Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 10:23:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

bb5638. Parse the new cert db file.

Browse source
This commit is contained in:
Shawn Webb 2012-11-01 10:26:08 -04:00
parent 56b4f4b0b9
commit d12f1646f2
3 changed files with 119 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

60
libclamav/crtmgr.c
View file

@ -423,63 +423,9 @@ int crtmgr_add_roots(struct cl_engine *engine, crtmgr *m) {
cli_crt *crt, *new_crt;
/*
* Only add trusted (and revoked) root certs once. Copy certs
* from engine's root certs list.
* Certs are cached in engine->cmgr. Copy from there.
*/
if (m == &(engine->cmgr)) {
do {
if(cli_crt_init(&ca))
return 1;
memset(ca.issuer, '\xca', sizeof(ca.issuer));
memcpy(ca.subject, MSCA_SUBJECT, sizeof(ca.subject));
memset(ca.serial, '\xca', sizeof(ca.serial));
if(mp_read_unsigned_bin(&ca.n, MSCA_MOD, sizeof(MSCA_MOD)-1) || mp_read_unsigned_bin(&ca.e, MSCA_EXP, sizeof(MSCA_EXP)-1)) {
cli_errmsg("crtmgr_add_roots: failed to read MSCA key\n");
break;
}
ca.not_before = 0;
ca.not_after = (-1U)>>1;
ca.certSign = 1;
ca.codeSign = 1;
ca.timeSign = 1;
if(crtmgr_add(m, &ca))
break;
memcpy(ca.subject, MSA_SUBJECT, sizeof(ca.subject));
if(mp_read_unsigned_bin(&ca.n, MSA_MOD, sizeof(MSA_MOD)-1) || mp_read_unsigned_bin(&ca.e, MSA_EXP, sizeof(MSA_EXP)-1)) {
cli_errmsg("crtmgr_add_roots: failed to read MSA key\n");
break;
}
if(crtmgr_add(m, &ca))
break;
memcpy(ca.subject, VER_SUBJECT, sizeof(ca.subject));
if(mp_read_unsigned_bin(&ca.n, VER_MOD, sizeof(VER_MOD)-1) || mp_read_unsigned_bin(&ca.e, VER_EXP, sizeof(VER_EXP)-1)) {
cli_errmsg("crtmgr_add_roots: failed to read VER key\n");
break;
}
ca.timeSign = 0;
if(crtmgr_add(m, &ca))
break;
memcpy(ca.subject, THAW_SUBJECT, sizeof(ca.subject));
if(mp_read_unsigned_bin(&ca.n, THAW_MOD, sizeof(THAW_MOD)-1) || mp_read_unsigned_bin(&ca.e, THAW_EXP, sizeof(THAW_EXP)-1)) {
cli_errmsg("crtmgr_add_roots: failed to read THAW key\n");
break;
}
ca.codeSign = 0;
ca.timeSign = 1;
if(crtmgr_add(m, &ca))
break;
return 0;
} while(0);
cli_crt_clear(&ca);
crtmgr_free(m);
return 1;
} else {
if (m != &(engine->cmgr)) {
for (crt = engine->cmgr.crts; crt != NULL; crt = crt->next) {
if (crtmgr_add(m, crt)) {
crtmgr_free(m);
@ -490,5 +436,5 @@ int crtmgr_add_roots(struct cl_engine *engine, crtmgr *m) {
return 0;
}
return 1;
return 0;
}

115
libclamav/readdb.c
View file

@ -2362,6 +2362,118 @@ static int cli_loadcdb(FILE *fs, struct cl_engine *engine, unsigned int *signo,
return CL_SUCCESS;
}
/*
* Name;trusted:subject:pubkey;exponent;comment[;minFL;maxFL]
* Name and comment are ignored. They're just for the end user.
*/
#define CRT_TOKENS 11
static int cli_loadcrt(FILE *fs, struct cl_engine *engine, struct cli_dbio *dbio) {
char buffer[FILEBUFF];
char *tokens[CRT_TOKENS+1];
size_t line=0, tokens_count, i, j;
cli_crt ca;
int ret=CL_SUCCESS;
char *subject, *pubkey, *exponent;
const uint8_t exp[] = "\x01\x00\x01";
char c;
cli_crt_init(&ca);
memset(ca.issuer, '\xca', sizeof(ca.issuer));
memset(ca.serial, '\xca', sizeof(ca.serial));
while (cli_dbgets(buffer, FILEBUFF, fs, dbio)) {
line++;
if (buffer[0] == '#')
continue;
cli_chomp(buffer);
if (!strlen(buffer))
continue;
tokens_count = cli_strtokenize(buffer, ';', CRT_TOKENS + 1, (const char **)tokens);
if (tokens_count > CRT_TOKENS || tokens_count < CRT_TOKENS - 2) {
cli_errmsg("cli_loadcrt: line %u: Invalid number of tokens: %u\n", line, tokens_count);
ret = CL_EMALFDB;
goto end;
}
switch (tokens[1][0]) {
case '1':
ca.isBlacklisted = 0;
break;
case '0':
ca.isBlacklisted = 1;
break;
default:
cli_errmsg("cli_loadcrt: line %u: Invalid trust specification. Expected 0 or 1\n", line);
ret = CL_EMALFDB;
goto end;
}
subject = cli_hex2str(tokens[2]);
pubkey = cli_hex2str(tokens[3]);
if (!subject) {
cli_errmsg("cli_loadcrt: line %u: Cannot convert subject to binary string\n", line);
ret = CL_EMALFDB;
goto end;
}
if (!pubkey) {
cli_errmsg("cli_loadcrt: line %u: Cannot convert public key to binary string\n", line);
ret = CL_EMALFDB;
goto end;
}
memcpy(ca.subject, subject, sizeof(ca.subject));
if (mp_read_unsigned_bin(&(ca.n), pubkey, strlen(tokens[3])/2) || mp_read_unsigned_bin(&(ca.e), exp, sizeof(exp)-1)) {
cli_errmsg("cli_loadcrt: line %u: Cannot convert exponent to binary data\n", line);
ret = CL_EMALFDB;
goto end;
}
cli_dbgmsg("sizeof(exp): %u. sizeof(exp)-1: %u\n", sizeof(exp), sizeof(exp)-1);
switch (tokens[5][0]) {
case '1':
ca.codeSign = 1;
break;
case '0':
ca.codeSign = 0;
break;
default:
cli_errmsg("cli_loadcrt: line %u: Invalid code sign specification. Expected 0 or 1\n", line);
ret = CL_EMALFDB;
goto end;
}
switch (tokens[6][0]) {
case '1':
ca.timeSign = 1;
break;
case '0':
ca.timeSign = 0;
break;
default:
cli_errmsg("cli_loadcrt: line %u: Invalid time sign specification. Expected 0 or 1\n", line);
ret = CL_EMALFDB;
goto end;
}
if (strlen(tokens[7]))
ca.not_before = atoi(tokens[7]);
ca.not_after = (-1U)>>1;
ca.certSign = 1;
crtmgr_add(&(engine->cmgr), &ca);
}
end:
cli_dbgmsg("Number of certs: %d\n", engine->cmgr.items);
cli_crt_clear(&ca);
return ret;
}
static int cli_loadmscat(FILE *fs, const char *dbname, struct cl_engine *engine, unsigned int options, struct cli_dbio *dbio) {
fmap_t *map;
@ -2422,6 +2534,9 @@ int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo
} else if(cli_strbcasestr(dbname, ".cud")) {
ret = cli_cvdload(fs, engine, signo, options, 2, filename, 0);
} else if (cli_strbcasestr(dbname, ".crt")) {
ret = cli_loadcrt(fs, engine, dbio);
} else if(cli_strbcasestr(dbname, ".hdb") || cli_strbcasestr(dbname, ".hsb")) {
ret = cli_loadhash(fs, engine, signo, MD5_HDB, options, dbio, dbname);
} else if(cli_strbcasestr(dbname, ".hdu") || cli_strbcasestr(dbname, ".hsu")) {

1
libclamav/readdb.h
View file

@ -60,6 +60,7 @@
cli_strbcasestr(ext, ".cud") || \
cli_strbcasestr(ext, ".cdb") || \
cli_strbcasestr(ext, ".cat") || \
cli_strbcasestr(ext, ".crt") || \
cli_strbcasestr(ext, ".idb") \
)