Fix for CVE-2008-3913, applied upstream in 0.94
svn diff -c 4126 http://svn.clamav.net/svn/clamav-devel/trunk/

diff -pruN clamav-0.93.3.orig/freshclam/manager.c clamav-0.93.3/freshclam/manager.c
--- clamav-0.93.3.orig/freshclam/manager.c	2008-07-03 14:27:00.000000000 +0200
+++ clamav-0.93.3/freshclam/manager.c	2008-11-13 18:55:34.000000000 +0100
@@ -325,6 +325,7 @@ static char *proxyauth(const char *user,
     buf[len] = '\0';
     auth = malloc(strlen(buf) + 30);
     if(!auth) {
+	free(buf);
 	logg("!proxyauth: Can't allocate memory for 'authorization'\n");
 	return NULL;
     }
@@ -357,8 +358,10 @@ static struct cl_cvd *remote_cvdhead(con
 
 	if(user) {
 	    authorization = proxyauth(user, pass);
-	    if(!authorization)
+	    if(!authorization) {
+		free(remotename);
 		return NULL;
+	    }
 	}
     }
 
@@ -522,8 +525,10 @@ static int getfile(const char *srcfile, 
 
 	if(user) {
 	    authorization = proxyauth(user, pass);
-	    if(!authorization)
+	    if(!authorization) {
+		free(remotename);
 		return 75; /* FIXME */
+	    }
 	}
     }
 
@@ -546,6 +551,12 @@ static int getfile(const char *srcfile, 
 	"Connection: close\r\n"
 	"\r\n", (remotename != NULL) ? remotename : "", srcfile, hostname, (authorization != NULL) ? authorization : "", agent);
 
+    if(remotename)
+	free(remotename);
+
+    if(authorization)
+	free(authorization);
+
     memset(ipaddr, 0, sizeof(ipaddr));
 
     if(ip[0]) /* use ip to connect */
@@ -568,12 +579,6 @@ static int getfile(const char *srcfile, 
 	return 52;
     }
 
-    if(remotename)
-	free(remotename);
-
-    if(authorization)
-	free(authorization);
-
     /* read http headers */
     ch = buffer;
     i = 0;