diff --git a/a83773682e856ad6529ba6db8d1792e6d515d7f1.patch b/a83773682e856ad6529ba6db8d1792e6d515d7f1.patch deleted file mode 100644 index b58ed23..0000000 --- a/a83773682e856ad6529ba6db8d1792e6d515d7f1.patch +++ /dev/null @@ -1,58 +0,0 @@ -From a83773682e856ad6529ba6db8d1792e6d515d7f1 Mon Sep 17 00:00:00 2001 -From: Mickey Sola -Date: Wed, 29 Mar 2017 14:55:26 -0400 -Subject: [PATCH] fixing potential OOB window write when unpacking chm files - ---- - libclamav/libmspack-0.5alpha/mspack/lzxd.c | 11 +++++++++-- - libclamav/libmspack.c | 6 +++++- - 2 files changed, 14 insertions(+), 3 deletions(-) - -diff --git a/libclamav/libmspack-0.5alpha/mspack/lzxd.c b/libclamav/libmspack-0.5alpha/mspack/lzxd.c -index 2281e7b9d..45105a583 100644 ---- a/libclamav/libmspack-0.5alpha/mspack/lzxd.c -+++ b/libclamav/libmspack-0.5alpha/mspack/lzxd.c -@@ -766,8 +766,13 @@ int lzxd_decompress(struct lzxd_stream *lzx, off_t out_bytes) { - case LZX_BLOCKTYPE_UNCOMPRESSED: - /* as this_run is limited not to wrap a frame, this also means it - * won't wrap the window (as the window is a multiple of 32k) */ -+ if (window_posn + this_run > lzx->window_size) { -+ D(("match ran over window boundary")) -+ return lzx->error = MSPACK_ERR_DECRUNCH; -+ } - rundest = &window[window_posn]; - window_posn += this_run; -+ - while (this_run > 0) { - if ((i = i_end - i_ptr) == 0) { - READ_IF_NEEDED; -@@ -888,8 +893,10 @@ void lzxd_free(struct lzxd_stream *lzx) { - struct mspack_system *sys; - if (lzx) { - sys = lzx->sys; -- sys->free(lzx->inbuf); -- sys->free(lzx->window); -+ if(lzx->inbuf) -+ sys->free(lzx->inbuf); -+ if(lzx->window) -+ sys->free(lzx->window); - sys->free(lzx); - } - } -diff --git a/libclamav/libmspack.c b/libclamav/libmspack.c -index d9b05ec25..22bc1a11e 100644 ---- a/libclamav/libmspack.c -+++ b/libclamav/libmspack.c -@@ -264,7 +264,11 @@ static void *mspack_fmap_alloc(struct mspack_system *self, size_t num) - - static void mspack_fmap_free(void *mem) - { -- free(mem); -+ if(mem) { -+ free(mem); -+ mem = NULL; -+ } -+ return; - } - - static void mspack_fmap_copy(void *src, void *dst, size_t num) diff --git a/clamav.spec b/clamav.spec index 4af31f7..ac6fbf1 100644 --- a/clamav.spec +++ b/clamav.spec @@ -128,7 +128,6 @@ Patch31: clamav-0.99.1-setsebool.patch Patch32: fa15aa98c7d5e1d8fc22e818ebd089f2e53ebe1d.diff Patch33: clamav-0.99.2-temp-cleanup.patch Patch34: dfc00cd3301a42b571454b51a6102eecf58407bc.patch -Patch35: a83773682e856ad6529ba6db8d1792e6d515d7f1.patch Patch36: 586a5180287262070637c8943f2f7efd652e4a2c.patch @@ -463,8 +462,7 @@ The systemd initscripts for clamav-scanner. %apply -n32 -p1 -b .openssl_1.1.0 %apply -n33 -p1 -b .temp-cleanup %apply -n34 -p1 -b .CVE-2017-6420 -%apply -n35 -p1 -b .CVE-2017-6419 -%apply -n36 -p1 -b .CVE-2017-6418 +%apply -n36 -p1 -b .CVE-2017-6418 %{?apply_end} install -p -m0644 %SOURCE300 clamav-milter/ @@ -943,8 +941,7 @@ test "$1" != "0" || /sbin/initctl -q stop clamav-milter || : %changelog * Thu Jan 11 2018 Sérgio Basto - 0.99.2-17 -- Security fixes CVE-2017-6420 (#1483910), CVE-2017-6419 (#1483909), - CVE-2017-6418 (#1483908) +- Security fixes CVE-2017-6420 (#1483910), CVE-2017-6418 (#1483908) * Tue Jan 09 2018 Sérgio Basto - 0.99.2-16 - Make sure that Obsoletes sysv and upstart for Epel upgrade and update