Bug#773318: clamav dies/hangs

Sat, 20 Dec 2014 03:15:29 -0800 

Control: tags 773041 security
Control: severity 773041 grave
Justification: causes remote denial of service

Hi James,

On 19.12.2014 23:12, James Cloos wrote:

Even w/ the milter not called, one of the MXs has one clamd thread
consuming 100% cpu right now.  gdb says:

#0  0x00007fd0b4791ed0 in ?? () from /usr/lib/x86_64-linux-gnu/libmspack.so.0
#1  0x00007fd0b47863ea in ?? () from /usr/lib/x86_64-linux-gnu/libmspack.so.0
#2  0x00007fd0b55c1e26 in cli_scanmscab (ctx=0x7fd096dfb6b0, sfx_offset=256) at 
libmspack.c:384
#3  0x00007fd0b5597aa0 in magic_scandesc (ctx=0x7fd096dfb6b0, type=CL_TYPE_ANY)
     at scanners.c:2703
#4  0x00007fd0b5598059 in cli_base_scandesc (desc=12, ctx=0x7fd096dfb6b0, 
type=CL_TYPE_ANY)
     at scanners.c:3051
#5  0x00007fd0b559bf33 in fileblobScan (fb=0x7fd088003910) at blob.c:641
#6  0x00007fd0b559c01d in fileblobScanAndDestroy (fb=fb@entry=0x7fd088003910) 
at blob.c:399
#7  0x00007fd0b55a08db in do_multipart (mainMessage=0x0, messages=<optimized 
out>,
     i=<optimized out>, rc=0x7fd096dfa35c, mctx=0x7fd096dfa420, 
messageIn=<optimized out>,
     tptr=0x7fd096dfa360, recursion_level=0) at mbox.c:3712
#8  0x00007fd0b55a0019 in parseEmailBody (messageIn=0x7fd095df4000,
     messageIn@entry=0x7fd088004940, textIn=0x100, textIn@entry=0x0, 
mctx=0x7fd0880047b1,
     recursion_level=32512, recursion_level@entry=0) at mbox.c:1533
#9  0x00007fd0b55a1232 in cli_parse_mbox (
     dir=dir@entry=0x7fd088000e50 
"/tmp/clamav-4b94ddbad0a132b5af6d2f6db3a76e40.tmp",
     ctx=ctx@entry=0x7fd096dfb6b0) at mbox.c:508
#10 0x00007fd0b55a1b1a in cli_mbox (
     dir=dir@entry=0x7fd088000e50 
"/tmp/clamav-4b94ddbad0a132b5af6d2f6db3a76e40.tmp",
     ctx=ctx@entry=0x7fd096dfb6b0) at mbox.c:309
#11 0x00007fd0b5579218 in cli_scanmail (ctx=0x7fd096dfb6b0) at scanners.c:1702


Thanks for the backtrace!
As it shows that clamd hangs in libmspack, I think this is bug #773041 [1]. A possible fix is mentioned in [2]. We'll have to include it in the libmspack copy embedded in clamav, which is used in wheezy. 

Best regards,
Andreas


1: https://bugs.debian.org/773041
2: https://bugs.debian.org/773041#8


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to