open-dsi
/
clamav
mirror of https://github.com/Cisco-Talos/clamav
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

verify keyCertSign

Browse Source
remotes/push_mirror/guardrails
aCaB 14 years ago
parent 998f97f147
commit de8548e6ef
2 changed files with 70 additions and 58 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 124
      libclamav/asn1.c
  2. 4
      libclamav/crtmgr.c

124
libclamav/asn1.c
Unescape View File

@ -552,7 +552,6 @@ static int asn1_get_x509(fmap_t *map, const void **asn1data, unsigned int *size,
}
while(exts.size) {
struct cli_asn1 ext, id, value;
int crit = 0;
if(asn1_expect_objtype(map, exts.content, &exts.size, &ext, 0x30)) {
exts.size = 1;
break;
@ -567,17 +566,12 @@ static int asn1_get_x509(fmap_t *map, const void **asn1data, unsigned int *size,
break;
}
if(value.type == 0x01) {
/* critical flag */
if(value.size != 1) {
cli_dbgmsg("asn1_get_x509: found boolean with wrong length\n");
exts.size = 1;
break;
}
if(!fmap_need_ptr_once(map, value.content, 1)) {
cli_dbgmsg("asn1_get_x509: cannot read critical flag\n");
exts.size = 1;
break;
}
crit = ((uint8_t *)(value.content))[0];
if(asn1_get_obj(map, value.next, &ext.size, &value)) {
exts.size = 1;
break;
@ -593,76 +587,94 @@ static int asn1_get_x509(fmap_t *map, const void **asn1data, unsigned int *size,
exts.size = 1;
break;
}
if(!crit)
if(id.size != 3)
continue;
if(!fmap_need_ptr_once(map, id.content, 3)) {
exts.size = 1;
break;
}
if(!memcmp("\x55\x1d\x0f", id.content, 3)) {
/* KeyUsage 2.5.29.15 */
const uint8_t *keyusage = value.content;
uint8_t usage;
if(value.size < 4 || value.size > 5) {
cli_dbgmsg("asn1_get_x509: bad KeyUsage\n");
exts.size = 1;
break;
}
if(!fmap_need_ptr_once(map, value.content, value.size)) {
exts.size = 1;
break;
}
if(keyusage[0] != 0x03 || keyusage[1] != value.size - 2 || keyusage[2] > 7) {
cli_dbgmsg("asn1_get_x509: bad KeyUsage\n");
exts.size = 1;
break;
}
usage = keyusage[3];
if(value.size == 4)
usage &= ~((1 << keyusage[2])-1);
x509.certSign = ((usage & 4) != 0);
continue;
if(id.size == 3) {
if(!fmap_need_ptr_once(map, id.content, 3)) {
}
if(!memcmp("\x55\x1d\x25", id.content, 3)) {
/* ExtKeyUsage 2.5.29.37 */
struct cli_asn1 keypurp;
if(asn1_expect_objtype(map, value.content, &value.size, &keypurp, 0x30)) {
exts.size = 1;
break;
}
if(value.size) {
cli_dbgmsg("asn1_get_x509: extra data in ExtKeyUsage\n");
exts.size = 1;
break;
}
if(!memcmp("\x55\x1d\x0f", id.content, 3)) {
/* KeyUsage 2.5.29.15 */
const uint8_t *keyusage = value.content;
uint32_t usage;
if(value.size < 4 || value.size > 5) {
cli_dbgmsg("asn1_get_x509: bad KeyUsage\n");
ext.next = keypurp.content;
while(keypurp.size) {
if(asn1_expect_objtype(map, ext.next, &keypurp.size, &ext, 0x06)) {
exts.size = 1;
break;
}
if(!fmap_need_ptr_once(map, value.content, value.size)) {
if(ext.size != 8)
continue;
if(!fmap_need_ptr_once(map, value.content, 8)) {
exts.size = 1;
break;
}
if(keyusage[0] != 0x03 || keyusage[1] != value.size - 2 || keyusage[2] > 7) {
cli_dbgmsg("asn1_get_x509: bad KeyUsage\n");
if(!memcmp("\x2b\x06\x01\x05\x05\x07\x03\x03", value.content, 8)) /* id_kp_codeSigning */
x509.codeSign = 1;
else if(!memcmp("\x2b\x06\x01\x05\x05\x07\x03\x08", value.content, 8)) /* id_kp_timeStamping */
x509.timeSign = 1;
}
continue;
}
if(!memcmp("\x55\x1d\x13", id.content, 3)) {
/* Basic Constraints 2.5.29.19 */
struct cli_asn1 constr;
if(asn1_expect_objtype(map, value.content, &value.size, &constr, 0x30)) {
exts.size = 1;
break;
}
if(!constr.size)
x509.certSign = 0;
else {
if(asn1_expect_objtype(map, constr.content, &constr.size, &ext, 0x01)) {
exts.size = 1;
break;
}
usage = keyusage[3];
if(value.size == 5) {
usage <<= 8;
usage |= keyusage[4];
}
usage >>= keyusage[2];
x509.certSign = ((usage & (1<<5)) != 0);
continue;
}
if(!memcmp("\x55\x1d\x25", id.content, 3)) {
/* ExtKeyUsage 2.5.29.37 */
struct cli_asn1 keypurp;
if(asn1_expect_objtype(map, value.content, &value.size, &keypurp, 0x30)) {
if(ext.size != 1) {
cli_dbgmsg("asn1_get_x509: wrong bool size in basic constraint %u\n", ext.size);
exts.size = 1;
break;
}
if(value.size) {
cli_dbgmsg("asn1_get_x509: extra data in ExtKeyUsage\n");
if(!fmap_need_ptr_once(map, ext.content, 1)) {
exts.size = 1;
break;
}
ext.next = keypurp.content;
while(keypurp.size) {
if(asn1_expect_objtype(map, ext.next, &keypurp.size, &ext, 0x06)) {
exts.size = 1;
break;
}
if(ext.size != 8)
continue;
if(!fmap_need_ptr_once(map, value.content, 8)) {
exts.size = 1;
break;
}
if(!memcmp("\x2b\x06\x01\x05\x05\x07\x03\x03", value.content, 8)) /* id_kp_codeSigning */
x509.codeSign = 1;
else if(!memcmp("\x2b\x06\x01\x05\x05\x07\x03\x08", value.content, 8)) /* id_kp_timeStamping */
x509.timeSign = 1;
}
continue;
x509.certSign = (((uint8_t *)(ext.content))[0] != 0);
}
}
/* { */
/* uint8_t *asd = id.content; */
/* cli_errmsg("ACAB: %u.%u.%u %u\n", asd[0], asd[1], asd[2], id.size); */
/* } */
}
if(exts.size) {
tbs.size = 1;

4
libclamav/crtmgr.c
Unescape View File

@ -33,7 +33,7 @@ int cli_crt_init(cli_crt *x509) {
}
x509->not_before = x509->not_after = 0;
x509->prev = x509->next = NULL;
x509->certSign = x509->codeSign = x509->timeSign = 0;
x509->certSign = x509->codeSign = x509->timeSign = -1;
return 0;
}
@ -260,7 +260,7 @@ int crtmgr_verify_crt(crtmgr *m, cli_crt *x509) {
cli_crt *i = m->crts;
for(i = m->crts; i; i = i->next) {
if(!memcmp(i->subject, x509->issuer, sizeof(i->subject)) &&
if(i->certSign && !memcmp(i->subject, x509->issuer, sizeof(i->subject)) &&
!crtmgr_rsa_verify(i, &x509->sig, x509->hashtype, x509->tbshash))
return 0;
}

Write Preview
Loading…
Cancel
Save