 (bytecode-331.cvd) = 41957106337cb28fd0eb6459bd70ab23b4ce218b3691d592e0f1bc14841696b36b1fbbc4feaef64f7b572b6cbe400f5d44fc4efedd07afe37921a9044a1a8f53 SHA512 (bytecode-331.cvd) = 41957106337cb28fd0eb6459bd70ab23b4ce218b3691d592e0f1bc14841696b36b1fbbc4feaef64f7b572b6cbe400f5d44fc4efedd07afe37921a9044a1a8f53
SHA512 (daily-25719.cvd) = 652320ff562862d7daa93020173ff43791c4b34618b725879b6ce520f8b364687a8ad7a851a4ffe6d4d4631ec2d527641c70c5678a15bf3733b0914ad9c57822 SHA512 (daily-25811.cvd) = 938bf443d59cbb946aefcd2eabfdb856c8cd6f98ec54f1f8c62fe0633e136e56ca20024ecfb04606e4a5265a5a83d86a76819e66d51e948d8a81cbdcabd5226d
SHA512 (main-59.cvd) = c01792bdb9e07889af04ead91ba49f440cd4510b81b1c83bdfb10c65f099cf29416699f5485cc13b07c4d24195c81abc0b1c4439f5ba6d5d391b7406ba9fe26c