298485: Fix possible fd leaks.
298486: Fix possible use-after-free.
... | ... |
@@ -1667,7 +1667,7 @@ static cl_error_t cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq |
1667 | 1667 |
{ |
1668 | 1668 |
cl_error_t status = CL_CLEAN; |
1669 | 1669 |
cl_error_t ret; |
1670 |
- int i, j, fd; |
|
1670 |
+ int i, j; |
|
1671 | 1671 |
size_t data_len; |
1672 | 1672 |
vba_project_t *vba_project; |
1673 | 1673 |
DIR *dd = NULL; |
... | ... |
@@ -1693,9 +1693,12 @@ static cl_error_t cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq |
1693 | 1693 |
|
1694 | 1694 |
for (i = 0; i < vba_project->count; i++) { |
1695 | 1695 |
for (j = 1; (unsigned int)j <= vba_project->colls[i]; j++) { |
1696 |
+ int fd = -1; |
|
1697 |
+ |
|
1696 | 1698 |
snprintf(vbaname, 1024, "%s" PATHSEP "%s_%u", vba_project->dir, vba_project->name[i], j); |
1697 | 1699 |
vbaname[sizeof(vbaname) - 1] = '\0'; |
1698 |
- fd = open(vbaname, O_RDONLY | O_BINARY); |
|
1700 |
+ |
|
1701 |
+ fd = open(vbaname, O_RDONLY | O_BINARY); |
|
1699 | 1702 |
if (fd == -1) { |
1700 | 1703 |
continue; |
1701 | 1704 |
} |
... | ... |
@@ -1761,9 +1764,12 @@ static cl_error_t cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq |
1761 | 1761 |
goto done; |
1762 | 1762 |
} |
1763 | 1763 |
while (hashcnt) { |
1764 |
+ int fd = -1; |
|
1765 |
+ |
|
1764 | 1766 |
snprintf(vbaname, 1024, "%s" PATHSEP "%s_%u", dirname, hash, hashcnt); |
1765 | 1767 |
vbaname[sizeof(vbaname) - 1] = '\0'; |
1766 |
- fd = open(vbaname, O_RDONLY | O_BINARY); |
|
1768 |
+ |
|
1769 |
+ fd = open(vbaname, O_RDONLY | O_BINARY); |
|
1767 | 1770 |
if (fd == -1) { |
1768 | 1771 |
hashcnt--; |
1769 | 1772 |
continue; |
... | ... |
@@ -1779,6 +1785,7 @@ static cl_error_t cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq |
1779 | 1779 |
status = CL_VIRUS; |
1780 | 1780 |
viruses_found++; |
1781 | 1781 |
if (!SCAN_ALLMATCHES) { |
1782 |
+ close(fd); |
|
1782 | 1783 |
break; |
1783 | 1784 |
} |
1784 | 1785 |
} |
... | ... |
@@ -1795,9 +1802,12 @@ static cl_error_t cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq |
1795 | 1795 |
goto done; |
1796 | 1796 |
} |
1797 | 1797 |
while (hashcnt) { |
1798 |
+ int fd = -1; |
|
1799 |
+ |
|
1798 | 1800 |
snprintf(vbaname, sizeof(vbaname), "%s" PATHSEP "%s_%u", dirname, hash, hashcnt); |
1799 | 1801 |
vbaname[sizeof(vbaname) - 1] = '\0'; |
1800 |
- fd = open(vbaname, O_RDONLY | O_BINARY); |
|
1802 |
+ |
|
1803 |
+ fd = open(vbaname, O_RDONLY | O_BINARY); |
|
1801 | 1804 |
if (fd == -1) { |
1802 | 1805 |
hashcnt--; |
1803 | 1806 |
continue; |
... | ... |
@@ -1850,6 +1860,8 @@ static cl_error_t cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq |
1850 | 1850 |
goto done; |
1851 | 1851 |
} |
1852 | 1852 |
while (hashcnt) { |
1853 |
+ int fd = -1; |
|
1854 |
+ |
|
1853 | 1855 |
snprintf(vbaname, sizeof(vbaname), "%s" PATHSEP "%s_%u", dirname, hash, hashcnt); |
1854 | 1856 |
vbaname[sizeof(vbaname) - 1] = '\0'; |
1855 | 1857 |
|
... | ... |
@@ -1869,6 +1881,8 @@ static cl_error_t cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq |
1869 | 1869 |
goto done; |
1870 | 1870 |
} |
1871 | 1871 |
while (hashcnt) { |
1872 |
+ int fd = -1; |
|
1873 |
+ |
|
1872 | 1874 |
snprintf(vbaname, sizeof(vbaname), "%s" PATHSEP "%s_%u", dirname, hash, hashcnt); |
1873 | 1875 |
vbaname[sizeof(vbaname) - 1] = '\0'; |
1874 | 1876 |
|
... | ... |
@@ -1895,6 +1909,8 @@ static cl_error_t cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq |
1895 | 1895 |
goto done; |
1896 | 1896 |
} |
1897 | 1897 |
while (hashcnt) { |
1898 |
+ int fd = -1; |
|
1899 |
+ |
|
1898 | 1900 |
snprintf(vbaname, sizeof(vbaname), "%s" PATHSEP "%s_%u", dirname, hash, hashcnt); |
1899 | 1901 |
vbaname[sizeof(vbaname) - 1] = '\0'; |
1900 | 1902 |
|
... | ... |
@@ -2386,6 +2402,7 @@ static cl_error_t cli_scanole2(cli_ctx *ctx) |
2386 | 2386 |
if (mkdir(dir, 0700)) { |
2387 | 2387 |
cli_dbgmsg("OLE2: Can't create temporary directory %s\n", dir); |
2388 | 2388 |
free(dir); |
2389 |
+ dir = NULL; |
|
2389 | 2390 |
ret = CL_ETMPDIR; |
2390 | 2391 |
goto done; |
2391 | 2392 |
} |