From 2c2e89e107e198b78078c7bd81e7cb878b300b85 Mon Sep 17 00:00:00 2001
From: Shawn Webb <swebb@sourcefire.com>
Date: Thu, 1 Nov 2012 11:35:42 -0400
Subject: [PATCH] bb5638. Check if cert already exists in cache.

---
 libclamav/crtmgr.c | 13 +++++++++++++
 libclamav/readdb.c |  2 +-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/libclamav/crtmgr.c b/libclamav/crtmgr.c
index 9114e2a4d..f0fb6c901 100644
--- a/libclamav/crtmgr.c
+++ b/libclamav/crtmgr.c
@@ -88,8 +88,21 @@ int crtmgr_add(crtmgr *m, cli_crt *x509) {
 	    i->certSign |= x509->certSign;
 	    i->codeSign |= x509->codeSign;
 	    i->timeSign |= x509->timeSign;
+
 	    return 0;
 	}
+
+    /* If certs match, we're likely just revoking it */
+    if (!memcmp(x509->subject, i->subject, sizeof(x509->subject)) &&
+        !memcmp(x509->issuer, i->issuer, sizeof(x509->issuer)) &&
+        !memcmp(x509->serial, i->serial, sizeof(x509->serial)) &&
+        !mp_cmp(&x509->n, &i->n) &&
+        !mp_cmp(&x509->e, &i->e)) {
+            if (i->isBlacklisted != x509->isBlacklisted)
+                i->isBlacklisted = x509->isBlacklisted;
+
+            return 0;
+    }
     }
 
     i = cli_malloc(sizeof(*i));
diff --git a/libclamav/readdb.c b/libclamav/readdb.c
index 05b2a6e68..ae46a33d1 100644
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@@ -2417,7 +2417,7 @@ static int cli_loadcrt(FILE *fs, struct cl_engine *engine, struct cli_dbio *dbio
                     goto end;
                 }
 
-                if ((unsigned int)atoi(tokens[CRT_TOKENS]) < cl_retflevel) {
+                if ((unsigned int)atoi(tokens[CRT_TOKENS]) < cl_retflevel()) {
                     cli_dbgmsg("cli_ladcrt: Cert %s not loaded (maximum f-level: %s)\n", tokens[0], tokens[CRT_TOKENS]);
                     continue;
                 }