Bug#458204: marked as done (clamav: off-by-one programming error in pingServer function)

Mon, 11 Feb 2008 19:12:14 -0800 

Your message dated Tue, 12 Feb 2008 02:47:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#458204: fixed in clamav 0.92.1~dfsg-1
has caused the Debian Bug report #458204,
regarding clamav: off-by-one programming error in pingServer function
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
458204: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=458204
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message --- 
Package: clamav
Version: 0.92~dfsg-2
Severity: normal

Hi,
from clamav-milter/clamav-milter.c:
2278 cli_dbgmsg("pingServer%d: sending VERSION\n", serverNumber);
2279 if(send(sock, "VERSION\n", 8, 0) < 8) {
2280    perror("send");
2281    return close(sock);
2282 }
2283
2284 shutdown(sock, SHUT_WR);
2285
2286 nbytes = clamd_recv(sock, buf, sizeof(buf));
2287
2288 close(sock);
2289
2290 if(nbytes < 0) {
2291    perror("recv");
2292    return 0;
2293 }
2294 if(nbytes == 0)
2295    return 0;
2296
2297 buf[nbytes] = '\0';

If clamd_recv will read sizeof(buf) bytes you will have an off-by-one
in line 2297. The clamd_recv function does not prevent this because
its basically just a wrapper around recv.

This does not have any security impact except if this will ping a crafted
clamd :)

buf[nbytes-1] = '\0'; should do the trick.

Kind regards
Nico

--- End Message ---
--- Begin Message --- 
Source: clamav
Source-Version: 0.92.1~dfsg-1

We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive:

clamav-base_0.92.1~dfsg-1_all.deb
  to pool/main/c/clamav/clamav-base_0.92.1~dfsg-1_all.deb
clamav-daemon_0.92.1~dfsg-1_i386.deb
  to pool/main/c/clamav/clamav-daemon_0.92.1~dfsg-1_i386.deb
clamav-dbg_0.92.1~dfsg-1_i386.deb
  to pool/main/c/clamav/clamav-dbg_0.92.1~dfsg-1_i386.deb
clamav-docs_0.92.1~dfsg-1_all.deb
  to pool/main/c/clamav/clamav-docs_0.92.1~dfsg-1_all.deb
clamav-freshclam_0.92.1~dfsg-1_i386.deb
  to pool/main/c/clamav/clamav-freshclam_0.92.1~dfsg-1_i386.deb
clamav-milter_0.92.1~dfsg-1_i386.deb
  to pool/main/c/clamav/clamav-milter_0.92.1~dfsg-1_i386.deb
clamav-testfiles_0.92.1~dfsg-1_all.deb
  to pool/main/c/clamav/clamav-testfiles_0.92.1~dfsg-1_all.deb
clamav_0.92.1~dfsg-1.diff.gz
  to pool/main/c/clamav/clamav_0.92.1~dfsg-1.diff.gz
clamav_0.92.1~dfsg-1.dsc
  to pool/main/c/clamav/clamav_0.92.1~dfsg-1.dsc
clamav_0.92.1~dfsg-1_i386.deb
  to pool/main/c/clamav/clamav_0.92.1~dfsg-1_i386.deb
clamav_0.92.1~dfsg.orig.tar.gz
  to pool/main/c/clamav/clamav_0.92.1~dfsg.orig.tar.gz
libclamav-dev_0.92.1~dfsg-1_i386.deb
  to pool/main/c/clamav/libclamav-dev_0.92.1~dfsg-1_i386.deb
libclamav3_0.92.1~dfsg-1_i386.deb
  to pool/main/c/clamav/libclamav3_0.92.1~dfsg-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stephen Gran <[EMAIL PROTECTED]> (supplier of updated clamav package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 12 Feb 2008 02:25:20 +0000
Source: clamav
Binary: clamav-base clamav-docs clamav-dbg clamav libclamav-dev libclamav3 
clamav-daemon clamav-testfiles clamav-freshclam clamav-milter
Architecture: source all i386
Version: 0.92.1~dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Stephen Gran <[EMAIL PROTECTED]>
Changed-By: Stephen Gran <[EMAIL PROTECTED]>
Description: 
 clamav     - anti-virus utility for Unix - command-line interface
 clamav-base - anti-virus utility for Unix - base package
 clamav-daemon - anti-virus utility for Unix - scanner daemon
 clamav-dbg - debug symbols for ClamAV
 clamav-docs - anti-virus utility for Unix - documentation
 clamav-freshclam - anti-virus utility for Unix - virus database update utility
 clamav-milter - anti-virus utility for Unix - sendmail integration
 clamav-testfiles - anti-virus utility for Unix - test files
 libclamav-dev - anti-virus utility for Unix - development files
 libclamav3 - anti-virus utility for Unix - library
Closes: 456770 458204 458532 465203
Changes: 
 clamav (0.92.1~dfsg-1) unstable; urgency=low
 .
   * New upstream bugfix release
     - [2007-6595]: libclamav/others.c: symlink vulnerability
       cli_gentempfd now calls open with O_EXCL (closes: #458532)
     - [CVE-2008-0318]: libclamav/pe.c: possible integer overflow
     - libclamav/mew.c: possible heap corruption
   * Add a note to NEWS.Debian about unrar support being dropped
     (closes: #465203)
   * clamav-milter: off-by-one programming error in pingServer
     (closes: #458204)
   * Copyright now complete (thanks Scott Kitterman <[EMAIL PROTECTED]>)
     (closes: #456770)
   * Attempt to work around clamav-milter not bothering to check if another
     instance is running on startup (reported as LP bug 179169)
Files: 
 989c1773a0e143a25111bcdc86700aed 889 utils optional clamav_0.92.1~dfsg-1.dsc
 c16e60f569b6ec575d8de494e788f9d2 15284752 utils optional 
clamav_0.92.1~dfsg.orig.tar.gz
 845e62512c504bafec811d72c07b2b1d 156825 utils optional 
clamav_0.92.1~dfsg-1.diff.gz
 fe5fc1e1b1a67159cbfbf9edf052309b 12680944 utils optional 
clamav-base_0.92.1~dfsg-1_all.deb
 d4b7767017c96fcd01ed07bd80830965 180000 utils optional 
clamav-testfiles_0.92.1~dfsg-1_all.deb
 cf930d6fa2b819349bd2b4363d996e91 1031334 doc optional 
clamav-docs_0.92.1~dfsg-1_all.deb
 bf982c7fd10cef29eabfd31d085e9bee 442880 libs optional 
libclamav3_0.92.1~dfsg-1_i386.deb
 c8b64fd614b438a36a689ac8a1323d68 894102 utils optional 
clamav_0.92.1~dfsg-1_i386.deb
 68cd975d0401b1b5214cdb87870e0c4c 196908 utils optional 
clamav-daemon_0.92.1~dfsg-1_i386.deb
 2e69c7bad2b290337bbc9bbe3353ee33 216372 utils optional 
clamav-freshclam_0.92.1~dfsg-1_i386.deb
 0752a44f915e3c11693758d8ccd69781 201236 utils extra 
clamav-milter_0.92.1~dfsg-1_i386.deb
 f482d589af0aecbdd62f10e18b038171 444906 libdevel optional 
libclamav-dev_0.92.1~dfsg-1_i386.deb
 fc971604d1a6fb4aff2ce9229eef868c 668700 utils extra 
clamav-dbg_0.92.1~dfsg-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHsQTpSYIMHOpZA44RArUFAJ9rAsHrQLUeN2WKnoTmcurW2/O+5QCgjrPL
F76WRqcsiuo35ussCwwPRBg=
=uVnU
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to