Clam 2410 new coverity issues

common/cert_util.c

@@ -698,34 +698,67 @@ CURLcode sslctx_function(CURL *curl, void *ssl_ctx, void *userptr)
     return status;
 }
 
-void set_tls_client_certificate(CURL *curl)
+cl_error_t set_tls_client_certificate(CURL *curl)
 {
+    cl_error_t status = CL_ERROR;
     char *client_certificate;
     char *client_key;
     char *client_key_passwd;
+    CURLcode curlcode = CURLE_OK;
 
     client_certificate = getenv("FRESHCLAM_CLIENT_CERT");
     if (client_certificate == NULL) {
-        return;
+        // No client certificate specified, so no need to set it.
+        status = CL_SUCCESS;
+        goto done;
     }
 
     client_key = getenv("FRESHCLAM_CLIENT_KEY");
     if (client_key == NULL) {
-        return;
+        // A client certificate was specified, but no client key was specified.
+        logg(LOGG_WARNING, "The FRESHCLAM_CLIENT_CERT environment variable was set, but FRESHCLAM_CLIENT_KEY was not set. A client private key is also required if specifying a client certificate.\n");
+        goto done;
     }
 
     client_key_passwd = getenv("FRESHCLAM_CLIENT_KEY_PASSWD");
 
     /* set the cert for client authentication */
-    curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
-    curl_easy_setopt(curl, CURLOPT_SSLCERT, client_certificate);
+    curlcode = curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM");
+    if (CURLE_OK != curlcode) {
+        logg(LOGG_WARNING, "Failed to set client certificate type for client authentication: %s\n", curl_easy_strerror(curlcode));
+        goto done;
+    }
+
+    curlcode = curl_easy_setopt(curl, CURLOPT_SSLCERT, client_certificate);
+    if (CURLE_OK != curlcode) {
+        logg(LOGG_WARNING, "Failed to set client certificate to '%s' for client authentication: %s\n", client_certificate, curl_easy_strerror(curlcode));
+        goto done;
+    }
 
     /* set the private key type and path */
-    curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM");
-    curl_easy_setopt(curl, CURLOPT_SSLKEY, client_key);
+    curlcode = curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM");
+    if (CURLE_OK != curlcode) {
+        logg(LOGG_WARNING, "Failed to set private key type for client authentication: %s\n", curl_easy_strerror(curlcode));
+        goto done;
+    }
+
+    curlcode = curl_easy_setopt(curl, CURLOPT_SSLKEY, client_key);
+    if (CURLE_OK != curlcode) {
+        logg(LOGG_WARNING, "Failed to set private key to '%s' for client authentication: %s\n", client_key, curl_easy_strerror(curlcode));
+        goto done;
+    }
 
     /* the private key may require a password */
-    if (client_key_passwd == NULL) {
-        curl_easy_setopt(curl, CURLOPT_KEYPASSWD, client_key_passwd);
+    if (client_key_passwd != NULL) {
+        curlcode = curl_easy_setopt(curl, CURLOPT_KEYPASSWD, client_key_passwd);
+        if (CURLE_OK != curlcode) {
+            logg(LOGG_WARNING, "Failed to set the password for private key '%s': %s\n", client_key, curl_easy_strerror(curlcode));
+            goto done;
+        }
     }
+
+    status = CL_SUCCESS;
+
+done:
+    return status;
 }

common/cert_util.h

@@ -36,7 +36,7 @@ void set_tls_ca_bundle(CURL *curl);
  *
  * @param curl Pointer to the curl connection handle.
  */
-void set_tls_client_certificate(CURL *curl);
+cl_error_t set_tls_client_certificate(CURL *curl);
 
 /**
  * @brief Load system and trusted root certificates into memory. Any errors

libclamav/udf.c

@@ -89,11 +89,13 @@ static cl_error_t writeWholeFile(cli_ctx *ctx, const char *const fileName, const
         fd = -1;
     }
     if (!ctx->engine->keeptmp) {
-        if (cli_unlink(tmpf)) {
-            /* If status is already set to virus or something, that should take priority of the
-             * error unlinking the file. */
-            if (CL_CLEAN == status) {
-                status = CL_EUNLINK;
+        if (NULL != tmpf) {
+            if (cli_unlink(tmpf)) {
+                /* If status is already set to virus or something, that should take priority of the
+                 * error unlinking the file. */
+                if (CL_CLEAN == status) {
+                    status = CL_EUNLINK;
+                }
             }
         }
     }
@@ -156,7 +158,7 @@ static cl_error_t extractFile(cli_ctx *ctx, PartitionDescriptor *pPartitionDescr
 
         break;
         default:
-            //impossible unless the file is malformed.
+            // impossible unless the file is malformed.
             cli_warnmsg("extractFile: Unknown descriptor type found.\n");
             goto done;
     }
@@ -716,9 +718,9 @@ cl_error_t cli_scanudf(cli_ctx *ctx, const size_t offset)
     LogicalVolumeIntegrityDescriptor *lvid  = NULL;
     AnchorVolumeDescriptorPointer *avdp     = NULL;
 
-    bool isInitialized = false;
-    PointerList fileIdentifierList;
-    PointerList fileEntryList;
+    bool isInitialized             = false;
+    PointerList fileIdentifierList = {0};
+    PointerList fileEntryList      = {0};
 
     if (offset < 32768) {
         return CL_SUCCESS; /* Need 16 sectors at least 2048 bytes long */
@@ -756,9 +758,6 @@ cl_error_t cli_scanudf(cli_ctx *ctx, const size_t offset)
         idx += VOLUME_DESCRIPTOR_SIZE;
     }
 
-    memset(&fileIdentifierList, 0, sizeof(PointerList));
-    memset(&fileEntryList, 0, sizeof(PointerList));
-
     while (1) {
 
         if (!isInitialized) {
@@ -853,8 +852,8 @@ cl_error_t cli_scanudf(cli_ctx *ctx, const size_t offset)
                     size_t cnt = fileIdentifierList.cnt;
 
                     /* The number of file entries should match the number of file identifiers, but in the
-                              * case that the file is malformed, we are going to do the best we can to extract as much as we can.
-                              */
+                     * case that the file is malformed, we are going to do the best we can to extract as much as we can.
+                     */
                     if (fileEntryList.cnt < cnt) {
                         cnt = fileEntryList.cnt;
                     }