New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clam 2102 cl cvd unpack #690
Clam 2102 cl cvd unpack #690
Conversation
|
|
||
| fs = fopen(file, "rb"); | ||
| if (NULL == fs) { | ||
| char err[128]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why does this cli_strerror call use err[128] when the others do not? This is not a static function or anything.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Our cli_strerror is a wrapper for the poorly standardized strerror system function, not to be confused with cl_strerror, which is the clamav API for converting the clam error enum to a message.
The err[128] approach is something I copypasted from elsewhere in the code. Such as: https://github.com/Cisco-Talos/clamav/blob/main/libclamav/untar.c#L318-L319
e2c7f99
to
3b607d1
Compare
|
Per our discussion today in status -- I'll create an example program that uses this. I may be able to create an automated test for it as well. It would be good if we tested our example programs, after all. |
Add `cl_cvdunpack()` function to the public API. This new API has an option to disable verification, but otherwise it will attempt to verify that the CVD is correctly signed.
In the interest of using the public API's as much as possible for our own applications (dog-fooding the API), this commit swaps sigtool and freshclam `cli_cvdunpack()` calls to `cl_cvdunpack()`.
Some basic testing is needed for the new cl_cvdunpack() API, so this commit adds basic unit tests for that. For reasons unknown, a number of cl_* API's have stubs for unit tests that weren't filled out. The CVD load/verify ones in particular required access to a signed CVD. We actually ship a very basic signed CVD with the databases now, so I added tests for those while I was at it.
606b54d
to
e0f5bbd
Compare
|
Rebased and also fixed a PATHSEP issue on Windows with the new unit test. |
libclamav API: Add cl_cvdunpack() function
Add
cl_cvdunpack()function to the public API.This new API has an option to disable verification, but otherwise it
will attempt to verify that the CVD is correctly signed.
Freshclam, Sigtool: use public CVD unpack API
In the interest of using the public API's as much as possible for our
own applications (dog-fooding the API), this commit swaps sigtool and
freshclam
cli_cvdunpack()calls tocl_cvdunpack().Tests: unit tests for cl_load(), cl_cvdverify(), cl_cvdunpack()
Some basic testing is needed for the new cl_cvdunpack() API, so this
commit adds basic unit tests for that.
For reasons unknown, a number of cl_* API's have stubs for unit tests
that weren't filled out. The CVD load/verify ones in particular
required access to a signed CVD. We actually ship a very basic signed
CVD with the databases now, so I added tests for those while I was at it.