Fix for CVE-2008-3913, applied upstream in 0.94
svn diff -c 4126 http://svn.clamav.net/svn/clamav-devel/trunk/
diff -pruN clamav-0.93.3.orig/freshclam/manager.c clamav-0.93.3/freshclam/manager.c
--- clamav-0.93.3.orig/freshclam/manager.c 2008-07-03 14:27:00.000000000 +0200
+++ clamav-0.93.3/freshclam/manager.c 2008-11-13 18:55:34.000000000 +0100
@@ -325,6 +325,7 @@ static char *proxyauth(const char *user,
buf[len] = '\0';
auth = malloc(strlen(buf) + 30);
if(!auth) {
+ free(buf);
logg("!proxyauth: Can't allocate memory for 'authorization'\n");
return NULL;
}
@@ -357,8 +358,10 @@ static struct cl_cvd *remote_cvdhead(con
if(user) {
authorization = proxyauth(user, pass);
- if(!authorization)
+ if(!authorization) {
+ free(remotename);
return NULL;
+ }
}
}
@@ -522,8 +525,10 @@ static int getfile(const char *srcfile,
if(user) {
authorization = proxyauth(user, pass);
- if(!authorization)
+ if(!authorization) {
+ free(remotename);
return 75; /* FIXME */
+ }
}
}
@@ -546,6 +551,12 @@ static int getfile(const char *srcfile,
"Connection: close\r\n"
"\r\n", (remotename != NULL) ? remotename : "", srcfile, hostname, (authorization != NULL) ? authorization : "", agent);
+ if(remotename)
+ free(remotename);
+
+ if(authorization)
+ free(authorization);
+
memset(ipaddr, 0, sizeof(ipaddr));
if(ip[0]) /* use ip to connect */
@@ -568,12 +579,6 @@ static int getfile(const char *srcfile,
return 52;
}
- if(remotename)
- free(remotename);
-
- if(authorization)
- free(authorization);
-
/* read http headers */
ch = buffer;
i = 0;