Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 3 Sep 2010 10:17:07 GMT
From:      Frank Wall <fw@moov.de>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/150243: [PATCH] security/clamav: fix hung clamd on FreeBSD 7.1
Message-ID:  <201009031017.o83AH7vZ022579@www.freebsd.org>
Resent-Message-ID: <201009031020.o83AK8j2086603@freefall.freebsd.org>

Next in thread | Raw E-Mail | Index | Archive | Help

>Number:         150243
>Category:       ports
>Synopsis:       [PATCH] security/clamav: fix hung clamd on FreeBSD 7.1
>Confidential:   no
>Severity:       critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 03 10:20:08 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Frank Wall
>Release:        7.1-RELEASE-p8
>Organization:
>Environment:
FreeBSD XXX 7.1-RELEASE-p8 FreeBSD 7.1-RELEASE-p8 #0: Fri Oct  2 07:10:41 UTC 2009     root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
Current ClamAV 0.96.2 has a bug which breaks clamd on FreeBSD 7.1:
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2235

This means current ClamAV is broken on FreeBSD 7.1 after update to version 0.96.2. Please commit the attached patch ASAP.
>How-To-Repeat:
1. install security/clamav on FreeBSD 7.1
2. edit /etc/rc.conf: add clamav_clamd_enable="YES"
3. start clamd: /usr/local/etc/rc.d/clamav-clamd start

Now try to connect to clamd:

# /usr/local/bin/clamdtop
[...]
Connecting to: /var/run/clamav/clamd.sock
/var/run/clamav/clamd.sock: Resource temporarily unavailable

Now try to stop clamd:

# /usr/local/etc/rc.d/clamav-clamd stop 
Stopping clamav_clamd.
Waiting for PIDS: 59203, 59203, 59203, 59203 [...] (wait forever)
>Fix:
The ClamAV people kindly provide a patch, see attached file.

My (slightly modified) patch adds two files to the port:
files/patch-libclamav__bytecode.c
files/patch-libclamav__bytecode2llvm.cpp

Or take a look at the original patch:
http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff_plain;h=71ca3536c4e0ed6454315a7c3ad5950ba212fbe1

Patch attached with submission follows:

--- security/clamav/files/patch-libclamav__bytecode.c	1970-01-01 01:00:00.000000000 +0100
+++ security/clamav/files/patch-libclamav__bytecode.c	2010-09-03 11:59:05.000000000 +0200
@@ -0,0 +1,10 @@
+--- libclamav/bytecode.c
++++ libclamav/bytecode.c
+@@ -2107,6 +2107,7 @@ static int run_selfcheck(struct cli_all_bc *bcs)
+     cli_bytecode_context_setfuncid(ctx, bc, 0);
+ 
+     cli_dbgmsg("bytecode self test running\n");
++    ctx->bytecode_timeout = 0;
+     rc = cli_bytecode_run(bcs, bc, ctx);
+     cli_bytecode_context_destroy(ctx);
+     if (rc != CL_SUCCESS) {
--- security/clamav/files/patch-libclamav__bytecode2llvm.cpp	1970-01-01 01:00:00.000000000 +0100
+++ security/clamav/files/patch-libclamav__bytecode2llvm.cpp	2010-09-03 11:59:30.000000000 +0200
@@ -0,0 +1,34 @@
+--- libclamav/c++/bytecode2llvm.cpp
++++ libclamav/c++/bytecode2llvm.cpp
+@@ -1637,11 +1637,15 @@ int cli_vm_execute_jit(const struct cli_all_bc *bcs, struct cli_bc_ctx *ctx,
+ 	0
+     };
+ 
+-    if ((ret = pthread_create(&thread, NULL, bytecode_watchdog, &w))) {
+-	errs() << "Bytecode: failed to create new thread!";
+-	errs() << cli_strerror(ret, buf, sizeof(buf));
+-	errs() << "\n";
+-	return CL_EBYTECODE;
++    if (ctx->bytecode_timeout) {
++	/* only spawn if timeout is set.
++	 * we don't set timeout for selfcheck (see bb #2235) */
++	if ((ret = pthread_create(&thread, NULL, bytecode_watchdog, &w))) {
++	    errs() << "Bytecode: failed to create new thread!";
++	    errs() << cli_strerror(ret, buf, sizeof(buf));
++	    errs() << "\n";
++	    return CL_EBYTECODE;
++	}
+     }
+ 
+     ret = bytecode_execute((intptr_t)code, ctx);
+@@ -1649,7 +1653,9 @@ int cli_vm_execute_jit(const struct cli_all_bc *bcs, struct cli_bc_ctx *ctx,
+     w.finished = 1;
+     pthread_cond_signal(&w.cond);
+     pthread_mutex_unlock(&w.mutex);
+-    pthread_join(thread, NULL);
++    if (ctx->bytecode_timeout) {
++	pthread_join(thread, NULL);
++    }
+ 
+     if (cli_debug_flag) {
+ 	gettimeofday(&tv1, NULL);


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?201009031017.o83AH7vZ022579>