Skip to content

Commit

Permalink
Fix unit test caused by expiring signing certificate
Browse files Browse the repository at this point in the history
The clamscan test "assorted_test.py::TC::test_pe_cert_trust" is about to
fail because the "test.exe" test file was signed with a cert set to
expire after only 2 years, and it has been 23 months.

While attempting to generate a new one that will last 73000 days (200
years), I discovered that any signing certificate set to expire after
2038 will fail the trust-check because the `ca.not_after` variable is
maxed out `time_t` incapable of expressing a higher number.
To fix this, I've upgraded the variables to `uint64_t`.

I also had to replace a bunch of generated signatures to match the new
"test.exe".

Finally, I noticed that "ca.not_before" was being set to the token[8]
instead of token[9], which presumably mean the "NotBefore" field for
Trusted and Revoked Certificates was non-functional, as it was treating
the "CertSign" boolean as the "NotBefore" value.

Fixes: Cisco-Talos#1300
  • Loading branch information
micahsnyder committed Jul 11, 2024
1 parent 1d30588 commit e97abab
Show file tree
Hide file tree
Showing 24 changed files with 26 additions and 26 deletions.
4 changes: 2 additions & 2 deletions libclamav/crtmgr.h
Original file line number Diff line number Diff line change
Expand Up @@ -66,8 +66,8 @@ typedef struct cli_crt_t {
BIGNUM *n;
BIGNUM *e;
BIGNUM *sig;
time_t not_before;
time_t not_after;
int64_t not_before;
int64_t not_after;
cli_crt_hashtype hashtype;
int certSign;
int codeSign;
Expand Down
4 changes: 2 additions & 2 deletions libclamav/readdb.c
Original file line number Diff line number Diff line change
Expand Up @@ -3463,8 +3463,8 @@ static int cli_loadcrt(FILE *fs, struct cl_engine *engine, struct cli_dbio *dbio
ca.name = NULL;

if (strlen(tokens[9]))
ca.not_before = atoi(tokens[8]);
ca.not_after = (-1U) >> 1;
ca.not_before = atoi(tokens[9]);
ca.not_after = (-1ULL) >> 1;

ca.hashtype = CLI_HASHTYPE_ANY;
crtmgr_add(&(engine->cmgr), &ca);
Expand Down
Original file line number Diff line number Diff line change
@@ -1 +1 @@
05fcb14bd4dbad8617251d4e22708367:1447976:Test.GenSig.HDB_1of2_MD5_FIXED_testexe
8a655379478861572791e2404f45f9ed:1447992:Test.GenSig.HDB_1of2_MD5_FIXED_testexe
Original file line number Diff line number Diff line change
@@ -1 +1 @@
05fcb14bd4dbad8617251d4e22708367:*:Test.GenSig.HDB_2of2_MD5_STAR_testexe:73
8a655379478861572791e2404f45f9ed:*:Test.GenSig.HDB_2of2_MD5_STAR_testexe:73
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2ba31b0352bae4f57c1c9144f64ac7a57c010876:1447976:Test.GenSig.HSB_1of4_SHA1_FIXED_testexe
4a2a55f483339bf55fae340f82d3b42001b30e16:1447992:Test.GenSig.HSB_1of4_SHA1_FIXED_testexe
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2ba31b0352bae4f57c1c9144f64ac7a57c010876:*:Test.GenSig.HSB_2of4_SHA1_STAR_testexe:73
4a2a55f483339bf55fae340f82d3b42001b30e16:*:Test.GenSig.HSB_2of4_SHA1_STAR_testexe:73
Original file line number Diff line number Diff line change
@@ -1 +1 @@
4f713f2f0d3269d5ea24bf58c8acff9ad67d53044c07f028ae825cacffb6e82e:1447976:Test.GenSig.HSB_3of4_SHA256_FIXED_testexe
ecb52dac06daf876b6ed53063c5fdd5a3e05a0e70f7d326670f202f36ae66c95:1447992:Test.GenSig.HSB_3of4_SHA256_FIXED_testexe
Original file line number Diff line number Diff line change
@@ -1 +1 @@
4f713f2f0d3269d5ea24bf58c8acff9ad67d53044c07f028ae825cacffb6e82e:*:Test.GenSig.HSB_4of4_SHA256_STAR_testexe:73
ecb52dac06daf876b6ed53063c5fdd5a3e05a0e70f7d326670f202f36ae66c95:*:Test.GenSig.HSB_4of4_SHA256_STAR_testexe:73
Original file line number Diff line number Diff line change
@@ -1 +1 @@
34304:c2cf3afc85a94f96246ebc2d10427b99:Test.GenSig.MDB_01of16_MD5_FIXED_text
34304:1931e3808e2374839e1cb81790d14c14:Test.GenSig.MDB_01of16_MD5_FIXED_text
Original file line number Diff line number Diff line change
@@ -1 +1 @@
*:c2cf3afc85a94f96246ebc2d10427b99:Test.GenSig.MDB_02of16_MD5_STAR_text:73
*:1931e3808e2374839e1cb81790d14c14:Test.GenSig.MDB_02of16_MD5_STAR_text:73
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1168896:6623c7640384c88d74cc4d7701a02627:Test.GenSig.MDB_03of16_MD5_FIXED_data
1168896:b724ae3f375a29dd4d5fbe37f430c0ea:Test.GenSig.MDB_03of16_MD5_FIXED_data
Original file line number Diff line number Diff line change
@@ -1 +1 @@
*:6623c7640384c88d74cc4d7701a02627:Test.GenSig.MDB_04of16_MD5_STAR_data:73
*:b724ae3f375a29dd4d5fbe37f430c0ea:Test.GenSig.MDB_04of16_MD5_STAR_data:73
Original file line number Diff line number Diff line change
@@ -1 +1 @@
34304:7bcc8fbbab4b38c28cb9a571fa7004d8ff47b09d:Test.GenSig.MSB_01of32_SHA1_FIXED_text
34304:45f9f37f318a50c62d3f26699f2415338ddc1f81:Test.GenSig.MSB_01of32_SHA1_FIXED_text
Original file line number Diff line number Diff line change
@@ -1 +1 @@
*:7bcc8fbbab4b38c28cb9a571fa7004d8ff47b09d:Test.GenSig.MSB_02of32_SHA1_STAR_text:73
*:45f9f37f318a50c62d3f26699f2415338ddc1f81:Test.GenSig.MSB_02of32_SHA1_STAR_text:73
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1168896:dae420693dde3530da0ad06f593148c9647a66b3:Test.GenSig.MSB_03of32_SHA1_FIXED_data
1168896:9cdbd12ab842a2d021be6cb8f379ee219e817fd7:Test.GenSig.MSB_03of32_SHA1_FIXED_data
Original file line number Diff line number Diff line change
@@ -1 +1 @@
*:dae420693dde3530da0ad06f593148c9647a66b3:Test.GenSig.MSB_04of32_SHA1_STAR_data:73
*:9cdbd12ab842a2d021be6cb8f379ee219e817fd7:Test.GenSig.MSB_04of32_SHA1_STAR_data:73
Original file line number Diff line number Diff line change
@@ -1 +1 @@
34304:a0174c8dfab8cd480495fede811c9fcd16ec40db6d9dbe69e9e5f32907be3a1a:Test.GenSig.MSB_17of32_SHA256_FIXED_text
34304:73757fdfd15f2e63995a547e86cc4568a9137bfb2f64a588ad9e6f45ddd5e367:Test.GenSig.MSB_17of32_SHA256_FIXED_text
Original file line number Diff line number Diff line change
@@ -1 +1 @@
*:a0174c8dfab8cd480495fede811c9fcd16ec40db6d9dbe69e9e5f32907be3a1a:Test.GenSig.MSB_18of32_SHA256_STAR_text:73
*:73757fdfd15f2e63995a547e86cc4568a9137bfb2f64a588ad9e6f45ddd5e367:Test.GenSig.MSB_18of32_SHA256_STAR_text:73
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1168896:96559752f87084cc488e3163b615d13eac1816580375facd2f872a3e4d808789:Test.GenSig.MSB_19of32_SHA256_FIXED_data
1168896:09dbd8590151147c35c0b096c7b437d69cfa08bb7116b2f1dfc20a7c8e6d7a58:Test.GenSig.MSB_19of32_SHA256_FIXED_data
Original file line number Diff line number Diff line change
@@ -1 +1 @@
*:96559752f87084cc488e3163b615d13eac1816580375facd2f872a3e4d808789:Test.GenSig.MSB_20of32_SHA256_STAR_data:73
*:09dbd8590151147c35c0b096c7b437d69cfa08bb7116b2f1dfc20a7c8e6d7a58:Test.GenSig.MSB_20of32_SHA256_STAR_data:73
Original file line number Diff line number Diff line change
@@ -1 +1 @@
Test.Sig.CRB.BlockCert;0;8b166a274bfaa700a912edd57e8e41365beea576;d2a8ea878c4bba243788488f59354835a005baae;E709F7C042C0DFE60CDEF79BFEC8723468DE92B027E4BC31C2D2B8224DE04B6A23C49C8FEBFAD35274651AA5DAA91FD392E0336B31140F90C125E43E4DEBD3276659BBC639425595F4713C4CAC1892D5D136F76263EDE02DF4EBB849A508B492C7BD3FE295617FC5FF1C482543C938F389D521D8E758D59183C7986A5729E16B5BC3081CF3A749447E23106D170E5835BA137821202B100124EDAD00F7508C19F8103B774E9FA19989058EC52776934690E2CAD67B99E93A9AD50C470E0DF4C48F9F78DBFCEF812730A3A458A310A913CCA7E0B10699A4A441C8900A59193FFDC7376162DA6DB805E4BD9AD9463717B6EEDACAD53AEA9E7FDBB2826588FBF8E45F390B4A44A6A01787DC8110581DD1DC00407C3868F3534241BB340AED7CC9CAB56D27F7E6B645F7CC7BA7B0D1BFB27036F09B9FB25B396575C16B0BF3177FE052F7B5C8BB97F72E69DA7971EAFA643C68E36B5F156BAD46F3E3A580A7CE56BA92ACB972143DDA4B20867A45081262DF2E7A1F80A9D3588C60D48010F10461A8AE675CF8EE47E66425A5A6A0D95F1076AFEC6246C3AA635C13AC1E9CEA760316FD89AE2C19FDF696A106BC20B5A2F8E14613A4633726ADC92FD67B6E219CE1A419FE7F397F153C2591547EE08B19C54C8F04B0F6824EABD2572AF9115486479567A77853DDA31CB84609154BA3A043AD0548204875FF365047BC4B7382FD03AF;010001;0;1;0;;Generated with details from sigtool --print-certs
Test.Sig.CRB.BlockCert;0;a5f872f51516a7b95493a152eb79b61d8999188c;e8fe30ff40549bb36227b3b6fa978bc3b7c93a1b;CA5767E912FAC33005614BF5A30360CBB1C194B3B5EA7AE78DF228B76A745AE803F248CFFAE9BD8690935CE5173BB31565D04A931DD2F1D99E17B1BDD35C066F2DD097A87B1786F437156995193D5F1FD49CD855AF0FD9A3BBEA2F8A267770F0F402B28107087142A166C3FDAF673F75518F74DBA6014669FC4377D572F32F58E32F1E575508E547AA2FE25B085B58414562D77F7FE85E92F285F0B52C276A6B68A7E17E9ACBD62DD40ACD1319EE844772EADBACB789A42583953827F2EF6D796292C3ABD2F9533EB07EF196EC7274C17E7FC43B182B543FE1AC4612A995820CAEA2BF3F4FDC4BCC559E95D6180D1B34F51F7D46E40B6CAA88C0BDCDF07E9A8B415E87F57F6BAA207CBC5843D70E5C0A98E643A5E1D8614C3D9C8765B617A1568133DF55FE7E4DC7AB717EAA670E1590569FE0423619DCB062F9E2579717E9231EE44C95DE7218F2D602828C33D08305049BDE439F783B7C478B0F41DB0ADB607429D7CE33E8CB7DC98FE5ECACF21D135D0B4D5F1361BF3898450A9923D00804657CB1A5940B6D25E10A615FC77F68A60A589A2A5BA052FB6B97C22538ED1801D34950FBF4401CB3CAD2839DD3E733F3F0A8F279C886FDE63F5384B3507F03A1A6FF314A32A724D9D5C4794B7A5B01183F7977AACD402B778B900BA03C2E2D52E3A6F1C8524B833701DC6EB4538EDBD516B64BD2CAE8B7AF23312407C0F09421;010001;0;1;0;;Generated with details from sigtool --print-certs
4 changes: 2 additions & 2 deletions unit_tests/input/pe_allmatch/test-exe-src/build.py
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ def gen_ca_cert():
# TODO Explore making this cert have attributes that look more like
# a real CA cert (ex: restrict its uses)
subj = "/C=US/ST=Maryland/L=Fulton/O=Cisco Talos/OU=ClamAV Test CA %016x/emailAddress=rfc2606@example.net" % (random.randint(1,0xFFFFFFFFFFFFFFFF))
cmd = 'openssl req -new -x509 -days 3650 -key build/ca.key -out build/ca.crt -subj "%s"' % (subj)
cmd = 'openssl req -new -x509 -days 73000 -key build/ca.key -out build/ca.crt -subj "%s"' % (subj)
run_cmd(cmd)

# https://blog.didierstevens.com/2008/12/30/howto-make-your-own-cert-with-openssl/
Expand All @@ -136,7 +136,7 @@ def gen_cs_cert(name, ext):
cmd = 'openssl req -new -key %s -out %s -subj "%s"' % (key_name, csr_name, subj)
run_cmd(cmd)

cmd = 'openssl x509 -req -days 730 -in %s -CA build/ca.crt -CAkey build/ca.key -out %s -set_serial %012d -extfile ./cs.extfile.cfg' % (csr_name, crt_name, random.randint(100000000000,999999999999))
cmd = 'openssl x509 -req -days 73000 -in %s -CA build/ca.crt -CAkey build/ca.key -out %s -set_serial %012d -extfile ./cs.extfile.cfg' % (csr_name, crt_name, random.randint(100000000000,999999999999))
run_cmd(cmd)

return (key_name, crt_name)
Expand Down
Binary file modified unit_tests/input/pe_allmatch/test.exe
Binary file not shown.
Original file line number Diff line number Diff line change
@@ -1 +1 @@
Test.Sig.CRB.TrustCert;1;8b166a274bfaa700a912edd57e8e41365beea576;d2a8ea878c4bba243788488f59354835a005baae;E709F7C042C0DFE60CDEF79BFEC8723468DE92B027E4BC31C2D2B8224DE04B6A23C49C8FEBFAD35274651AA5DAA91FD392E0336B31140F90C125E43E4DEBD3276659BBC639425595F4713C4CAC1892D5D136F76263EDE02DF4EBB849A508B492C7BD3FE295617FC5FF1C482543C938F389D521D8E758D59183C7986A5729E16B5BC3081CF3A749447E23106D170E5835BA137821202B100124EDAD00F7508C19F8103B774E9FA19989058EC52776934690E2CAD67B99E93A9AD50C470E0DF4C48F9F78DBFCEF812730A3A458A310A913CCA7E0B10699A4A441C8900A59193FFDC7376162DA6DB805E4BD9AD9463717B6EEDACAD53AEA9E7FDBB2826588FBF8E45F390B4A44A6A01787DC8110581DD1DC00407C3868F3534241BB340AED7CC9CAB56D27F7E6B645F7CC7BA7B0D1BFB27036F09B9FB25B396575C16B0BF3177FE052F7B5C8BB97F72E69DA7971EAFA643C68E36B5F156BAD46F3E3A580A7CE56BA92ACB972143DDA4B20867A45081262DF2E7A1F80A9D3588C60D48010F10461A8AE675CF8EE47E66425A5A6A0D95F1076AFEC6246C3AA635C13AC1E9CEA760316FD89AE2C19FDF696A106BC20B5A2F8E14613A4633726ADC92FD67B6E219CE1A419FE7F397F153C2591547EE08B19C54C8F04B0F6824EABD2572AF9115486479567A77853DDA31CB84609154BA3A043AD0548204875FF365047BC4B7382FD03AF;010001;1;0;0;;Generated with details from sigtool --print-certs
Test.Sig.CRB.TrustCert;1;a5f872f51516a7b95493a152eb79b61d8999188c;e8fe30ff40549bb36227b3b6fa978bc3b7c93a1b;CA5767E912FAC33005614BF5A30360CBB1C194B3B5EA7AE78DF228B76A745AE803F248CFFAE9BD8690935CE5173BB31565D04A931DD2F1D99E17B1BDD35C066F2DD097A87B1786F437156995193D5F1FD49CD855AF0FD9A3BBEA2F8A267770F0F402B28107087142A166C3FDAF673F75518F74DBA6014669FC4377D572F32F58E32F1E575508E547AA2FE25B085B58414562D77F7FE85E92F285F0B52C276A6B68A7E17E9ACBD62DD40ACD1319EE844772EADBACB789A42583953827F2EF6D796292C3ABD2F9533EB07EF196EC7274C17E7FC43B182B543FE1AC4612A995820CAEA2BF3F4FDC4BCC559E95D6180D1B34F51F7D46E40B6CAA88C0BDCDF07E9A8B415E87F57F6BAA207CBC5843D70E5C0A98E643A5E1D8614C3D9C8765B617A1568133DF55FE7E4DC7AB717EAA670E1590569FE0423619DCB062F9E2579717E9231EE44C95DE7218F2D602828C33D08305049BDE439F783B7C478B0F41DB0ADB607429D7CE33E8CB7DC98FE5ECACF21D135D0B4D5F1361BF3898450A9923D00804657CB1A5940B6D25E10A615FC77F68A60A589A2A5BA052FB6B97C22538ED1801D34950FBF4401CB3CAD2839DD3E733F3F0A8F279C886FDE63F5384B3507F03A1A6FF314A32A724D9D5C4794B7A5B01183F7977AACD402B778B900BA03C2E2D52E3A6F1C8524B833701DC6EB4538EDBD516B64BD2CAE8B7AF23312407C0F09421;010001;1;0;0;;Generated with details from sigtool --print-certs

0 comments on commit e97abab

Please sign in to comment.