Re: [Pkg-clamav-devel] Bug#507624: Fix prepared

Wed, 03 Dec 2008 11:28:27 -0800 

This one time, at band camp, Michael Tautschnig said:
> > On Wednesday 03 December 2008 01:37, Michael Tautschnig wrote:
> > > tag 507624 + pending
> > > thanks
> > >
> > > A patch for this bug has been prepared and is sitting in our git repo,
> > > ready to get uploaded once we get approval.
> > >
> > One other issue that ought to be looked at ....
> > 
> > Leonel Nunez (who helps me out on Ubunt clamav stuff and commented on this 
> > bug) is reviewing older changes to pick up some security fixes from the 
> > 0.93 
> > series that I know we missed.  He noticed that the Debian patch is 
> > different 
> > than upstreams with the unfortunate affect that the second line of the 
> > change 
> > doesn't get executed (I don't do C, so that's how I understood the impact).
> > 
> > See:
> > 
> > http://paste.ubuntu.com/79576/
> > 
> > and 
> > 
> > http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2Flibclamav%2Fothers.c&rev=0&sc=0
> > 
> > Assuming I understand correctly, this ought to be corrected in the next 
> > update 
> > too.
> 
> Hmm, I don't really understand what the difference should be. The patch in the
> above paste adds two lines which aren't there in etch's version (which we are
> patching); they might already exist in some 0.92 version being released by
> Ubuntu, though. 

The patch in Debian (most likely my fault) semantically amounts to this:

     if(!(buffer = cli_malloc(FILEBUFF))){
        close(s);
     }
     close(d);
     return -1;

Instead of this:

     if(!(buffer = cli_malloc(FILEBUFF))){
        close(s);
        close(d);
        return -1;
     }

In other words, the buggy version in Debian always closes the fd d and
returns -1 from that block of code, rather than only doing those two
thing if the malloc fails.

Hope that makes it clearer.
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        [EMAIL PROTECTED] |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Pkg-clamav-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel

Reply via email to