Bug 62586
| Summary: | [SECURITY] security/clamav: trivial DOS attack | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Oliver Eikemeier <eikemeier> | ||||||
| Component: | Individual Port(s) | Assignee: | Oliver Eikemeier <eik> | ||||||
| Status: | Closed FIXED | ||||||||
| Severity: | Affects Only Me | CC: | markun | ||||||
| Priority: | Normal | ||||||||
| Version: | Latest | ||||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| Attachments: |
|
||||||||
|
Description
Oliver Eikemeier
2004-02-09 14:00:33 UTC
Responsible Changed From-To: freebsd-ports-bugs->eik I'll take it. Argh! Fixed patch: --- libclamav/message.c.orig Wed Nov 5 11:59:53 2003 +++ libclamav/message.c Mon Feb 9 15:17:13 2004 @@ -878,13 +878,16 @@ if(strcasecmp(line, "end") == 0) break; - assert(strlen(line) <= 62); + if(strlen(line) > 62) + break; + if((line[0] & 0x3F) == ' ') break; len = *line++ - ' '; - assert((len >= 0) && (len <= 63)); + if(len < 0 || len > 63) + break; ptr = decode(line, ptr, uudecode, (len & 3) == 0); break; This has been fixed in the latest code (see CVS) for sometime. -- Nigel Horne. Arranger, Composer, Typesetter. NJH Music, Barnsley, UK. ICQ#20252325 njh@despammed.com http://www.bandsman.co.uk Nigel Horne wrote:
> This has been fixed in the latest code (see CVS) for sometime.
... but not in the relase version, which most production servers will run.
Hi, In the attachment is a patch that was retreived directly from clamav-devel sources. Regards, Rui Lopes State Changed From-To: open->closed fixed. |
