SECURITY and other bug fixes.

- A vulnerability in ClamAV's chm-parser allowed remote attackers to
cause a denial of service (application crash) via a malformed CHM file
(CVE-2008-1389).

- A vulnerability in libclamav would allow attackers to cause a
denial of service via vectors related to an out-of-memory condition
(CVE-2008-3912).

- Multiple memory leaks were found in ClamAV that could possibly allow
attackers to cause a denial of service via excessive memory consumption
(CVE-2008-3913).

- A number of unspecified vulnerabilities in ClamAV were reported that
have an unknown impact and attack vectors related to file descriptor
leaks (CVE-2008-3914).

various OpenBSD patches rolled in upstream. thanks to sturm@
for looking over systrace.filter (needed for the test of sendmsg()
in configure to enable FD passing).
This commit is contained in:
sthen 2008-09-14 15:00:43 +00:00
parent 71dfa24664
commit 9e5aaab242
17 changed files with 49 additions and 260 deletions

View File

@ -1,11 +1,11 @@
# $OpenBSD: Makefile,v 1.38 2008/07/08 22:38:12 sthen Exp $
# $OpenBSD: Makefile,v 1.39 2008/09/14 15:00:43 sthen Exp $
COMMENT= virus scanner
DISTNAME= clamav-0.93.3
DISTNAME= clamav-0.94
CATEGORIES= security
SHARED_LIBS= clamav 8.0 \
clamunrar 0.0 \
clamunrar_iface 0.0
SHARED_LIBS= clamav 9.0 \
clamunrar 1.0 \
clamunrar_iface 1.0
HOMEPAGE= http://www.clamav.net/
@ -19,6 +19,8 @@ PERMIT_DISTFILES_FTP= Yes
WANTLIB= c milter pthread wrap z
BUILD_DEPENDS= ::devel/check
LIB_DEPENDS= gmp.>=6::devel/gmp \
bz2.>=10::archivers/bzip2 \
iconv.>=4::converters/libiconv
@ -45,7 +47,7 @@ CONFIGURE_ARGS+= --disable-clamav \
--disable-cr \
--with-dbdir=/var/db/clamav
NO_REGRESS= Yes
REGRESS_TARGET= check
CONFIGURE_ENV+= LDFLAGS="-pthread -L/usr/lib -L../libclamav/.libs -L${LOCALBASE}/lib" \
CPPFLAGS="-I/usr/include -I${LOCALBASE}/include"

View File

@ -1,5 +1,5 @@
MD5 (clamav-0.93.3.tar.gz) = Bth/vs4GLlwGYe4HcDIIyQ==
RMD160 (clamav-0.93.3.tar.gz) = g3kUh5DMVFyAFwnUa324djT0P2c=
SHA1 (clamav-0.93.3.tar.gz) = ASQGE7Y5FE+o+mVYJfZYfgRKHBw=
SHA256 (clamav-0.93.3.tar.gz) = eqmHlmcd/j21og4lZpQExORGHSpsd941Lt+Z8smJ5QA=
SIZE (clamav-0.93.3.tar.gz) = 18242568
MD5 (clamav-0.94.tar.gz) = 0/bV//LbgZUEkXSRZqsP+g==
RMD160 (clamav-0.94.tar.gz) = WYVht2seTuFBIDiLobvcrFrHv+U=
SHA1 (clamav-0.94.tar.gz) = 1poMRirD71Uyk4T44TbZt7wbjsU=
SHA256 (clamav-0.94.tar.gz) = rhiMGJNuqRVOtqhepVPCn0NJ7j6VRXBV+uX+G5ga9gI=
SIZE (clamav-0.94.tar.gz) = 20509228

View File

@ -1,6 +1,6 @@
--- clamav-milter/clamav-milter.c.orig Tue May 27 04:40:29 2008
+++ clamav-milter/clamav-milter.c Thu Jun 12 17:31:16 2008
@@ -1134,7 +1134,7 @@ main(int argc, char **argv)
--- clamav-milter/clamav-milter.c.orig Mon Sep 1 18:19:44 2008
+++ clamav-milter/clamav-milter.c Fri Sep 5 02:32:34 2008
@@ -1201,7 +1201,7 @@ main(int argc, char **argv)
* uid == 0 for that
*/
on = 1;
@ -9,7 +9,7 @@
perror("setsockopt");
return EX_UNAVAILABLE;
}
@@ -1157,7 +1157,7 @@ main(int argc, char **argv)
@@ -1224,7 +1224,7 @@ main(int argc, char **argv)
memset(&ifr, '\0', sizeof(struct ifreq));
strncpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name) - 1);
ifr.ifr_name[sizeof(ifr.ifr_name)-1]='\0';

View File

@ -1,10 +1,10 @@
$OpenBSD: patch-clamd_Makefile_in,v 1.7 2008/04/16 19:46:01 mbalmer Exp $
--- clamd/Makefile.in.orig Wed Apr 9 17:55:29 2008
+++ clamd/Makefile.in Mon Apr 14 18:44:26 2008
@@ -144,7 +144,9 @@ INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
$OpenBSD: patch-clamd_Makefile_in,v 1.8 2008/09/14 15:00:43 sthen Exp $
--- clamd/Makefile.in.orig Mon Sep 1 19:49:47 2008
+++ clamd/Makefile.in Fri Sep 5 02:34:08 2008
@@ -152,7 +152,9 @@ INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
LCOV = @LCOV@
-LDFLAGS = @LDFLAGS@
+# Do not generate "LDFLAGS = -L/usr/local/lib" to build on systems that have
+# have an older libclamav installed.

View File

@ -1,22 +0,0 @@
$OpenBSD: patch-clamd_clamd_c,v 1.1 2008/04/16 19:46:01 mbalmer Exp $
--- clamd/clamd.c.orig Thu Mar 6 19:41:03 2008
+++ clamd/clamd.c Mon Apr 14 21:54:34 2008
@@ -374,12 +374,18 @@ int main(int argc, char **argv)
/* fork into background */
if(!cfgopt(copt, "Foreground")->enabled) {
+ for (ret = 0; ret < nlsockets; ret++)
+ fcntl(lsockets[ret], F_SETFL, fcntl(lsockets[ret], F_GETFL)
+ | O_NONBLOCK);
if(daemonize() == -1) {
logg("!daemonize() failed\n");
logg_close();
freecfg(copt);
return 1;
}
+ for (ret = 0; ret < nlsockets; ret++)
+ fcntl(lsockets[ret], F_SETFL, fcntl(lsockets[ret], F_GETFL)
+ & ~O_NONBLOCK);
if(!debug_mode)
if(chdir("/") == -1)
logg("^Can't change current working directory to root\n");

View File

@ -1,49 +0,0 @@
$OpenBSD: patch-clamd_scanner_c,v 1.1 2008/04/16 19:46:01 mbalmer Exp $
--- clamd/scanner.c.orig Thu Mar 6 19:41:03 2008
+++ clamd/scanner.c Mon Apr 14 19:13:26 2008
@@ -373,6 +373,45 @@ int scan(const char *filename, unsigned long int *scan
return ret;
}
+/*
+ * This function was readded by mbalmer@openbsd.org. That is the reason
+ * why it is so nicely formatted.
+ */
+int scanfd(const int fd, unsigned long int *scanned,
+ const struct cl_engine *engine, const struct cl_limits *limits,
+ unsigned int options, const struct cfgstruct *copt, int odesc)
+{
+ int ret;
+ const char *virname;
+ struct stat statbuf;
+ char fdstr[32];
+
+
+ if(fstat(fd, &statbuf) == -1)
+ return -1;
+
+ if(!S_ISREG(statbuf.st_mode))
+ return -1;
+
+ snprintf(fdstr, sizeof(fdstr), "fd[%d]", fd);
+
+ ret = cl_scandesc(fd, &virname, scanned, engine, limits, options);
+
+ if(ret == CL_VIRUS) {
+ mdprintf(odesc, "%s: %s FOUND\n", fdstr, virname);
+ logg("%s: %s FOUND\n", fdstr, virname);
+ virusaction(fdstr, virname, copt);
+ } else if(ret != CL_CLEAN) {
+ mdprintf(odesc, "%s: %s ERROR\n", fdstr, cl_strerror(ret));
+ logg("%s: %s ERROR\n", fdstr, cl_strerror(ret));
+ } else {
+ mdprintf(odesc, "%s: OK\n", fdstr);
+ if(logok)
+ logg("%s: OK\n", fdstr);
+ }
+ return ret;
+}
+
int scanstream(int odesc, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, const struct cfgstruct *copt)
{
int ret, sockfd, acceptd;

View File

@ -1,12 +0,0 @@
$OpenBSD: patch-clamd_scanner_h,v 1.1 2008/04/16 19:46:01 mbalmer Exp $
--- clamd/scanner.h.orig Mon Apr 14 18:58:39 2008
+++ clamd/scanner.h Mon Apr 14 18:59:33 2008
@@ -28,6 +28,8 @@
int scan(const char *filename, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, const struct cfgstruct *copt, int odesc, unsigned int type);
+int scanfd(const int fd, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, const struct cfgstruct *copt, int odesc);
+
int scanstream(int odesc, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options, const struct cfgstruct *copt);
#endif

View File

@ -1,45 +0,0 @@
$OpenBSD: patch-clamd_session_c,v 1.5 2008/04/16 19:46:01 mbalmer Exp $
--- clamd/session.c.orig Wed Apr 2 22:53:44 2008
+++ clamd/session.c Mon Apr 14 18:41:12 2008
@@ -58,8 +58,10 @@ int command(int desc, const struct cl_engine *engine,
{
char buff[1025];
int bread, opt;
+ struct msghdr msg;
+ struct cmsghdr *cmsg;
+ unsigned char buf[CMSG_SPACE(sizeof(int))];
-
bread = readsock(desc, buff, sizeof(buff)-1, '\n', timeout, 0, 1);
if(bread == -2) /* timeout */
return -2;
@@ -140,6 +142,29 @@ int command(int desc, const struct cl_engine *engine,
if(cfgopt(copt, "ExitOnOOM")->enabled)
return COMMAND_SHUTDOWN;
+ } else if(!strncmp(buff, CMD14, strlen(CMD14))) { /* FILDES */
+ memset(&msg, 0, sizeof(msg));
+ msg.msg_control = buf;
+ msg.msg_controllen = sizeof(buf);
+
+ if (recvmsg(desc, &msg, 0) == -1) {
+ logg("recvmsg failed!");
+ return -1;
+ }
+ if ((msg.msg_flags & MSG_TRUNC) || (msg.msg_flags & MSG_CTRUNC)) {
+ logg("control message truncated");
+ return -1;
+ }
+ for (cmsg = CMSG_FIRSTHDR(&msg); cmsg != NULL;
+ cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+ if (cmsg->cmsg_len == CMSG_LEN(sizeof(int)) &&
+ cmsg->cmsg_level == SOL_SOCKET &&
+ cmsg->cmsg_type == SCM_RIGHTS) {
+ int fd = *(int *)CMSG_DATA(cmsg);
+ scanfd(fd, NULL, engine, limits, options, copt, desc);
+ close(fd);
+ }
+ }
} else {
mdprintf(desc, "UNKNOWN COMMAND\n");
}

View File

@ -1,11 +0,0 @@
$OpenBSD: patch-clamd_session_h,v 1.4 2008/04/16 19:46:01 mbalmer Exp $
--- clamd/session.h.orig Wed Apr 2 22:53:44 2008
+++ clamd/session.h Mon Apr 14 18:41:12 2008
@@ -37,6 +37,7 @@
#define CMD11 "SHUTDOWN"
/* #define CMD12 "FD" */
#define CMD13 "MULTISCAN"
+#define CMD14 "FILDES"
#include "libclamav/clamav.h"
#include "shared/cfgparser.h"

View File

@ -1,33 +0,0 @@
$OpenBSD: patch-clamdscan_client_c,v 1.9 2008/04/16 19:46:01 mbalmer Exp $
--- clamdscan/client.c.orig Wed Apr 2 22:17:13 2008
+++ clamdscan/client.c Mon Apr 14 18:41:12 2008
@@ -26,6 +26,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
+#include <sys/param.h>
#include <sys/un.h>
#include <netinet/in.h>
#include <arpa/inet.h>
@@ -233,18 +234,18 @@ static int dsstream(int sockd, const struct optstruct
static char *abpath(const char *filename)
{
struct stat foo;
- char *fullpath, cwd[200];
+ char *fullpath, cwd[MAXPATHLEN];
if(stat(filename, &foo) == -1) {
logg("^Can't access file %s\n", filename);
perror(filename);
return NULL;
} else {
- fullpath = malloc(200 + strlen(filename) + 10);
+ fullpath = malloc(sizeof(cwd) + strlen(filename) + 10);
#ifdef C_CYGWIN
sprintf(fullpath, "%s", filename);
#else
- if(!getcwd(cwd, 200)) {
+ if(!getcwd(cwd, MAXPATHLEN)) {
logg("^Can't get absolute pathname of current working directory.\n");
return NULL;
}

View File

@ -1,34 +0,0 @@
$OpenBSD: patch-configure,v 1.13 2008/07/08 22:38:12 sthen Exp $
--- configure.orig Wed Jun 4 06:16:09 2008
+++ configure Thu Jun 12 17:30:58 2008
@@ -16139,11 +16139,9 @@ _ACEOF
;;
openbsd*)
if test "$have_pthreads" = "yes"; then
- if test "$use_cr" = "no"; then
- THREAD_LIBS="-pthread"
- else
- THREAD_LIBS="-pthread -lc_r"
- fi
+ ADDITIONAL_LIBS="-pthread"
+ CLAMD_LIBS="$CLAMD_LIBS -pthread"
+ CLAMAV_MILTER_LIBS="$CLAMAV_MILTER_LIBS -pthread"
TH_SAFE="-thread-safe"
cat >>confdefs.h <<\_ACEOF
@@ -17271,6 +17269,7 @@ cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
+#include <sys/types.h>
#include <tcpd.h>
int allow_severity = 0;
int deny_severity = 0;
@@ -17323,6 +17322,7 @@ cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
+#include <sys/types.h>
#include <tcpd.h>
int allow_severity = 0;
int deny_severity = 0;

View File

@ -1,14 +1,15 @@
$OpenBSD: patch-database_Makefile_in,v 1.2 2008/04/16 19:46:01 mbalmer Exp $
--- database/Makefile.in.orig Wed Apr 9 17:55:29 2008
+++ database/Makefile.in Tue Apr 15 09:45:45 2008
@@ -362,20 +362,7 @@ uninstall-am:
$OpenBSD: patch-database_Makefile_in,v 1.3 2008/09/14 15:00:43 sthen Exp $
--- database/Makefile.in.orig Mon Sep 1 19:49:47 2008
+++ database/Makefile.in Fri Sep 5 02:47:25 2008
@@ -371,21 +371,7 @@ uninstall-am:
install-data-local:
- $(mkinstalldirs) $(DESTDIR)$(DBINST)
- @test -f $(DESTDIR)$(DBINST)/main.cvd || test -d $(DESTDIR)$(DBINST)/main.inc || $(INSTALL_DATA) $(srcdir)/main.cvd $(DESTDIR)$(DBINST)
- @test -f $(DESTDIR)$(DBINST)/daily.cvd || test -d $(DESTDIR)$(DBINST)/daily.inc || $(INSTALL_DATA) $(srcdir)/daily.cvd $(DESTDIR)$(DBINST)
- @if test `id|sed -e 's/^.[^(]*(\([^)]*\)).*/\1/'` = "root" && test -n "${CLAMAVUSER}" && test -n "${CLAMAVGROUP}"; then \
- @test -s $(srcdir)/main.cvd -a -s $(srcdir)/daily.cvd || exit 0;\
- $(mkinstalldirs) $(DESTDIR)$(DBINST);\
- test -f $(DESTDIR)$(DBINST)/main.cvd || test -f $(DESTDIR)$(DBINST)/main.cld || $(INSTALL_DATA) $(srcdir)/main.cvd $(DESTDIR)$(DBINST);\
- test -f $(DESTDIR)$(DBINST)/daily.cvd || test -f $(DESTDIR)$(DBINST)/daily.cld || $(INSTALL_DATA) $(srcdir)/daily.cvd $(DESTDIR)$(DBINST);\
- if test `id|sed -e 's/^.[^(]*(\([^)]*\)).*/\1/'` = "root" && test -n "${CLAMAVUSER}" && test -n "${CLAMAVGROUP}"; then \
- chmod 775 $(DESTDIR)$(DBINST); \
- chown ${CLAMAVUSER} $(DESTDIR)$(DBINST); \
- chgrp ${CLAMAVGROUP} $(DESTDIR)$(DBINST); \

View File

@ -1,5 +1,5 @@
--- etc/clamd.conf.orig Tue Aug 21 00:56:19 2007
+++ etc/clamd.conf Mon Sep 17 23:09:29 2007
--- etc/clamd.conf.orig Tue Sep 2 12:59:05 2008
+++ etc/clamd.conf Fri Sep 5 02:32:34 2008
@@ -11,7 +11,7 @@ Example
# LogFile must be writable for the user running daemon.
# A full path is required.
@ -18,7 +18,7 @@
# The daemon works in a local OR a network mode. Due to security reasons we
# recommend the local mode.
@@ -141,7 +141,7 @@ LocalSocket /tmp/clamd.socket
@@ -147,7 +147,7 @@ LocalSocket /tmp/clamd.socket
# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges

View File

@ -1,7 +1,7 @@
$OpenBSD: patch-etc_Makefile_in,v 1.2 2008/04/16 19:46:01 mbalmer Exp $
--- etc/Makefile.in.orig Wed Apr 9 17:55:29 2008
+++ etc/Makefile.in Tue Apr 15 09:45:06 2008
@@ -361,11 +361,7 @@ uninstall-am:
$OpenBSD: patch-etc_Makefile_in,v 1.3 2008/09/14 15:00:43 sthen Exp $
--- etc/Makefile.in.orig Mon Sep 1 19:49:47 2008
+++ etc/Makefile.in Fri Sep 5 02:32:34 2008
@@ -370,11 +370,7 @@ uninstall-am:
install-data-local:

View File

@ -1,7 +1,7 @@
$OpenBSD: patch-libclamav_Makefile_in,v 1.7 2008/07/08 22:38:12 sthen Exp $
--- libclamav/Makefile.in.orig Mon May 12 09:48:31 2008
+++ libclamav/Makefile.in Thu Jun 12 17:31:46 2008
@@ -265,7 +265,7 @@ SUBDIRS = lzma .
$OpenBSD: patch-libclamav_Makefile_in,v 1.8 2008/09/14 15:00:43 sthen Exp $
--- libclamav/Makefile.in.orig Mon Sep 1 18:19:50 2008
+++ libclamav/Makefile.in Fri Sep 5 02:32:34 2008
@@ -275,7 +275,7 @@ SUBDIRS = lzma .
AM_CPPFLAGS = -I$(top_srcdir) -I@srcdir@/nsis -I@srcdir@/lzma
@ENABLE_UNRAR_FALSE@libclamav_la_LIBADD = lzma/liblzma.la @LIBCLAMAV_LIBS@ @THREAD_LIBS@
@ENABLE_UNRAR_TRUE@libclamav_la_LIBADD = $(top_builddir)/libclamunrar_iface/libclamunrar_iface.la lzma/liblzma.la @LIBCLAMAV_LIBS@ @THREAD_LIBS@

View File

@ -1,18 +1,7 @@
$OpenBSD: patch-libclamav_str_c,v 1.3 2007/08/25 10:08:28 mbalmer Exp $
--- libclamav/str.c.orig Sat Apr 28 19:28:23 2007
+++ libclamav/str.c Sat Aug 25 09:35:06 2007
@@ -123,8 +123,8 @@ uint16_t *cli_hex2ui(const char *hex)
char *cli_hex2str(const char *hex)
{
- char *str, *ptr, val, c;
- int i, len;
+ char *str, *ptr, val;
+ int c, i, len;
len = strlen(hex);
@@ -142,9 +142,9 @@ char *cli_hex2str(const char *hex)
$OpenBSD: patch-libclamav_str_c,v 1.4 2008/09/14 15:00:43 sthen Exp $
--- libclamav/str.c.orig Sat Aug 16 18:18:08 2008
+++ libclamav/str.c Fri Sep 5 02:32:34 2008
@@ -149,9 +149,9 @@ char *cli_hex2str(const char *hex)
for(i = 0; i < len; i += 2) {
if((c = cli_hex2int(hex[i])) >= 0) {

View File

@ -0,0 +1,3 @@
# $OpenBSD: systrace.filter,v 1.1 2008/09/14 15:00:43 sthen Exp $
# fdpass check in configure script (from m4/fdpassing.m4) uses this
native-sendmsg: sockaddr eq "<unknown>" then permit