diff --git a/common/cert_util.c b/common/cert_util.c index b65c0a5db9..a5934a64b4 100644 --- a/common/cert_util.c +++ b/common/cert_util.c @@ -698,34 +698,67 @@ CURLcode sslctx_function(CURL *curl, void *ssl_ctx, void *userptr) return status; } -void set_tls_client_certificate(CURL *curl) +cl_error_t set_tls_client_certificate(CURL *curl) { + cl_error_t status = CL_ERROR; char *client_certificate; char *client_key; char *client_key_passwd; + CURLcode curlcode = CURLE_OK; client_certificate = getenv("FRESHCLAM_CLIENT_CERT"); if (client_certificate == NULL) { - return; + // No client certificate specified, so no need to set it. + status = CL_SUCCESS; + goto done; } client_key = getenv("FRESHCLAM_CLIENT_KEY"); if (client_key == NULL) { - return; + // A client certificate was specified, but no client key was specified. + logg(LOGG_WARNING, "The FRESHCLAM_CLIENT_CERT environment variable was set, but FRESHCLAM_CLIENT_KEY was not set. A client private key is also required if specifying a client certificate.\n"); + goto done; } client_key_passwd = getenv("FRESHCLAM_CLIENT_KEY_PASSWD"); /* set the cert for client authentication */ - curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM"); - curl_easy_setopt(curl, CURLOPT_SSLCERT, client_certificate); + curlcode = curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM"); + if (CURLE_OK != curlcode) { + logg(LOGG_WARNING, "Failed to set client certificate type for client authentication: %s\n", curl_easy_strerror(curlcode)); + goto done; + } + + curlcode = curl_easy_setopt(curl, CURLOPT_SSLCERT, client_certificate); + if (CURLE_OK != curlcode) { + logg(LOGG_WARNING, "Failed to set client certificate to '%s' for client authentication: %s\n", client_certificate, curl_easy_strerror(curlcode)); + goto done; + } /* set the private key type and path */ - curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM"); - curl_easy_setopt(curl, CURLOPT_SSLKEY, client_key); + curlcode = curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM"); + if (CURLE_OK != curlcode) { + logg(LOGG_WARNING, "Failed to set private key type for client authentication: %s\n", curl_easy_strerror(curlcode)); + goto done; + } + + curlcode = curl_easy_setopt(curl, CURLOPT_SSLKEY, client_key); + if (CURLE_OK != curlcode) { + logg(LOGG_WARNING, "Failed to set private key to '%s' for client authentication: %s\n", client_key, curl_easy_strerror(curlcode)); + goto done; + } /* the private key may require a password */ - if (client_key_passwd == NULL) { - curl_easy_setopt(curl, CURLOPT_KEYPASSWD, client_key_passwd); + if (client_key_passwd != NULL) { + curlcode = curl_easy_setopt(curl, CURLOPT_KEYPASSWD, client_key_passwd); + if (CURLE_OK != curlcode) { + logg(LOGG_WARNING, "Failed to set the password for private key '%s': %s\n", client_key, curl_easy_strerror(curlcode)); + goto done; + } } + + status = CL_SUCCESS; + +done: + return status; } diff --git a/common/cert_util.h b/common/cert_util.h index 8d854e8054..e16b04c938 100644 --- a/common/cert_util.h +++ b/common/cert_util.h @@ -36,7 +36,7 @@ void set_tls_ca_bundle(CURL *curl); * * @param curl Pointer to the curl connection handle. */ -void set_tls_client_certificate(CURL *curl); +cl_error_t set_tls_client_certificate(CURL *curl); /** * @brief Load system and trusted root certificates into memory. Any errors diff --git a/libclamav/udf.c b/libclamav/udf.c index 2ce38b4f30..f22a4ce307 100644 --- a/libclamav/udf.c +++ b/libclamav/udf.c @@ -89,11 +89,13 @@ static cl_error_t writeWholeFile(cli_ctx *ctx, const char *const fileName, const fd = -1; } if (!ctx->engine->keeptmp) { - if (cli_unlink(tmpf)) { - /* If status is already set to virus or something, that should take priority of the - * error unlinking the file. */ - if (CL_CLEAN == status) { - status = CL_EUNLINK; + if (NULL != tmpf) { + if (cli_unlink(tmpf)) { + /* If status is already set to virus or something, that should take priority of the + * error unlinking the file. */ + if (CL_CLEAN == status) { + status = CL_EUNLINK; + } } } } @@ -156,7 +158,7 @@ static cl_error_t extractFile(cli_ctx *ctx, PartitionDescriptor *pPartitionDescr break; default: - //impossible unless the file is malformed. + // impossible unless the file is malformed. cli_warnmsg("extractFile: Unknown descriptor type found.\n"); goto done; } @@ -716,9 +718,9 @@ cl_error_t cli_scanudf(cli_ctx *ctx, const size_t offset) LogicalVolumeIntegrityDescriptor *lvid = NULL; AnchorVolumeDescriptorPointer *avdp = NULL; - bool isInitialized = false; - PointerList fileIdentifierList; - PointerList fileEntryList; + bool isInitialized = false; + PointerList fileIdentifierList = {0}; + PointerList fileEntryList = {0}; if (offset < 32768) { return CL_SUCCESS; /* Need 16 sectors at least 2048 bytes long */ @@ -756,9 +758,6 @@ cl_error_t cli_scanudf(cli_ctx *ctx, const size_t offset) idx += VOLUME_DESCRIPTOR_SIZE; } - memset(&fileIdentifierList, 0, sizeof(PointerList)); - memset(&fileEntryList, 0, sizeof(PointerList)); - while (1) { if (!isInitialized) { @@ -853,8 +852,8 @@ cl_error_t cli_scanudf(cli_ctx *ctx, const size_t offset) size_t cnt = fileIdentifierList.cnt; /* The number of file entries should match the number of file identifiers, but in the - * case that the file is malformed, we are going to do the best we can to extract as much as we can. - */ + * case that the file is malformed, we are going to do the best we can to extract as much as we can. + */ if (fileEntryList.cnt < cnt) { cnt = fileEntryList.cnt; }