2018-10-08 12:59:42 -04:00
/*
2023-02-07 19:35:18 -08:00
* Copyright ( C ) 2019 - 2023 Cisco Systems , Inc . and / or its affiliates . All rights reserved .
2018-10-08 12:59:42 -04:00
*
* EGG is an archive format created by ESTsoft used by their ALZip
* archiving software .
*
* This software is written from scratch based solely from ESTsoft ' s
* file format documentation and from testing with EGG format archives .
* ESTsoft ' s " unEGG " module was not used in the creation of this capability
* in order to avoid to licensing restrictions on the ESTsoft " unEGG " module .
*
* EGG structure :
*
* | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | - - - - - - |
* | EGG Header | 1 |
* | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | - - - - - - |
* | Extra Field 1 : | |
* | Split Compression | |
* | Solid Compression | 0 ~ N |
* | Global Encryption Header | |
* | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | - - - - - - | - - - - - - | - - - - - - |
* | File Header | 1 | | |
* | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | - - - - - - | | |
* | Extra Field 2 : | | | |
* | Filename Header | | 1 ~ N | |
* | Comment Header | 0 ~ N | | |
* | Windows File Information | | | |
* | Posix File Information | | | 0 ~ N |
* | Encrypt Header | | | |
* | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | - - - - - - | - - - - - - | |
* | Block Header | 1 | | |
* | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | - - - - - - | | |
* | Extra Field 3 : | 0 ~ N | 0 ~ N | |
* | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | - - - - - - | | |
* | Compressed Data | 1 | | |
* | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | - - - - - - | - - - - - - | - - - - - - |
* | Extra Field 4 : | |
* | Archive Comment Header | 0 ~ N |
* | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | - - - - - - |
*
* Authors : Micah Snyder
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program ; if not , write to the Free Software
* Foundation , Inc . , 51 Franklin Street , Fifth Floor , Boston ,
* MA 02110 - 1301 , USA .
*/
# if HAVE_CONFIG_H
# include "clamav-config.h"
# endif
# include <stdint.h>
# include <inttypes.h>
# include <wchar.h>
# include <locale.h>
# include <zlib.h>
# if HAVE_BZLIB_H
# include <bzlib.h>
# endif
# include "lzma_iface.h"
# include "egg.h"
2020-04-10 07:23:03 -07:00
# include "entconv.h"
Add CMake build tooling
This patch adds experimental-quality CMake build tooling.
The libmspack build required a modification to use "" instead of <> for
header #includes. This will hopefully be included in the libmspack
upstream project when adding CMake build tooling to libmspack.
Removed use of libltdl when using CMake.
Flex & Bison are now required to build.
If -DMAINTAINER_MODE, then GPERF is also required, though it currently
doesn't actually do anything. TODO!
I found that the autotools build system was generating the lexer output
but not actually compiling it, instead using previously generated (and
manually renamed) lexer c source. As a consequence, changes to the .l
and .y files weren't making it into the build. To resolve this, I
removed generated flex/bison files and fixed the tooling to use the
freshly generated files. Flex and bison are now required build tools.
On Windows, this adds a dependency on the winflexbison package,
which can be obtained using Chocolatey or may be manually installed.
CMake tooling only has partial support for building with external LLVM
library, and no support for the internal LLVM (to be removed in the
future). I.e. The CMake build currently only supports the bytecode
interpreter.
Many files used include paths relative to the top source directory or
relative to the current project, rather than relative to each build
target. Modern CMake support requires including internal dependency
headers the same way you would external dependency headers (albeit
with "" instead of <>). This meant correcting all header includes to
be relative to the build targets and not relative to the workspace.
For example, ...
```c
include "../libclamav/clamav.h"
include "clamd/clamd_others.h"
```
... becomes:
```c
// libclamav
include "clamav.h"
// clamd
include "clamd_others.h"
```
Fixes header name conflicts by renaming a few of the files.
Converted the "shared" code into a static library, which depends on
libclamav. The ironically named "shared" static library provides
features common to the ClamAV apps which are not required in
libclamav itself and are not intended for use by downstream projects.
This change was required for correct modern CMake practices but was
also required to use the automake "subdir-objects" option.
This eliminates warnings when running autoreconf which, in the next
version of autoconf & automake are likely to break the build.
libclamav used to build in multiple stages where an earlier stage is
a static library containing utils required by the "shared" code.
Linking clamdscan and clamdtop with this libclamav utils static lib
allowed these two apps to function without libclamav. While this is
nice in theory, the practical gains are minimal and it complicates
the build system. As such, the autotools and CMake tooling was
simplified for improved maintainability and this feature was thrown
out. clamdtop and clamdscan now require libclamav to function.
Removed the nopthreads version of the autotools
libclamav_internal_utils static library and added pthread linking to
a couple apps that may have issues building on some platforms without
it, with the intention of removing needless complexity from the
source. Kept the regular version of libclamav_internal_utils.la
though it is no longer used anywhere but in libclamav.
Added an experimental doxygen build option which attempts to build
clamav.h and libfreshclam doxygen html docs.
The CMake build tooling also may build the example program(s), which
isn't a feature in the Autotools build system.
Changed C standard to C90+ due to inline linking issues with socket.h
when linking libfreshclam.so on Linux.
Generate common.rc for win32.
Fix tabs/spaces in shared Makefile.am, and remove vestigial ifndef
from misc.c.
Add CMake files to the automake dist, so users can try the new
CMake tooling w/out having to build from a git clone.
clamonacc changes:
- Renamed FANOTIFY macro to HAVE_SYS_FANOTIFY_H to better match other
similar macros.
- Added a new clamav-clamonacc.service systemd unit file, based on
the work of ChadDevOps & Aaron Brighton.
- Added missing clamonacc man page.
Updates to clamdscan man page, add missing options.
Remove vestigial CL_NOLIBCLAMAV definitions (all apps now use
libclamav).
Rename Windows mspack.dll to libmspack.dll so all ClamAV-built
libraries have the lib-prefix with Visual Studio as with CMake.
2020-08-13 00:25:34 -07:00
# include "str.h"
2018-10-08 12:59:42 -04:00
# ifndef WCHAR
typedef uint16_t WCHAR ;
# endif
/*
* All EGG struct variables are little - endian .
*/
# ifndef HAVE_ATTRIB_PACKED
# define __attribute__(x)
# endif
# ifdef HAVE_PRAGMA_PACK
# pragma pack(1)
# endif
# ifdef HAVE_PRAGMA_PACK_HPPA
# pragma pack 1
# endif
/*
* general defines
*/
# define EOFARC 0x08E28222 /* Signals end of each header, or end of archive. */
//#define EOFAR_ 0x2282E208
/*
* egg_header
*/
# define EGG_HEADER_MAGIC 0x41474745
# define EGG_HEADER_VERSION 0x0100
typedef uint32_t magic32_t ;
typedef struct __attribute__ ( ( packed ) ) {
magic32_t magic ; /* 0x41474745 */
uint16_t version ; /* 0x0100 */
uint32_t header_id ; /* Random number of the program (Cannot be 0) */
uint32_t reserved ; /* 0x00000000 */
} egg_header ;
/*
* file_header
*/
# define FILE_HEADER_MAGIC 0x0A8590E3
typedef struct __attribute__ ( ( packed ) ) {
magic32_t magic ; /* 0x0A8590E3 */
uint32_t file_id ; /* Unique value for each header (Includes 0) */
uint64_t file_length ; /* Total size of the file */
} file_header ;
/*
* block_header
* Note : split block of files exceeding 4 G
*/
# define BLOCK_HEADER_MAGIC 0x02B50C13
# define BLOCK_HEADER_COMPRESS_ALGORITHM_STORE 0
# define BLOCK_HEADER_COMPRESS_ALGORITHM_DEFLATE 1
# define BLOCK_HEADER_COMPRESS_ALGORITHM_BZIP2 2
# define BLOCK_HEADER_COMPRESS_ALGORITHM_AZO 3
# define BLOCK_HEADER_COMPRESS_ALGORITHM_LZMA 4
typedef struct __attribute__ ( ( packed ) ) {
magic32_t magic ; /* 0x02B50C13 */
uint8_t compress_algorithm ; /* compress method algorithm number */
uint8_t compress_hint ; /* compress method hint */
uint32_t uncompress_size ; /* size of the block before compressed */
uint32_t compress_size ; /* size of the block after compressed */
uint32_t crc32 ; /* CRC value of the block */
} block_header ;
/*
* extra_field
*
* The extra_field is followed by a uint16_t or uint32_t depending on the bit_flag .
* This describes the size of the following data .
* In this way , an unexpected header can still be parsed .
* Headers that make use of the extra_field :
* - windows_file_information header
* - posix_file_information header
* - encrypt header
* - filename header
* - comment header
* - split_compression header
* - solid_compression header
*/
# define EXTRA_FIELD_FLAGS_SIZE_IS_2BYTES 0x00
# define EXTRA_FIELD_FLAGS_SIZE_IS_4BYTES 0x01
typedef struct __attribute__ ( ( packed ) ) {
magic32_t magic ;
uint8_t bit_flag ; /* the size field following bit_flag depends if bit_flag bit 1: */
} extra_field ; /* 0 (uint16_t) */
/* 1 (uint32_t) */
/*
* Extra field : encrypt
*
* The encrypt_header is followed by :
* 1 ) dummy data ( size bytes )
*
* Note : Inserted in Extra Field 2 ( optional , depending on KeyBase , AES , or LEA )
*/
# define ENCRYPT_HEADER_MAGIC 0x08D1470F
# define ENCRYPT_HEADER_ENCRYPT_METHOD_XOR 0x00
# define ENCRYPT_HEADER_ENCRYPT_METHOD_AES128 0x01
# define ENCRYPT_HEADER_ENCRYPT_METHOD_AES256 0x02
# define ENCRYPT_HEADER_ENCRYPT_METHOD_LEA128 0x10
# define ENCRYPT_HEADER_ENCRYPT_METHOD_LEA256 0x20
typedef struct __attribute__ ( ( packed ) ) {
uint8_t aes_header [ 10 ] ; /* AES/LEA Header */
uint8_t aes_footer [ 10 ] ; /* AES/LEA Footer */
} aes_lea_128 ;
typedef struct __attribute__ ( ( packed ) ) {
uint8_t aes_header [ 18 ] ; /* AES/LEA header */
uint8_t aes_footer [ 10 ] ; /* AES/LEA footer */
} aes_lea_256 ;
typedef struct __attribute__ ( ( packed ) ) {
uint8_t verify_data [ 12 ] ; /* KeyBase encryption verification data */
uint32_t crc32 ; /* KeyBase partial block CRC */
} zip2_xor_keybase ;
typedef struct __attribute__ ( ( packed ) ) {
uint8_t encrypt_method ; /* See above encrypt method #defines */
} encrypt_header ;
/*
* Extra field : windows_file_information
*/
# define WINDOWS_INFO_MAGIC 0x2C86950B
# define WINDOWS_INFO_ATTRIBUTE_READONLY 0x01
# define WINDOWS_INFO_ATTRIBUTE_HIDDEN 0x02
# define WINDOWS_INFO_ATTRIBUTE_SYSTEM_FILE 0x04
# define WINDOWS_INFO_ATTRIBUTE_LINK_FILE 0x10 /* junction file */
# define WINDOWS_INFO_ATTRIBUTE_DIRECTORY 0x40
typedef struct __attribute__ ( ( packed ) ) {
uint64_t last_modified_time ; /* "100-Nanosecond Time" since the Windows Epoch (00:00:00 UTC, January 1, 1601) */
uint8_t attribute ; /* See above attribute #defines */
} windows_file_information ;
/*
* Extra field : posix_file_information
*/
# define POSIX_INFO_MAGIC 0x1EE922E5
# define POSIX_INFO_MODE_FILETYPE_BITMASK 0x0170000 /* bitmask for the file type bitfields */
# define POSIX_INFO_MODE_SOCKET 0x0140000 /* socket */
# define POSIX_INFO_MODE_SYM_LINK 0x0120000 /* symbolic link */
# define POSIX_INFO_MODE_REG_FILE 0x0100000 /* regular file */
# define POSIX_INFO_MODE_BLOCK_DEVICE 0x0060000 /* block device */
# define POSIX_INFO_MODE_DIRECTORY 0x0040000 /* directory */
# define POSIX_INFO_MODE_CHAR_DEVICE 0x0020000 /* character device */
# define POSIX_INFO_MODE_FIFO 0x0010000 /* FIFO */
# define POSIX_INFO_MODE_SET_UID_BIT 0x0004000 /* set UID bit */
# define POSIX_INFO_MODE_SET_GROUPID_BIT 0x0002000 /* set-group-ID bit (see below) */
# define POSIX_INFO_MODE_STICKY_BIT 0x0001000 /* sticky bit (see below) */
# define POSIX_INFO_MODE_PERM_OWNER_MASK 0x00700 /* mask for file owner permissions */
# define POSIX_INFO_MODE_PERM_OWNER_READ 0x00400 /* owner has read permission */
# define POSIX_INFO_MODE_PERM_OWNER_WRITE 0x00200 /* owner has write permission */
# define POSIX_INFO_MODE_PERM_OWNER_EXECUTE 0x00100 /* owner has execute permission */
# define POSIX_INFO_MODE_PERM_GROUP_MASK 0x00070 /* mask for group permissions */
# define POSIX_INFO_MODE_PERM_GROUP_READ 0x00040 /* group has read permission */
# define POSIX_INFO_MODE_PERM_GROUP_WRITE 0x00020 /* group has write permission */
# define POSIX_INFO_MODE_PERM_GROUP_EXECUTE 0x00010 /* group has execute permission */
# define POSIX_INFO_MODE_PERM_OTHERS_MASK 0x00007 /* mask for permissions for others (not in group) */
# define POSIX_INFO_MODE_PERM_OTHERS_READ 0x00004 /* others have read permission */
# define POSIX_INFO_MODE_PERM_OTHERS_WRITE 0x00002 /* others have write permission */
# define POSIX_INFO_MODE_PERM_OTHERS_EXECUTE 0x00001 /* others have execute permission*/
typedef struct __attribute__ ( ( packed ) ) {
uint32_t mode ; /* see above mode #defines */
uint32_t uid ; /* */
uint32_t gid ; /* */
uint64_t last_modified_time ; /* "Second Time" since the Unix Epoch (00:00:00 UTC, January 1, 1970) */
} posix_file_information ;
/*
* Extra field : dummy_header
*
* The dummy header extra_info is followed by :
* 1 ) dummy data ( size bytes )
*
* Note : No need to consider if the size is too small to fit the dummy header because it can be distinguished by size calculation .
*/
# define DUMMY_HEADER_MAGIC 0x07463307
/*
* Extra field : filename
*
* The filename extra_field is followed by :
* 1 ) uint16_t locale IFF bit_flag is NOT unicode ( UCS - 2 LE )
* 1 ) uint32_t parent_path_id IFF bit_flag is relative .
* parent_path_id will be the ID of a file possessing the parent path .
* 2 ) name buffer ( size bytes minus above optional fields )
*/
# define FILENAME_HEADER_MAGIC 0x0A8591AC
# define FILENAME_HEADER_FLAGS_ENCRYPT 0x04
# define FILENAME_HEADER_FLAGS_MULTIBYTE_CODEPAGE_INSTEAD_OF_UTF8 0x08
# define FILENAME_HEADER_FLAGS_RELATIVE_PATH_INSTEAD_OF_ABSOLUTE 0x10
# define FILENAME_HEADER_LOCALE_USE_SYSTEM 0
# define FILENAME_HEADER_LOCALE_JAPANESE 932 /* Shift-JIS */
# define FILENAME_HEADER_LOCALE_KOREAN 949
// typedef struct __attribute__((packed)) {
// (optional) uint16_t locale
// (optional) uint32_t parent_path_id
// uint8_t name_data [extra_field->size - sizeof(locale) - sizeof(parent_path_id)]
// } filename_header;
/*
* Extra field : comment
*
* The comment extra_field is followed by :
* 1 ) comment of size " N " , exclude NULL character .
*/
# define COMMENT_HEADER_MAGIC 0x04C63672
# define COMMENT_HEADER_FLAGS_ENCRYPT 0x04
# define COMMENT_HEADER_FLAGS_MULTIBYTE_CODEPAGE_INSTEAD_OF_UTF8 0x08
/*
* Extra field : split compression
*/
# define SPLIT_COMPRESSION_MAGIC 0x24F5A262
typedef struct __attribute__ ( ( packed ) ) {
uint32_t prev_file_id ; /* ID of previous file, 0 if first */
uint32_t next_file_id ; /* ID of next file, 0 if last */
} split_compression ;
/*
* Extra field : solid compression
*/
# define SOLID_COMPRESSION_MAGIC 0x24E5A060
# ifdef HAVE_PRAGMA_PACK
# pragma pack()
# endif
# ifdef HAVE_PRAGMA_PACK_HPPA
# pragma pack
# endif
typedef struct {
char * name_utf8 ;
uint32_t parent_path_id ;
} egg_filename ;
typedef struct {
encrypt_header * header ; /* Global Encryption Header */
union {
aes_lea_128 * al128 ;
aes_lea_256 * al256 ;
zip2_xor_keybase * xor ;
} encrypt_al ;
} egg_encrypt ;
typedef struct {
block_header * blockHeader ;
char * compressedData ;
} egg_block ;
typedef struct {
file_header * file ;
egg_filename filename ;
windows_file_information * windowsFileInformation ;
posix_file_information * posixFileInformation ;
egg_encrypt * encrypt ;
uint64_t nBlocks ;
egg_block * * blocks ;
uint64_t nComments ;
char * * comments ;
} egg_file ;
typedef struct {
fmap_t * map ;
size_t offset ;
uint64_t fileExtractionIndex ;
int bSolid ; /* Solid == all files compressed together. */
int bSplit ; /* Split == multiple files make up single archive. */
split_compression * splitInfo ;
egg_encrypt * encrypt ;
uint64_t nFiles ;
egg_file * * files ;
uint64_t nBlocks ;
egg_block * * blocks ;
uint64_t nComments ;
char * * comments ;
} egg_handle ;
# define EGG_VALIDATE_HANDLE(h) \
2019-07-01 16:08:14 -04:00
( ( ! handle | | ! handle - > map | | ( handle - > offset > handle - > map - > len ) ) ? CL_EARG : CL_SUCCESS )
2018-10-08 12:59:42 -04:00
const char * getEncryptName ( uint8_t method )
{
const char * encryptName = NULL ;
switch ( method ) {
case ENCRYPT_HEADER_ENCRYPT_METHOD_XOR :
encryptName = " XOR " ;
break ;
case ENCRYPT_HEADER_ENCRYPT_METHOD_AES128 :
encryptName = " AES 128 " ;
break ;
case ENCRYPT_HEADER_ENCRYPT_METHOD_LEA128 :
encryptName = " LEA 128 " ;
break ;
case ENCRYPT_HEADER_ENCRYPT_METHOD_AES256 :
encryptName = " AES 256 " ;
break ;
case ENCRYPT_HEADER_ENCRYPT_METHOD_LEA256 :
encryptName = " LEA 256 " ;
break ;
default :
encryptName = " <unknown method> " ;
}
return encryptName ;
}
const char * getMagicHeaderName ( uint32_t magic )
{
const char * magicName = NULL ;
switch ( magic ) {
case EGG_HEADER_MAGIC :
magicName = " EGG_HEADER_MAGIC " ;
break ;
case FILE_HEADER_MAGIC :
magicName = " FILE_HEADER_MAGIC " ;
break ;
case BLOCK_HEADER_MAGIC :
magicName = " BLOCK_HEADER_MAGIC " ;
break ;
case ENCRYPT_HEADER_MAGIC :
magicName = " ENCRYPT_HEADER_MAGIC " ;
break ;
case WINDOWS_INFO_MAGIC :
magicName = " WINDOWS_INFO_MAGIC " ;
break ;
case POSIX_INFO_MAGIC :
magicName = " POSIX_INFO_MAGIC " ;
break ;
case DUMMY_HEADER_MAGIC :
magicName = " DUMMY_HEADER_MAGIC " ;
break ;
case FILENAME_HEADER_MAGIC :
magicName = " FILENAME_HEADER_MAGIC " ;
break ;
case COMMENT_HEADER_MAGIC :
magicName = " COMMENT_HEADER_MAGIC " ;
break ;
case SPLIT_COMPRESSION_MAGIC :
magicName = " SPLIT_COMPRESSION_MAGIC " ;
break ;
case SOLID_COMPRESSION_MAGIC :
magicName = " SOLID_COMPRESSION_MAGIC " ;
break ;
default :
magicName = " <unknown header magic> " ;
}
return magicName ;
}
static void egg_free_encrypt ( egg_encrypt * encryptInfo )
{
free ( encryptInfo ) ;
}
2019-07-01 16:08:14 -04:00
static cl_error_t egg_parse_encrypt_header ( const uint8_t * index , size_t size , egg_encrypt * * encryptInfo )
2018-10-08 12:59:42 -04:00
{
/*
* The EGG specification ( last updated 2016 ) for the encrypt header is not accurate .
* The following describes my findings of the actual format for the encrypt header .
*
* The significant discrepancy is that the Size includes the size of the header iself , not just the data following it .
* No other extra_field header ' s size field includes the size of itself .
* This must be accounted for by the caller of this function ( see the " Fudge factor " comments where this function is used ) .
*
* | - - - - - - - - - - - - - - - | - - - - - - - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
* | Magic ( ENCRYP ) | 4 | 0x08D1470F |
* | - - - - - - - - - - - - - - - | - - - - - - - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
* | Bit flag | 1 | 0 |
* | - - - - - - - - - - - - - - - | - - - - - - - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
* | Size | 2 | sizeof ( Magic ) + sizeof ( Bit flag ) + sizeof ( Size ) + sizeof ( Encrypt Method ) + sizeof ( Method Header ) |
* | - - - - - - - - - - - - - - - | - - - - - - - - - | - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
* | Encrypt | 1 | 0 | KeyBase ( XOR ) |
* | Method | | - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
* | | | 1 | AES128 |
* | | | - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
* | | | 2 | AES256 |
* | | | - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
* | | | 5 | LEA128 |
* | | | - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
* | | | 6 | LEA256 |
* | - - - - - - - - - - - - - - - | - - - - - - - - - | - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
*
* Depending on the Method ( XOR / AES / LEA128 / AES / LEA256 ) The above will be be followed one of the following Method Headers :
*
* XOR ( KeyBase ) :
* | - - - - - - - - - - - - - - - | - - - - - - - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
* | verify Data | 12 | Encryption Verification Data |
* | - - - - - - - - - - - - - - - | - - - - - - - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
* | CRC32 | 4 | Partial Block CRC |
* | - - - - - - - - - - - - - - - | - - - - - - - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
*
* AES / LEA 128
* | - - - - - - - - - - - - - - - | - - - - - - - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
* | Magic ( ENCRYP ) | 10 | AES / LEA Header |
* | - - - - - - - - - - - - - - - | - - - - - - - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
* | Magic ( ENCRYP ) | 10 | AES / LEA Footer |
* | - - - - - - - - - - - - - - - | - - - - - - - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
*
* AES / LEA 256
* | - - - - - - - - - - - - - - - | - - - - - - - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
* | Magic ( ENCRYP ) | 18 | AES / LEA Header |
* | - - - - - - - - - - - - - - - | - - - - - - - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
* | Magic ( ENCRYP ) | 10 | AES / LEA Footer |
* | - - - - - - - - - - - - - - - | - - - - - - - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
*/
2019-07-01 16:08:14 -04:00
cl_error_t status = CL_EPARSE ;
egg_encrypt * encrypt = NULL ;
2018-10-08 12:59:42 -04:00
if ( ! index | | 0 = = size | | ! encryptInfo ) {
cli_errmsg ( " egg_parse_encrypt_header: Invalid args. \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EARG ;
2018-10-08 12:59:42 -04:00
goto done ;
}
* encryptInfo = NULL ;
cli_dbgmsg ( " egg_parse_encrypt_header: Encrypted archive. \n " ) ;
cli_dbgmsg ( " egg_parse_encrypt_header: size of encrypt extra_field data: %zu \n " , size ) ;
if ( size < sizeof ( encrypt_header ) ) {
cli_warnmsg ( " egg_parse_encrypt_header: Encrypt header size too small (%zu < %zu) \n " , size , sizeof ( encrypt_header ) ) ;
goto done ;
}
encrypt = ( egg_encrypt * ) cli_calloc ( 1 , sizeof ( egg_encrypt ) ) ;
if ( NULL = = encrypt ) {
cli_errmsg ( " egg_parse_encrypt_header: Failed to allocate memory for egg_encrypt. \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
encrypt - > header = ( encrypt_header * ) index ;
cli_dbgmsg ( " egg_parse_encrypt_header: encrypt_header->encrypt_method: %02x (%s) \n " , encrypt - > header - > encrypt_method , getEncryptName ( encrypt - > header - > encrypt_method ) ) ;
index + = sizeof ( encrypt_header ) ;
size - = sizeof ( encrypt_header ) ;
if ( ENCRYPT_HEADER_ENCRYPT_METHOD_XOR = = encrypt - > header - > encrypt_method ) {
if ( size ! = sizeof ( zip2_xor_keybase ) ) {
cli_warnmsg ( " egg_parse_encrypt_header: Encrypt header size for XOR is different than expected (%zu != %zu) \n " , size , sizeof ( zip2_xor_keybase ) ) ;
goto done ;
}
encrypt - > encrypt_al . xor = ( zip2_xor_keybase * ) index ;
cli_dbgmsg ( " egg_parse_encrypt_header: encrypt_header->crc32: %08x \n " , le32_to_host ( encrypt - > encrypt_al . xor - > crc32 ) ) ;
} else {
/*
* For AES / LEA , the additional information is found inside of embedded extra field .
*/
switch ( encrypt - > header - > encrypt_method ) {
case ENCRYPT_HEADER_ENCRYPT_METHOD_AES128 :
case ENCRYPT_HEADER_ENCRYPT_METHOD_LEA128 : {
if ( size < sizeof ( aes_lea_128 ) ) {
cli_warnmsg ( " egg_parse_encrypt_header: Encrypt header size for AES/LEA128 is different than expected (%zu != %zu) \n " , size , sizeof ( aes_lea_128 ) ) ;
goto done ;
}
encrypt - > encrypt_al . al128 = ( aes_lea_128 * ) index ;
index + = sizeof ( aes_lea_128 ) ;
size - = sizeof ( aes_lea_128 ) ;
break ;
}
case ENCRYPT_HEADER_ENCRYPT_METHOD_AES256 :
case ENCRYPT_HEADER_ENCRYPT_METHOD_LEA256 : {
if ( size < sizeof ( aes_lea_256 ) ) {
cli_warnmsg ( " egg_parse_encrypt_header: Encrypt header size for AES/LEA256 is different than expected (%zu != %zu) \n " , size , sizeof ( aes_lea_256 ) ) ;
goto done ;
}
encrypt - > encrypt_al . al256 = ( aes_lea_256 * ) index ;
index + = sizeof ( aes_lea_256 ) ;
size - = sizeof ( aes_lea_256 ) ;
break ;
}
default : {
cli_warnmsg ( " egg_parse_encrypt_header: Unknown encrypt method: %d \n " , encrypt - > header - > encrypt_method ) ;
goto done ;
}
}
}
* encryptInfo = encrypt ;
2019-07-01 16:08:14 -04:00
status = CL_SUCCESS ;
2018-10-08 12:59:42 -04:00
done :
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = status ) {
2018-10-08 12:59:42 -04:00
egg_free_encrypt ( encrypt ) ;
}
return status ;
}
2019-07-01 16:08:14 -04:00
static cl_error_t egg_parse_comment_header ( const uint8_t * index , size_t size , extra_field * extraField , char * * commentInfo )
2018-10-08 12:59:42 -04:00
{
2019-07-01 16:08:14 -04:00
cl_error_t status = CL_EPARSE ;
2018-10-08 12:59:42 -04:00
char * comment_utf8 = NULL ;
size_t comment_utf8_size = 0 ;
if ( ! index | | 0 = = size | | ! extraField | | ! commentInfo ) {
cli_errmsg ( " egg_parse_comment_headers: Invalid args! \n " ) ;
2019-07-01 16:08:14 -04:00
return CL_EARG ;
2018-10-08 12:59:42 -04:00
}
* commentInfo = NULL ;
2019-05-24 10:00:35 -04:00
if ( extraField - > bit_flag & COMMENT_HEADER_FLAGS_ENCRYPT ) {
2018-10-08 12:59:42 -04:00
/*
* comment is encrypted , nothing to be done .
*/
* commentInfo = cli_strdup ( " <encrypted> " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EUNPACK ;
2018-10-08 12:59:42 -04:00
goto done ;
}
/*
* Store comment as UTF - 8 string .
*/
2019-05-24 10:00:35 -04:00
if ( extraField - > bit_flag & COMMENT_HEADER_FLAGS_MULTIBYTE_CODEPAGE_INSTEAD_OF_UTF8 ) {
2018-10-08 12:59:42 -04:00
/*
* Unlike with filenames , the multibyte string codepage ( or " locale " ) is not present in comment headers .
2020-07-24 14:45:44 -07:00
* Try conversion with CODEPAGE_UTF8 .
2018-10-08 12:59:42 -04:00
*/
2020-07-24 14:45:44 -07:00
if ( CL_SUCCESS ! = cli_codepage_to_utf8 ( ( char * ) index , size , CODEPAGE_UTF8 , & comment_utf8 , & comment_utf8_size ) ) {
2019-05-24 10:00:35 -04:00
cli_dbgmsg ( " egg_parse_comment_header: failed to convert codepage \" 0 \" to UTF-8 \n " ) ;
2018-10-08 12:59:42 -04:00
comment_utf8 = cli_genfname ( NULL ) ;
}
} else {
/* Should already be UTF-8. Use as-is.. */
2019-08-22 16:51:01 -04:00
comment_utf8 = CLI_STRNDUP ( ( char * ) index , size ) ;
2018-10-08 12:59:42 -04:00
if ( NULL = = comment_utf8 ) {
2019-05-24 10:00:35 -04:00
cli_dbgmsg ( " egg_parse_comment_header: failed to allocate comment buffer. \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
}
More Coverity bug fixes
Fixed the following Coverity issues:
- 225236 - In cli_egg_extract_file: Dereference of an explicit
null value (CWE-476). The first fail case checked handle for
NULL and then dereferenced it in the done block
- 225209 - In executeIfNewVersion: Leak of memory or pointers
to system resources (CWE-404). modifiedCommand was defined
twice, with the inner instance being assigned to and the
outer instance being freed
- 225201 - In regex_list_match: Code can never be reached
because of a logical contradiction (CWE-561). The code had
logic off to the side that may have been missed:
filter_search_rc = filter_search(&matcher->filter, (const unsigned char *)bufrev, buffer_len) != -1;
if (filter_search_rc == -1) {
- 225198 - In phishingCheck: Leak of memory or pointers to
system resources (CWE-404). A fail case caused by malloc
failing would leak previously allocated memory.
- 225197 - In updatecustomdb: A pointer to freed memory
is dereferenced, used as a function argument, or otherwise
used (CWE-416). In a fail case, a pointer was freed and
then used in a debug print statement
- 225190 - In updatedb: A pointer to freed memory is
dereferenced, used as a function argument, or otherwise used
(CWE-416). In a fail case, a pointer was freed and then used
in a debug print statement
- 225195 - In cli_egg_open: The sizeof operator is used on a
wrong argument that incidentally has the same size (CWE-467).
sizeof(char **) was being used instead of sizeof(char *)
- 225193 - In egg_parse_comment_header: Code can never be
reached because of a logical contradiction (CWE-561).
A cleanup case for variable comment was unnecessary, and
to fix comment was removed entirely.
- 225147 - In get_server_node: Code can never be reached
because of a logical contradiction (CWE-561). A cleanup
case for variable url was unnecessary
- 225168 - In download_complete_callback: Missing break
statement between cases in switch statement (CWE-484).
In the case where forking failed, freshclam would check
the database without forking but then continue on to
execute the code intended to be done in the child process
because of a missing break statement
- 225152 - In cli_egg_lzma_decompress: Use of an
uninitialized variable (CWE-457). Certain fail cases
would call cli_LzmaShutdown on an uninitialized stream.
Now it’s only called after initialization occurs.
2020-05-08 11:57:32 -04:00
cli_dbgmsg ( " egg_parse_comment_header: comment: %s \n " , comment_utf8 ) ;
2018-10-08 12:59:42 -04:00
More Coverity bug fixes
Fixed the following Coverity issues:
- 225236 - In cli_egg_extract_file: Dereference of an explicit
null value (CWE-476). The first fail case checked handle for
NULL and then dereferenced it in the done block
- 225209 - In executeIfNewVersion: Leak of memory or pointers
to system resources (CWE-404). modifiedCommand was defined
twice, with the inner instance being assigned to and the
outer instance being freed
- 225201 - In regex_list_match: Code can never be reached
because of a logical contradiction (CWE-561). The code had
logic off to the side that may have been missed:
filter_search_rc = filter_search(&matcher->filter, (const unsigned char *)bufrev, buffer_len) != -1;
if (filter_search_rc == -1) {
- 225198 - In phishingCheck: Leak of memory or pointers to
system resources (CWE-404). A fail case caused by malloc
failing would leak previously allocated memory.
- 225197 - In updatecustomdb: A pointer to freed memory
is dereferenced, used as a function argument, or otherwise
used (CWE-416). In a fail case, a pointer was freed and
then used in a debug print statement
- 225190 - In updatedb: A pointer to freed memory is
dereferenced, used as a function argument, or otherwise used
(CWE-416). In a fail case, a pointer was freed and then used
in a debug print statement
- 225195 - In cli_egg_open: The sizeof operator is used on a
wrong argument that incidentally has the same size (CWE-467).
sizeof(char **) was being used instead of sizeof(char *)
- 225193 - In egg_parse_comment_header: Code can never be
reached because of a logical contradiction (CWE-561).
A cleanup case for variable comment was unnecessary, and
to fix comment was removed entirely.
- 225147 - In get_server_node: Code can never be reached
because of a logical contradiction (CWE-561). A cleanup
case for variable url was unnecessary
- 225168 - In download_complete_callback: Missing break
statement between cases in switch statement (CWE-484).
In the case where forking failed, freshclam would check
the database without forking but then continue on to
execute the code intended to be done in the child process
because of a missing break statement
- 225152 - In cli_egg_lzma_decompress: Use of an
uninitialized variable (CWE-457). Certain fail cases
would call cli_LzmaShutdown on an uninitialized stream.
Now it’s only called after initialization occurs.
2020-05-08 11:57:32 -04:00
* commentInfo = comment_utf8 ;
2019-07-01 16:08:14 -04:00
status = CL_SUCCESS ;
2018-10-08 12:59:42 -04:00
done :
return status ;
}
static void egg_free_egg_block ( egg_block * block )
{
free ( block ) ;
}
2019-07-01 16:08:14 -04:00
static cl_error_t egg_parse_block_headers ( egg_handle * handle , egg_block * * block )
2018-10-08 12:59:42 -04:00
{
2019-07-01 16:08:14 -04:00
cl_error_t status = CL_EPARSE ;
2018-10-08 12:59:42 -04:00
egg_block * eggBlock = NULL ;
block_header * blockHeader = NULL ;
uint32_t magic = 0 ;
const uint8_t * index = 0 ;
if ( ! handle | | ! block ) {
cli_errmsg ( " egg_parse_block_headers: Invalid args! \n " ) ;
2019-07-01 16:08:14 -04:00
return CL_EARG ;
2018-10-08 12:59:42 -04:00
}
* block = NULL ;
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = EGG_VALIDATE_HANDLE ( handle ) ) {
2018-10-08 12:59:42 -04:00
cli_errmsg ( " egg_parse_block_headers: Invalid handle values! \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EARG ;
2018-10-08 12:59:42 -04:00
goto done ;
}
/*
* 1 st :
* Block headers must start with the block_header .
*/
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , sizeof ( block_header ) ) ;
if ( ! index ) {
cli_dbgmsg ( " egg_parse_block_headers: File buffer too small to contain block header. \n " ) ;
goto done ;
}
eggBlock = ( egg_block * ) cli_calloc ( 1 , sizeof ( egg_block ) ) ;
if ( NULL = = eggBlock ) {
cli_errmsg ( " egg_parse_block_headers: Failed to allocate memory for egg_block. \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
blockHeader = ( block_header * ) index ;
eggBlock - > blockHeader = blockHeader ;
if ( BLOCK_HEADER_MAGIC ! = le32_to_host ( blockHeader - > magic ) ) {
cli_dbgmsg ( " egg_parse_block_headers: Invalid block header magic: %08x. \n " , le32_to_host ( blockHeader - > magic ) ) ;
goto done ;
}
cli_dbgmsg ( " egg_parse_block_headers: block_header->magic: %08x (%s) \n " , le32_to_host ( blockHeader - > magic ) , getMagicHeaderName ( le32_to_host ( blockHeader - > magic ) ) ) ;
cli_dbgmsg ( " egg_parse_block_headers: block_header->compress_algorithm: %08x \n " , blockHeader - > compress_algorithm ) ;
cli_dbgmsg ( " egg_parse_block_headers: block_header->compress_hint: %08x \n " , blockHeader - > compress_hint ) ;
cli_dbgmsg ( " egg_parse_block_headers: block_header->uncompress_size: %08x \n " , le32_to_host ( blockHeader - > uncompress_size ) ) ;
cli_dbgmsg ( " egg_parse_block_headers: block_header->compress_size: %08x \n " , le32_to_host ( blockHeader - > compress_size ) ) ;
cli_dbgmsg ( " egg_parse_block_headers: block_header->crc32: %08x \n " , le32_to_host ( blockHeader - > crc32 ) ) ;
if ( 0 = = le16_to_host ( blockHeader - > compress_size ) ) {
cli_warnmsg ( " egg_parse_block_headers: Empty block! \n " ) ;
}
handle - > offset + = sizeof ( block_header ) ;
/*
* 2 nd :
* After the block_header , the following extra field headers may be present :
* a ) EOFARC
*/
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , sizeof ( magic32_t ) ) ;
if ( ! index ) {
cli_dbgmsg ( " egg_parse_block_headers: File buffer too small to contain end of archive magic bytes. \n " ) ;
goto done ;
}
magic = le32_to_host ( * ( ( uint32_t * ) index ) ) ;
if ( EOFARC ! = magic ) {
cli_dbgmsg ( " egg_parse_block_headers: EOFARC missing after block header. Found these bytes instead: %08x. (%s) \n " , magic , getMagicHeaderName ( magic ) ) ;
goto done ;
}
cli_dbgmsg ( " egg_parse_block_headers: End of block header. \n " ) ;
handle - > offset + = sizeof ( magic32_t ) ;
/*
* Compressed data should follow the Block Header .
*/
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , blockHeader - > compress_size ) ;
if ( ! index ) {
cli_dbgmsg ( " egg_parse_block_headers: File buffer too small to contain block compressed data. \n " ) ;
goto done ;
}
eggBlock - > compressedData = ( char * ) index ;
handle - > offset + = blockHeader - > compress_size ;
* block = eggBlock ;
2019-07-01 16:08:14 -04:00
status = CL_SUCCESS ;
2018-10-08 12:59:42 -04:00
done :
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = status ) {
2018-10-08 12:59:42 -04:00
if ( eggBlock ) {
egg_free_egg_block ( eggBlock ) ;
}
}
return status ;
}
static void egg_free_egg_file ( egg_file * file )
{
uint32_t i = 0 ;
if ( NULL ! = file - > filename . name_utf8 ) {
free ( file - > filename . name_utf8 ) ;
file - > filename . name_utf8 = NULL ;
}
2022-02-14 16:30:44 -08:00
if ( NULL ! = file - > encrypt ) {
free ( file - > encrypt ) ;
file - > encrypt = NULL ;
}
2018-10-08 12:59:42 -04:00
if ( NULL ! = file - > blocks ) {
for ( i = 0 ; i < file - > nBlocks ; i + + ) {
egg_free_egg_block ( file - > blocks [ i ] ) ;
file - > blocks [ i ] = NULL ;
}
free ( file - > blocks ) ;
file - > blocks = NULL ;
}
if ( NULL ! = file - > comments ) {
for ( i = 0 ; i < file - > nComments ; i + + ) {
free ( file - > comments [ i ] ) ;
file - > comments [ i ] = NULL ;
}
free ( file - > comments ) ;
file - > comments = NULL ;
}
free ( file ) ;
}
2019-07-01 16:08:14 -04:00
static cl_error_t egg_parse_archive_extra_field ( egg_handle * handle )
2018-10-08 12:59:42 -04:00
{
2019-07-01 16:08:14 -04:00
cl_error_t status = CL_EPARSE ;
2018-10-08 12:59:42 -04:00
const uint8_t * index = NULL ;
extra_field * extraField = NULL ;
uint32_t magic = 0 ;
uint32_t size = 0 ;
if ( ! handle ) {
cli_errmsg ( " egg_parse_archive_extra_field: Invalid args! \n " ) ;
2019-07-01 16:08:14 -04:00
return CL_EARG ;
2018-10-08 12:59:42 -04:00
}
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = EGG_VALIDATE_HANDLE ( handle ) ) {
2018-10-08 12:59:42 -04:00
cli_errmsg ( " egg_parse_comment_headers: Invalid handle values! \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EARG ;
2018-10-08 12:59:42 -04:00
goto done ;
}
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , sizeof ( extra_field ) ) ;
if ( ! index ) {
cli_dbgmsg ( " egg_parse_archive_extra_field: File buffer too small to contain extra_field header. \n " ) ;
goto done ;
}
extraField = ( extra_field * ) index ;
cli_dbgmsg ( " egg_parse_archive_extra_field: extra_field->magic: %08x (%s) \n " , le32_to_host ( extraField - > magic ) , getMagicHeaderName ( le32_to_host ( extraField - > magic ) ) ) ;
cli_dbgmsg ( " egg_parse_archive_extra_field: extra_field->bit_flag: %02x \n " , extraField - > bit_flag ) ;
handle - > offset + = sizeof ( extra_field ) ;
if ( extraField - > bit_flag & EXTRA_FIELD_FLAGS_SIZE_IS_4BYTES ) {
/* size is uint32_t */
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , sizeof ( uint32_t ) ) ;
if ( ! index ) {
cli_dbgmsg ( " egg_parse_archive_extra_field: File buffer too small to contain extra_field header. \n " ) ;
goto done ;
}
size = le32_to_host ( * ( uint32_t * ) index ) ;
handle - > offset + = sizeof ( uint32_t ) ;
} else {
/* size is uint16_t */
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , sizeof ( uint16_t ) ) ;
if ( ! index ) {
cli_dbgmsg ( " egg_parse_archive_extra_field: File buffer too small to contain extra_field header. \n " ) ;
goto done ;
}
size = le16_to_host ( * ( uint16_t * ) index ) ;
handle - > offset + = sizeof ( uint16_t ) ;
}
cli_dbgmsg ( " egg_parse_archive_extra_field: extra_field->size: %u \n " , size ) ;
magic = le32_to_host ( extraField - > magic ) ;
switch ( magic ) {
case SOLID_COMPRESSION_MAGIC : {
/*
* Solid archive is an archive packed with a special compression method ,
* which treats several or all files within the archive as one continuous data stream .
*/
cli_dbgmsg ( " egg_parse_archive_extra_field: Solid archive. Several or all files within the archive treated as one continuous data stream. \n " ) ;
if ( 0 ! = handle - > bSolid ) {
cli_warnmsg ( " egg_parse_archive_extra_field: Encountered more than 1 Solid extra_field! \n " ) ;
goto done ;
}
handle - > bSolid = 1 ;
break ;
}
case SPLIT_COMPRESSION_MAGIC : {
/*
* Split archives are single archives split into multiple . egg volumes .
*
* It is the first file if previous file ’ s ID is 0 , and is the last file
* if next file ’ s ID is 0.
*
* Header and Extra Field shouldn ’ t be cut when split compressing .
* Compressed Block Data can be saved cut .
* If header is excluded from the split size , insert Dummy Extra Field .
*
* If file compression ratio not applied when split compressing , modify
* Magic of the header into Dummy Header or Skip Header ( 0xFFFF0000 )
* so it can be skipped .
*/
split_compression * split = NULL ;
if ( 0 ! = handle - > bSplit ) {
cli_warnmsg ( " egg_parse_archive_extra_field: Encountered more than 1 Split extra_field! \n " ) ;
goto done ;
}
handle - > bSplit = 1 ;
cli_warnmsg ( " egg_parse_archive_extra_field: Split archive. Split archives are single archives split into multiple .egg volumes. \n " ) ;
if ( sizeof ( split_compression ) ! = size ) {
cli_dbgmsg ( " egg_parse_archive_extra_field: size in extra_field is different than size of split_compression (%zu != %u). \n " , sizeof ( split_compression ) , size ) ;
} else {
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , sizeof ( split_compression ) ) ;
if ( ! index ) {
cli_dbgmsg ( " egg_parse_archive_extra_field: File buffer too small to contain split compression header. \n " ) ;
goto done ;
}
split = ( split_compression * ) index ;
handle - > splitInfo = split ;
cli_dbgmsg ( " egg_parse_archive_extra_field: split_compression->prev_file_id: %08x \n " , le32_to_host ( split - > prev_file_id ) ) ;
cli_dbgmsg ( " egg_parse_archive_extra_field: split_compression->next_file_id: %08x \n " , le32_to_host ( split - > next_file_id ) ) ;
}
break ;
}
case ENCRYPT_HEADER_MAGIC : {
/*
* EGG files may have a global encryption header .
* It is unclear if this means each file is encrypted , or that additional
* data beyond the file contents is encrypted .
*/
if ( NULL ! = handle - > encrypt ) {
cli_warnmsg ( " egg_parse_archive_extra_field: Encountered more than 1 encrypt_header! \n " ) ;
goto done ;
}
/*
* Fudge factor .
* The documentation is hazy about how the encrypt header works .
* From testing , it seems that for encrypted files , the size in the extra_field includes the size OF the extra field .
*/
size - = sizeof ( extra_field ) + sizeof ( uint16_t ) ;
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , size ) ;
if ( ! index ) {
cli_errmsg ( " egg_parse_archive_extra_field: File buffer too small to contain encryption headers. \n " ) ;
goto done ;
}
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = egg_parse_encrypt_header ( index , size , & handle - > encrypt ) ) {
2018-10-08 12:59:42 -04:00
cli_errmsg ( " egg_parse_archive_extra_field: Failed to parse encryption headers. \n " ) ;
goto done ;
}
break ;
}
default : {
cli_dbgmsg ( " egg_parse_archive_extra_field: unexpected header magic: %08x (%s) \n " , magic , getMagicHeaderName ( magic ) ) ;
}
}
handle - > offset + = size ;
2019-07-01 16:08:14 -04:00
status = CL_SUCCESS ;
2018-10-08 12:59:42 -04:00
done :
return status ;
}
2019-07-01 17:16:41 -04:00
static void print_posix_info_mode ( uint32_t mode )
{
/* File type flags */
if ( mode & POSIX_INFO_MODE_REG_FILE ) {
printf ( " - " ) ;
} else if ( mode & POSIX_INFO_MODE_DIRECTORY ) {
printf ( " d " ) ;
} else if ( mode & POSIX_INFO_MODE_CHAR_DEVICE ) {
printf ( " c " ) ;
} else if ( mode & POSIX_INFO_MODE_BLOCK_DEVICE ) {
printf ( " s " ) ;
} else if ( mode & POSIX_INFO_MODE_SOCKET ) {
printf ( " s " ) ;
} else if ( mode & POSIX_INFO_MODE_FIFO ) {
printf ( " p " ) ;
} else if ( mode & POSIX_INFO_MODE_SYM_LINK ) {
printf ( " l " ) ;
} else if ( mode & POSIX_INFO_MODE_SOCKET ) {
printf ( " s " ) ;
}
/* Owner/Group/Other permissions */
if ( mode & POSIX_INFO_MODE_PERM_OWNER_READ ) {
printf ( " r " ) ;
} else {
printf ( " - " ) ;
}
if ( mode & POSIX_INFO_MODE_PERM_OWNER_WRITE ) {
printf ( " w " ) ;
} else {
printf ( " - " ) ;
}
if ( mode & POSIX_INFO_MODE_SET_UID_BIT ) {
printf ( " s " ) ;
} else if ( mode & POSIX_INFO_MODE_PERM_OWNER_EXECUTE ) {
printf ( " x " ) ;
} else {
printf ( " - " ) ;
}
if ( mode & POSIX_INFO_MODE_PERM_GROUP_READ ) {
printf ( " r " ) ;
} else {
printf ( " - " ) ;
}
if ( mode & POSIX_INFO_MODE_PERM_GROUP_WRITE ) {
printf ( " w " ) ;
} else {
printf ( " - " ) ;
}
if ( mode & POSIX_INFO_MODE_SET_UID_BIT ) {
printf ( " s " ) ;
}
if ( mode & POSIX_INFO_MODE_SET_GROUPID_BIT ) {
printf ( " s " ) ;
}
if ( mode & POSIX_INFO_MODE_PERM_GROUP_EXECUTE ) {
printf ( " x " ) ;
} else {
printf ( " - " ) ;
}
if ( mode & POSIX_INFO_MODE_PERM_OTHERS_READ ) {
printf ( " r " ) ;
} else {
printf ( " - " ) ;
}
if ( mode & POSIX_INFO_MODE_PERM_OTHERS_WRITE ) {
printf ( " w " ) ;
} else {
printf ( " - " ) ;
}
if ( mode & POSIX_INFO_MODE_PERM_OTHERS_EXECUTE ) {
printf ( " x " ) ;
} else {
printf ( " - " ) ;
}
/* Sticky Bit */
if ( mode & POSIX_INFO_MODE_STICKY_BIT )
printf ( " t " ) ;
printf ( " \n " ) ;
}
2019-07-01 16:08:14 -04:00
static cl_error_t egg_parse_file_extra_field ( egg_handle * handle , egg_file * eggFile )
2018-10-08 12:59:42 -04:00
{
2019-07-01 16:08:14 -04:00
cl_error_t status = CL_EPARSE ;
2018-10-08 12:59:42 -04:00
const uint8_t * index = NULL ;
extra_field * extraField = NULL ;
uint32_t magic = 0 ;
uint32_t size = 0 ;
if ( ! handle | | ! eggFile ) {
cli_errmsg ( " egg_parse_file_extra_field: Invalid args! \n " ) ;
2019-07-01 16:08:14 -04:00
return CL_EARG ;
2018-10-08 12:59:42 -04:00
}
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = EGG_VALIDATE_HANDLE ( handle ) ) {
2018-10-08 12:59:42 -04:00
cli_errmsg ( " egg_parse_file_extra_field: Invalid handle values! \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EARG ;
2018-10-08 12:59:42 -04:00
goto done ;
}
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , sizeof ( extra_field ) ) ;
if ( ! index ) {
cli_dbgmsg ( " egg_parse_file_extra_field: File buffer too small to contain extra_field header. \n " ) ;
goto done ;
}
extraField = ( extra_field * ) index ;
cli_dbgmsg ( " egg_parse_file_extra_field: extra_field->magic: %08x (%s) \n " , le32_to_host ( extraField - > magic ) , getMagicHeaderName ( le32_to_host ( extraField - > magic ) ) ) ;
cli_dbgmsg ( " egg_parse_file_extra_field: extra_field->bit_flag: %02x \n " , extraField - > bit_flag ) ;
handle - > offset + = sizeof ( extra_field ) ;
if ( extraField - > bit_flag & EXTRA_FIELD_FLAGS_SIZE_IS_4BYTES ) {
/* size is uint32_t */
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , sizeof ( uint32_t ) ) ;
if ( ! index ) {
cli_dbgmsg ( " egg_parse_file_extra_field: File buffer too small to contain extra_field header. \n " ) ;
goto done ;
}
size = le32_to_host ( * ( uint32_t * ) index ) ;
handle - > offset + = sizeof ( uint32_t ) ;
} else {
/* size is uint16_t */
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , sizeof ( uint16_t ) ) ;
if ( ! index ) {
cli_dbgmsg ( " egg_parse_file_extra_field: File buffer too small to contain extra_field header. \n " ) ;
goto done ;
}
size = le16_to_host ( * ( uint16_t * ) index ) ;
handle - > offset + = sizeof ( uint16_t ) ;
}
cli_dbgmsg ( " egg_parse_file_extra_field: extra_field->size: %u \n " , size ) ;
magic = le32_to_host ( extraField - > magic ) ;
switch ( magic ) {
case FILENAME_HEADER_MAGIC : {
/*
* File Filename Header
*/
uint16_t codepage = 0 ; /* Windows code page https://docs.microsoft.com/en-us/windows/desktop/Intl/code-page-identifiers) */
uint32_t name_size = 0 ;
uint32_t remaining_size = size ;
char * name_utf8 = NULL ;
size_t name_utf8_size = 0 ;
if ( NULL ! = eggFile - > filename . name_utf8 ) {
cli_warnmsg ( " egg_parse_file_extra_field: Encountered more than 1 filename_header! \n " ) ;
goto done ;
}
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , size ) ;
if ( ! index ) {
cli_dbgmsg ( " egg_parse_file_extra_field: File buffer too small to contain name fields. \n " ) ;
goto done ;
}
if ( extraField - > bit_flag & FILENAME_HEADER_FLAGS_ENCRYPT )
cli_dbgmsg ( " egg_parse_file_extra_field: filename_header->bit_flag: encrypted \n " ) ;
else
cli_dbgmsg ( " egg_parse_file_extra_field: filename_header->bit_flag: not encrypted \n " ) ;
if ( extraField - > bit_flag & FILENAME_HEADER_FLAGS_RELATIVE_PATH_INSTEAD_OF_ABSOLUTE )
cli_dbgmsg ( " egg_parse_file_extra_field: filename_header->bit_flag: relative-path \n " ) ;
else
cli_dbgmsg ( " egg_parse_file_extra_field: filename_header->bit_flag: absolute-path \n " ) ;
if ( extraField - > bit_flag & FILENAME_HEADER_FLAGS_MULTIBYTE_CODEPAGE_INSTEAD_OF_UTF8 )
cli_dbgmsg ( " egg_parse_file_extra_field: filename_header->bit_flag: Windows Multibyte + codepage \n " ) ;
else
cli_dbgmsg ( " egg_parse_file_extra_field: filename_header->bit_flag: UTF-8 \n " ) ;
if ( extraField - > bit_flag & FILENAME_HEADER_FLAGS_MULTIBYTE_CODEPAGE_INSTEAD_OF_UTF8 ) {
/* Utf-8 - header will include locale */
/* Check that the size is big enough */
if ( remaining_size < sizeof ( uint16_t ) ) {
cli_dbgmsg ( " egg_parse_file_extra_field: size too small for locale information. \n " ) ;
goto done ;
}
codepage = * ( uint16_t * ) index ;
cli_dbgmsg ( " egg_parse_file_extra_field: filename_header->codepage: %u \n " , codepage ) ;
index + = sizeof ( uint16_t ) ;
handle - > offset + = sizeof ( uint16_t ) ;
remaining_size - = sizeof ( uint16_t ) ;
}
if ( extraField - > bit_flag & FILENAME_HEADER_FLAGS_RELATIVE_PATH_INSTEAD_OF_ABSOLUTE ) {
/* header will include parent_path_id */
/* Check that the size is big enough */
if ( remaining_size < sizeof ( uint32_t ) ) {
cli_dbgmsg ( " egg_parse_file_extra_field: size too small for parent_path_id. \n " ) ;
goto done ;
}
eggFile - > filename . parent_path_id = * ( uint16_t * ) index ;
cli_dbgmsg ( " egg_parse_file_extra_field: filename_header->parent_path_id: %u \n " , eggFile - > filename . parent_path_id ) ;
index + = sizeof ( uint32_t ) ;
handle - > offset + = sizeof ( uint32_t ) ;
remaining_size - = sizeof ( uint32_t ) ;
}
if ( remaining_size = = 0 ) {
cli_dbgmsg ( " egg_parse_file_extra_field: size too small for name string. \n " ) ;
goto done ;
}
name_size = remaining_size ;
/*
* Store name as UTF - 8 string .
*/
if ( extraField - > bit_flag & FILENAME_HEADER_FLAGS_MULTIBYTE_CODEPAGE_INSTEAD_OF_UTF8 ) {
/* Convert ANSI codepage to UTF-8. EGG format explicitly supports:
* - 949 ( Korean Unified Code )
* - 932 ( Japanese Shift - JIS ) */
if ( 0 = = codepage ) {
2020-07-24 14:45:44 -07:00
if ( CL_SUCCESS ! = cli_codepage_to_utf8 ( ( char * ) index , name_size , CODEPAGE_UTF8 , & name_utf8 , & name_utf8_size ) ) {
2018-10-08 12:59:42 -04:00
cli_dbgmsg ( " egg_parse_file_extra_field: failed to convert codepage \" 0 \" to UTF-8 \n " ) ;
name_utf8 = cli_genfname ( NULL ) ;
}
} else {
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = cli_codepage_to_utf8 ( ( char * ) index , name_size , codepage , & name_utf8 , & name_utf8_size ) ) {
2018-10-08 12:59:42 -04:00
cli_dbgmsg ( " egg_parse_file_extra_field: failed to convert codepage %u to UTF-8 \n " , codepage ) ;
name_utf8 = cli_genfname ( NULL ) ;
}
}
} else {
/* Should already be UTF-8. Use as-is.. */
2019-08-22 16:51:01 -04:00
name_utf8 = CLI_STRNDUP ( ( char * ) index , name_size ) ;
2018-10-08 12:59:42 -04:00
if ( NULL = = name_utf8 ) {
cli_dbgmsg ( " egg_parse_file_extra_field: failed to allocate name buffer. \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
}
eggFile - > filename . name_utf8 = name_utf8 ;
cli_dbgmsg ( " egg_parse_file_extra_field: filename_header->name: %s \n " , eggFile - > filename . name_utf8 ) ;
break ;
}
case COMMENT_HEADER_MAGIC : {
/*
* File Comment Header
*/
2019-07-01 16:08:14 -04:00
cl_error_t retval = CL_EPARSE ;
char * comment = NULL ;
2018-10-08 12:59:42 -04:00
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , size ) ;
if ( ! index ) {
cli_dbgmsg ( " egg_parse_file_extra_field: File buffer too small to contain comment fields. \n " ) ;
goto done ;
}
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = ( retval = egg_parse_comment_header ( index , size , extraField , & comment ) ) ) {
2018-10-08 12:59:42 -04:00
cli_dbgmsg ( " egg_parse_file_extra_field: Issue parsing comment header. Error code: %u \n " , retval ) ;
break ;
} else {
/*
* Success ?
*/
if ( comment = = NULL ) {
/* Uh... no. */
cli_errmsg ( " egg_parse_file_extra_field: Logic error! Succesfully parsed comment header, "
" but did not return egg_comment information! \n " ) ;
goto done ;
} else {
/*
* Comment found . Add comment to our list .
*/
2019-07-01 16:21:20 -04:00
char * * comments_tmp ;
comments_tmp = ( char * * ) cli_realloc (
2018-10-08 12:59:42 -04:00
( void * ) eggFile - > comments ,
More Coverity bug fixes
Fixed the following Coverity issues:
- 225236 - In cli_egg_extract_file: Dereference of an explicit
null value (CWE-476). The first fail case checked handle for
NULL and then dereferenced it in the done block
- 225209 - In executeIfNewVersion: Leak of memory or pointers
to system resources (CWE-404). modifiedCommand was defined
twice, with the inner instance being assigned to and the
outer instance being freed
- 225201 - In regex_list_match: Code can never be reached
because of a logical contradiction (CWE-561). The code had
logic off to the side that may have been missed:
filter_search_rc = filter_search(&matcher->filter, (const unsigned char *)bufrev, buffer_len) != -1;
if (filter_search_rc == -1) {
- 225198 - In phishingCheck: Leak of memory or pointers to
system resources (CWE-404). A fail case caused by malloc
failing would leak previously allocated memory.
- 225197 - In updatecustomdb: A pointer to freed memory
is dereferenced, used as a function argument, or otherwise
used (CWE-416). In a fail case, a pointer was freed and
then used in a debug print statement
- 225190 - In updatedb: A pointer to freed memory is
dereferenced, used as a function argument, or otherwise used
(CWE-416). In a fail case, a pointer was freed and then used
in a debug print statement
- 225195 - In cli_egg_open: The sizeof operator is used on a
wrong argument that incidentally has the same size (CWE-467).
sizeof(char **) was being used instead of sizeof(char *)
- 225193 - In egg_parse_comment_header: Code can never be
reached because of a logical contradiction (CWE-561).
A cleanup case for variable comment was unnecessary, and
to fix comment was removed entirely.
- 225147 - In get_server_node: Code can never be reached
because of a logical contradiction (CWE-561). A cleanup
case for variable url was unnecessary
- 225168 - In download_complete_callback: Missing break
statement between cases in switch statement (CWE-484).
In the case where forking failed, freshclam would check
the database without forking but then continue on to
execute the code intended to be done in the child process
because of a missing break statement
- 225152 - In cli_egg_lzma_decompress: Use of an
uninitialized variable (CWE-457). Certain fail cases
would call cli_LzmaShutdown on an uninitialized stream.
Now it’s only called after initialization occurs.
2020-05-08 11:57:32 -04:00
sizeof ( char * ) * ( eggFile - > nComments + 1 ) ) ;
2019-07-01 16:21:20 -04:00
if ( NULL = = comments_tmp ) {
2020-05-07 14:12:17 -04:00
free ( comment ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
2019-07-01 16:21:20 -04:00
eggFile - > comments = comments_tmp ;
2018-10-08 12:59:42 -04:00
eggFile - > comments [ eggFile - > nComments ] = comment ;
eggFile - > nComments + + ;
}
}
break ;
}
case ENCRYPT_HEADER_MAGIC : {
/*
* File Encryption Header .
*/
if ( NULL ! = eggFile - > encrypt ) {
cli_warnmsg ( " egg_parse_file_extra_field: Encountered more than 1 encrypt_header! \n " ) ;
goto done ;
}
/*
* Fudge factor .
* The documentation is hazy about how the encrypt header works .
* From testing , it seems that for encrypted files , the size in the extra_field includes the size OF the extra field .
*/
size - = sizeof ( extra_field ) + sizeof ( uint16_t ) ;
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , size ) ;
if ( ! index ) {
cli_errmsg ( " egg_parse_file_extra_field: File buffer too small to contain encryption fields. \n " ) ;
goto done ;
}
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = egg_parse_encrypt_header ( index , size , & eggFile - > encrypt ) ) {
2018-10-08 12:59:42 -04:00
cli_errmsg ( " egg_parse_file_extra_field: Failed to parse encrypt_header. \n " ) ;
goto done ;
}
break ;
}
case WINDOWS_INFO_MAGIC : {
windows_file_information * windowsFileInformation = NULL ;
if ( NULL ! = eggFile - > windowsFileInformation ) {
cli_warnmsg ( " egg_parse_file_extra_field: Encountered more than 1 windows_file_information! \n " ) ;
goto done ;
}
if ( sizeof ( windows_file_information ) ! = size ) {
cli_warnmsg ( " egg_parse_file_extra_field: Invalid size of windows_file_information! \n " ) ;
}
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , sizeof ( windows_file_information ) ) ;
if ( ! index ) {
cli_dbgmsg ( " egg_parse_file_extra_field: File buffer too small to contain windows info. \n " ) ;
goto done ;
}
windowsFileInformation = ( windows_file_information * ) index ;
eggFile - > windowsFileInformation = windowsFileInformation ;
2019-08-13 10:52:18 -04:00
cli_dbgmsg ( " egg_parse_file_extra_field: windows_file_information->last_modified_time: %016 " PRIx64 " \n " , le64_to_host ( windowsFileInformation - > last_modified_time ) ) ;
2018-10-08 12:59:42 -04:00
cli_dbgmsg ( " egg_parse_file_extra_field: windows_file_information->attribute: %08x \n " , windowsFileInformation - > attribute ) ;
break ;
}
case POSIX_INFO_MAGIC : {
posix_file_information * posixFileInformation = NULL ;
if ( NULL ! = eggFile - > posixFileInformation ) {
cli_warnmsg ( " egg_parse_file_extra_field: Encountered more than 1 posix_file_information! \n " ) ;
goto done ;
}
if ( sizeof ( posix_file_information ) ! = size ) {
cli_warnmsg ( " egg_parse_file_extra_field: Invalid size of posix_file_information! \n " ) ;
}
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , sizeof ( posix_file_information ) ) ;
if ( ! index ) {
cli_dbgmsg ( " egg_parse_file_extra_field: File buffer too small to contain posix info. \n " ) ;
goto done ;
}
posixFileInformation = ( posix_file_information * ) index ;
eggFile - > posixFileInformation = posixFileInformation ;
cli_dbgmsg ( " egg_parse_file_extra_field: posix_file_information->mode: %08x " , le32_to_host ( posixFileInformation - > mode ) ) ;
if ( UNLIKELY ( cli_debug_flag ) ) {
2019-07-01 17:16:41 -04:00
print_posix_info_mode ( posixFileInformation - > mode ) ;
2018-10-08 12:59:42 -04:00
}
cli_dbgmsg ( " egg_parse_file_extra_field: posix_file_information->uid: %08x \n " , le32_to_host ( posixFileInformation - > uid ) ) ;
cli_dbgmsg ( " egg_parse_file_extra_field: posix_file_information->gid: %08x \n " , le32_to_host ( posixFileInformation - > gid ) ) ;
2019-08-13 10:52:18 -04:00
cli_dbgmsg ( " egg_parse_file_extra_field: posix_file_information->last_modified_time: %016 " PRIx64 " \n " , le64_to_host ( posixFileInformation - > last_modified_time ) ) ;
2018-10-08 12:59:42 -04:00
break ;
}
case FILE_HEADER_MAGIC : {
if ( handle - > bSolid ) {
cli_dbgmsg ( " egg_parse_file_extra_field: Solid archive - on to next file header. \n " ) ;
} else {
cli_warnmsg ( " egg_parse_file_extra_field: Missing EOFARC in non-solid/standard archive. \n " ) ;
}
break ;
}
default : {
cli_dbgmsg ( " egg_parse_file_extra_field: unexpected header magic: %08x (%s) \n " , magic , getMagicHeaderName ( magic ) ) ;
}
}
handle - > offset + = size ;
2019-07-01 16:08:14 -04:00
status = CL_SUCCESS ;
2018-10-08 12:59:42 -04:00
done :
return status ;
}
2019-07-01 16:08:14 -04:00
static cl_error_t egg_parse_file_headers ( egg_handle * handle , egg_file * * file )
2018-10-08 12:59:42 -04:00
{
2019-07-01 16:08:14 -04:00
cl_error_t status = CL_EPARSE ;
cl_error_t retval ;
2018-10-08 12:59:42 -04:00
egg_file * eggFile = NULL ;
file_header * fileHeader = NULL ;
uint32_t magic = 0 ;
const uint8_t * index = 0 ;
if ( ! handle | | ! file ) {
cli_errmsg ( " egg_parse_file_headers: Invalid args! \n " ) ;
2019-07-01 16:08:14 -04:00
return CL_EARG ;
2018-10-08 12:59:42 -04:00
}
* file = NULL ;
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = EGG_VALIDATE_HANDLE ( handle ) ) {
2018-10-08 12:59:42 -04:00
cli_errmsg ( " egg_parse_file_headers: Invalid handle values! \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EARG ;
2018-10-08 12:59:42 -04:00
goto done ;
}
/*
* 1 st :
* File headers must start with the file_header .
*/
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , sizeof ( file_header ) ) ;
if ( ! index ) {
cli_dbgmsg ( " egg_parse_file_headers: File buffer too small to contain file header. \n " ) ;
goto done ;
}
eggFile = ( egg_file * ) cli_calloc ( 1 , sizeof ( egg_file ) ) ;
if ( NULL = = eggFile ) {
cli_errmsg ( " egg_parse_file_headers: Failed to allocate memory for egg_file. \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
fileHeader = ( file_header * ) index ;
eggFile - > file = fileHeader ;
if ( FILE_HEADER_MAGIC ! = le32_to_host ( fileHeader - > magic ) ) {
cli_dbgmsg ( " egg_parse_file_headers: Invalid file header magic: %08x (%s). \n " , le32_to_host ( fileHeader - > magic ) , getMagicHeaderName ( le32_to_host ( fileHeader - > magic ) ) ) ;
goto done ;
}
cli_dbgmsg ( " egg_parse_file_headers: file_header->magic: %08x (%s) \n " , le32_to_host ( fileHeader - > magic ) , getMagicHeaderName ( le32_to_host ( fileHeader - > magic ) ) ) ;
cli_dbgmsg ( " egg_parse_file_headers: file_header->file_id: %08x \n " , le32_to_host ( fileHeader - > file_id ) ) ;
2019-08-13 10:52:18 -04:00
cli_dbgmsg ( " egg_parse_file_headers: file_header->file_length: %016 " PRIx64 " (% " PRIu64 " ) \n " ,
2018-10-08 12:59:42 -04:00
le64_to_host ( fileHeader - > file_length ) ,
le64_to_host ( fileHeader - > file_length ) ) ;
if ( 0 = = le16_to_host ( fileHeader - > file_length ) ) {
2019-05-24 10:00:35 -04:00
cli_dbgmsg ( " egg_parse_file_headers: Empty file! \n " ) ;
2018-10-08 12:59:42 -04:00
}
handle - > offset + = sizeof ( file_header ) ;
/*
* 2 nd :
* After the file_header , the following extra field headers may be present :
* a ) filename_header
* b ) comment_header
* c ) windows_file_information
* d ) posix_file_information
* e ) encrypt_header
* f ) EOFARC
*/
while ( handle - > map - > len > handle - > offset ) {
/* Get the next magic32_t */
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , sizeof ( magic32_t ) ) ;
if ( ! index ) {
cli_dbgmsg ( " egg_parse_file_headers: File buffer too small to contain end of archive magic bytes. \n " ) ;
goto done ;
}
magic = le32_to_host ( * ( ( uint32_t * ) index ) ) ;
if ( EOFARC = = magic ) {
/*
* File headers should conclude with EOFARC magic bytes .
*/
handle - > offset + = sizeof ( magic32_t ) ;
cli_dbgmsg ( " egg_parse_file_headers: End of archive headers. \n " ) ;
break ; /* Break out of the loop */
} else {
/*
* Parse extra fields .
*/
retval = egg_parse_file_extra_field ( handle , eggFile ) ;
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = retval ) {
2018-10-08 12:59:42 -04:00
cli_dbgmsg ( " egg_parse_file_headers: Failed to parse archive header, magic: %08x (%s) \n " , magic , getMagicHeaderName ( magic ) ) ;
2019-05-24 10:00:35 -04:00
break ; /* Break out of the loop */
2018-10-08 12:59:42 -04:00
}
}
}
* file = eggFile ;
2019-07-01 16:08:14 -04:00
status = CL_SUCCESS ;
2018-10-08 12:59:42 -04:00
done :
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = status ) {
2018-10-08 12:59:42 -04:00
if ( eggFile ) {
egg_free_egg_file ( eggFile ) ;
}
}
return status ;
}
static void egg_free_egg_handle ( egg_handle * handle )
{
uint32_t i = 0 ;
2019-08-14 13:07:21 -04:00
if ( NULL = = handle ) {
return ;
}
2018-10-08 12:59:42 -04:00
if ( NULL ! = handle - > encrypt ) {
egg_free_encrypt ( handle - > encrypt ) ;
handle - > encrypt = NULL ;
}
if ( NULL ! = handle - > files ) {
for ( i = 0 ; i < handle - > nFiles ; i + + ) {
egg_free_egg_file ( handle - > files [ i ] ) ;
handle - > files [ i ] = NULL ;
}
free ( handle - > files ) ;
handle - > files = NULL ;
}
if ( NULL ! = handle - > blocks ) {
for ( i = 0 ; i < handle - > nBlocks ; i + + ) {
egg_free_egg_block ( handle - > blocks [ i ] ) ;
handle - > blocks [ i ] = NULL ;
}
free ( handle - > blocks ) ;
handle - > blocks = NULL ;
}
if ( NULL ! = handle - > comments ) {
for ( i = 0 ; i < handle - > nComments ; i + + ) {
free ( handle - > comments [ i ] ) ;
handle - > comments [ i ] = NULL ;
}
free ( handle - > comments ) ;
handle - > comments = NULL ;
}
2019-08-14 13:07:21 -04:00
free ( handle ) ;
2018-10-08 12:59:42 -04:00
}
2019-07-01 16:08:14 -04:00
static cl_error_t egg_parse_archive_headers ( egg_handle * handle )
2018-10-08 12:59:42 -04:00
{
2019-07-01 16:08:14 -04:00
cl_error_t status = CL_EPARSE ;
cl_error_t retval ;
2018-10-08 12:59:42 -04:00
egg_header * eggHeader = NULL ;
uint32_t magic = 0 ;
const uint8_t * index = 0 ;
if ( ! handle ) {
cli_errmsg ( " egg_parse_archive_headers: Invalid args! \n " ) ;
2019-07-01 16:08:14 -04:00
return CL_EARG ;
2018-10-08 12:59:42 -04:00
}
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = EGG_VALIDATE_HANDLE ( handle ) ) {
2018-10-08 12:59:42 -04:00
cli_errmsg ( " egg_parse_archive_headers: Invalid handle values! \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EARG ;
2018-10-08 12:59:42 -04:00
goto done ;
}
/*
* 1 st :
* Archive headers begins with the egg_header .
*/
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , sizeof ( egg_header ) ) ;
if ( ! index ) {
cli_dbgmsg ( " egg_parse_archive_headers: File buffer too small to contain egg_header. \n " ) ;
goto done ;
}
eggHeader = ( egg_header * ) index ;
if ( EGG_HEADER_MAGIC ! = le32_to_host ( eggHeader - > magic ) ) {
cli_dbgmsg ( " egg_parse_archive_headers: Invalid egg header magic: %08x. \n " , le32_to_host ( eggHeader - > magic ) ) ;
goto done ;
}
cli_dbgmsg ( " egg_parse_archive_headers: egg_header->magic: %08x (%s) \n " , le32_to_host ( eggHeader - > magic ) , getMagicHeaderName ( le32_to_host ( eggHeader - > magic ) ) ) ;
cli_dbgmsg ( " egg_parse_archive_headers: egg_header->version: %04x \n " , le16_to_host ( eggHeader - > version ) ) ;
cli_dbgmsg ( " egg_parse_archive_headers: egg_header->header_id: %08x \n " , le32_to_host ( eggHeader - > header_id ) ) ;
cli_dbgmsg ( " egg_parse_archive_headers: egg_header->reserved: %08x \n " , le32_to_host ( eggHeader - > reserved ) ) ;
if ( EGG_HEADER_VERSION ! = le16_to_host ( eggHeader - > version ) ) {
cli_dbgmsg ( " egg_parse_archive_headers: Unexpected EGG archive version #: %04x. \n " ,
le16_to_host ( eggHeader - > version ) ) ;
}
handle - > offset + = sizeof ( egg_header ) ;
/*
* 2 nd :
* Egg Header may be followed by :
* a ) split_compression header and / or
* b ) solid_compression
* c ) global encryption header
* d ) EOFARC
*/
while ( handle - > map - > len > handle - > offset ) {
/* Get the next magic32_t */
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , sizeof ( magic32_t ) ) ;
if ( ! index ) {
cli_dbgmsg ( " egg_parse_archive_headers: File buffer too small to contain end of archive magic bytes. \n " ) ;
goto done ;
}
magic = le32_to_host ( * ( ( uint32_t * ) index ) ) ;
if ( EOFARC = = magic ) {
/*
* Archive headers should conclude with EOFARC magic bytes .
*/
handle - > offset + = sizeof ( magic32_t ) ;
cli_dbgmsg ( " egg_parse_archive_headers: End of archive headers. \n " ) ;
break ; /* Break out of the loop */
} else {
/*
* Parse extra fields .
*/
retval = egg_parse_archive_extra_field ( handle ) ;
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = retval ) {
2018-10-08 12:59:42 -04:00
cli_dbgmsg ( " egg_parse_archive_headers: Failed to parse archive header, magic: %08x (%s) \n " , magic , getMagicHeaderName ( magic ) ) ;
break ; /* Break out of the loop */
}
}
}
2019-07-01 16:08:14 -04:00
status = CL_SUCCESS ;
2018-10-08 12:59:42 -04:00
done :
return status ;
}
libclamav: Fix scan recursion tracking
Scan recursion is the process of identifying files embedded in other
files and then scanning them, recursively.
Internally this process is more complex than it may sound because a file
may have multiple layers of types before finding a new "file".
At present we treat the recursion count in the scanning context as an
index into both our fmap list AND our container list. These two lists
are conceptually a part of the same thing and should be unified.
But what's concerning is that the "recursion level" isn't actually
incremented or decremented at the same time that we add a layer to the
fmap or container lists but instead is more touchy-feely, increasing
when we find a new "file".
To account for this shadiness, the size of the fmap and container lists
has always been a little longer than our "max scan recursion" limit so
we don't accidentally overflow the fmap or container arrays (!).
I've implemented a single recursion-stack as an array, similar to before,
which includes a pointer to each fmap at each layer, along with the size
and type. Push and pop functions add and remove layers whenever a new
fmap is added. A boolean argument when pushing indicates if the new layer
represents a new buffer or new file (descriptor). A new buffer will reset
the "nested fmap level" (described below).
This commit also provides a solution for an issue where we detect
embedded files more than once during scan recursion.
For illustration, imagine a tarball named foo.tar.gz with this structure:
| description | type | rec level | nested fmap level |
| ------------------------- | ----- | --------- | ----------------- |
| foo.tar.gz | GZ | 0 | 0 |
| └── foo.tar | TAR | 1 | 0 |
| ├── bar.zip | ZIP | 2 | 1 |
| │ └── hola.txt | ASCII | 3 | 0 |
| └── baz.exe | PE | 2 | 1 |
But suppose baz.exe embeds a ZIP archive and a 7Z archive, like this:
| description | type | rec level | nested fmap level |
| ------------------------- | ----- | --------- | ----------------- |
| baz.exe | PE | 0 | 0 |
| ├── sfx.zip | ZIP | 1 | 1 |
| │ └── hello.txt | ASCII | 2 | 0 |
| └── sfx.7z | 7Z | 1 | 1 |
| └── world.txt | ASCII | 2 | 0 |
(A) If we scan for embedded files at any layer, we may detect:
| description | type | rec level | nested fmap level |
| ------------------------- | ----- | --------- | ----------------- |
| foo.tar.gz | GZ | 0 | 0 |
| ├── foo.tar | TAR | 1 | 0 |
| │ ├── bar.zip | ZIP | 2 | 1 |
| │ │ └── hola.txt | ASCII | 3 | 0 |
| │ ├── baz.exe | PE | 2 | 1 |
| │ │ ├── sfx.zip | ZIP | 3 | 1 |
| │ │ │ └── hello.txt | ASCII | 4 | 0 |
| │ │ └── sfx.7z | 7Z | 3 | 1 |
| │ │ └── world.txt | ASCII | 4 | 0 |
| │ ├── sfx.zip | ZIP | 2 | 1 |
| │ │ └── hello.txt | ASCII | 3 | 0 |
| │ └── sfx.7z | 7Z | 2 | 1 |
| │ └── world.txt | ASCII | 3 | 0 |
| ├── sfx.zip | ZIP | 1 | 1 |
| └── sfx.7z | 7Z | 1 | 1 |
(A) is bad because it scans content more than once.
Note that for the GZ layer, it may detect the ZIP and 7Z if the
signature hits on the compressed data, which it might, though
extracting the ZIP and 7Z will likely fail.
The reason the above doesn't happen now is that we restrict embedded
type scans for a bunch of archive formats to include GZ and TAR.
(B) If we scan for embedded files at the foo.tar layer, we may detect:
| description | type | rec level | nested fmap level |
| ------------------------- | ----- | --------- | ----------------- |
| foo.tar.gz | GZ | 0 | 0 |
| └── foo.tar | TAR | 1 | 0 |
| ├── bar.zip | ZIP | 2 | 1 |
| │ └── hola.txt | ASCII | 3 | 0 |
| ├── baz.exe | PE | 2 | 1 |
| ├── sfx.zip | ZIP | 2 | 1 |
| │ └── hello.txt | ASCII | 3 | 0 |
| └── sfx.7z | 7Z | 2 | 1 |
| └── world.txt | ASCII | 3 | 0 |
(B) is almost right. But we can achieve it easily enough only scanning for
embedded content in the current fmap when the "nested fmap level" is 0.
The upside is that it should safely detect all embedded content, even if
it may think the sfz.zip and sfx.7z are in foo.tar instead of in baz.exe.
The biggest risk I can think of affects ZIPs. SFXZIP detection
is identical to ZIP detection, which is why we don't allow SFXZIP to be
detected if insize of a ZIP. If we only allow embedded type scanning at
fmap-layer 0 in each buffer, this will fail to detect the embedded ZIP
if the bar.exe was not compressed in foo.zip and if non-compressed files
extracted from ZIPs aren't extracted as new buffers:
| description | type | rec level | nested fmap level |
| ------------------------- | ----- | --------- | ----------------- |
| foo.zip | ZIP | 0 | 0 |
| └── bar.exe | PE | 1 | 1 |
| └── sfx.zip | ZIP | 2 | 2 |
Provided that we ensure all files extracted from zips are scanned in
new buffers, option (B) should be safe.
(C) If we scan for embedded files at the baz.exe layer, we may detect:
| description | type | rec level | nested fmap level |
| ------------------------- | ----- | --------- | ----------------- |
| foo.tar.gz | GZ | 0 | 0 |
| └── foo.tar | TAR | 1 | 0 |
| ├── bar.zip | ZIP | 2 | 1 |
| │ └── hola.txt | ASCII | 3 | 0 |
| └── baz.exe | PE | 2 | 1 |
| ├── sfx.zip | ZIP | 3 | 1 |
| │ └── hello.txt | ASCII | 4 | 0 |
| └── sfx.7z | 7Z | 3 | 1 |
| └── world.txt | ASCII | 4 | 0 |
(C) is right. But it's harder to achieve. For this example we can get it by
restricting 7ZSFX and ZIPSFX detection only when scanning an executable.
But that may mean losing detection of archives embedded elsewhere.
And we'd have to identify allowable container types for each possible
embedded type, which would be very difficult.
So this commit aims to solve the issue the (B)-way.
Note that in all situations, we still have to scan with file typing
enabled to determine if we need to reassign the current file type, such
as re-identifying a Bzip2 archive as a DMG that happens to be Bzip2-
compressed. Detection of DMG and a handful of other types rely on
finding data partway through or near the ned of a file before
reassigning the entire file as the new type.
Other fixes and considerations in this commit:
- The utf16 HTML parser has weak error handling, particularly with respect
to creating a nested fmap for scanning the ascii decoded file.
This commit cleans up the error handling and wraps the nested scan with
the recursion-stack push()/pop() for correct recursion tracking.
Before this commit, each container layer had a flag to indicate if the
container layer is valid.
We need something similar so that the cli_recursion_stack_get_*()
functions ignore normalized layers. Details...
Imagine an LDB signature for HTML content that specifies a ZIP
container. If the signature actually alerts on the normalized HTML and
you don't ignore normalized layers for the container check, it will
appear as though the alert is in an HTML container rather than a ZIP
container.
This commit accomplishes this with a boolean you set in the scan context
before scanning a new layer. Then when the new fmap is created, it will
use that flag to set similar flag for the layer. The context flag is
reset those that anything after this doesn't have that flag.
The flag allows the new recursion_stack_get() function to ignore
normalized layers when iterating the stack to return a layer at a
requested index, negative or positive.
Scanning normalized extracted/normalized javascript and VBA should also
use the 'layer is normalized' flag.
- This commit also fixes Heuristic.Broken.Executable alert for ELF files
to make sure that:
A) these only alert if cli_append_virus() returns CL_VIRUS (aka it
respects the FP check).
B) all broken-executable alerts for ELF only happen if the
SCAN_HEURISTIC_BROKEN option is enabled.
- This commit also cleans up the error handling in cli_magic_scan_dir().
This was needed so we could correctly apply the layer-is-normalized-flag
to all VBA macros extracted to a directory when scanning the directory.
- Also fix an issue where exceeding scan maximums wouldn't cause embedded
file detection scans to abort. Granted we don't actually want to abort
if max filesize or max recursion depth are exceeded... only if max
scansize, max files, and max scantime are exceeded.
Add 'abort_scan' flag to scan context, to protect against depending on
correct error propagation for fatal conditions. Instead, setting this
flag in the scan context should guarantee that a fatal condition deep in
scan recursion isn't lost which result in more stuff being scanned
instead of aborting. This shouldn't be necessary, but some status codes
like CL_ETIMEOUT never used to be fatal and it's easier to do this than
to verify every parser only returns CL_ETIMEOUT and other "fatal
status codes" in fatal conditions.
- Remove duplicate is_tar() prototype from filestypes.c and include
is_tar.h instead.
- Presently we create the fmap hash when creating the fmap.
This wastes a bit of CPU if the hash is never needed.
Now that we're creating fmap's for all embedded files discovered with
file type recognition scans, this is a much more frequent occurence and
really slows things down.
This commit fixes the issue by only creating fmap hashes as needed.
This should not only resolve the perfomance impact of creating fmap's
for all embedded files, but also should improve performance in general.
- Add allmatch check to the zip parser after the central-header meta
match. That way we don't multiple alerts with the same match except in
allmatch mode. Clean up error handling in the zip parser a tiny bit.
- Fixes to ensure that the scan limits such as scansize, filesize,
recursion depth, # of embedded files, and scantime are always reported
if AlertExceedsMax (--alert-exceeds-max) is enabled.
- Fixed an issue where non-fatal alerts for exceeding scan maximums may
mask signature matches later on. I changed it so these alerts use the
"possibly unwanted" alert-type and thus only alert if no other alerts
were found or if all-match or heuristic-precedence are enabled.
- Added the "Heuristics.Limits.Exceeded.*" events to the JSON metadata
when the --gen-json feature is enabled. These will show up once under
"ParseErrors" the first time a limit is exceeded. In the present
implementation, only one limits-exceeded events will be added, so as to
prevent a malicious or malformed sample from filling the JSON buffer
with millions of events and using a tonne of RAM.
2021-09-11 14:15:21 -07:00
cl_error_t cli_egg_open ( fmap_t * map , void * * hArchive , char * * * comments , uint32_t * nComments )
2018-10-08 12:59:42 -04:00
{
2019-07-01 16:08:14 -04:00
cl_error_t status = CL_EPARSE ;
cl_error_t retval ;
egg_handle * handle = NULL ;
uint32_t magic = 0 ;
const uint8_t * index = 0 ;
2018-10-08 12:59:42 -04:00
if ( ! map | | ! hArchive ) {
cli_errmsg ( " cli_egg_open: Invalid args! \n " ) ;
2019-07-01 16:08:14 -04:00
return CL_EARG ;
2018-10-08 12:59:42 -04:00
}
handle = ( egg_handle * ) cli_calloc ( 1 , sizeof ( egg_handle ) ) ;
if ( NULL = = handle ) {
cli_errmsg ( " cli_egg_open: Failed to allocate memory for egg_handle. \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
handle - > map = map ;
libclamav: Fix scan recursion tracking
Scan recursion is the process of identifying files embedded in other
files and then scanning them, recursively.
Internally this process is more complex than it may sound because a file
may have multiple layers of types before finding a new "file".
At present we treat the recursion count in the scanning context as an
index into both our fmap list AND our container list. These two lists
are conceptually a part of the same thing and should be unified.
But what's concerning is that the "recursion level" isn't actually
incremented or decremented at the same time that we add a layer to the
fmap or container lists but instead is more touchy-feely, increasing
when we find a new "file".
To account for this shadiness, the size of the fmap and container lists
has always been a little longer than our "max scan recursion" limit so
we don't accidentally overflow the fmap or container arrays (!).
I've implemented a single recursion-stack as an array, similar to before,
which includes a pointer to each fmap at each layer, along with the size
and type. Push and pop functions add and remove layers whenever a new
fmap is added. A boolean argument when pushing indicates if the new layer
represents a new buffer or new file (descriptor). A new buffer will reset
the "nested fmap level" (described below).
This commit also provides a solution for an issue where we detect
embedded files more than once during scan recursion.
For illustration, imagine a tarball named foo.tar.gz with this structure:
| description | type | rec level | nested fmap level |
| ------------------------- | ----- | --------- | ----------------- |
| foo.tar.gz | GZ | 0 | 0 |
| └── foo.tar | TAR | 1 | 0 |
| ├── bar.zip | ZIP | 2 | 1 |
| │ └── hola.txt | ASCII | 3 | 0 |
| └── baz.exe | PE | 2 | 1 |
But suppose baz.exe embeds a ZIP archive and a 7Z archive, like this:
| description | type | rec level | nested fmap level |
| ------------------------- | ----- | --------- | ----------------- |
| baz.exe | PE | 0 | 0 |
| ├── sfx.zip | ZIP | 1 | 1 |
| │ └── hello.txt | ASCII | 2 | 0 |
| └── sfx.7z | 7Z | 1 | 1 |
| └── world.txt | ASCII | 2 | 0 |
(A) If we scan for embedded files at any layer, we may detect:
| description | type | rec level | nested fmap level |
| ------------------------- | ----- | --------- | ----------------- |
| foo.tar.gz | GZ | 0 | 0 |
| ├── foo.tar | TAR | 1 | 0 |
| │ ├── bar.zip | ZIP | 2 | 1 |
| │ │ └── hola.txt | ASCII | 3 | 0 |
| │ ├── baz.exe | PE | 2 | 1 |
| │ │ ├── sfx.zip | ZIP | 3 | 1 |
| │ │ │ └── hello.txt | ASCII | 4 | 0 |
| │ │ └── sfx.7z | 7Z | 3 | 1 |
| │ │ └── world.txt | ASCII | 4 | 0 |
| │ ├── sfx.zip | ZIP | 2 | 1 |
| │ │ └── hello.txt | ASCII | 3 | 0 |
| │ └── sfx.7z | 7Z | 2 | 1 |
| │ └── world.txt | ASCII | 3 | 0 |
| ├── sfx.zip | ZIP | 1 | 1 |
| └── sfx.7z | 7Z | 1 | 1 |
(A) is bad because it scans content more than once.
Note that for the GZ layer, it may detect the ZIP and 7Z if the
signature hits on the compressed data, which it might, though
extracting the ZIP and 7Z will likely fail.
The reason the above doesn't happen now is that we restrict embedded
type scans for a bunch of archive formats to include GZ and TAR.
(B) If we scan for embedded files at the foo.tar layer, we may detect:
| description | type | rec level | nested fmap level |
| ------------------------- | ----- | --------- | ----------------- |
| foo.tar.gz | GZ | 0 | 0 |
| └── foo.tar | TAR | 1 | 0 |
| ├── bar.zip | ZIP | 2 | 1 |
| │ └── hola.txt | ASCII | 3 | 0 |
| ├── baz.exe | PE | 2 | 1 |
| ├── sfx.zip | ZIP | 2 | 1 |
| │ └── hello.txt | ASCII | 3 | 0 |
| └── sfx.7z | 7Z | 2 | 1 |
| └── world.txt | ASCII | 3 | 0 |
(B) is almost right. But we can achieve it easily enough only scanning for
embedded content in the current fmap when the "nested fmap level" is 0.
The upside is that it should safely detect all embedded content, even if
it may think the sfz.zip and sfx.7z are in foo.tar instead of in baz.exe.
The biggest risk I can think of affects ZIPs. SFXZIP detection
is identical to ZIP detection, which is why we don't allow SFXZIP to be
detected if insize of a ZIP. If we only allow embedded type scanning at
fmap-layer 0 in each buffer, this will fail to detect the embedded ZIP
if the bar.exe was not compressed in foo.zip and if non-compressed files
extracted from ZIPs aren't extracted as new buffers:
| description | type | rec level | nested fmap level |
| ------------------------- | ----- | --------- | ----------------- |
| foo.zip | ZIP | 0 | 0 |
| └── bar.exe | PE | 1 | 1 |
| └── sfx.zip | ZIP | 2 | 2 |
Provided that we ensure all files extracted from zips are scanned in
new buffers, option (B) should be safe.
(C) If we scan for embedded files at the baz.exe layer, we may detect:
| description | type | rec level | nested fmap level |
| ------------------------- | ----- | --------- | ----------------- |
| foo.tar.gz | GZ | 0 | 0 |
| └── foo.tar | TAR | 1 | 0 |
| ├── bar.zip | ZIP | 2 | 1 |
| │ └── hola.txt | ASCII | 3 | 0 |
| └── baz.exe | PE | 2 | 1 |
| ├── sfx.zip | ZIP | 3 | 1 |
| │ └── hello.txt | ASCII | 4 | 0 |
| └── sfx.7z | 7Z | 3 | 1 |
| └── world.txt | ASCII | 4 | 0 |
(C) is right. But it's harder to achieve. For this example we can get it by
restricting 7ZSFX and ZIPSFX detection only when scanning an executable.
But that may mean losing detection of archives embedded elsewhere.
And we'd have to identify allowable container types for each possible
embedded type, which would be very difficult.
So this commit aims to solve the issue the (B)-way.
Note that in all situations, we still have to scan with file typing
enabled to determine if we need to reassign the current file type, such
as re-identifying a Bzip2 archive as a DMG that happens to be Bzip2-
compressed. Detection of DMG and a handful of other types rely on
finding data partway through or near the ned of a file before
reassigning the entire file as the new type.
Other fixes and considerations in this commit:
- The utf16 HTML parser has weak error handling, particularly with respect
to creating a nested fmap for scanning the ascii decoded file.
This commit cleans up the error handling and wraps the nested scan with
the recursion-stack push()/pop() for correct recursion tracking.
Before this commit, each container layer had a flag to indicate if the
container layer is valid.
We need something similar so that the cli_recursion_stack_get_*()
functions ignore normalized layers. Details...
Imagine an LDB signature for HTML content that specifies a ZIP
container. If the signature actually alerts on the normalized HTML and
you don't ignore normalized layers for the container check, it will
appear as though the alert is in an HTML container rather than a ZIP
container.
This commit accomplishes this with a boolean you set in the scan context
before scanning a new layer. Then when the new fmap is created, it will
use that flag to set similar flag for the layer. The context flag is
reset those that anything after this doesn't have that flag.
The flag allows the new recursion_stack_get() function to ignore
normalized layers when iterating the stack to return a layer at a
requested index, negative or positive.
Scanning normalized extracted/normalized javascript and VBA should also
use the 'layer is normalized' flag.
- This commit also fixes Heuristic.Broken.Executable alert for ELF files
to make sure that:
A) these only alert if cli_append_virus() returns CL_VIRUS (aka it
respects the FP check).
B) all broken-executable alerts for ELF only happen if the
SCAN_HEURISTIC_BROKEN option is enabled.
- This commit also cleans up the error handling in cli_magic_scan_dir().
This was needed so we could correctly apply the layer-is-normalized-flag
to all VBA macros extracted to a directory when scanning the directory.
- Also fix an issue where exceeding scan maximums wouldn't cause embedded
file detection scans to abort. Granted we don't actually want to abort
if max filesize or max recursion depth are exceeded... only if max
scansize, max files, and max scantime are exceeded.
Add 'abort_scan' flag to scan context, to protect against depending on
correct error propagation for fatal conditions. Instead, setting this
flag in the scan context should guarantee that a fatal condition deep in
scan recursion isn't lost which result in more stuff being scanned
instead of aborting. This shouldn't be necessary, but some status codes
like CL_ETIMEOUT never used to be fatal and it's easier to do this than
to verify every parser only returns CL_ETIMEOUT and other "fatal
status codes" in fatal conditions.
- Remove duplicate is_tar() prototype from filestypes.c and include
is_tar.h instead.
- Presently we create the fmap hash when creating the fmap.
This wastes a bit of CPU if the hash is never needed.
Now that we're creating fmap's for all embedded files discovered with
file type recognition scans, this is a much more frequent occurence and
really slows things down.
This commit fixes the issue by only creating fmap hashes as needed.
This should not only resolve the perfomance impact of creating fmap's
for all embedded files, but also should improve performance in general.
- Add allmatch check to the zip parser after the central-header meta
match. That way we don't multiple alerts with the same match except in
allmatch mode. Clean up error handling in the zip parser a tiny bit.
- Fixes to ensure that the scan limits such as scansize, filesize,
recursion depth, # of embedded files, and scantime are always reported
if AlertExceedsMax (--alert-exceeds-max) is enabled.
- Fixed an issue where non-fatal alerts for exceeding scan maximums may
mask signature matches later on. I changed it so these alerts use the
"possibly unwanted" alert-type and thus only alert if no other alerts
were found or if all-match or heuristic-precedence are enabled.
- Added the "Heuristics.Limits.Exceeded.*" events to the JSON metadata
when the --gen-json feature is enabled. These will show up once under
"ParseErrors" the first time a limit is exceeded. In the present
implementation, only one limits-exceeded events will be added, so as to
prevent a malicious or malformed sample from filling the JSON buffer
with millions of events and using a tonne of RAM.
2021-09-11 14:15:21 -07:00
handle - > offset = 0 ;
2018-10-08 12:59:42 -04:00
/*
* 1 st :
* Parse the archive headers .
*/
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = ( retval = egg_parse_archive_headers ( handle ) ) ) {
2018-10-08 12:59:42 -04:00
cli_warnmsg ( " cli_egg_open: Failed to parse archive headers! \n " ) ;
goto done ;
}
/*
* 2 nd :
* Archive headers may be followed by :
* a ) 0 + file headers
* b ) 0 + block headers
* c ) 0 + archive comment headers
*/
2019-07-01 16:08:14 -04:00
while ( CL_SUCCESS = = retval ) {
2018-10-08 12:59:42 -04:00
/* Get the next magic32_t */
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , sizeof ( magic32_t ) ) ;
if ( ! index ) {
cli_dbgmsg ( " cli_egg_open: No more data in archive. \n " ) ;
break ;
}
magic = le32_to_host ( * ( ( uint32_t * ) index ) ) ;
if ( EOFARC = = magic ) {
/*
* Archive headers should conclude with EOFARC magic bytes .
*/
handle - > offset + = sizeof ( magic32_t ) ;
if ( handle - > map - > len > handle - > offset ) {
cli_warnmsg ( " Apparent end to EGG archive, but an addition %zu bytes of data exists in the file! \n " ,
handle - > map - > len - handle - > offset ) ;
} else {
cli_dbgmsg ( " cli_egg_open: Successfully indexed EGG archive! \n " ) ;
}
break ; /* Break out of the loop */
} else if ( FILE_HEADER_MAGIC = = magic ) {
/*
* Archive File Header
*/
egg_file * found_file = NULL ;
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = ( retval = egg_parse_file_headers ( handle , & found_file ) ) ) {
2018-10-08 12:59:42 -04:00
cli_dbgmsg ( " cli_egg_open: Issue parsing file header. Error code: %u \n " , retval ) ;
goto done ;
} else if ( found_file = = NULL ) {
cli_errmsg ( " cli_egg_open: Logic error! Succesfully parsed file headers, "
" but did not return egg_file information! \n " ) ;
goto done ;
} else {
/* Add file to list. */
2019-07-01 16:21:20 -04:00
egg_file * * files_tmp ;
files_tmp = ( egg_file * * ) cli_realloc (
2018-10-08 12:59:42 -04:00
( void * ) handle - > files ,
sizeof ( egg_file * ) * ( handle - > nFiles + 1 ) ) ;
2019-07-01 16:21:20 -04:00
if ( NULL = = files_tmp ) {
2020-05-07 14:12:17 -04:00
egg_free_egg_file ( found_file ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
2019-07-01 16:21:20 -04:00
handle - > files = files_tmp ;
2018-10-08 12:59:42 -04:00
handle - > files [ handle - > nFiles ] = found_file ;
handle - > nFiles + + ;
}
} else if ( BLOCK_HEADER_MAGIC = = magic ) {
/*
* Archive Block Header
*/
egg_block * found_block = NULL ;
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = ( retval = egg_parse_block_headers ( handle , & found_block ) ) ) {
2018-10-08 12:59:42 -04:00
cli_dbgmsg ( " cli_egg_open: Issue parsing block header. Error code: %u \n " , retval ) ;
goto done ;
} else if ( found_block = = NULL ) {
cli_errmsg ( " cli_egg_open: Logic error! Succesfully parsed block headers, "
" but did not return egg_block information! \n " ) ;
goto done ;
} else {
/* Add block to list. */
if ( handle - > bSolid ) {
2019-07-01 16:21:20 -04:00
egg_block * * blocks_tmp ;
blocks_tmp = ( egg_block * * ) cli_realloc (
2018-10-08 12:59:42 -04:00
( void * ) handle - > blocks ,
sizeof ( egg_block * ) * ( handle - > nBlocks + 1 ) ) ;
2019-07-01 16:21:20 -04:00
if ( NULL = = blocks_tmp ) {
2020-05-07 14:12:17 -04:00
egg_free_egg_block ( found_block ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
2019-07-01 16:21:20 -04:00
handle - > blocks = blocks_tmp ;
2018-10-08 12:59:42 -04:00
handle - > blocks [ handle - > nBlocks ] = found_block ;
handle - > nBlocks + + ;
} else {
egg_file * eggFile = NULL ;
/*
* Associate block with most recently added file .
*/
if ( handle - > nFiles = = 0 ) {
cli_dbgmsg ( " cli_egg_open: No file found for block in non-solid archive. \n " ) ;
// TODO: create an unamed block.
} else {
2019-07-01 16:21:20 -04:00
egg_block * * blocks_tmp ;
2018-10-08 12:59:42 -04:00
eggFile = handle - > files [ handle - > nFiles - 1 ] ;
/* Add block to list. */
2019-07-01 16:21:20 -04:00
blocks_tmp = ( egg_block * * ) cli_realloc (
2018-10-08 12:59:42 -04:00
( void * ) eggFile - > blocks ,
sizeof ( egg_block * ) * ( eggFile - > nBlocks + 1 ) ) ;
2019-07-01 16:21:20 -04:00
if ( NULL = = blocks_tmp ) {
2020-05-07 14:12:17 -04:00
egg_free_egg_block ( found_block ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
2019-07-01 16:21:20 -04:00
eggFile - > blocks = blocks_tmp ;
2018-10-08 12:59:42 -04:00
eggFile - > blocks [ eggFile - > nBlocks ] = found_block ;
eggFile - > nBlocks + + ;
}
}
}
} else if ( COMMENT_HEADER_MAGIC = = magic ) {
/*
* Parse extra field for archive comment header .
*/
2019-07-01 16:21:20 -04:00
char * * comments_tmp ;
2018-10-08 12:59:42 -04:00
extra_field * extraField = NULL ;
char * comment = NULL ;
uint32_t size = 0 ;
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , sizeof ( extra_field ) ) ;
if ( ! index ) {
cli_dbgmsg ( " cli_egg_open: File buffer too small to contain extra_field header. \n " ) ;
goto done ;
}
extraField = ( extra_field * ) index ;
cli_dbgmsg ( " cli_egg_open: archive comment extra_field->magic: %08x (%s) \n " , le32_to_host ( extraField - > magic ) , getMagicHeaderName ( le32_to_host ( extraField - > magic ) ) ) ;
cli_dbgmsg ( " cli_egg_open: archive comment extra_field->bit_flag: %02x \n " , extraField - > bit_flag ) ;
handle - > offset + = sizeof ( extra_field ) ;
if ( extraField - > bit_flag & EXTRA_FIELD_FLAGS_SIZE_IS_4BYTES ) {
/* size is uint32_t */
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , sizeof ( uint32_t ) ) ;
if ( ! index ) {
cli_dbgmsg ( " cli_egg_open: File buffer too small to contain archive comment extra_field header. \n " ) ;
goto done ;
}
size = le32_to_host ( * ( uint32_t * ) index ) ;
handle - > offset + = sizeof ( uint32_t ) ;
} else {
/* size is uint16_t */
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , sizeof ( uint16_t ) ) ;
if ( ! index ) {
cli_dbgmsg ( " cli_egg_open: File buffer too small to contain archive comment extra_field header. \n " ) ;
goto done ;
}
size = le16_to_host ( * ( uint16_t * ) index ) ;
handle - > offset + = sizeof ( uint16_t ) ;
}
cli_dbgmsg ( " cli_egg_open: archive comment extra_field->size: %u \n " , size ) ;
index = ( const uint8_t * ) fmap_need_off_once ( handle - > map , handle - > offset , size ) ;
if ( ! index ) {
cli_dbgmsg ( " cli_egg_open: File buffer too small to contain extra_field header. \n " ) ;
goto done ;
}
retval = egg_parse_comment_header ( index , size , extraField , & comment ) ;
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = retval ) {
2018-10-08 12:59:42 -04:00
cli_dbgmsg ( " cli_egg_open: Failed to parse archive comment extra_field data. \n " ) ;
goto done ;
}
2019-07-01 16:21:20 -04:00
comments_tmp = ( char * * ) cli_realloc (
2018-10-08 12:59:42 -04:00
( void * ) handle - > comments ,
More Coverity bug fixes
Fixed the following Coverity issues:
- 225236 - In cli_egg_extract_file: Dereference of an explicit
null value (CWE-476). The first fail case checked handle for
NULL and then dereferenced it in the done block
- 225209 - In executeIfNewVersion: Leak of memory or pointers
to system resources (CWE-404). modifiedCommand was defined
twice, with the inner instance being assigned to and the
outer instance being freed
- 225201 - In regex_list_match: Code can never be reached
because of a logical contradiction (CWE-561). The code had
logic off to the side that may have been missed:
filter_search_rc = filter_search(&matcher->filter, (const unsigned char *)bufrev, buffer_len) != -1;
if (filter_search_rc == -1) {
- 225198 - In phishingCheck: Leak of memory or pointers to
system resources (CWE-404). A fail case caused by malloc
failing would leak previously allocated memory.
- 225197 - In updatecustomdb: A pointer to freed memory
is dereferenced, used as a function argument, or otherwise
used (CWE-416). In a fail case, a pointer was freed and
then used in a debug print statement
- 225190 - In updatedb: A pointer to freed memory is
dereferenced, used as a function argument, or otherwise used
(CWE-416). In a fail case, a pointer was freed and then used
in a debug print statement
- 225195 - In cli_egg_open: The sizeof operator is used on a
wrong argument that incidentally has the same size (CWE-467).
sizeof(char **) was being used instead of sizeof(char *)
- 225193 - In egg_parse_comment_header: Code can never be
reached because of a logical contradiction (CWE-561).
A cleanup case for variable comment was unnecessary, and
to fix comment was removed entirely.
- 225147 - In get_server_node: Code can never be reached
because of a logical contradiction (CWE-561). A cleanup
case for variable url was unnecessary
- 225168 - In download_complete_callback: Missing break
statement between cases in switch statement (CWE-484).
In the case where forking failed, freshclam would check
the database without forking but then continue on to
execute the code intended to be done in the child process
because of a missing break statement
- 225152 - In cli_egg_lzma_decompress: Use of an
uninitialized variable (CWE-457). Certain fail cases
would call cli_LzmaShutdown on an uninitialized stream.
Now it’s only called after initialization occurs.
2020-05-08 11:57:32 -04:00
sizeof ( char * ) * ( handle - > nComments + 1 ) ) ;
2019-07-01 16:21:20 -04:00
if ( NULL = = comments_tmp ) {
2020-05-07 14:12:17 -04:00
free ( comment ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
2019-07-01 16:21:20 -04:00
handle - > comments = comments_tmp ;
2018-10-08 12:59:42 -04:00
handle - > comments [ handle - > nComments ] = comment ;
handle - > nComments + + ;
2019-05-24 10:00:35 -04:00
handle - > offset + = size ;
2018-10-08 12:59:42 -04:00
} else {
cli_dbgmsg ( " cli_egg_open: unexpected header magic: %08x (%s) \n " , magic , getMagicHeaderName ( magic ) ) ;
2019-07-01 16:08:14 -04:00
status = CL_EPARSE ;
2019-05-24 10:00:35 -04:00
goto done ;
2018-10-08 12:59:42 -04:00
}
}
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = retval ) {
if ( CL_BREAK = = retval ) {
2018-10-08 12:59:42 -04:00
/* End of archive. */
if ( ( handle - > bSplit ) & & ( handle - > splitInfo - > next_file_id ! = 0 ) )
cli_warnmsg ( " cli_egg_open: Abrupt end to EGG volume! \n " ) ;
else
cli_dbgmsg ( " cli_egg_open: End of EGG volume in split archive. \n " ) ;
} else {
/* Something went wrong. */
cli_warnmsg ( " cli_egg_open: Failed to parse file headers! \n " ) ;
}
}
2019-05-24 10:00:35 -04:00
* hArchive = handle ;
* comments = handle - > comments ;
* nComments = handle - > nComments ;
2019-07-01 16:08:14 -04:00
status = CL_SUCCESS ;
2018-10-08 12:59:42 -04:00
done :
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = status ) {
2019-08-14 13:07:21 -04:00
if ( handle ) {
2018-10-08 12:59:42 -04:00
egg_free_egg_handle ( handle ) ;
2019-08-14 13:07:21 -04:00
}
2018-10-08 12:59:42 -04:00
* hArchive = NULL ;
}
return status ;
}
2019-07-01 16:08:14 -04:00
cl_error_t cli_egg_peek_file_header ( void * hArchive , cl_egg_metadata * file_metadata )
2018-10-08 12:59:42 -04:00
{
2019-07-01 16:08:14 -04:00
cl_error_t status = CL_EPARSE ;
egg_handle * handle = NULL ;
egg_file * currFile = NULL ;
2018-10-08 12:59:42 -04:00
if ( ! hArchive | | ! file_metadata ) {
cli_errmsg ( " cli_egg_peek_file_header: Invalid args! \n " ) ;
2019-07-01 16:08:14 -04:00
return CL_EARG ;
2018-10-08 12:59:42 -04:00
}
handle = ( egg_handle * ) hArchive ;
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = EGG_VALIDATE_HANDLE ( handle ) ) {
2018-10-08 12:59:42 -04:00
cli_errmsg ( " cli_egg_peek_file_header: Invalid handle values! \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EARG ;
2018-10-08 12:59:42 -04:00
goto done ;
}
memset ( file_metadata , 0 , sizeof ( cl_egg_metadata ) ) ;
if ( handle - > fileExtractionIndex > = handle - > nFiles ) {
2019-07-01 16:08:14 -04:00
status = CL_BREAK ;
2018-10-08 12:59:42 -04:00
goto done ;
}
currFile = handle - > files [ handle - > fileExtractionIndex ] ;
if ( NULL = = currFile ) {
cli_errmsg ( " cli_egg_peek_file_header: invalid egg_file pointer! \n " ) ;
goto done ;
}
if ( NULL = = currFile - > file ) {
cli_errmsg ( " cli_egg_peek_file_header: egg_file is missing file header! \n " ) ;
goto done ;
}
2019-08-13 10:52:18 -04:00
if ( NULL = = currFile - > filename . name_utf8 ) {
cli_errmsg ( " cli_egg_extract_file: egg_file is missing filename! \n " ) ;
goto done ;
}
2018-10-08 12:59:42 -04:00
if ( handle - > bSolid ) {
/*
2019-07-01 17:16:41 -04:00
* TODO : Add support for extracting files from solid archives .
*
* See the comments in cli_egg_extract_file ( ) for more details .
2018-10-08 12:59:42 -04:00
*/
file_metadata - > pack_size = 0 ;
file_metadata - > unpack_size = currFile - > file - > file_length ;
} else {
uint64_t i = 0 ;
if ( ! currFile - > blocks ) {
2019-05-24 10:00:35 -04:00
cli_dbgmsg ( " cli_egg_peek_file_header: Empty file! \n " ) ;
2018-10-08 12:59:42 -04:00
}
for ( i = 0 ; i < currFile - > nBlocks ; i + + ) {
egg_block * currBlock = currFile - > blocks [ i ] ;
if ( ! currBlock - > blockHeader ) {
cli_errmsg ( " cli_egg_peek_file_header: egg_block missing block_header! \n " ) ;
goto done ;
}
file_metadata - > pack_size + = currBlock - > blockHeader - > compress_size ;
file_metadata - > unpack_size + = currBlock - > blockHeader - > uncompress_size ;
}
if ( file_metadata - > unpack_size ! = currFile - > file - > file_length ) {
cli_warnmsg ( " cli_egg_peek_file_header: sum of block uncompress_size's does not match listed file_length! \n " ) ;
}
}
file_metadata - > filename = strdup ( currFile - > filename . name_utf8 ) ;
if ( NULL ! = currFile - > encrypt )
file_metadata - > encrypted = 1 ;
if ( currFile - > posixFileInformation & & currFile - > posixFileInformation - > mode & POSIX_INFO_MODE_DIRECTORY )
file_metadata - > is_dir = 1 ;
else if ( currFile - > windowsFileInformation & & currFile - > windowsFileInformation - > attribute & WINDOWS_INFO_ATTRIBUTE_DIRECTORY )
file_metadata - > is_dir = 1 ;
2019-07-01 16:08:14 -04:00
status = CL_SUCCESS ;
2018-10-08 12:59:42 -04:00
done :
return status ;
}
2019-07-01 16:08:14 -04:00
cl_error_t cli_egg_deflate_decompress ( char * compressed , size_t compressed_size , char * * decompressed , size_t * decompressed_size )
2018-10-08 12:59:42 -04:00
{
2019-07-01 16:08:14 -04:00
cl_error_t status = CL_EPARSE ;
2018-10-08 12:59:42 -04:00
2019-07-01 16:21:20 -04:00
uint8_t * decoded_tmp ;
2018-10-08 12:59:42 -04:00
uint8_t * decoded = NULL ;
uint32_t declen = 0 , capacity = 0 ;
z_stream stream ;
2020-05-07 14:12:17 -04:00
int stream_initialized = 0 ;
2018-10-08 12:59:42 -04:00
int zstat ;
if ( NULL = = compressed | | compressed_size = = 0 | | NULL = = decompressed | | NULL = = decompressed_size ) {
cli_errmsg ( " cli_egg_deflate_decompress: Invalid args! \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EARG ;
2018-10-08 12:59:42 -04:00
goto done ;
}
* decompressed = NULL ;
* decompressed_size = 0 ;
if ( ! ( decoded = ( uint8_t * ) cli_calloc ( BUFSIZ , sizeof ( uint8_t ) ) ) ) {
cli_errmsg ( " cli_egg_deflate_decompress: cannot allocate memory for decompressed output \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
capacity = BUFSIZ ;
memset ( & stream , 0 , sizeof ( stream ) ) ;
stream . next_in = ( Bytef * ) compressed ;
stream . avail_in = compressed_size ;
stream . next_out = ( Bytef * ) decoded ;
stream . avail_out = BUFSIZ ;
zstat = inflateInit2 ( & stream , - 15 ) ;
if ( zstat ! = Z_OK ) {
cli_warnmsg ( " cli_egg_deflate_decompress: inflateInit failed \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
2020-05-07 14:12:17 -04:00
stream_initialized = 1 ;
2018-10-08 12:59:42 -04:00
/* initial inflate */
zstat = inflate ( & stream , Z_NO_FLUSH ) ;
/* check if nothing written whatsoever */
if ( ( zstat ! = Z_OK ) & & ( stream . avail_out = = BUFSIZ ) ) {
/* Inflation failed */
cli_errmsg ( " cli_egg_deflate_decompress: failed to decompress data \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EPARSE ;
2018-10-08 12:59:42 -04:00
goto done ;
}
while ( zstat = = Z_OK & & stream . avail_in ) {
/* extend output capacity if needed,*/
if ( stream . avail_out = = 0 ) {
2019-07-01 16:21:20 -04:00
if ( ! ( decoded_tmp = cli_realloc ( decoded , capacity + BUFSIZ ) ) ) {
2018-10-08 12:59:42 -04:00
cli_errmsg ( " cli_egg_deflate_decompress: cannot reallocate memory for decompressed output \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
2019-07-01 16:21:20 -04:00
decoded = decoded_tmp ;
2018-10-08 12:59:42 -04:00
stream . next_out = decoded + capacity ;
stream . avail_out = BUFSIZ ;
declen + = BUFSIZ ;
capacity + = BUFSIZ ;
}
/* continue inflation */
zstat = inflate ( & stream , Z_NO_FLUSH ) ;
}
/* add end fragment to decoded length */
declen + = ( BUFSIZ - stream . avail_out ) ;
/* error handling */
switch ( zstat ) {
case Z_OK :
cli_dbgmsg ( " cli_egg_deflate_decompress: Z_OK on stream decompression \n " ) ;
/* intentional fall-through */
case Z_STREAM_END :
cli_dbgmsg ( " cli_egg_deflate_decompress: decompressed %lu bytes from %lu total bytes (%lu bytes remaining) \n " ,
( unsigned long ) declen , ( unsigned long ) ( compressed_size ) , ( unsigned long ) ( stream . avail_in ) ) ;
break ;
/* potentially fatal - *mostly* ignored as per older version */
case Z_STREAM_ERROR :
case Z_NEED_DICT :
case Z_DATA_ERROR :
case Z_MEM_ERROR :
default :
if ( stream . msg )
cli_dbgmsg ( " cli_egg_deflate_decompress: after decompressing %lu bytes, got error \" %s \" \n " ,
( unsigned long ) declen , stream . msg ) ;
else
cli_dbgmsg ( " cli_egg_deflate_decompress: after decompressing %lu bytes, got error %d \n " ,
( unsigned long ) declen , zstat ) ;
if ( declen = = 0 ) {
cli_dbgmsg ( " cli_egg_deflate_decompress: no bytes were decompressed. \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EPARSE ;
2018-10-08 12:59:42 -04:00
}
break ;
}
* decompressed = ( char * ) decoded ;
* decompressed_size = declen ;
2019-07-01 16:08:14 -04:00
status = CL_SUCCESS ;
2018-10-08 12:59:42 -04:00
done :
2020-05-07 14:12:17 -04:00
if ( stream_initialized ) {
( void ) inflateEnd ( & stream ) ;
}
2018-10-08 12:59:42 -04:00
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = status ) {
2018-10-08 12:59:42 -04:00
free ( decoded ) ;
}
return status ;
}
# ifdef HAVE_BZLIB_H
2019-07-01 16:08:14 -04:00
cl_error_t cli_egg_bzip2_decompress ( char * compressed , size_t compressed_size , char * * decompressed , size_t * decompressed_size )
2018-10-08 12:59:42 -04:00
{
2019-07-01 16:08:14 -04:00
cl_error_t status = CL_EPARSE ;
2018-10-08 12:59:42 -04:00
2019-07-01 16:21:20 -04:00
char * decoded_tmp ;
2018-10-08 12:59:42 -04:00
char * decoded = NULL ;
uint32_t declen = 0 , capacity = 0 ;
bz_stream stream ;
int bzstat ;
if ( NULL = = compressed | | compressed_size = = 0 | | NULL = = decompressed | | NULL = = decompressed_size ) {
cli_errmsg ( " cli_egg_bzip2_decompress: Invalid args! \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EARG ;
2018-10-08 12:59:42 -04:00
goto done ;
}
* decompressed = NULL ;
* decompressed_size = 0 ;
if ( ! ( decoded = ( char * ) cli_calloc ( BUFSIZ , sizeof ( Bytef ) ) ) ) {
cli_errmsg ( " cli_egg_bzip2_decompress: cannot allocate memory for decompressed output \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
capacity = BUFSIZ ;
memset ( & stream , 0 , sizeof ( stream ) ) ;
stream . next_in = compressed ;
stream . avail_in = compressed_size ;
stream . next_out = decoded ;
stream . avail_out = BUFSIZ ;
if ( BZ_OK ! = ( bzstat = BZ2_bzDecompressInit ( & stream , 0 , 0 ) ) ) {
cli_warnmsg ( " cli_egg_bzip2_decompress: bzinit failed \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
/* initial inflate */
bzstat = BZ2_bzDecompress ( & stream ) ;
/* check if nothing written whatsoever */
if ( ( bzstat ! = BZ_OK ) & & ( stream . avail_out = = BUFSIZ ) ) {
/* Inflation failed */
cli_errmsg ( " cli_egg_bzip2_decompress: failed to decompress data \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EPARSE ;
2018-10-08 12:59:42 -04:00
goto done ;
}
while ( bzstat = = BZ_OK & & stream . avail_in ) {
/* extend output capacity if needed,*/
if ( stream . avail_out = = 0 ) {
2019-07-01 16:21:20 -04:00
if ( ! ( decoded_tmp = cli_realloc ( decoded , capacity + BUFSIZ ) ) ) {
2018-10-08 12:59:42 -04:00
cli_errmsg ( " cli_egg_bzip2_decompress: cannot reallocate memory for decompressed output \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
2019-07-01 16:21:20 -04:00
decoded = decoded_tmp ;
2018-10-08 12:59:42 -04:00
stream . next_out = decoded + capacity ;
stream . avail_out = BUFSIZ ;
declen + = BUFSIZ ;
capacity + = BUFSIZ ;
}
/* continue inflation */
bzstat = BZ2_bzDecompress ( & stream ) ;
}
/* add end fragment to decoded length */
declen + = ( BUFSIZ - stream . avail_out ) ;
/* error handling */
switch ( bzstat ) {
case BZ_OK :
cli_dbgmsg ( " cli_egg_bzip2_decompress: BZ_OK on stream decompression \n " ) ;
/* intentional fall-through */
case BZ_STREAM_END :
cli_dbgmsg ( " cli_egg_bzip2_decompress: decompressed %lu bytes from %lu total bytes (%lu bytes remaining) \n " ,
( unsigned long ) declen , ( unsigned long ) ( compressed_size ) , ( unsigned long ) ( stream . avail_in ) ) ;
break ;
/* potentially fatal */
case BZ_DATA_ERROR :
case BZ_MEM_ERROR :
default :
cli_dbgmsg ( " cli_egg_bzip2_decompress: after decompressing %lu bytes, got error %d \n " ,
( unsigned long ) declen , bzstat ) ;
if ( declen = = 0 ) {
cli_dbgmsg ( " cli_egg_bzip2_decompress: no bytes were decompressed. \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EPARSE ;
2018-10-08 12:59:42 -04:00
}
break ;
}
* decompressed = ( char * ) decoded ;
* decompressed_size = declen ;
2019-07-01 16:08:14 -04:00
status = CL_SUCCESS ;
2018-10-08 12:59:42 -04:00
done :
( void ) BZ2_bzDecompressEnd ( & stream ) ;
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = status ) {
2018-10-08 12:59:42 -04:00
free ( decoded ) ;
}
return status ;
}
# endif
2019-07-01 16:08:14 -04:00
cl_error_t cli_egg_lzma_decompress ( char * compressed , size_t compressed_size , char * * decompressed , size_t * decompressed_size )
2018-10-08 12:59:42 -04:00
{
2019-07-01 16:08:14 -04:00
cl_error_t status = CL_EPARSE ;
2018-10-08 12:59:42 -04:00
2019-07-01 16:21:20 -04:00
uint8_t * decoded_tmp ;
2018-10-08 12:59:42 -04:00
uint8_t * decoded = NULL ;
uint32_t declen = 0 , capacity = 0 ;
struct CLI_LZMA stream ;
More Coverity bug fixes
Fixed the following Coverity issues:
- 225236 - In cli_egg_extract_file: Dereference of an explicit
null value (CWE-476). The first fail case checked handle for
NULL and then dereferenced it in the done block
- 225209 - In executeIfNewVersion: Leak of memory or pointers
to system resources (CWE-404). modifiedCommand was defined
twice, with the inner instance being assigned to and the
outer instance being freed
- 225201 - In regex_list_match: Code can never be reached
because of a logical contradiction (CWE-561). The code had
logic off to the side that may have been missed:
filter_search_rc = filter_search(&matcher->filter, (const unsigned char *)bufrev, buffer_len) != -1;
if (filter_search_rc == -1) {
- 225198 - In phishingCheck: Leak of memory or pointers to
system resources (CWE-404). A fail case caused by malloc
failing would leak previously allocated memory.
- 225197 - In updatecustomdb: A pointer to freed memory
is dereferenced, used as a function argument, or otherwise
used (CWE-416). In a fail case, a pointer was freed and
then used in a debug print statement
- 225190 - In updatedb: A pointer to freed memory is
dereferenced, used as a function argument, or otherwise used
(CWE-416). In a fail case, a pointer was freed and then used
in a debug print statement
- 225195 - In cli_egg_open: The sizeof operator is used on a
wrong argument that incidentally has the same size (CWE-467).
sizeof(char **) was being used instead of sizeof(char *)
- 225193 - In egg_parse_comment_header: Code can never be
reached because of a logical contradiction (CWE-561).
A cleanup case for variable comment was unnecessary, and
to fix comment was removed entirely.
- 225147 - In get_server_node: Code can never be reached
because of a logical contradiction (CWE-561). A cleanup
case for variable url was unnecessary
- 225168 - In download_complete_callback: Missing break
statement between cases in switch statement (CWE-484).
In the case where forking failed, freshclam would check
the database without forking but then continue on to
execute the code intended to be done in the child process
because of a missing break statement
- 225152 - In cli_egg_lzma_decompress: Use of an
uninitialized variable (CWE-457). Certain fail cases
would call cli_LzmaShutdown on an uninitialized stream.
Now it’s only called after initialization occurs.
2020-05-08 11:57:32 -04:00
int stream_initialized = 0 ;
2018-10-08 12:59:42 -04:00
int lzmastat ;
if ( NULL = = compressed | | compressed_size = = 0 | | NULL = = decompressed | | NULL = = decompressed_size ) {
cli_errmsg ( " cli_egg_lzma_decompress: Invalid args! \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EARG ;
2018-10-08 12:59:42 -04:00
goto done ;
}
* decompressed = NULL ;
* decompressed_size = 0 ;
if ( ! ( decoded = ( uint8_t * ) cli_calloc ( BUFSIZ , sizeof ( char ) ) ) ) {
cli_errmsg ( " cli_egg_lzma_decompress: cannot allocate memory for decompressed output \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
capacity = BUFSIZ ;
memset ( & stream , 0 , sizeof ( stream ) ) ;
stream . next_in = ( Bytef * ) compressed ;
stream . avail_in = compressed_size ;
stream . next_out = ( Bytef * ) decoded ;
stream . avail_out = BUFSIZ ;
lzmastat = cli_LzmaInit ( & stream , 0 ) ;
if ( lzmastat ! = LZMA_RESULT_OK ) {
cli_warnmsg ( " cli_egg_lzma_decompress: inflateInit failed \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
More Coverity bug fixes
Fixed the following Coverity issues:
- 225236 - In cli_egg_extract_file: Dereference of an explicit
null value (CWE-476). The first fail case checked handle for
NULL and then dereferenced it in the done block
- 225209 - In executeIfNewVersion: Leak of memory or pointers
to system resources (CWE-404). modifiedCommand was defined
twice, with the inner instance being assigned to and the
outer instance being freed
- 225201 - In regex_list_match: Code can never be reached
because of a logical contradiction (CWE-561). The code had
logic off to the side that may have been missed:
filter_search_rc = filter_search(&matcher->filter, (const unsigned char *)bufrev, buffer_len) != -1;
if (filter_search_rc == -1) {
- 225198 - In phishingCheck: Leak of memory or pointers to
system resources (CWE-404). A fail case caused by malloc
failing would leak previously allocated memory.
- 225197 - In updatecustomdb: A pointer to freed memory
is dereferenced, used as a function argument, or otherwise
used (CWE-416). In a fail case, a pointer was freed and
then used in a debug print statement
- 225190 - In updatedb: A pointer to freed memory is
dereferenced, used as a function argument, or otherwise used
(CWE-416). In a fail case, a pointer was freed and then used
in a debug print statement
- 225195 - In cli_egg_open: The sizeof operator is used on a
wrong argument that incidentally has the same size (CWE-467).
sizeof(char **) was being used instead of sizeof(char *)
- 225193 - In egg_parse_comment_header: Code can never be
reached because of a logical contradiction (CWE-561).
A cleanup case for variable comment was unnecessary, and
to fix comment was removed entirely.
- 225147 - In get_server_node: Code can never be reached
because of a logical contradiction (CWE-561). A cleanup
case for variable url was unnecessary
- 225168 - In download_complete_callback: Missing break
statement between cases in switch statement (CWE-484).
In the case where forking failed, freshclam would check
the database without forking but then continue on to
execute the code intended to be done in the child process
because of a missing break statement
- 225152 - In cli_egg_lzma_decompress: Use of an
uninitialized variable (CWE-457). Certain fail cases
would call cli_LzmaShutdown on an uninitialized stream.
Now it’s only called after initialization occurs.
2020-05-08 11:57:32 -04:00
stream_initialized = 1 ;
2018-10-08 12:59:42 -04:00
/* initial inflate */
lzmastat = cli_LzmaDecode ( & stream ) ;
/* check if nothing written whatsoever */
if ( ( lzmastat ! = LZMA_RESULT_OK ) & & ( stream . avail_out = = BUFSIZ ) ) {
/* Inflation failed */
cli_errmsg ( " cli_egg_lzma_decompress: failed to decompress data \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EPARSE ;
2018-10-08 12:59:42 -04:00
goto done ;
}
while ( lzmastat = = LZMA_RESULT_OK & & stream . avail_in ) {
/* extend output capacity if needed,*/
if ( stream . avail_out = = 0 ) {
2019-07-01 16:21:20 -04:00
if ( ! ( decoded_tmp = cli_realloc ( decoded , capacity + BUFSIZ ) ) ) {
2018-10-08 12:59:42 -04:00
cli_errmsg ( " cli_egg_lzma_decompress: cannot reallocate memory for decompressed output \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
2019-07-01 16:21:20 -04:00
decoded = decoded_tmp ;
2018-10-08 12:59:42 -04:00
stream . next_out = decoded + capacity ;
stream . avail_out = BUFSIZ ;
declen + = BUFSIZ ;
capacity + = BUFSIZ ;
}
/* continue inflation */
lzmastat = cli_LzmaDecode ( & stream ) ;
}
/* add end fragment to decoded length */
declen + = ( BUFSIZ - stream . avail_out ) ;
/* error handling */
switch ( lzmastat ) {
case LZMA_RESULT_OK :
cli_dbgmsg ( " cli_egg_lzma_decompress: Z_OK on stream decompression \n " ) ;
/* intentional fall-through */
case LZMA_STREAM_END :
cli_dbgmsg ( " cli_egg_lzma_decompress: decompressed %lu bytes from %lu total bytes (%lu bytes remaining) \n " ,
( unsigned long ) declen , ( unsigned long ) ( compressed_size ) , ( unsigned long ) ( stream . avail_in ) ) ;
break ;
/* potentially fatal */
case LZMA_RESULT_DATA_ERROR :
default :
cli_dbgmsg ( " cli_egg_lzma_decompress: after decompressing %lu bytes, got error %d \n " ,
( unsigned long ) declen , lzmastat ) ;
if ( declen = = 0 ) {
cli_dbgmsg ( " cli_egg_lzma_decompress: no bytes were decompressed. \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EPARSE ;
2018-10-08 12:59:42 -04:00
}
break ;
}
* decompressed = ( char * ) decoded ;
* decompressed_size = declen ;
2019-07-01 16:08:14 -04:00
status = CL_SUCCESS ;
2018-10-08 12:59:42 -04:00
done :
More Coverity bug fixes
Fixed the following Coverity issues:
- 225236 - In cli_egg_extract_file: Dereference of an explicit
null value (CWE-476). The first fail case checked handle for
NULL and then dereferenced it in the done block
- 225209 - In executeIfNewVersion: Leak of memory or pointers
to system resources (CWE-404). modifiedCommand was defined
twice, with the inner instance being assigned to and the
outer instance being freed
- 225201 - In regex_list_match: Code can never be reached
because of a logical contradiction (CWE-561). The code had
logic off to the side that may have been missed:
filter_search_rc = filter_search(&matcher->filter, (const unsigned char *)bufrev, buffer_len) != -1;
if (filter_search_rc == -1) {
- 225198 - In phishingCheck: Leak of memory or pointers to
system resources (CWE-404). A fail case caused by malloc
failing would leak previously allocated memory.
- 225197 - In updatecustomdb: A pointer to freed memory
is dereferenced, used as a function argument, or otherwise
used (CWE-416). In a fail case, a pointer was freed and
then used in a debug print statement
- 225190 - In updatedb: A pointer to freed memory is
dereferenced, used as a function argument, or otherwise used
(CWE-416). In a fail case, a pointer was freed and then used
in a debug print statement
- 225195 - In cli_egg_open: The sizeof operator is used on a
wrong argument that incidentally has the same size (CWE-467).
sizeof(char **) was being used instead of sizeof(char *)
- 225193 - In egg_parse_comment_header: Code can never be
reached because of a logical contradiction (CWE-561).
A cleanup case for variable comment was unnecessary, and
to fix comment was removed entirely.
- 225147 - In get_server_node: Code can never be reached
because of a logical contradiction (CWE-561). A cleanup
case for variable url was unnecessary
- 225168 - In download_complete_callback: Missing break
statement between cases in switch statement (CWE-484).
In the case where forking failed, freshclam would check
the database without forking but then continue on to
execute the code intended to be done in the child process
because of a missing break statement
- 225152 - In cli_egg_lzma_decompress: Use of an
uninitialized variable (CWE-457). Certain fail cases
would call cli_LzmaShutdown on an uninitialized stream.
Now it’s only called after initialization occurs.
2020-05-08 11:57:32 -04:00
if ( stream_initialized ) {
( void ) cli_LzmaShutdown ( & stream ) ;
}
2018-10-08 12:59:42 -04:00
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = status ) {
2018-10-08 12:59:42 -04:00
free ( decoded ) ;
}
return status ;
}
2019-07-01 16:08:14 -04:00
cl_error_t cli_egg_extract_file ( void * hArchive , const char * * filename , const char * * output_buffer , size_t * output_buffer_length )
2018-10-08 12:59:42 -04:00
{
2019-07-01 16:08:14 -04:00
cl_error_t status = CL_EPARSE ;
2018-10-08 12:59:42 -04:00
egg_handle * handle = NULL ;
egg_file * currFile = NULL ;
char * decompressed = NULL ;
uint64_t decompressed_size = 0 ;
uint64_t i = 0 ;
if ( ! hArchive | | ! filename | | ! output_buffer | | ! output_buffer_length ) {
cli_errmsg ( " cli_egg_extract_file: Invalid args! \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EARG ;
2018-10-08 12:59:42 -04:00
goto done ;
}
* output_buffer = NULL ;
* output_buffer_length = 0 ;
handle = ( egg_handle * ) hArchive ;
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = EGG_VALIDATE_HANDLE ( handle ) ) {
2018-10-08 12:59:42 -04:00
cli_errmsg ( " cli_egg_extract_file: Invalid handle values! \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EARG ;
2018-10-08 12:59:42 -04:00
goto done ;
}
if ( handle - > fileExtractionIndex > = handle - > nFiles ) {
cli_errmsg ( " cli_egg_extract_file: File index exceeds number of files in archive! \n " ) ;
goto done ;
}
currFile = handle - > files [ handle - > fileExtractionIndex ] ;
if ( NULL = = currFile ) {
cli_errmsg ( " cli_egg_extract_file: invalid egg_file pointer! \n " ) ;
goto done ;
}
if ( NULL = = currFile - > file ) {
cli_errmsg ( " cli_egg_extract_file: egg_file is missing file header! \n " ) ;
goto done ;
}
2019-08-13 10:52:18 -04:00
if ( NULL = = currFile - > filename . name_utf8 ) {
cli_errmsg ( " cli_egg_extract_file: egg_file is missing filename! \n " ) ;
goto done ;
}
2018-10-08 12:59:42 -04:00
if ( handle - > bSolid ) {
/*
2019-07-01 17:16:41 -04:00
* TODO : Add support for extracting files from solid archives .
*
* For solid archives , the blocks are shared between all of the files .
* To unpack them , we ' d have to identify which block ( s ) each file would
* be associated with .
*
* Then in theory a single file could be extracted without decompressing
* all of the blocks at the same time .
*
* To be efficient about it , a block could have some sort of ref count
* or list of associated files . Then during extraction , the decompressed
* data for each block that is shared between files is not freed until
* all of the files associated with that block have been extracted .
2018-10-08 12:59:42 -04:00
*/
} else {
if ( currFile - > nBlocks = = 0 | | currFile - > blocks = = NULL ) {
2019-05-24 10:00:35 -04:00
cli_dbgmsg ( " cli_egg_extract_file: Empty file! \n " ) ;
2018-10-08 12:59:42 -04:00
}
for ( i = 0 ; i < currFile - > nBlocks ; i + + ) {
2019-07-01 16:21:20 -04:00
char * decompressed_tmp ;
2019-07-01 16:08:14 -04:00
egg_block * currBlock = currFile - > blocks [ i ] ;
cl_error_t retval = CL_EPARSE ;
2018-10-08 12:59:42 -04:00
if ( NULL = = currBlock - > blockHeader ) {
cli_errmsg ( " cli_egg_extract_file: current egg_block missing header! \n " ) ;
break ;
}
switch ( currBlock - > blockHeader - > compress_algorithm ) {
case BLOCK_HEADER_COMPRESS_ALGORITHM_STORE : {
/*
* No compression . Woohoo !
*/
if ( currBlock - > blockHeader - > compress_size = = 0 ) {
cli_warnmsg ( " cli_egg_extract_file: blockHeader compress_size is 0! \n " ) ;
break ;
} else if ( currBlock - > blockHeader - > compress_size ! = currBlock - > blockHeader - > uncompress_size ) {
cli_warnmsg ( " cli_egg_extract_file: blockHeader compress_size != uncompress_size! \n " ) ;
break ;
}
2019-07-01 16:21:20 -04:00
decompressed_tmp = cli_realloc ( decompressed , ( size_t ) decompressed_size + currBlock - > blockHeader - > compress_size ) ;
if ( NULL = = decompressed_tmp ) {
2019-08-13 10:52:18 -04:00
cli_errmsg ( " cli_egg_extract_file: Failed to allocate % " PRIu64 " bytes for decompressed file! \n " ,
2018-10-08 12:59:42 -04:00
decompressed_size ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
2019-07-01 16:21:20 -04:00
decompressed = decompressed_tmp ;
2018-10-08 12:59:42 -04:00
memcpy ( decompressed + decompressed_size , currBlock - > compressedData , currBlock - > blockHeader - > compress_size ) ;
decompressed_size + = currBlock - > blockHeader - > compress_size ;
2019-07-01 16:08:14 -04:00
retval = CL_SUCCESS ;
2018-10-08 12:59:42 -04:00
break ;
}
case BLOCK_HEADER_COMPRESS_ALGORITHM_DEFLATE : {
char * decompressed_block = NULL ;
size_t decompressed_block_size = 0 ;
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = cli_egg_deflate_decompress ( currBlock - > compressedData ,
currBlock - > blockHeader - > compress_size ,
& decompressed_block ,
& decompressed_block_size ) ) {
2018-10-08 12:59:42 -04:00
/* Failed to decompress block */
cli_warnmsg ( " Failed to decompress RFC 1951 deflate compressed block \n " ) ;
goto done ;
}
/* Decompressed block. Add it to the file data */
2019-07-01 16:21:20 -04:00
decompressed_tmp = cli_realloc ( decompressed , ( size_t ) decompressed_size + decompressed_block_size ) ;
if ( NULL = = decompressed_tmp ) {
2019-08-13 10:52:18 -04:00
cli_errmsg ( " cli_egg_extract_file: Failed to allocate % " PRIu64 " bytes for decompressed file! \n " ,
2018-10-08 12:59:42 -04:00
decompressed_size ) ;
free ( decompressed_block ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
2019-07-01 16:21:20 -04:00
decompressed = decompressed_tmp ;
2018-10-08 12:59:42 -04:00
memcpy ( decompressed + decompressed_size , decompressed_block , decompressed_block_size ) ;
decompressed_size + = decompressed_block_size ;
free ( decompressed_block ) ;
2019-07-01 16:08:14 -04:00
retval = CL_SUCCESS ;
2018-10-08 12:59:42 -04:00
break ;
}
case BLOCK_HEADER_COMPRESS_ALGORITHM_BZIP2 : {
# if HAVE_BZLIB_H
char * decompressed_block = NULL ;
size_t decompressed_block_size = 0 ;
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = cli_egg_bzip2_decompress ( currBlock - > compressedData ,
currBlock - > blockHeader - > compress_size ,
& decompressed_block ,
& decompressed_block_size ) ) {
2018-10-08 12:59:42 -04:00
/* Failed to decompress block */
cli_warnmsg ( " Failed to decompress BZIP2 compressed block \n " ) ;
goto done ;
}
/* Decompressed block. Add it to the file data */
2019-07-01 16:21:20 -04:00
decompressed_tmp = cli_realloc ( decompressed , ( size_t ) decompressed_size + decompressed_block_size ) ;
if ( NULL = = decompressed_tmp ) {
2019-08-13 10:52:18 -04:00
cli_errmsg ( " cli_egg_extract_file: Failed to allocate % " PRIu64 " bytes for decompressed file! \n " ,
2018-10-08 12:59:42 -04:00
decompressed_size ) ;
free ( decompressed_block ) ;
2019-07-01 16:08:14 -04:00
status = CL_EMEM ;
2018-10-08 12:59:42 -04:00
goto done ;
}
2019-07-01 16:21:20 -04:00
decompressed = decompressed_tmp ;
2018-10-08 12:59:42 -04:00
memcpy ( decompressed + decompressed_size , decompressed_block , decompressed_block_size ) ;
decompressed_size + = decompressed_block_size ;
free ( decompressed_block ) ;
2019-07-01 16:08:14 -04:00
retval = CL_SUCCESS ;
2018-10-08 12:59:42 -04:00
break ;
# else
cli_warnmsg ( " cli_egg_extract_file: BZIP2 decompression support not available. \n " ) ;
goto done ;
# endif
}
case BLOCK_HEADER_COMPRESS_ALGORITHM_AZO : {
cli_warnmsg ( " cli_egg_extract_file: AZO decompression not yet supported. \n " ) ;
goto done ;
2022-02-16 00:13:55 +01:00
// break;
2018-10-08 12:59:42 -04:00
}
case BLOCK_HEADER_COMPRESS_ALGORITHM_LZMA : {
2019-06-25 17:37:13 -04:00
cli_warnmsg ( " cli_egg_extract_file: LZMA decompression not yet supported. \n " ) ;
goto done ;
// char* decompressed_block = NULL;
// size_t decompressed_block_size = 0;
2019-07-01 16:08:14 -04:00
// if (CL_SUCCESS != cli_egg_lzma_decompress(currBlock->compressedData,
2019-06-25 17:37:13 -04:00
// currBlock->blockHeader->compress_size,
// &decompressed_block,
// &decompressed_block_size)) {
// /* Failed to decompress block */
// cli_warnmsg("Failed to decompress LZMA compressed block\n");
// goto done;
// }
// /* Decompressed block. Add it to the file data */
2019-07-01 16:21:20 -04:00
// decompressed_tmp = cli_realloc(decompressed, (size_t)decompressed_size + decompressed_block_size);
// if (NULL == decompressed_tmp) {
2019-08-13 10:52:18 -04:00
// cli_errmsg("cli_egg_extract_file: Failed to allocate %" PRIu64 " bytes for decompressed file!\n",
2019-06-25 17:37:13 -04:00
// decompressed_size);
// free(decompressed_block);
2019-07-01 16:08:14 -04:00
// status = CL_EMEM;
2019-06-25 17:37:13 -04:00
// goto done;
// }
2019-07-01 16:21:20 -04:00
// decompressed = decompressed_tmp;
2019-06-25 17:37:13 -04:00
// memcpy(decompressed + decompressed_size, decompressed_block, decompressed_block_size);
// decompressed_size += decompressed_block_size;
// free(decompressed_block);
2019-07-01 16:08:14 -04:00
// retval = CL_SUCCESS;
2019-06-25 17:37:13 -04:00
// break;
2018-10-08 12:59:42 -04:00
}
default : {
cli_errmsg ( " cli_egg_extract_file: unknown compression algorithm: %d! \n " ,
currBlock - > blockHeader - > compress_algorithm ) ;
goto done ;
}
}
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = retval ) {
2018-10-08 12:59:42 -04:00
cli_warnmsg ( " cli_egg_extract_file: Unable to decompress file: %s \n " ,
currFile - > filename . name_utf8 ) ;
}
if ( ( i = = currFile - > nBlocks - 1 ) & & // last block ?
( decompressed_size ! = currFile - > file - > file_length ) ) { // right amount of data ?
2019-08-13 10:52:18 -04:00
cli_warnmsg ( " cli_egg_extract_file: alleged filesize (% " PRIu64 " ) != actual filesize (% " PRIu64 " )! \n " ,
2018-10-08 12:59:42 -04:00
currFile - > file - > file_length ,
decompressed_size ) ;
}
}
}
cli_dbgmsg ( " cli_egg_extract_file: File extracted: %s \n " , currFile - > filename . name_utf8 ) ;
* filename = strdup ( currFile - > filename . name_utf8 ) ;
* output_buffer = decompressed ;
* output_buffer_length = decompressed_size ;
2019-07-01 16:08:14 -04:00
status = CL_SUCCESS ;
2018-10-08 12:59:42 -04:00
done :
More Coverity bug fixes
Fixed the following Coverity issues:
- 225236 - In cli_egg_extract_file: Dereference of an explicit
null value (CWE-476). The first fail case checked handle for
NULL and then dereferenced it in the done block
- 225209 - In executeIfNewVersion: Leak of memory or pointers
to system resources (CWE-404). modifiedCommand was defined
twice, with the inner instance being assigned to and the
outer instance being freed
- 225201 - In regex_list_match: Code can never be reached
because of a logical contradiction (CWE-561). The code had
logic off to the side that may have been missed:
filter_search_rc = filter_search(&matcher->filter, (const unsigned char *)bufrev, buffer_len) != -1;
if (filter_search_rc == -1) {
- 225198 - In phishingCheck: Leak of memory or pointers to
system resources (CWE-404). A fail case caused by malloc
failing would leak previously allocated memory.
- 225197 - In updatecustomdb: A pointer to freed memory
is dereferenced, used as a function argument, or otherwise
used (CWE-416). In a fail case, a pointer was freed and
then used in a debug print statement
- 225190 - In updatedb: A pointer to freed memory is
dereferenced, used as a function argument, or otherwise used
(CWE-416). In a fail case, a pointer was freed and then used
in a debug print statement
- 225195 - In cli_egg_open: The sizeof operator is used on a
wrong argument that incidentally has the same size (CWE-467).
sizeof(char **) was being used instead of sizeof(char *)
- 225193 - In egg_parse_comment_header: Code can never be
reached because of a logical contradiction (CWE-561).
A cleanup case for variable comment was unnecessary, and
to fix comment was removed entirely.
- 225147 - In get_server_node: Code can never be reached
because of a logical contradiction (CWE-561). A cleanup
case for variable url was unnecessary
- 225168 - In download_complete_callback: Missing break
statement between cases in switch statement (CWE-484).
In the case where forking failed, freshclam would check
the database without forking but then continue on to
execute the code intended to be done in the child process
because of a missing break statement
- 225152 - In cli_egg_lzma_decompress: Use of an
uninitialized variable (CWE-457). Certain fail cases
would call cli_LzmaShutdown on an uninitialized stream.
Now it’s only called after initialization occurs.
2020-05-08 11:57:32 -04:00
if ( NULL ! = handle ) {
handle - > fileExtractionIndex + = 1 ;
}
2018-10-08 12:59:42 -04:00
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = status ) {
2018-10-08 12:59:42 -04:00
/* Free buffer */
if ( NULL ! = decompressed ) {
free ( decompressed ) ;
}
}
return status ;
}
2019-07-01 16:08:14 -04:00
cl_error_t cli_egg_skip_file ( void * hArchive )
2018-10-08 12:59:42 -04:00
{
2019-07-01 16:08:14 -04:00
cl_error_t status = CL_EPARSE ;
egg_handle * handle = NULL ;
2018-10-08 12:59:42 -04:00
if ( ! hArchive ) {
cli_errmsg ( " cli_egg_skip_file: Invalid args! \n " ) ;
2019-07-01 16:08:14 -04:00
return CL_EARG ;
2018-10-08 12:59:42 -04:00
}
handle = ( egg_handle * ) hArchive ;
2019-07-01 16:08:14 -04:00
if ( CL_SUCCESS ! = EGG_VALIDATE_HANDLE ( handle ) ) {
2018-10-08 12:59:42 -04:00
cli_errmsg ( " cli_egg_skip_file: Invalid handle values! \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_EARG ;
2018-10-08 12:59:42 -04:00
goto done ;
}
if ( handle - > fileExtractionIndex > = handle - > nFiles ) {
cli_warnmsg ( " cli_egg_skip_file: File index exceeds number of files in archive! \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_BREAK ;
2018-10-08 12:59:42 -04:00
goto done ;
}
handle - > fileExtractionIndex + = 1 ;
if ( handle - > fileExtractionIndex > = handle - > nFiles ) {
2019-07-01 16:08:14 -04:00
status = CL_BREAK ;
2018-10-08 12:59:42 -04:00
}
cli_dbgmsg ( " cli_egg_skip_file: File skipped. \n " ) ;
2019-07-01 16:08:14 -04:00
status = CL_SUCCESS ;
2018-10-08 12:59:42 -04:00
done :
return status ;
}
void cli_egg_close ( void * hArchive )
{
egg_handle * handle = NULL ;
if ( ! hArchive ) {
cli_errmsg ( " cli_egg_close: Invalid args. \n " ) ;
return ;
}
handle = ( egg_handle * ) hArchive ;
egg_free_egg_handle ( handle ) ;
return ;
}
