@@ -116,6 +116,7 @@ static void MT_decrypt(uint8_t *buf, unsigned int size, uint32_t seed) {

   for(i=1; i<624; i++)

     mt[i] = i+0x6c078965*((mt[i-1]>>30)^mt[i-1]);

   MT.items = 1;

+  MT.next = MT.mt;

   while(size--)

     *buf++ ^= MT_getnext(&MT);

@@ -513,6 +513,7 @@ static inline char *readData(const unsigned char *p, unsigned *off, unsigned len

 	if (UNLIKELY((v0&0xf0) != 0x60 || (v1&0xf0) != 0x60)) {

 	    cli_errmsg("Invalid data part: %c%c\n", v0, v1);

 	    *ok = 0;

+	    free(dat);

 	    return 0;

 	}

 	*q++ = (v0&0xf) | ((v1&0xf) << 4);

@@ -884,8 +885,10 @@ static int parseApis(struct cli_bc *bc, unsigned char *buffer)

 	}

 	/* don't need the name anymore */

 	free(name);

-	if (!ok)

+	if (!ok) {

+	    free(apity2ty); /* free temporary map */

 	    return CL_EMALFDB;

+	}

 	/* APIcall is valid */

 	cli_bitset_set(bc->uses_apis, id);

@@ -127,11 +127,13 @@ static int detect_SELinux(void)

 	return 0;

     f = fopen("/selinux/enforce", "r");

-    if (f && fscanf(f, "%d", &enforce) == 1) {

-	if (enforce == 1)

-	    selinux = 2;

-	if (enforce == -1)

-	    selinux = 0;

+    if (f) {

+	if (fscanf(f, "%d", &enforce) == 1) {

+	    if (enforce == 1)

+		selinux = 2;

+	    if (enforce == -1)

+		selinux = 0;

+	}

 	fclose(f);

     }

     return selinux;

@@ -2503,6 +2503,7 @@ void cli_bytecode_debug_printsrc(const struct cli_bc_ctx *ctx)

 #endif

 	if (!lines->buffer) {

 	    errs() << "Unable to open file '" << path << "'\n";

+	    delete lines;

 	    return ;

 	}

 	LinePrinter.files[path] = lines;

@@ -46,15 +46,28 @@

 #define TAR_BLOCKSIZE 512

+static void cli_untgz_cleanup(char *path, gzFile infile, FILE *outfile, int fdd)

+{

+    cli_dbgmsg("in cli_untgz_cleanup()\n");

+    if (path != NULL)

+        free (path);

+    if (infile != NULL) 

+        gzclose (infile);

+    if (outfile != NULL)

+        fclose(outfile);

+    if (fdd > -1)

+        close(fdd);

+}

+

 static int cli_untgz(int fd, const char *destdir)

 {

 	char *path, osize[13], name[101], type;

 	char block[TAR_BLOCKSIZE];

-	int nbytes, nread, nwritten, in_block = 0, fdd;

+	int nbytes, nread, nwritten, in_block = 0, fdd = -1;

 	unsigned int size, pathlen = strlen(destdir) + 100 + 5;

 	FILE *outfile = NULL;

 	struct stat foo;

-	gzFile infile;

+	gzFile infile = NULL;

     cli_dbgmsg("in cli_untgz()\n");

@@ -74,7 +87,7 @@ static int cli_untgz(int fd, const char *destdir)

     path = (char *) cli_calloc(sizeof(char), pathlen);

     if(!path) {

 	cli_errmsg("cli_untgz: Can't allocate memory for path\n");

-	gzclose(infile);

+	cli_untgz_cleanup(NULL, infile, NULL, fdd);

 	return -1;

     }

@@ -87,8 +100,7 @@ static int cli_untgz(int fd, const char *destdir)

 	if(nread != TAR_BLOCKSIZE) {

 	    cli_errmsg("cli_untgz: Incomplete block read\n");

-	    free(path);

-	    gzclose(infile);

+	    cli_untgz_cleanup(path, infile, outfile, fdd);

 	    return -1;

 	}

@@ -101,8 +113,7 @@ static int cli_untgz(int fd, const char *destdir)

 	    if(strchr(name, '/')) {

 		cli_errmsg("cli_untgz: Slash separators are not allowed in CVD\n");

-		free(path);

-	        gzclose(infile);

+		cli_untgz_cleanup(path, infile, outfile, fdd);

 		return -1;

 	    }

@@ -116,13 +127,11 @@ static int cli_untgz(int fd, const char *destdir)

 		    break;

 		case '5':

 		    cli_errmsg("cli_untgz: Directories are not supported in CVD\n");

-		    free(path);

-	            gzclose(infile);

+		    cli_untgz_cleanup(path, infile, outfile, fdd);

 		    return -1;

 		default:

 		    cli_errmsg("cli_untgz: Unknown type flag '%c'\n", type);

-		    free(path);

-	            gzclose(infile);

+		    cli_untgz_cleanup(path, infile, outfile, fdd);

 		    return -1;

 	    }

 	    in_block = 1;

@@ -130,8 +139,7 @@ static int cli_untgz(int fd, const char *destdir)

 	    if(outfile) {

 		if(fclose(outfile)) {

 		    cli_errmsg("cli_untgz: Cannot close file %s\n", path);

-		    free(path);

-	            gzclose(infile);

+		    cli_untgz_cleanup(path, infile, outfile, fdd);

 		    return -1;

 		}

 		outfile = NULL;

@@ -139,8 +147,7 @@ static int cli_untgz(int fd, const char *destdir)

 	    if(!(outfile = fopen(path, "wb"))) {

 		cli_errmsg("cli_untgz: Cannot create file %s\n", path);

-		free(path);

-	        gzclose(infile);

+		cli_untgz_cleanup(path, infile, outfile, fdd);

 		return -1;

 	    }

@@ -149,9 +156,7 @@ static int cli_untgz(int fd, const char *destdir)

 	    if((sscanf(osize, "%o", &size)) == 0) {

 		cli_errmsg("cli_untgz: Invalid size in header\n");

-		free(path);

-	        gzclose(infile);

-		fclose(outfile);

+		cli_untgz_cleanup(path, infile, outfile, fdd);

 		return -1;

 	    }

@@ -161,8 +166,7 @@ static int cli_untgz(int fd, const char *destdir)

 	    if(nwritten != nbytes) {

 		cli_errmsg("cli_untgz: Wrote %d instead of %d (%s)\n", nwritten, nbytes, path);

-		free(path);

-	        gzclose(infile);

+		cli_untgz_cleanup(path, infile, outfile, fdd);

 		return -1;

 	    }

@@ -172,14 +176,29 @@ static int cli_untgz(int fd, const char *destdir)

 	}

     }

-    if(outfile)

-	fclose(outfile);

-

-    gzclose(infile);

-    free(path);

+    cli_untgz_cleanup(path, infile, outfile, fdd);

     return 0;

 }

+static void cli_tgzload_cleanup(int comp, struct cli_dbio *dbio, int fdd)

+{

+    cli_dbgmsg("in cli_tgzload_cleanup()\n");

+    if(comp) {

+        gzclose(dbio->gzs);

+        dbio->gzs = NULL;

+    }

+    else {

+        fclose(dbio->fs);

+        dbio->fs = NULL;

+    }

+    if(dbio->buf != NULL) {

+        free(dbio->buf);

+        dbio->buf = NULL;

+    }

+    if(fdd > -1)

+        close(fdd);

+}

+

 static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, unsigned int options, struct cli_dbio *dbio, struct cli_dbinfo *dbinfo)

 {

 	char osize[13], name[101];

@@ -190,12 +209,6 @@ static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, un

 	struct cli_dbinfo *db;

 	unsigned char hash[32];

-#define CLOSE_DBIO	    \

-    if(compr)		    \

-	gzclose(dbio->gzs);  \

-    else		    \

-	fclose(dbio->fs)

-

     cli_dbgmsg("in cli_tgzload()\n");

     lseek(fd, 512, SEEK_SET);

@@ -215,12 +228,16 @@ static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, un

     if(compr) {

 	if((dbio->gzs = gzdopen(fdd, "rb")) == NULL) {

 	    cli_errmsg("cli_tgzload: Can't gzdopen() descriptor %d, errno = %d\n", fdd, errno);

+	    if (fdd > -1)

+		close(fdd);

 	    return CL_EOPEN;

 	}

 	dbio->fs = NULL;

     } else {

 	if((dbio->fs = fdopen(fdd, "rb")) == NULL) {

 	    cli_errmsg("cli_tgzload: Can't fdopen() descriptor %d, errno = %d\n", fdd, errno);

+	    if (fdd > -1)

+		close(fdd);

 	    return CL_EOPEN;

 	}

 	dbio->gzs = NULL;

@@ -230,7 +247,7 @@ static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, un

     dbio->buf = cli_malloc(dbio->bufsize);

     if(!dbio->buf) {

 	cli_errmsg("cli_tgzload: Can't allocate memory for dbio->buf\n");

-	CLOSE_DBIO;

+	cli_tgzload_cleanup(compr, dbio, fdd);

 	return CL_EMALFDB;

     }

     dbio->bufpt = NULL;

@@ -249,8 +266,7 @@ static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, un

 	if(nread != TAR_BLOCKSIZE) {

 	    cli_errmsg("cli_tgzload: Incomplete block read\n");

-	    free(dbio->buf);

-	    CLOSE_DBIO;

+	    cli_tgzload_cleanup(compr, dbio, fdd);

 	    return CL_EMALFDB;

 	}

@@ -262,8 +278,7 @@ static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, un

 	if(strchr(name, '/')) {

 	    cli_errmsg("cli_tgzload: Slash separators are not allowed in CVD\n");

-	    free(dbio->buf);

-	    CLOSE_DBIO;

+	    cli_tgzload_cleanup(compr, dbio, fdd);

 	    return CL_EMALFDB;

 	}

@@ -275,13 +290,11 @@ static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, un

 		break;

 	    case '5':

 		cli_errmsg("cli_tgzload: Directories are not supported in CVD\n");

-		free(dbio->buf);

-		CLOSE_DBIO;

+		cli_tgzload_cleanup(compr, dbio, fdd);

 		return CL_EMALFDB;

 	    default:

 		cli_errmsg("cli_tgzload: Unknown type flag '%c'\n", type);

-		free(dbio->buf);

-		CLOSE_DBIO;

+		cli_tgzload_cleanup(compr, dbio, fdd);

 		return CL_EMALFDB;

 	}

@@ -290,8 +303,7 @@ static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, un

 	if((sscanf(osize, "%o", &size)) == 0) {

 	    cli_errmsg("cli_tgzload: Invalid size in header\n");

-	    free(dbio->buf);

-	    CLOSE_DBIO;

+	    cli_tgzload_cleanup(compr, dbio, fdd);

 	    return CL_EMALFDB;

 	}

 	dbio->size = size;

@@ -311,13 +323,11 @@ static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, un

 	    ret = cli_load(name, engine, signo, options, dbio);

 	    if(ret) {

 		cli_errmsg("cli_tgzload: Can't load %s\n", name);

-		free(dbio->buf);

-		CLOSE_DBIO;

+		cli_tgzload_cleanup(compr, dbio, fdd);

 		return CL_EMALFDB;

 	    }

 	    if(!dbinfo) {

-		free(dbio->buf);

-		CLOSE_DBIO;

+		cli_tgzload_cleanup(compr, dbio, fdd);

 		return CL_SUCCESS;

 	    } else {

 		db = dbinfo;

@@ -325,22 +335,19 @@ static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, un

 		    db = db->next;

 		if(!db) {

 		    cli_errmsg("cli_tgzload: File %s not found in .info\n", name);

-		    free(dbio->buf);

-		    CLOSE_DBIO;

+		    cli_tgzload_cleanup(compr, dbio, fdd);

 		    return CL_EMALFDB;

 		}

 		if(dbio->bread) {

 		    if(db->size != dbio->bread) {

 			cli_errmsg("cli_tgzload: File %s not correctly loaded\n", name);

-			free(dbio->buf);

-			CLOSE_DBIO;

+			cli_tgzload_cleanup(compr, dbio, fdd);

 			return CL_EMALFDB;

 		    }

 		    sha256_final(&dbio->sha256ctx, hash);

 		    if(memcmp(db->hash, hash, 32)) {

 			cli_errmsg("cli_tgzload: Invalid checksum for file %s\n", name);

-			free(dbio->buf);

-			CLOSE_DBIO;

+			cli_tgzload_cleanup(compr, dbio, fdd);

 			return CL_EMALFDB;

 		    }

 		}

@@ -360,8 +367,7 @@ static int cli_tgzload(int fd, struct cl_engine *engine, unsigned int *signo, un

 	}

     }

-    free(dbio->buf);

-    CLOSE_DBIO;

+    cli_tgzload_cleanup(compr, dbio, fdd);

     return CL_SUCCESS;

 }

@@ -334,6 +334,9 @@ int dlp_is_valid_ssn(const unsigned char *buffer, int length, int format)

                  return 0;

              }       

              break;

+        default:

+	    cli_dbgmsg("dlp_is_valid_ssn: unknown format type %d \n", format);

+	    return 0;

     }

     /* start validating */

@@ -689,6 +689,8 @@ static iconv_t iconv_open_cached(const char* fromcode)

 			if(!cache->tab) {

 				cli_dbgmsg(MODULE_NAME "!Out of mem in iconv-pool\n");

 				errno = ENOMEM;

+				/* Close descriptor before returning -1 */

+				iconv_close (iconv_struct);

 				return (iconv_t)-1;

 			}

 		}

@@ -355,6 +355,7 @@ static int cli_hashtab_grow(struct cli_hashtable *s)

 			}

 			else {

 				cli_errmsg("hashtab.c: Impossible - unable to rehash table");

+				free (htable);

 				return CL_EMEM;/* this means we didn't find enough room for all elements in the new table, should never happen */ 

 			}

 		}

@@ -1722,8 +1722,8 @@ int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hex

 	free(hexcpy);

 	if(error) {

+	    free(hex);

 	    if(new->special) {

-		free(hex);

 		mpool_ac_free_special(root->mempool, new);

 	    }

 	    mpool_free(root->mempool, new);

@@ -2955,6 +2955,7 @@ rfc1341(message *m, const char *dir)

 						cli_errmsg("Can't open '%s' for reading", fullname);

 						fclose(fout);

 						cli_unlink(outname);

+						free(md5_hex);

 						free(id);

 						free(number);

 						closedir(dd);

@@ -2567,8 +2567,10 @@ push(LINK1 *top, const char *string)

 	if((element = (LINK1)cli_malloc(sizeof(ELEMENT1))) == NULL)

 		return OUT_OF_MEMORY;

-	if((element->d1 = cli_strdup(string)) == NULL)

+	if((element->d1 = cli_strdup(string)) == NULL) {

+		free (element);

 		return OUT_OF_MEMORY;

+	}

 	element->next = *top;

 	*top = element;

@@ -800,6 +800,8 @@ int unmew11(char *src, int off, int ssize, int dsize, uint32_t base, uint32_t va

 		if (!CLI_ISCONTAINED(src, size_sum, lesi, loc_ss) || !CLI_ISCONTAINED(src, size_sum, ledi, loc_ds))

 		{

 			cli_dbgmsg("Possibly programmer error or hand-crafted PE file, report to clamav team\n");

+			if (section != NULL)

+				 free(section);

 			return -1;

 		}

 		if (unmew(lesi, ledi, loc_ss, loc_ds, &f1, &f2))

@@ -1162,6 +1162,11 @@ static int lsigattribs(char *attribs, struct cli_lsig_tdb *tdb)

 		memcpy(&tdb->str[cnt], pt, strlen(pt));

 		tdb->str[tdb->cnt[CLI_TDB_STR] - 1] = 0;

 		break;

+

+	    default:

+		/* All known TDB types handled above, skip unknown */

+		cli_dbgmsg("lsigattribs: Unknown attribute type '%u'\n", apt->type);

+		return 1; /* +1 = skip */

 	}

     }

@@ -646,8 +646,10 @@ static int add_pattern_suffix(void *cbdata, const char *suffix, size_t suffix_le

 		size_t n = matcher->suffix_cnt++;

 		el = cli_hashtab_insert(&matcher->suffix_hash, suffix, suffix_len, n);

 		matcher->suffix_regexes = cli_realloc(matcher->suffix_regexes, (n+1)*sizeof(*matcher->suffix_regexes));

-		if(!matcher->suffix_regexes)

+		if(!matcher->suffix_regexes) {

+			free (regex);

 			return CL_EMEM;

+		}

 		matcher->suffix_regexes[n].tail = regex;

 		matcher->suffix_regexes[n].head = regex;

 		if (suffix[0] == '/' && suffix[1] == '\0')

@@ -109,8 +109,10 @@ static struct node *dup_node(struct node *p)

 			break;

 		case leaf_class:

 			d->u.leaf_class_bitmap = cli_malloc(32);

-			if(!d->u.leaf_class_bitmap)

+			if(!d->u.leaf_class_bitmap) {

+				free(d);

 				return NULL;

+			}

 			memcpy(d->u.leaf_class_bitmap, p->u.leaf_class_bitmap, 32);

 			break;

 		default:

@@ -423,6 +423,7 @@ static int cli_scangzip_with_zib_from_the_80s(cli_ctx *ctx, unsigned char *buff)

     if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &fd)) != CL_SUCCESS) {

 	cli_dbgmsg("GZip: Can't generate temporary file.\n");

 	gzclose(gz);

+	close(fd);

 	return ret;

     }

@@ -388,6 +388,7 @@ cli_vba_readdir(const char *dir, struct uniq *U, uint32_t which)

 		if(ptr == NULL) break;

 		if (!(vba_project->colls[i]=uniq_get(U, ptr, strlen(ptr), &hash))) {

 			cli_dbgmsg("vba_readdir: cannot find project %s (%s)\n", ptr, hash);

+			free(ptr);

 			break;

 		}

 		cli_dbgmsg("vba_readdir: project name: %s (%s)\n", ptr, hash);

@@ -1058,7 +1059,8 @@ cli_wm_readdir(int fd)

 	end_offset = fib.macro_offset + fib.macro_len;

 	done = FALSE;

-	memset(&macro_info, '\0', sizeof(macro_info));

+	macro_info.entries = NULL;

+	macro_info.count = 0;

 	while((lseek(fd, 0, SEEK_CUR) < end_offset) && !done) {

 		if (cli_readn(fd, &info_id, 1) != 1) {

@@ -910,6 +910,7 @@ int cdiff_apply(int fd, unsigned short mode)

 		logg("!cdiff_apply: Premature EOF at line %d\n", lines + 1);

 		cdiff_ctx_free(&ctx);

 		gzclose(gzh);

+		close(desc);

 		free(line);

 		free(lbuf);

 		return -1;