@@ -1,3 +1,12 @@

+Mon Dec  1 20:26:45 CET 2003 (tk)

+---------------------------------

+  * A bunch of patches from Thomas Lamy <Thomas.Lamy*in-online.net>:

+    + fixed on error descriptor leak in cli_untgz()

+    + added missing mpz_clear() in cli_versig()

+    + more error messages in scanners.c and others.c

+    + properly free file stream in cli_scanbzip()

+    + clamd: clean up resources on exit (added freecfg() and logg_close())

+

 Sun Nov 30 06:13:28 GMT 2003 (njh)

 ----------------------------------

   * clamav-milter: Added --quarantine-dir

@@ -191,6 +191,35 @@ struct cfgstruct *parsecfg(const char *cfgfile)

     return copt;

 }

+void freecfg(struct cfgstruct *copt)

+{

+    	struct cfgstruct *handler;

+    	struct cfgstruct *arg;

+

+    while (copt) {

+	arg = copt->nextarg;

+	while (arg) {

+	    if(arg->strarg) {

+		free(arg->optname);

+		free(arg->strarg);

+		handler = arg;

+		arg=arg->nextarg;

+		free(handler);

+	    }

+	}

+	if(copt->optname) {

+	    free(copt->optname);

+	}

+	if(copt->strarg) {

+	    free(copt->strarg);

+	}

+	handler = copt;

+	copt = copt->next;

+	free(handler);

+    }

+    return;

+}

+

 char *tok(const char *line, int field)

 {

         int length, counter = 0, i, j = 0, k;

@@ -229,7 +258,7 @@ char *tok(const char *line, int field)

 	return realloc(buffer, strlen(buffer) + 1);

 }

-struct cfgstruct *regcfg(struct cfgstruct *copt, const char *optname, const char *strarg, int numarg)

+struct cfgstruct *regcfg(struct cfgstruct *copt, char *optname, char *strarg, int numarg)

 {

 	struct cfgstruct *newnode, *pt;

@@ -37,8 +37,8 @@ struct cfgoption {

 };

 struct cfgstruct {

-    const char *optname;

-    const char *strarg;

+    char *optname;

+    char *strarg;

     int numarg;

     struct cfgstruct *nextarg;

     struct cfgstruct *next;

@@ -47,9 +47,11 @@ struct cfgstruct {

 struct cfgstruct *parsecfg(const char *cfgfile);

-struct cfgstruct *regcfg(struct cfgstruct *copt, const char *optname, const char *strarg, int numarg);

+struct cfgstruct *regcfg(struct cfgstruct *copt, char *optname, char *strarg, int numarg);

 struct cfgstruct *cfgopt(const struct cfgstruct *copt, const char *optname);

 char *tok(const char *line, int field);

+void freecfg(struct cfgstruct *copt);

+

 #endif

@@ -203,6 +203,11 @@ void clamd(struct optstruct *opt)

     else

 	ret = localserver(opt, copt, root);

+    cli_dbgmsg("*server ended; result=%d\n", ret);

+    logg_close();

+    freecfg(copt);

+    cli_dbgmsg("*free() copt\n");

+

 }

 void help(void)

@@ -36,6 +36,8 @@

 pthread_mutex_t logg_mutex = PTHREAD_MUTEX_INITIALIZER;

 pthread_mutex_t rand_mutex = PTHREAD_MUTEX_INITIALIZER;

+FILE *log_fd = NULL;

+

 int mdprintf(int desc, const char *str, ...)

 {

 	va_list args;

@@ -50,23 +52,37 @@ int mdprintf(int desc, const char *str, ...)

 }

+void logg_close(void) {

+    pthread_mutex_lock(&logg_mutex);

+    if (log_fd) {

+	fclose(log_fd);

+    }

+    pthread_mutex_unlock(&logg_mutex);

+#if defined(CLAMD_USE_SYSLOG) && !defined(C_AIX)

+    if(use_syslog) {

+    	closelog();

+    }

+#endif

+}

+

+

 int logg(const char *str, ...)

 {

 	va_list args;

-	static FILE *fd = NULL;

 	struct flock fl;

 	char *pt, *timestr;

 	time_t currtime;

 	struct stat sb;

 	mode_t old_umask;

+

     if(logfile) {

 	pthread_mutex_lock(&logg_mutex);

-	if(!fd) {

+	if(!log_fd) {

 	    old_umask = umask(0036);

-	    if((fd = fopen(logfile, "a")) == NULL) {

+	    if((log_fd = fopen(logfile, "a")) == NULL) {

 		umask(old_umask);

 		pthread_mutex_unlock(&logg_mutex);

 		return -1;

@@ -75,7 +91,7 @@ int logg(const char *str, ...)

 	    if(loglock) {

 		memset(&fl, 0, sizeof(fl));

 		fl.l_type = F_WRLCK;

-		if(fcntl(fileno(fd), F_SETLK, &fl) == -1) {

+		if(fcntl(fileno(log_fd), F_SETLK, &fl) == -1) {

 		    pthread_mutex_unlock(&logg_mutex);

 		    return -1;

 		}

@@ -90,7 +106,7 @@ int logg(const char *str, ...)

 	    pt = ctime(&currtime);

 	    timestr = mcalloc(strlen(pt), sizeof(char));

 	    strncpy(timestr, pt, strlen(pt) - 1);

-	    fprintf(fd, "%s -> ", timestr);

+	    fprintf(log_fd, "%s -> ", timestr);

 	    free(timestr);

 	}

@@ -99,9 +115,9 @@ int logg(const char *str, ...)

 	    if(stat(logfile, &sb) != -1) {

 		if(sb.st_size > logsize) {

 		    logfile = NULL;

-		    fprintf(fd, "Log size = %d, maximal = %d\n", (int) sb.st_size, logsize);

-		    fprintf(fd, "LOGGING DISABLED (Maximal log file size exceeded).\n");

-		    fclose(fd);

+		    fprintf(log_fd, "Log size = %d, maximal = %d\n", (int) sb.st_size, logsize);

+		    fprintf(log_fd, "LOGGING DISABLED (Maximal log file size exceeded).\n");

+		    fclose(log_fd);

 		    pthread_mutex_unlock(&logg_mutex);

 		    return 0;

 		}

@@ -111,19 +127,19 @@ int logg(const char *str, ...)

 	va_start(args, str);

 	if(*str == '!') {

-	    fprintf(fd, "ERROR: ");

-	    vfprintf(fd, ++str, args);

+	    fprintf(log_fd, "ERROR: ");

+	    vfprintf(log_fd, ++str, args);

 	} else if(*str == '^') {

-	    fprintf(fd, "WARNING: ");

-	    vfprintf(fd, ++str, args);

+	    fprintf(log_fd, "WARNING: ");

+	    vfprintf(log_fd, ++str, args);

 	} else if(*str == '*') {

 	    if(logverbose)

-		vfprintf(fd, ++str, args);

-	} else vfprintf(fd, str, args);

+		vfprintf(log_fd, ++str, args);

+	} else vfprintf(log_fd, str, args);

 	va_end(args);

-	fflush(fd);

+	fflush(log_fd);

 	pthread_mutex_unlock(&logg_mutex);

     }

@@ -155,7 +155,7 @@ int acceptloop_proc(int socketd, struct cl_node *root, const struct cfgstruct *c

 	if(cfgopt(copt, "ArchiveLimitMemoryUsage")) {

 	    limits.archivememlim = 1;

-	    logg("Archive: Limited memory usage.\n", limits.maxfiles);

+	    logg("Archive: Limited memory usage.\n");

 	} else

 	    limits.archivememlim = 0;

@@ -84,8 +84,12 @@ void *threadscanner(void *arg)

 	scan(buff + strlen(CMD2) + 1, NULL, tharg->root, NULL, options, tharg->copt, ths[tharg->sid].desc, 0);

     } else if(!strncmp(buff, CMD3, strlen(CMD3))) { /* QUIT */

-	if(!progexit)

-	    kill(progpid, SIGTERM);

+	if(!progexit) {

+	    /* was: kill(progpid, SIGTERM);

+	     * Now we break out of the loop to clean up resources

+	     * thomas@in-online.net 20031201 */

+	    progexit=1;

+	}

     } else if(!strncmp(buff, CMD4, strlen(CMD4))) { /* RELOAD */

 	mdprintf(ths[tharg->sid].desc, "RELOADING\n");

@@ -230,6 +234,9 @@ void *threadwatcher(void *arg)

 		    logg("Pid file removed.\n");

 	    }

+	    logg("*Freeing stat structure.\n");

+            cl_statfree(&dbstat);

+

 	    progexit = 2;

 	    logg("*Exit level %d, ThreadWatcher termination.\n", progexit);

 	    return NULL;

@@ -374,6 +381,7 @@ int acceptloop_th(int socketd, struct cl_node *root, const struct cfgstruct *cop

 	size_t stacksize;

 #endif

+    memset (&sigact, 0, sizeof(struct sigaction));

     /* save the PID */

     if((cpt = cfgopt(copt, "PidFile"))) {

@@ -440,7 +448,7 @@ int acceptloop_th(int socketd, struct cl_node *root, const struct cfgstruct *cop

 	if(cfgopt(copt, "ArchiveLimitMemoryUsage")) {

 	    limits.archivememlim = 1;

-	    logg("Archive: Limited memory usage.\n", limits.maxfiles);

+	    logg("Archive: Limited memory usage.\n");

 	} else

 	    limits.archivememlim = 0;

     }

@@ -540,7 +548,7 @@ int acceptloop_th(int socketd, struct cl_node *root, const struct cfgstruct *cop

     pthread_attr_setstacksize(&thattr, stacksize + SCANBUFF + 64 * 1024);

 #endif

-    while(1) {

+    while(progexit != 2) {

 	/* find a free session */

 	for(i = 0; ; i++) {

@@ -604,6 +612,7 @@ int acceptloop_th(int socketd, struct cl_node *root, const struct cfgstruct *cop

 	    ths[i].active = 0;

 	}

     }

+    free(ths);

 }

 void sighandler_th(int sig)

@@ -154,7 +154,7 @@ void freshclam(struct optstruct *opt)

 	if(ret > 1)

 	    system(getargl(opt, "on-error-execute"));

-    mexit(ret);

+    exit(ret);

 }

@@ -171,6 +171,7 @@ int download(struct optstruct *opt)

 	int mirror_used = 0;

 	struct sigaction sigalrm;

+    memset(&sigalrm, 0, sizeof(struct sigaction));

     sigalrm.sa_handler = d_timeout;

     sigaction(SIGALRM, &sigalrm, NULL);

@@ -62,6 +62,7 @@ int cli_untgz(int fd, const char *destdir)

 	if(nread != TAR_BLOCKSIZE) {

 	    cli_errmsg("Incomplete block read.\n");

 	    free(fullname);

+	    gzclose(infile);

 	    return -1;

 	}

@@ -84,10 +85,12 @@ int cli_untgz(int fd, const char *destdir)

 		case '5':

 		    cli_errmsg("Directories in CVD are not supported.\n");

 		    free(fullname);

+	            gzclose(infile);

 		    return -1;

 		default:

 		    cli_errmsg("Unknown type flag %c.\n",type);

 		    free(fullname);

+	            gzclose(infile);

 		    return -1;

 	    }

@@ -97,6 +100,7 @@ int cli_untgz(int fd, const char *destdir)

 		if(fclose(outfile)) {

 		    cli_errmsg("Cannot close file %s.\n", fullname);

 		    free(fullname);

+	            gzclose(infile);

 		    return -1;

 		}

 		outfile = NULL;

@@ -105,6 +109,7 @@ int cli_untgz(int fd, const char *destdir)

 	    if(!(outfile = fopen(fullname, "wb"))) {

 		cli_errmsg("Cannot create file %s.\n", fullname);

 		free(fullname);

+	        gzclose(infile);

 		return -1;

 	    }

@@ -116,6 +121,7 @@ int cli_untgz(int fd, const char *destdir)

 	    if(size < 0) {

 		cli_errmsg("Invalid size in header.\n");

 		free(fullname);

+	        gzclose(infile);

 		return -1;

 	    }

@@ -126,6 +132,7 @@ int cli_untgz(int fd, const char *destdir)

 	    if(nwritten != nbytes) {

 		cli_errmsg("Wrote %d instead of %d (%s).\n", nwritten, nbytes, fullname);

 		free(fullname);

+	        gzclose(infile);

 		return -1;

 	    }

@@ -138,6 +145,8 @@ int cli_untgz(int fd, const char *destdir)

     if(outfile)

 	fclose(outfile);

+    gzclose(infile);

+    free(fullname);

     return 0;

 }

@@ -224,8 +233,9 @@ struct cl_cvd *cl_cvdhead(const char *file)

 	return NULL;

     }

-    if(fread(head, 1, 512, fd) != 512) {

-	cli_dbgmsg("Can't read CVD head from stream\n");

+    if((i=fread(head, 1, 512, fd)) != 512) {

+	cli_dbgmsg("Short read (%d) while reading CVD head from %s\n", i, file);

+	fclose(fd);

 	return NULL;

     }

@@ -270,18 +280,22 @@ int cli_cvdverify(FILE *fd)

     if(strncmp(md5, cvd->md5, 32)) {

 	cli_dbgmsg("MD5 verification error.\n");

+	free(md5);

+	cl_cvdfree(cvd);

 	return CL_EMD5;

     }

 #ifdef HAVE_GMP

     if(cli_versig(md5, cvd->dsig)) {

 	cli_dbgmsg("Digital signature verification error.\n");

+	free(md5);

+	cl_cvdfree(cvd);

 	return CL_EDSIG;

     }

 #endif

     free(md5);

-    free(cvd);

+    cl_cvdfree(cvd);

     return 0;

 }

@@ -107,8 +107,11 @@ int cli_versig(const char *md5, const char *dsig)

     mpz_init_set_str(n, cli_nstr, 10);

     mpz_init_set_str(e, cli_estr, 10);

-    if(!(pt = cli_decodesig(dsig, 16, e, n)))

+    if(!(pt = cli_decodesig(dsig, 16, e, n))) {

+	mpz_clear(n);

+	mpz_clear(e);

 	return CL_EDSIG;

+    }

     pt2 = cl_str2hex(pt, 16);

     free(pt);

@@ -118,10 +121,14 @@ int cli_versig(const char *md5, const char *dsig)

     if(strncmp(md5, pt2, 32)) {

 	cli_dbgmsg("Signature doesn't match.\n");

 	free(pt2);

+	mpz_clear(n);

+	mpz_clear(e);

 	return CL_EDSIG;

     }

     free(pt2);

+    mpz_clear(n);

+    mpz_clear(e);

     cli_dbgmsg("Digital signature is correct.\n");

     return 0;

@@ -48,11 +48,17 @@ int cli_addpatt(struct cl_node *root, struct cli_patt *pattern)

 	if(!next) {

 	    next = (struct cl_node *) cli_calloc(1, sizeof(struct cl_node));

-	    if(!next)

+	    if(!next) {

+		cli_dbgmsg("Unable to allocate pattern node (%d)\n", sizeof(struct cl_node));

 		return CL_EMEM;

+	    }

 	    root->nodes++;

 	    root->nodetable = (struct cl_node **) realloc(root->nodetable, (root->nodes) * sizeof(struct cl_node *));

+	    if (root->nodetable == NULL) {

+		cli_dbgmsg("Unable to realloc nodetable (%d)\n", (root->nodes) * sizeof(struct cl_node *));

+		return CL_EMEM;

+	    }

 	    root->nodetable[root->nodes - 1] = next;

 	    pos->trans[((unsigned char) pattern->pattern[i]) & 0xff] = next;

@@ -74,6 +80,10 @@ void cli_enqueue(struct nodelist **bfs, struct cl_node *n)

 	struct nodelist *new;

     new = (struct nodelist *) cli_calloc(1, sizeof(struct nodelist));

+    if (new == NULL) {

+	cli_dbgmsg("Unable to allocate node list (%d)\n", sizeof(struct nodelist));

+	return CL_EMEM;

+    }

     new->next = *bfs;

     new->node = n;

@@ -181,7 +191,11 @@ int cl_scanbuff(const char *buffer, unsigned int length, char **virname, const s

     current = (struct cl_node *) root;

-    partcnt = (int *) cli_calloc(root->partsigs + 1, sizeof(int));

+    if ((partcnt = (int *) cli_calloc(root->partsigs + 1, sizeof(int))) == NULL) {

+	cli_dbgmsg("cl_scanbuff(): unable to calloc(%d, %d)\n", root->partsigs + 1, sizeof(int));

+	return CL_EMEM;

+    }

+

     for(i = 0; i < length; i++)  {

 	current = current->trans[(unsigned char) buffer[i] & 0xff];

@@ -93,6 +93,7 @@ int cl_loaddb(const char *filename, struct cl_node **root, int *virnum)

     if(!(buffer = (char *) cli_malloc(FILEBUFF)))

 	return CL_EMEM;

+    memset(buffer, 0, FILEBUFF);

     /* check for CVD file */

     fgets(buffer, 12, fd);

     rewind(fd);

@@ -328,8 +329,10 @@ int cl_statfree(struct cl_stat *dbstat)

 	free(dbstat->stattab);

 	dbstat->stattab = NULL;

 	dbstat->no = 0;

-	if(dbstat->dir)

+	if(dbstat->dir) {

 	    free(dbstat->dir);

+	    dbstat->dir = NULL;

+	}

     } else {

         cli_errmsg("cl_statfree(): Null argument passed.\n");

 	return CL_ENULLARG;

@@ -71,11 +71,12 @@ cl_node *root)

  	char *buffer, *buff, *endbl, *pt;

 	int bytes, buffsize, length;

-

     /* prepare the buffer */

     buffsize = root->maxpatlen + SCANBUFF;

-    if(!(buffer = (char *) cli_calloc(buffsize, sizeof(char))))

+    if(!(buffer = (char *) cli_calloc(buffsize, sizeof(char)))) {

+	cli_dbgmsg("cli_scandesc(): unable to malloc(%d)\n", buffsize);

 	return CL_EMEM;

+    }

     buff = buffer;

     buff += root->maxpatlen; /* pointer to read data block */

@@ -257,6 +258,7 @@ int cli_scanzip(int desc, char **virname, long int *scanned, const struct cl_nod

     fstat(desc, &source);

     if(!(buff = (char *) cli_malloc(FILEBUFF))) {

+	cli_dbgmsg("cli_scanzip(): unable to malloc(%d)\n", FILEBUFF);

 	zzip_dir_close(zdir);

 	return CL_EMEM;

     }

@@ -401,6 +403,7 @@ int cli_scangzip(int desc, char **virname, long int *scanned, const struct cl_no

     fd = fileno(tmp);

     if(!(buff = (char *) cli_malloc(FILEBUFF))) {

+	cli_dbgmsg("cli_scangzip(): unable to malloc(%d)\n", FILEBUFF);

 	gzclose(gd);

 	return CL_EMEM;

     }

@@ -462,7 +465,7 @@ int cli_scanbzip(int desc, char **virname, long int *scanned, const struct cl_no

 	BZFILE *bfd;

-    if((fs = fdopen(desc, "rb")) == NULL) {

+    if((fs = fdopen(dup(desc), "rb")) == NULL) {

 	cli_errmsg("Can't fdopen() descriptor %d.\n", desc);

 	return CL_EBZIP;

     }

@@ -473,18 +476,25 @@ int cli_scanbzip(int desc, char **virname, long int *scanned, const struct cl_no

     if((bfd = BZ2_bzReadOpen(&bzerror, fs, memlim, 0, NULL, 0)) == NULL) {

 	cli_dbgmsg("Can't initialize bzip2 library (descriptor %d).\n", desc);

+	fclose(fs);

 	return CL_EBZIP;

     }

     if((tmp = tmpfile()) == NULL) {

 	cli_dbgmsg("Can't generate tmpfile().\n");

 	BZ2_bzReadClose(&bzerror, bfd);

+	fclose(fs);

 	return CL_ETMPFILE;

     }

     fd = fileno(tmp);

-    if(!(buff = (char *) cli_malloc(FILEBUFF)))

+    if(!(buff = (char *) malloc(FILEBUFF))) {

+	cli_dbgmsg("cli_scanbzip(): unable to malloc(%d)\n", FILEBUFF);

+	fclose(tmp);

+	fclose(fs);

+	BZ2_bzReadClose(&bzerror, bfd);

 	return CL_EMEM;

+    }

     while((bytes = BZ2_bzRead(&bzerror, bfd, buff, FILEBUFF)) > 0) {

 	size += bytes;

@@ -501,6 +511,7 @@ int cli_scanbzip(int desc, char **virname, long int *scanned, const struct cl_no

 	    BZ2_bzReadClose(&bzerror, bfd);

 	    fclose(tmp);

 	    free(buff);

+	    fclose(fs);

 	    return CL_EGZIP;

 	}

     }

@@ -510,16 +521,16 @@ int cli_scanbzip(int desc, char **virname, long int *scanned, const struct cl_no

     if(fsync(fd) == -1) {

 	cli_dbgmsg("fsync() failed for descriptor %d\n", fd);

 	fclose(tmp);

+	fclose(fs);

 	return CL_EFSYNC;

     }

     lseek(fd, 0, SEEK_SET);

     if((ret = cli_magic_scandesc(fd, virname, scanned, root, limits, options, reclev)) == CL_VIRUS ) {

 	cli_dbgmsg("Bzip2 -> Found %s virus.\n", *virname);

-	fclose(tmp);

-	return CL_VIRUS;

     }

     fclose(tmp);

+    fclose(fs);

     return ret;

 }

@@ -663,29 +674,36 @@ int cli_magic_scandesc(int desc, char **virname, long int *scanned, const struct

 #ifdef CL_THREAD_SAFE

 	/* this check protects against recursive deadlock */

 	if(!DISABLE_RAR && SCAN_ARCHIVE && !cli_scanrar_inuse && !strncmp(magic, RAR_MAGIC_STR, strlen(RAR_MAGIC_STR))) {

+	    cli_dbgmsg("Recognized rar file.\n");

 	    ret = cli_scanrar(desc, virname, scanned, root, limits, options, reclev);

 	}

 #else

 	if(!DISABLE_RAR && SCAN_ARCHIVE && !strncmp(magic, RAR_MAGIC_STR, strlen(RAR_MAGIC_STR))) {

+	    cli_dbgmsg("Recognized rar file.\n");

 	    ret = cli_scanrar(desc, virname, scanned, root, limits, options, reclev);

 	}

 #endif

 #ifdef HAVE_ZLIB_H

 	else if(SCAN_ARCHIVE && !strncmp(magic, ZIP_MAGIC_STR, strlen(ZIP_MAGIC_STR))) {

+	    cli_dbgmsg("Recognized zip file.\n");

 	    ret = cli_scanzip(desc, virname, scanned, root, limits, options, reclev);

 	} else if(SCAN_ARCHIVE && !strncmp(magic, GZIP_MAGIC_STR, strlen(GZIP_MAGIC_STR))) {

+	    cli_dbgmsg("Recognized gzip file.\n");

 	    ret = cli_scangzip(desc, virname, scanned, root, limits, options, reclev);

 	}

 #endif

 #ifdef HAVE_BZLIB_H

 	else if(SCAN_ARCHIVE && !strncmp(magic, BZIP_MAGIC_STR, strlen(BZIP_MAGIC_STR))) {

+	    cli_dbgmsg("Recognized bzip file.\n");

 	    ret = cli_scanbzip(desc, virname, scanned, root, limits, options, reclev);

 	}

 #endif

 	else if(SCAN_MAIL && !strncmp(magic, MAIL_MAGIC_STR, strlen(MAIL_MAGIC_STR))) {

+	    cli_dbgmsg("Recognized mail file.\n");

 	    ret = cli_scanmail(desc, virname, scanned, root, limits, options, reclev);

 	}

 	else if(SCAN_MAIL && !strncmp(magic, RAWMAIL_MAGIC_STR, strlen(RAWMAIL_MAGIC_STR))) {

+	    cli_dbgmsg("Recognized raw mail file.\n");

 	    ret = cli_scanmail(desc, virname, scanned, root, limits, options, reclev);

 	} else if(SCAN_MAIL && !strncmp(magic, MAILDIR_MAGIC_STR, strlen(MAILDIR_MAGIC_STR))) {

 	    cli_dbgmsg("Recognized Maildir mail file.\n");