clamav: fix fd leakage

pkgs/tools/security/clamav/default.nix

@@ -21,6 +21,8 @@ stdenv.mkDerivation rec {
     zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre
   ];
 
+  patches = [ ./fd-leak.patch ];
+
   configureFlags = [
     "--sysconfdir=/etc/clamav"
     "--disable-llvm" # enabling breaks the build at the moment

pkgs/tools/security/clamav/fd-leak.patch

@@ -0,0 +1,49 @@
+--- a/libclamav/scanners.c	2018-01-26 16:59:00.820231425 +0100
++++ b/libclamav/scanners.c	2018-01-26 17:39:07.523633805 +0100
+@@ -1366,12 +1366,14 @@
+ 
+ 	if ((ret = cli_ac_initdata(&tmdata, troot?troot->ac_partsigs:0, troot?troot->ac_lsigs:0, troot?troot->ac_reloff_num:0, CLI_DEFAULT_AC_TRACKLEN))) {
+ 		free(tmpname);
++		free(normalized);
+ 		return ret;
+ 	}
+ 
+ 	if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) {
+ 		cli_ac_freedata(&tmdata);
+ 		free(tmpname);
++		free(normalized);
+ 		return ret;
+ 	}
+ 
+@@ -1390,6 +1392,7 @@
+ 				cli_errmsg("cli_scanscript: can't write to file %s\n",tmpname);
+ 				close(ofd);
+ 				free(tmpname);
++				free(normalized);
+ 				return CL_EWRITE;
+ 			}
+ 			text_normalize_reset(&state);
+@@ -1424,6 +1427,8 @@
+ 			if (ret) {
+ 				cli_ac_freedata(&tmdata);
+ 				free(tmpname);
++				free(normalized);
++				close(ofd);
+ 				return ret;
+ 			}
+ 		}
+@@ -1466,11 +1471,9 @@
+ 
+ 	}
+ 
+-	if(ctx->engine->keeptmp) {
+-		free(tmpname);
+-		if (ofd >= 0)
+-			close(ofd);
+-	}
++	if (ofd >= 0)
++		close(ofd);
++	free(tmpname);
+ 	free(normalized);
+ 
+ 	if(ret != CL_VIRUS || SCAN_ALL)  {