git-svn: trunk@3020
Tomasz Kojm authored on 2007/04/16 05:10:51... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Sun Apr 15 21:16:08 CEST 2007 (tk) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav/chmunpack.c: fix fd leak in chm_decompress_stream (CVE-2007-1745) |
|
4 |
+ |
|
1 | 5 |
Sun Apr 15 21:14:06 CEST 2007 (tk) |
2 | 6 |
---------------------------------- |
3 | 7 |
* libclamav/cab.c: fix buffer overflow, reported through iDefense |
... | ... |
@@ -831,7 +831,7 @@ static int chm_decompress_stream(int fd, const char *dirname, itsf_header_t *its |
831 | 831 |
|
832 | 832 |
snprintf(filename, 1024, "%s/clamav-unchm.bin", dirname); |
833 | 833 |
tmpfd = open(filename, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, S_IRWXU); |
834 |
- if (!tmpfd) { |
|
834 |
+ if (tmpfd<0) { |
|
835 | 835 |
cli_dbgmsg("open failed for %s\n", filename); |
836 | 836 |
return FALSE; |
837 | 837 |
} |
... | ... |
@@ -943,9 +943,13 @@ static int chm_decompress_stream(int fd, const char *dirname, itsf_header_t *its |
943 | 943 |
count++; |
944 | 944 |
} |
945 | 945 |
close(tmpfd); |
946 |
+ tmpfd=-1; |
|
946 | 947 |
retval = TRUE; |
947 | 948 |
|
948 | 949 |
abort: |
950 |
+ if (tmpfd>=0) { |
|
951 |
+ close(tmpfd); |
|
952 |
+ } |
|
949 | 953 |
if (lzx_content) { |
950 | 954 |
free(lzx_content); |
951 | 955 |
} |