[...]
>
> The patch in Debian (most likely my fault) semantically amounts to this:
>
> if(!(buffer = cli_malloc(FILEBUFF))){
> close(s);
> }
> close(d);
> return -1;
>
> Instead of this:
>
> if(!(buffer = cli_malloc(FILEBUFF))){
> close(s);
> close(d);
> return -1;
> }
>
> In other words, the buggy version in Debian always closes the fd d and
> returns -1 from that block of code, rather than only doing those two
> thing if the malloc fails.
>
> Hope that makes it clearer.
OMG, I forgot about the missing { } -- I guess we should ask the security team
to wait for another upload fixing this? I can do it, but would like to get your
ok.
Thanks,
Michael
pgpaFQ1AALLTN.pgp
Description: PGP signature
_______________________________________________ Pkg-clamav-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel
