d731731e89
"ClamAV libclamav MEW PE File Integer Overflow Vulnerability" More info: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634 Similar diff submitted by grunk@ on ports@. test & ok mbalmer@ (MAINTAINER)
34 lines
1.0 KiB
Plaintext
34 lines
1.0 KiB
Plaintext
$OpenBSD: patch-clamdscan_client_c,v 1.8 2007/12/30 22:42:38 bernd Exp $
|
|
--- clamdscan/client.c.orig Thu Dec 6 13:58:52 2007
|
|
+++ clamdscan/client.c Tue Dec 18 10:18:09 2007
|
|
@@ -26,6 +26,7 @@
|
|
#include <sys/types.h>
|
|
#include <sys/stat.h>
|
|
#include <sys/socket.h>
|
|
+#include <sys/param.h>
|
|
#include <sys/un.h>
|
|
#include <netinet/in.h>
|
|
#include <arpa/inet.h>
|
|
@@ -281,18 +282,18 @@ static int dsstream(int sockd, const struct optstruct
|
|
static char *abpath(const char *filename)
|
|
{
|
|
struct stat foo;
|
|
- char *fullpath, cwd[200];
|
|
+ char *fullpath, cwd[MAXPATHLEN];
|
|
|
|
if(stat(filename, &foo) == -1) {
|
|
logg("^Can't access file %s\n", filename);
|
|
perror(filename);
|
|
return NULL;
|
|
} else {
|
|
- fullpath = malloc(200 + strlen(filename) + 10);
|
|
+ fullpath = malloc(sizeof(cwd) + strlen(filename) + 10);
|
|
#ifdef C_CYGWIN
|
|
sprintf(fullpath, "%s", filename);
|
|
#else
|
|
- if(!getcwd(cwd, 200)) {
|
|
+ if(!getcwd(cwd, MAXPATHLEN)) {
|
|
logg("^Can't get absolute pathname of current working directory.\n");
|
|
return NULL;
|
|
}
|