mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2025-10-19 10:23:17 +00:00
crtmgr_add
This commit is contained in:
aCaB
parent
e5c6c1aaf7
commit
8997495d13
7 changed files with 76 additions and 4 deletions
|
|
@ -496,6 +496,19 @@ int asn1_get_x509(fmap_t *map, void **asn1data, unsigned int *size, cli_crt *x50
|
|||
|
||||
if(asn1_expect_objtype(map, tbs.next, &crt.size, &obj, 0x03)) /* signature */
|
||||
return 1;
|
||||
if(obj.size > 513) {
|
||||
cli_dbgmsg("asn1_get_x509: signature too long\n");
|
||||
return 1;
|
||||
}
|
||||
if(!fmap_need_ptr_once(map, obj.content, obj.size)) {
|
||||
cli_dbgmsg("asn1_get_x509: cannot read signature\n");
|
||||
return 1;
|
||||
}
|
||||
if(mp_read_signed_bin(&x509->sig, obj.content, obj.size)) {
|
||||
cli_dbgmsg("asn1_get_x509: cannot convert signature to big number\n");
|
||||
return 1;
|
||||
}
|
||||
|
||||
if(crt.size) {
|
||||
cli_dbgmsg("asn1_get_x509: found unexpected extra data in signature\n");
|
||||
return 1;
|
||||
|
|
@ -512,7 +525,7 @@ int asn1_get_x509(fmap_t *map, void **asn1data, unsigned int *size, cli_crt *x50
|
|||
|
||||
|
||||
|
||||
int asn1_parse_mscat(FILE *f) {
|
||||
int asn1_parse_mscat(FILE *f, crtmgr *cmgr) {
|
||||
struct cli_asn1 asn1, deep, deeper;
|
||||
unsigned int size, dsize;
|
||||
fmap_t *map;
|
||||
|
|
@ -682,6 +695,7 @@ int asn1_parse_mscat(FILE *f) {
|
|||
dsize = 1;
|
||||
break;
|
||||
}
|
||||
crtmgr_add(cmgr, &x509);
|
||||
cli_crt_clear(&x509);
|
||||
}
|
||||
if(dsize)
|
||||
|
|
|
|||
|
|
@ -23,6 +23,6 @@ int ms_asn1_get_sha1(fmap_t *map, void *asn1data, unsigned int avail, unsigned i
|
|||
int asn1_get_time(fmap_t *map, void **asn1data, unsigned int *size, time_t *time);
|
||||
int asn1_get_rsa_pubkey(fmap_t *map, void **asn1data, unsigned int *size, cli_crt *x509);
|
||||
int asn1_get_x509(fmap_t *map, void **asn1data, unsigned int *size, cli_crt *x509);
|
||||
int asn1_parse_mscat(FILE *f);
|
||||
int asn1_parse_mscat(FILE *f, crtmgr *c);
|
||||
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -1,9 +1,15 @@
|
|||
#if HAVE_CONFIG_H
|
||||
#include "clamav-config.h"
|
||||
#endif
|
||||
|
||||
#include "crtmgr.h"
|
||||
#include "others.h"
|
||||
|
||||
int cli_crt_init(cli_crt *x509) {
|
||||
if(mp_init_multi(&x509->n, &x509->e, &x509->sig, NULL))
|
||||
return 1;
|
||||
x509->not_before = x509->not_after = 0;
|
||||
x509->prev = x509->next = NULL;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -11,6 +17,43 @@ void cli_crt_clear(cli_crt *x509) {
|
|||
mp_clear_multi(&x509->n, &x509->e, &x509->sig, NULL);
|
||||
}
|
||||
|
||||
int crtmgr_add(crtmgr *m, cli_crt *x509) {
|
||||
cli_crt *i = m->crts;
|
||||
while(i) {
|
||||
if(x509->not_before == i->not_before && x509->not_after == i->not_after && !memcmp(x509->subject, i->subject, sizeof(i->subject))) {
|
||||
if(mp_cmp(&x509->n, &i->n) || mp_cmp(&x509->e, &i->e))
|
||||
cli_dbgmsg("crtmgr_add: conflicting pk for the same cert\n");
|
||||
return 0;
|
||||
}
|
||||
i = i->next;
|
||||
}
|
||||
i = cli_malloc(sizeof(*i));
|
||||
if(!i)
|
||||
return 1;
|
||||
|
||||
if(mp_init_multi(&i->n, &i->e, &i->sig, NULL)) {
|
||||
free(i);
|
||||
return 1;
|
||||
}
|
||||
if(mp_copy(&x509->n, &i->n) || mp_copy(&x509->e, &i->e) || mp_copy(&x509->sig, &i->sig)) {
|
||||
cli_crt_clear(i);
|
||||
free(i);
|
||||
return 1;
|
||||
}
|
||||
memcpy(i->subject, x509->subject, sizeof(i->subject));
|
||||
memcpy(i->issuer, x509->issuer, sizeof(i->issuer));
|
||||
i->not_before = x509->not_before;
|
||||
i->not_after = x509->not_after;
|
||||
i->hashtype = x509->hashtype;
|
||||
i->next = m->crts;
|
||||
i->prev = NULL;
|
||||
if(m->crts)
|
||||
m->crts->prev = i;
|
||||
m->crts = i;
|
||||
cli_dbgmsg("crtmgr_add: added cert\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* typedef struct { */
|
||||
/* cli_crt *certs; */
|
||||
/* unsigned int ncerts; */
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
typedef enum { CLI_SHA1RSA, CLI_MD5RSA } cli_crt_hashtype;
|
||||
|
||||
|
||||
typedef struct {
|
||||
typedef struct cli_crt_t {
|
||||
uint8_t subject[SHA1_HASH_SIZE];
|
||||
uint8_t issuer[SHA1_HASH_SIZE];
|
||||
mp_int n;
|
||||
|
|
@ -18,9 +18,18 @@ typedef struct {
|
|||
time_t not_before;
|
||||
time_t not_after;
|
||||
cli_crt_hashtype hashtype;
|
||||
struct cli_crt_t *prev;
|
||||
struct cli_crt_t *next;
|
||||
} cli_crt;
|
||||
|
||||
typedef struct {
|
||||
cli_crt *crts;
|
||||
} crtmgr;
|
||||
|
||||
|
||||
int cli_crt_init(cli_crt *x509);
|
||||
void cli_crt_clear(cli_crt *x509);
|
||||
|
||||
int crtmgr_add(crtmgr *m, cli_crt *x509);
|
||||
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -351,6 +351,8 @@ struct cl_engine *cl_engine_new(void)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
new->cmgr.crts = NULL;
|
||||
|
||||
cli_dbgmsg("Initialized %s engine\n", cl_retver());
|
||||
return new;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@
|
|||
#include "bytecode.h"
|
||||
#include "bytecode_api.h"
|
||||
#include "events.h"
|
||||
#include "crtmgr.h"
|
||||
|
||||
/*
|
||||
* CL_FLEVEL is the signature f-level specific to the current code and
|
||||
|
|
@ -251,6 +252,9 @@ struct cl_engine {
|
|||
/* Used for memory pools */
|
||||
mpool_t *mempool;
|
||||
|
||||
/* crtmgr stuff */
|
||||
crtmgr cmgr;
|
||||
|
||||
/* Callback(s) */
|
||||
clcb_pre_cache cb_pre_cache;
|
||||
clcb_pre_scan cb_pre_scan;
|
||||
|
|
|
|||
|
|
@ -2353,7 +2353,7 @@ static int cli_loadcdb(FILE *fs, struct cl_engine *engine, unsigned int *signo,
|
|||
}
|
||||
|
||||
static int cli_loadmscat(FILE *fs, struct cl_engine *engine, unsigned int options, struct cli_dbio *dbio) {
|
||||
asn1_parse_mscat(fs);
|
||||
asn1_parse_mscat(fs, &engine->cmgr);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue