The cli_scandesc function causes clamav to crash, sometimes the read systemcall returns less than SCANBUFF bytes... I think the code expects this behaviour happen one time when reading the last block of data but if it happens several times, the length becomes negative and cli_bm_scanbuff will finally crash.
#0 0x08074899 in cli_bm_scanbuff ()
#1 0x08049ba5 in cli_scandesc ()
#2 0x08051820 in cli_magic_scandesc ()
#3 0x080519b1 in cli_scanfile ()
Release: 0.86.1
Please find attached a patch which should fix this problem.
--
David Gueluy
[EMAIL PROTECTED]
Netasq _ Secure Internet Connectivity
http://www.netasq.com
-----------------------------------------------------------------------
This communication may contain information that is proprietary,
privileged or confidential or otherwise legally exempt from disclosure.
The information contained in this e-mail is intended solely for the
addressee. Access to this e-mail by anyone else or any unauthorized
review, use, disclosure or distribution is unauthorized and prohibited.
If you are not the named addressee indicated in this message (or
responsible for delivery of the message to such person), you are not
authorized to read, print, retain, copy or disseminate this message
or any part of it. If you have received this message in error, please
notify the sender immediately by fax or e-mail and delete and destroy
all copies of the message. If you are the intended recipient but do not
wish to receive communications through this medium, please advise the
sender immediately. The views expressed in this e-mail are not
necessarily the views of NetASQ. The company, its directors, officers
or employees make no representation or accept any liability for its
accuracy or completeness unless expressly stated to the contrary.
------------------------------------------------------------------------
patch-libclamav-matcher.c
Description: Binary data
_______________________________________________ http://lurker.clamav.net/list/clamav-devel.html
