GitList

Browse code

sigtool: add support for building unsigned dbs (--unsigned) libclamav: handle unsigned db files (.cud)

Tomasz Kojm authored on 2011/05/11 04:29:49
Showing 9 changed files

ChangeLog index 4b4ea84..dec3d2a 100644
docs/man/sigtool.1.in index 75bfb00..ea60287 100644
libclamav/clamav.h index cdd8d63..e3081f1 100644
libclamav/cvd.c index 564162b..3ee4cbb 100644
libclamav/cvd.h index aee727f..c43c226 100644
libclamav/readdb.c index fb85da1..e76209c 100644
libclamav/readdb.h index db9d081..d60e165 100644
shared/optparser.c index add4a5a..f975055 100644
sigtool/sigtool.c index b502096..846a33a 100644

@@ -1,3 +1,8 @@
                     +Tue May 10 21:25:37 CEST 2011 (tk)
                     +----------------------------------
                     + * sigtool: add support for building unsigned dbs (--unsigned)
                     + * libclamav: handle unsigned db files (.cud)
+                    +
                      Sat May  7 18:05:23 EEST 2011 (edwin)
                      -------------------------------------
                       * libclamav/pdf.c: better detection for encrypted PDFs (bb #2448)

docs/man/sigtool.1.in

History View file @ cdddd01

@@ -57,6 +57,12 @@ Print a CVD information and verify MD5 and a digital signature.
                      \fB\-b, \-\-build\fR
                      Build a CVD file. \-s, \-\-server is required.
                      .TP
                     +\fB\-b, \-\-no\-cdiff\fR
                     +Don't create a .cdiff file when building a new database file.
                     +.TP
                     +\fB\-b, \-\-unsigned\fR
                     +Create a database file without digital signatures (.cua).
                     +.TP
                      \fB\-\-server\fR
                      ClamAV Signing Service address (for virus database maintainers only).
                      .TP

libclamav/clamav.h

History View file @ cdddd01

@@ -94,6 +94,7 @@ typedef enum {
                      #define CL_DB_BYTECODE      0x2000
                      #define CL_DB_SIGNED	    0x4000  /* internal */
                      #define CL_DB_BYTECODE_UNSIGNED	0x8000
                     +#define CL_DB_UNSIGNED	    0x10000 /* internal */
                      /* recommended db settings */
                      #define CL_DB_STDOPT	    (CL_DB_PHISHING | CL_DB_PHISHING_URLS | CL_DB_BYTECODE)

libclamav/cvd.c

History View file @ cdddd01

@@ -488,7 +488,7 @@ void cl_cvdfree(struct cl_cvd *cvd)
                          free(cvd);
+                     }
                     -static int cli_cvdverify(FILE *fs, struct cl_cvd *cvdpt, unsigned int cld)
                     +static int cli_cvdverify(FILE *fs, struct cl_cvd *cvdpt, unsigned int skipsig)
+                     {
                      	struct cl_cvd *cvd;
                      	char *md5, head[513];
@@ -510,7 +510,7 @@ static int cli_cvdverify(FILE *fs, struct cl_cvd *cvdpt, unsigned int cld)
                          if(cvdpt)
                      	memcpy(cvdpt, cvd, sizeof(struct cl_cvd));
                     -    if(cld) {
                     +    if(skipsig) {
                      	cl_cvdfree(cvd);
                      	return CL_SUCCESS;
+                         }
@@ -562,7 +562,7 @@ int cl_cvdverify(const char *file)
                          return ret;
+                     }
                     -int cli_cvdload(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigned int options, unsigned int cld, const char *filename, unsigned int chkonly)
                     +int cli_cvdload(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigned int options, unsigned int dbtype, const char *filename, unsigned int chkonly)
+                     {
                      	struct cl_cvd cvd, dupcvd;
                      	FILE *dupfs;
@@ -576,32 +576,34 @@ int cli_cvdload(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigne
                          cli_dbgmsg("in cli_cvdload()\n");
                          /* verify */
                     -    if((ret = cli_cvdverify(fs, &cvd, cld)))
                     +    if((ret = cli_cvdverify(fs, &cvd, dbtype)))
                      	return ret;
                     -    /* check for duplicate db */
                     -    dupname = cli_strdup(filename);
                     -    if(!dupname)
                     -	return CL_EMEM;
                     -    dupname[strlen(dupname) - 2] = (cld ? 'v' : 'l');
                     -    if(!access(dupname, R_OK) && (dupfs = fopen(dupname, "rb"))) {
                     -	if((ret = cli_cvdverify(dupfs, &dupcvd, !cld))) {
                     +    if(dbtype <= 1) {
                     +	/* check for duplicate db */
                     +	dupname = cli_strdup(filename);
                     +	if(!dupname)
                     +	    return CL_EMEM;
                     +	dupname[strlen(dupname) - 2] = (dbtype == 1 ? 'v' : 'l');
                     +	if(!access(dupname, R_OK) && (dupfs = fopen(dupname, "rb"))) {
                     +	    if((ret = cli_cvdverify(dupfs, &dupcvd, !dbtype))) {
                     +		fclose(dupfs);
                     +		free(dupname);
                     +		return ret;
                     +	    }
                      	    fclose(dupfs);
                     -	    free(dupname);
                     -	    return ret;
                     -	}
                     -	fclose(dupfs);
                     -	if(dupcvd.version > cvd.version) {
                     -	    cli_warnmsg("Detected duplicate databases %s and %s. The %s database is older and will not be loaded, you should manually remove it from the database directory.\n", filename, dupname, filename);
                     -	    free(dupname);
                     -	    return CL_SUCCESS;
                     -	} else if(dupcvd.version == cvd.version && !cld) {
                     -	    cli_warnmsg("Detected duplicate databases %s and %s, please manually remove one of them\n", filename, dupname);
                     -	    free(dupname);
                     -	    return CL_SUCCESS;
                     +	    if(dupcvd.version > cvd.version) {
                     +		cli_warnmsg("Detected duplicate databases %s and %s. The %s database is older and will not be loaded, you should manually remove it from the database directory.\n", filename, dupname, filename);
                     +		free(dupname);
                     +		return CL_SUCCESS;
                     +	    } else if(dupcvd.version == cvd.version && !dbtype) {
                     +		cli_warnmsg("Detected duplicate databases %s and %s, please manually remove one of them\n", filename, dupname);
                     +		free(dupname);
                     +		return CL_SUCCESS;
                     +	    }
+                     	}
                     +	free(dupname);
+                         }
                     -    free(dupname);
                          if(strstr(filename, "daily.")) {
                      	time(&s_time);
@@ -631,7 +633,10 @@ int cli_cvdload(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigne
                          cfd = fileno(fs);
                          dbio.chkonly = 0;
                     -    ret = cli_tgzload(cfd, engine, signo, options | CL_DB_OFFICIAL, &dbio, NULL);
                     +    if(dbtype == 2)
                     +	ret = cli_tgzload(cfd, engine, signo, options | CL_DB_UNSIGNED, &dbio, NULL);
                     +    else
                     +	ret = cli_tgzload(cfd, engine, signo, options | CL_DB_OFFICIAL, &dbio, NULL);
                          if(ret != CL_SUCCESS)
                      	return ret;
@@ -645,8 +650,12 @@ int cli_cvdload(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigne
                      	return CL_EMALFDB;
                          dbio.chkonly = chkonly;
                     -    options |= CL_DB_SIGNED;
                     -    ret = cli_tgzload(cfd, engine, signo, options | CL_DB_OFFICIAL, &dbio, dbinfo);
                     +    if(dbtype == 2)
                     +	options |= CL_DB_UNSIGNED;
                     +    else
                     +	options |= CL_DB_SIGNED | CL_DB_OFFICIAL;
+                    +
                     +    ret = cli_tgzload(cfd, engine, signo, options, &dbio, dbinfo);
                          while(engine->dbinfo) {
                      	dbinfo = engine->dbinfo;

libclamav/cvd.h

History View file @ cdddd01

@@ -37,7 +37,7 @@ struct cli_dbio {
                          SHA256_CTX sha256ctx;
                      };
                     -int cli_cvdload(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigned int options, unsigned int cld, const char *filename, unsigned int chkonly);
                     +int cli_cvdload(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigned int options, unsigned int dbtype, const char *filename, unsigned int chkonly);
                      int cli_cvdunpack(const char *file, const char *dir);
                      #endif

libclamav/readdb.c

History View file @ cdddd01

@@ -1696,7 +1696,7 @@ static int cli_loadinfo(FILE *fs, struct cl_engine *engine, unsigned int options
                          sha256_init(&ctx);
                          while(cli_dbgets(buffer, FILEBUFF, fs, dbio)) {
                      	line++;
                     -	if(!strncmp(buffer, "DSIG:", 5)) {
                     +	if(!(options & CL_DB_UNSIGNED) && !strncmp(buffer, "DSIG:", 5)) {
                      	    dsig = 1;
                      	    sha256_final(&ctx, hash);
                      	    if(cli_versig2(hash, buffer + 5, INFO_NSTR, INFO_ESTR) != CL_SUCCESS) {
@@ -1775,7 +1775,7 @@ static int cli_loadinfo(FILE *fs, struct cl_engine *engine, unsigned int options
                      	last = new;
+                         }
                     -    if(!dsig) {
                     +    if(!(options & CL_DB_UNSIGNED) && !dsig) {
                      	cli_errmsg("cli_loadinfo: Digital signature not found\n");
                      	return CL_EMALFDB;
+                         }
@@ -2382,6 +2382,9 @@ int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo
                          } else if(cli_strbcasestr(dbname, ".cld")) {
                      	ret = cli_cvdload(fs, engine, signo, options, 1, filename, 0);
                     +    } else if(cli_strbcasestr(dbname, ".cud")) {
                     +	ret = cli_cvdload(fs, engine, signo, options, 2, filename, 0);
+                    +
                          } else if(cli_strbcasestr(dbname, ".hdb") || cli_strbcasestr(dbname, ".hsb")) {
                      	ret = cli_loadhash(fs, engine, signo, MD5_HDB, options, dbio, dbname);
                          } else if(cli_strbcasestr(dbname, ".hdu") || cli_strbcasestr(dbname, ".hsu")) {

libclamav/readdb.h

History View file @ cdddd01

@@ -57,6 +57,7 @@
                      	cli_strbcasestr(ext, ".cfg")   ||	\
                      	cli_strbcasestr(ext, ".cvd")   ||	\
                      	cli_strbcasestr(ext, ".cld")   ||	\
                     +	cli_strbcasestr(ext, ".cud")   ||	\
                      	cli_strbcasestr(ext, ".cdb")   ||	\
                      	cli_strbcasestr(ext, ".idb")		\
+                         )

shared/optparser.c

History View file @ cdddd01

@@ -104,6 +104,7 @@ const struct clam_option __clam_options[] = {
                          { NULL, "html-normalise", 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_SIGTOOL, "", "" },
                          { NULL, "utf16-decode", 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_SIGTOOL, "", "" },
                          { NULL, "build", 'b', TYPE_STRING, NULL, -1, NULL, 0, OPT_SIGTOOL, "", "" },
                     +    { NULL, "unsigned", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_SIGTOOL, "", "" },
                          { NULL, "no-cdiff", 0, TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_SIGTOOL, "", "" },
                          { NULL, "server", 0, TYPE_STRING, NULL, -1, NULL, 0, OPT_SIGTOOL, "", "" },
                          { NULL, "unpack", 'u', TYPE_STRING, NULL, -1, NULL, 0, OPT_SIGTOOL, "", "" },

sigtool/sigtool.c

History View file @ cdddd01

@@ -24,6 +24,8 @@
                      #include "clamav-config.h"
                      #endif
                     +#define _GNU_SOURCE
+                    +
                      #include <stdio.h>
                      #include <stdlib.h>
                      #include <string.h>
@@ -116,7 +118,7 @@ static char *getdbname(const char *str, char *dst, int dstlen)
+                     {
                      	int len = strlen(str);
                     -    if(cli_strbcasestr(str, ".cvd") || cli_strbcasestr(str, ".cld"))
                     +    if(cli_strbcasestr(str, ".cvd") || cli_strbcasestr(str, ".cld") || cli_strbcasestr(str, ".cud"))
                      	len -= 4;
                          if(dst) {
@@ -474,18 +476,20 @@ static int writeinfo(const char *dbname, const char *builder, const char *header
+                     	    }
+                     	}
+                         }
                     -    rewind(fh);
                     -    sha256_init(&ctx);
                     -    while((bytes = fread(buffer, 1, sizeof(buffer), fh)))
                     -	sha256_update(&ctx, buffer, bytes);
                     -    sha256_final(&ctx, digest);
                     -    if(!(pt = getdsig(optget(opts, "server")->strarg, builder, digest, 32, 3))) {
                     -	mprintf("!writeinfo: Can't get digital signature from remote server\n");
                     -	fclose(fh);
                     -	return -1;
                     +    if(!optget(opts, "unsigned")->enabled) {
                     +	rewind(fh);
                     +	sha256_init(&ctx);
                     +	while((bytes = fread(buffer, 1, sizeof(buffer), fh)))
                     +	    sha256_update(&ctx, buffer, bytes);
                     +	sha256_final(&ctx, digest);
                     +	if(!(pt = getdsig(optget(opts, "server")->strarg, builder, digest, 32, 3))) {
                     +	    mprintf("!writeinfo: Can't get digital signature from remote server\n");
                     +	    fclose(fh);
                     +	    return -1;
                     +	}
                     +	fprintf(fh, "DSIG:%s\n", pt);
                     +	free(pt);
+                         }
                     -    fprintf(fh, "DSIG:%s\n", pt);
                     -    free(pt);
                          fclose(fh);
                          return 0;
+                     }
@@ -643,7 +647,7 @@ static int build(const struct optstruct *opts)
                      	free(x[i]);		    \
                          free(x);
                     -    if(!optget(opts, "server")->enabled) {
                     +    if(!optget(opts, "server")->enabled && !optget(opts, "unsigned")->enabled) {
                      	mprintf("!build: --server is required for --build\n");
                      	return -1;
+                         }
@@ -741,11 +745,11 @@ static int build(const struct optstruct *opts)
                          /* try to read cvd header of current database */
                          if(opts->filename) {
                     -	if(cli_strbcasestr(opts->filename[0], ".cvd") || cli_strbcasestr(opts->filename[0], ".cld")) {
                     +	if(cli_strbcasestr(opts->filename[0], ".cvd") || cli_strbcasestr(opts->filename[0], ".cld") || cli_strbcasestr(opts->filename[0], ".cud")) {
                      	    strncpy(olddb, opts->filename[0], sizeof(olddb));
                      	    olddb[sizeof(olddb)-1]='\0';
                      	} else {
                     -	    mprintf("!build: Not a CVD/CLD file\n");
                     +	    mprintf("!build: Not a CVD/CLD/CUD file\n");
                      	    FREE_LS(dblist2);
                      	    return -1;
+                     	}
@@ -755,6 +759,8 @@ static int build(const struct optstruct *opts)
                      	snprintf(olddb, sizeof(olddb), "%s"PATHSEP"%s.cvd", localdbdir ? localdbdir : pt, dbname);
                      	if(access(olddb, R_OK))
                      	    snprintf(olddb, sizeof(olddb), "%s"PATHSEP"%s.cld", localdbdir ? localdbdir : pt, dbname);
                     +	if(access(olddb, R_OK))
                     +	    snprintf(olddb, sizeof(olddb), "%s"PATHSEP"%s.cud", localdbdir ? localdbdir : pt, dbname);
                      	free(pt);
+                         }
@@ -916,15 +922,19 @@ static int build(const struct optstruct *opts)
                          sprintf(header + strlen(header), "%s:", pt);
                          free(pt);
                     -    if(!(pt = getdsig(optget(opts, "server")->strarg, builder, buffer, 16, 1))) {
                     -	mprintf("!build: Can't get digital signature from remote server\n");
                     -	fclose(fh);
                     -	unlink(tarfile);
                     -	free(tarfile);
                     -	return -1;
                     +    if(!optget(opts, "unsigned")->enabled) {
                     +	if(!(pt = getdsig(optget(opts, "server")->strarg, builder, buffer, 16, 1))) {
                     +	    mprintf("!build: Can't get digital signature from remote server\n");
                     +	    fclose(fh);
                     +	    unlink(tarfile);
                     +	    free(tarfile);
                     +	    return -1;
                     +	}
                     +	sprintf(header + strlen(header), "%s:", pt);
                     +	free(pt);
                     +    } else {
                     +	sprintf(header + strlen(header), "X:");
+                         }
                     -    sprintf(header + strlen(header), "%s:", pt);
                     -    free(pt);
                          /* add builder */
                          strcat(header, builder);
@@ -982,6 +992,9 @@ static int build(const struct optstruct *opts)
                          mprintf("Created %s\n", newcvd);
                     +    if(optget(opts, "unsigned")->enabled)
                     +	return 0;
+                    +
                          if(!oldcvd || optget(opts, "no-cdiff")->enabled) {
                      	mprintf("Skipping .cdiff creation\n");
                      	return 0;
@@ -2726,6 +2739,7 @@ static void help(void)
                          mprintf("    --info=FILE            -i FILE         print database information\n");
                          mprintf("    --build=NAME [cvd] -b NAME             build a CVD file\n");
                          mprintf("    --no-cdiff                             Don't generate .cdiff file\n");
                     +    mprintf("    --unsigned                             Create unsigned database file (.cud)\n");
                          mprintf("    --server=ADDR                          ClamAV Signing Service address\n");
                          mprintf("    --datadir=DIR				Use DIR as default database directory\n");
                          mprintf("    --unpack=FILE          -u FILE         Unpack a CVD/CLD file\n");