1. clamav-devel
  2. Commit 630d154a2077136cd73fdacb433021f1b4d3281e
Browse code

fix fd leak in chm_decompress_stream (CVE-2007-1745)

git-svn: trunk@3020

Tomasz Kojm authored on 2007/04/16 05:10:51
Showing 2 changed files
ChangeLog
History View file @ 630d154
... ... 
@@ -1,3 +1,7 @@
1 
+Sun Apr 15 21:16:08 CEST 2007 (tk)
2 
+----------------------------------
3 
+  * libclamav/chmunpack.c: fix fd leak in chm_decompress_stream (CVE-2007-1745)
4 
+
1 5 
 Sun Apr 15 21:14:06 CEST 2007 (tk)
2 6 
 ----------------------------------
3 7 
   * libclamav/cab.c: fix buffer overflow, reported through iDefense
libclamav/chmunpack.c
History View file @ 630d154
... ... 
@@ -831,7 +831,7 @@ static int chm_decompress_stream(int fd, const char *dirname, itsf_header_t *its
831 831
832 832 
 	snprintf(filename, 1024, "%s/clamav-unchm.bin", dirname);
833 833 
 	tmpfd = open(filename, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, S_IRWXU);
834 
-	if (!tmpfd) {
834 
+	if (tmpfd<0) {
835 835 
 		cli_dbgmsg("open failed for %s\n", filename);
836 836 
 		return FALSE;
837 837 
 	}
... ... 
@@ -943,9 +943,13 @@ static int chm_decompress_stream(int fd, const char *dirname, itsf_header_t *its
943 943 
 		count++;
944 944 
 	}
945 945 
 	close(tmpfd);
946 
+	tmpfd=-1;
946 947 
 	retval = TRUE;
947 948
948 949 
 abort:
950 
+	if (tmpfd>=0) {
951 
+		close(tmpfd);
952 
+	}
949 953 
 	if (lzx_content) {
950 954 
 		free(lzx_content);
951 955 
 	}