@@ -1,3 +1,7 @@

+Thu Feb  8 14:49:09 CET 2007 (tk)

+---------------------------------

+  * libclamav: minor fixes

+

 Wed Feb  7 18:30:35 CET 2007 (tk)

 ---------------------------------

   * libclamav, shared: fix minor memory leaks in lockdb and cfgparser,

@@ -221,7 +221,11 @@ static struct cl_engine *reload_db(struct cl_engine *engine, unsigned int dbopti

     }

     memset(dbstat, 0, sizeof(struct cl_stat));

-    cl_statinidir(dbdir, dbstat);

+    if((retval = cl_statinidir(dbdir, dbstat))) {

+	logg("!cl_statinidir() failed: %s\n", cl_strerror(retval));

+	*ret = 1;

+	return NULL;

+    }

     if((retval = cl_load(dbdir, &engine, &sigs, dboptions))) {

 	logg("!reload db failed: %s\n", cl_strerror(retval));

@@ -837,12 +837,13 @@ int unmew11(int sectnum, char *src, int off, int ssize, int dsize, uint32_t base

 	/* LZMA stuff */

 	if (uselzma) {

+		free(section);

+

 		/* put everything in one section */

 		i = 1;

 		if (!CLI_ISCONTAINED(src, size_sum, src+uselzma+8, 1))

 		{

 			cli_dbgmsg("MEW: couldn't access lzma 'special' tag\n");

-			free(section);

 			return -1;

 		}

 		/* 0x50 -> push eax */

@@ -850,18 +851,21 @@ int unmew11(int sectnum, char *src, int off, int ssize, int dsize, uint32_t base

 		if (!CLI_ISCONTAINED(src, size_sum, f1+4, 20 + 4 + 5))

 		{

 			cli_dbgmsg("MEW: lzma initialization data not available!\n");

-			free(section);

 			return -1;

 		}

 		if(mew_lzma(src, f1+4, size_sum, vma, *(src + uselzma+8) == '\x50'))

 		{

-			free(section);

 			return -1;

 		}

 		loc_ds=PESALIGN(loc_ds, 0x1000);

 		section = cli_calloc(1, sizeof(struct cli_exe_section));

+		if(!section) {

+			cli_dbgmsg("MEW: Out of memory\n");

+			return -1;

+		}

+

 		section[0].raw = 0; section[0].rva = vadd;

 		section[0].rsz = section[0].vsz = dsize;

 	}

@@ -1399,6 +1399,7 @@ int cl_statinidir(const char *dirname, struct cl_stat *dbstat)

     if((dd = opendir(dirname)) == NULL) {

         cli_errmsg("cl_statdbdir(): Can't open directory %s\n", dirname);

+	cl_statfree(dbstat);

         return CL_EOPEN;

     }

@@ -1436,12 +1437,33 @@ int cl_statinidir(const char *dirname, struct cl_stat *dbstat)

 	    cli_strbcasestr(dent->d_name, ".cvd"))) {

 		dbstat->entries++;

-		dbstat->stattab = (struct stat *) realloc(dbstat->stattab, dbstat->entries * sizeof(struct stat));

+		dbstat->stattab = (struct stat *) cli_realloc(dbstat->stattab, dbstat->entries * sizeof(struct stat));

+		if(!dbstat->stattab) {

+		    /* FIXME: Minor error path memleak here. Change the

+		     * behaviour of cli_realloc() to free old block on error

+		     * (and review all calls to cli_realloc()).

+		     */

+		    cl_statfree(dbstat);

+		    closedir(dd);

+		    return CL_EMEM;

+		}

+

 #if defined(C_INTERIX) || defined(C_OS2)

-		dbstat->statdname = (char **) realloc(dbstat->statdname, dbstat->entries * sizeof(char *));

+		dbstat->statdname = (char **) cli_realloc(dbstat->statdname, dbstat->entries * sizeof(char *));

+		if(!dbstat->statdname) {

+		    cl_statfree(dbstat);

+		    closedir(dd);

+		    return CL_EMEM;

+		}

 #endif

                 fname = cli_calloc(strlen(dirname) + strlen(dent->d_name) + 32, sizeof(char));

+		if(!fname) {

+		    cl_statfree(dbstat);

+		    closedir(dd);

+		    return CL_EMEM;

+		}

+

 		if(cli_strbcasestr(dent->d_name, ".inc")) {

 		    if(strstr(dent->d_name, "main"))

 			sprintf(fname, "%s/main.inc/main.info", dirname);

@@ -1452,6 +1474,12 @@ int cl_statinidir(const char *dirname, struct cl_stat *dbstat)

 		}

 #if defined(C_INTERIX) || defined(C_OS2)

 		dbstat->statdname[dbstat->entries - 1] = (char *) cli_calloc(strlen(dent->d_name) + 1, sizeof(char));

+		if(!dbstat->statdname[dbstat->entries - 1]) {

+		    cl_statfree(dbstat);

+		    closedir(dd);

+		    return CL_EMEM;

+		}

+

 		strcpy(dbstat->statdname[dbstat->entries - 1], dent->d_name);

 #endif

 		stat(fname, &dbstat->stattab[dbstat->entries - 1]);

@@ -1523,6 +1551,11 @@ int cl_statchkdir(const struct cl_stat *dbstat)

 	    cli_strbcasestr(dent->d_name, ".cvd"))) {

                 fname = cli_calloc(strlen(dbstat->dir) + strlen(dent->d_name) + 32, sizeof(char));

+		if(!fname) {

+		    closedir(dd);

+		    return CL_EMEM;

+		}

+

 		if(cli_strbcasestr(dent->d_name, ".inc")) {

 		    if(strstr(dent->d_name, "main"))

 			sprintf(fname, "%s/main.inc/main.info", dbstat->dir);

@@ -1568,17 +1601,23 @@ int cl_statfree(struct cl_stat *dbstat)

 #if defined(C_INTERIX) || defined(C_OS2)

 	    int i;

-	for(i = 0;i < dbstat->entries; i++) {

-	    free(dbstat->statdname[i]);

-	    dbstat->statdname[i] = NULL;

+	if(dbstat->statdname) {

+	    for(i = 0; i < dbstat->entries; i++) {

+		if(dbstat->statdname[i])

+		    free(dbstat->statdname[i]);

+		dbstat->statdname[i] = NULL;

+	    }

+	    free(dbstat->statdname);

+	    dbstat->statdname = NULL;

 	}

-	free(dbstat->statdname);

-	dbstat->statdname = NULL;

 #endif

-	free(dbstat->stattab);

-	dbstat->stattab = NULL;

+	if(dbstat->stattab) {

+	    free(dbstat->stattab);

+	    dbstat->stattab = NULL;

+	}

 	dbstat->entries = 0;

+

 	if(dbstat->dir) {

 	    free(dbstat->dir);

 	    dbstat->dir = NULL;

@@ -352,7 +352,7 @@ static int cli_scanzip(int desc, cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_c

     fstat(desc, &source);

     if(!(buff = (char *) cli_malloc(FILEBUFF))) {

-	cli_dbgmsg("Zip: unable to malloc(%d)\n", FILEBUFF);

+	cli_dbgmsg("Zip: unable to malloc(%u)\n", FILEBUFF);

 	zip_dir_close(zdir);

 	return CL_EMEM;

     }

@@ -740,8 +740,8 @@ static int cli_scanbzip(int desc, cli_ctx *ctx)

     }

     fd = fileno(tmp);

-    if(!(buff = (char *) malloc(FILEBUFF))) {

-	cli_dbgmsg("Bzip: Unable to malloc %d bytes.\n", FILEBUFF);

+    if(!(buff = (char *) cli_malloc(FILEBUFF))) {

+	cli_dbgmsg("Bzip: Unable to malloc %u bytes.\n", FILEBUFF);

 	fclose(tmp);

 	if(!cli_leavetemps_flag)

 	    unlink(tmpname);

@@ -961,6 +961,11 @@ int cli_scandir(const char *dirname, cli_ctx *ctx)

 		if(strcmp(dent->d_name, ".") && strcmp(dent->d_name, "..")) {

 		    /* build the full name */

 		    fname = cli_calloc(strlen(dirname) + strlen(dent->d_name) + 2, sizeof(char));

+		    if(!fname) {

+			closedir(dd);

+			return CL_EMEM;

+		    }

+

 		    sprintf(fname, "%s/%s", dirname, dent->d_name);

 		    /* stat the file */

@@ -1015,6 +1020,10 @@ static int cli_vba_scandir(const char *dirname, cli_ctx *ctx)

 	for(i = 0; i < vba_project->count; i++) {

 	    fullname = (char *) cli_malloc(strlen(vba_project->dir) + strlen(vba_project->name[i]) + 2);

+	    if(!fullname) {

+		ret = CL_EMEM;

+		break;

+	    }

 	    sprintf(fullname, "%s/%s", vba_project->dir, vba_project->name[i]);

 	    fd = open(fullname, O_RDONLY|O_BINARY);

 	    if(fd == -1) {

@@ -1060,6 +1069,10 @@ static int cli_vba_scandir(const char *dirname, cli_ctx *ctx)

     } else if ((vba_project = (vba_project_t *) wm_dir_read(dirname))) {

     	for (i = 0; i < vba_project->count; i++) {

 		fullname = (char *) cli_malloc(strlen(vba_project->dir) + strlen(vba_project->name[i]) + 2);

+		if(!fullname) {

+		    ret = CL_EMEM;

+		    break;

+		}

 		sprintf(fullname, "%s/%s", vba_project->dir, vba_project->name[i]);

 		fd = open(fullname, O_RDONLY|O_BINARY);

 		if(fd == -1) {

@@ -1098,12 +1111,15 @@ static int cli_vba_scandir(const char *dirname, cli_ctx *ctx)

 	free(vba_project->dir);

 	free(vba_project);

     }

-			

+

     if(ret != CL_CLEAN)

     	return ret;

     /* Check directory for embedded OLE objects */

     fullname = (char *) cli_malloc(strlen(dirname) + 16);

+    if(!fullname)

+	return CL_EMEM;

+

     sprintf(fullname, "%s/_1_Ole10Native", dirname);

     fd = open(fullname, O_RDONLY|O_BINARY);

     free(fullname);

@@ -1133,6 +1149,10 @@ static int cli_vba_scandir(const char *dirname, cli_ctx *ctx)

 		if(strcmp(dent->d_name, ".") && strcmp(dent->d_name, "..")) {

 		    /* build the full name */

 		    fname = cli_calloc(strlen(dirname) + strlen(dent->d_name) + 2, sizeof(char));

+		    if(!fname) {

+			ret = CL_EMEM;

+			break;

+		    }

 		    sprintf(fname, "%s/%s", dirname, dent->d_name);

 		    /* stat the file */