From 15ce244d0cb123648e6a99086d10af122834fc41 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Fri, 26 Jan 2018 18:01:26 +0100 Subject: [PATCH] clamav: fix fd leakage --- pkgs/tools/security/clamav/default.nix | 2 + pkgs/tools/security/clamav/fd-leak.patch | 49 ++++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 pkgs/tools/security/clamav/fd-leak.patch diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix index 4222f7d33dee..976c58eb1e32 100644 --- a/pkgs/tools/security/clamav/default.nix +++ b/pkgs/tools/security/clamav/default.nix @@ -21,6 +21,8 @@ stdenv.mkDerivation rec { zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre ]; + patches = [ ./fd-leak.patch ]; + configureFlags = [ "--sysconfdir=/etc/clamav" "--disable-llvm" # enabling breaks the build at the moment diff --git a/pkgs/tools/security/clamav/fd-leak.patch b/pkgs/tools/security/clamav/fd-leak.patch new file mode 100644 index 000000000000..2c147901e446 --- /dev/null +++ b/pkgs/tools/security/clamav/fd-leak.patch @@ -0,0 +1,49 @@ +--- a/libclamav/scanners.c 2018-01-26 16:59:00.820231425 +0100 ++++ b/libclamav/scanners.c 2018-01-26 17:39:07.523633805 +0100 +@@ -1366,12 +1366,14 @@ + + if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) { + free(tmpname); ++ free(normalized); + return ret; + } + + if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) { + cli_ac_freedata(&tmdata); + free(tmpname); ++ free(normalized); + return ret; + } + +@@ -1390,6 +1392,7 @@ + cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname); + close(ofd); + free(tmpname); ++ free(normalized); + return CL_EWRITE; + } + text_normalize_reset(&state); +@@ -1424,6 +1427,8 @@ + if (ret) { + cli_ac_freedata(&tmdata); + free(tmpname); ++ free(normalized); ++ close(ofd); + return ret; + } + } +@@ -1466,11 +1471,9 @@ + + } + +- if(ctx->engine->keeptmp) { +- free(tmpname); +- if (ofd >= 0) +- close(ofd); +- } ++ if (ofd >= 0) ++ close(ofd); ++ free(tmpname); + free(normalized); + + if(ret != CL_VIRUS || SCAN_ALL) {