ERROR: ScanStream: Can't create temporary file.
I tracked this down to clamd/scanner.c's use of tmpfile() which is documented as being NOT a threadsafe API. As it turns out, tmpfile() is actually threadsafe iff the local implementation of getpid() returns a different value for each execution thread (i.e. as it does on Linux). Hence, most environments don't see this issue.
While exploring the issue of threadsafety in ClamAV, I dug deeper into the other places where temp files are created and used in libclamav. I found numerous places where concurrency issues existed, even though mutexes were being used to try to manage the problem. The attached patch includes fixes for files in both clamd and libclamav. While fixing these issues I also found and fixed several other issues that existed in error paths in the code that I was modifying. (i.e. memory/open file leaks, possible invalid memory references). There was also logic in scanners.c which attempted to use mutex to limit concurrency while scan rar files (to avoid issues with using tmpfile()). This logic would serialize RAR checking, but some of the logic attempted to not even try (if enabled) if another was in progress which would return success instead. The need for this mutex logic has been eliminated.
- Mark Pizzolato
20041130.patch
Description: Binary data
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-devel
