open-dsi
/
clamav
mirror of https://github.com/Cisco-Talos/clamav
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Copy cert name for debug prints; fail better

Browse Source 
Fail better if calling crtmgr_add fails when adding an
embedded certificate bc it matched a whitelist entry
pull/111/head
Andrew 6 years ago committed by Micah Snyder
parent 3cf1b1c58d
commit a96756b0b6
1 changed files with 8 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 8
      libclamav/asn1.c

8
libclamav/asn1.c
Unescape View File

@ -1615,6 +1615,10 @@ static cl_error_t asn1_parse_mscat(struct cl_engine *engine, fmap_t *map, size_t
if (NULL != (crt = crtmgr_whitelist_lookup(cmgr, x509, 1))) {
cli_crt *tmp = x509->next;
cli_dbgmsg("asn1_parse_mscat: Directly whitelisting embedded cert based on %s\n", (crt->name ? crt->name : "(no name)"));
if (cli_debug_flag && crt->name) {
// Copy the name from the CRB entry for printing below
x509->name = strdup(crt->name);
}
if (crtmgr_add(cmgr, x509)) {
cli_dbgmsg("asn1_parse_mscat: adding x509 cert to crtmgr failed\n");
break;
@ -1626,6 +1630,10 @@ static cl_error_t asn1_parse_mscat(struct cl_engine *engine, fmap_t *map, size_t
x509 = x509->next;
}
if (x509) {
crtmgr_free(&newcerts);
break;
}
x509 = newcerts.crts;
/* Now look for cases where embedded certs can be trusted

Write Preview
Loading…
Cancel
Save