At 06:07 AM Monday, 12/31/2007, you wrote -=> >Chris wrote: >>Saw this link at SANS today, anything to it? >> >>http://seclists.org/fulldisclosure/2007/Dec/0625.html >> >>Or is this a rehash of something already known about >I'm attaching a patch for it, so you can patch and rebuild your version. > > >--- libclamav/others.c (revision 3475) >+++ libclamav/others.c (working copy) >@@ -492,7 +492,7 @@ >if(!*name) > return CL_EMEM; > >- *fd = open(*name, O_RDWR|O_CREAT|O_TRUNC|O_BINARY, S_IRWXU); >+ *fd = open(*name, O_RDWR|O_CREAT|O_TRUNC|O_BINARY|O_EXCL, S_IRWXU); >if(*fd == -1) { > cli_errmsg("cli_gentempfd: Can't create temporary file %s: > %s\n", *name, strerror(errno)); > free(*name);
FYI - When applying this patch, I get the following: "patch: **** malformed patch at line 4: if(!*name)" Ed . . . . . . . . . . . . . . . . . . Randomly Generated Quote (1201 of 1329): Two wrongs do not make a right; it usually takes three or more. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
