Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 18:33:16 +00:00
Code Issues Projects Releases Packages Wiki Activity
clamav/libclamav/fmap.c

1095 lines
32 KiB
C
Raw Normal View History

fmap()
2009-08-19 20:42:40 +02:00
/*
Update copyright dates for 2020
2020-01-03 15:44:07 -05:00
* Copyright (C) 2013-2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
fmap: error message tweaks
2013-11-26 13:51:54 -05:00
* Copyright (C) 2009-2013 Sourcefire, Inc.
fmap()
2009-08-19 20:42:40 +02:00
*
* Authors: aCaB <acab@clamav.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*/
/* an mmap "replacement" which doesn't suck */
#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif
Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.
2018-07-30 20:19:28 -04:00
#include <stdint.h>
fmap()
2009-08-19 20:42:40 +02:00
#include <sys/types.h>
#include <sys/stat.h>
builds somwhow
2009-08-20 01:34:03 +02:00
#include <string.h>
Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.
2018-07-30 20:19:28 -04:00
#include <libgen.h>
fmap, scanners.c: win32 fixes
2009-10-12 23:32:27 +02:00
#ifdef HAVE_UNISTD_H
fmap()
2009-08-19 20:42:40 +02:00
#include <unistd.h>
fmap, scanners.c: win32 fixes
2009-10-12 23:32:27 +02:00
#endif
bb#1940
2010-05-15 22:32:44 +02:00
#ifdef ANONYMOUS_MAP
fmap: dumb mode
2009-09-07 11:15:18 +02:00
#ifdef HAVE_SYS_MMAN_H
fmunmap
2009-08-20 02:19:57 +02:00
#include <sys/mman.h>
fmap: dumb mode
2009-09-07 11:15:18 +02:00
#endif
#endif
eintr in pread
2010-05-04 19:38:43 +02:00
#include <errno.h>
fmap()
2009-08-19 20:42:40 +02:00
fmap: antistress mutex only in linux, some cleanup
2009-10-10 15:39:31 +02:00
#ifdef C_LINUX
fuck mmap_sem!
2009-09-10 03:20:02 +02:00
#include <pthread.h>
fmap: antistress mutex only in linux, some cleanup
2009-10-10 15:39:31 +02:00
#endif
fuck mmap_sem!
2009-09-10 03:20:02 +02:00
Move all the crypto API to clamav.h
2014-07-01 19:38:01 -04:00
#include "clamav.h"
fmap()
2009-08-19 20:42:40 +02:00
#include "others.h"
Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.
2018-07-30 20:19:28 -04:00
#include "str.h"
fmap_need, paged read
2009-08-20 01:07:33 +02:00
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
#define FM_MASK_COUNT 0x3fffffff
#define FM_MASK_PAGED 0x40000000
#define FM_MASK_SEEN 0x80000000
#define FM_MASK_LOCKED FM_MASK_SEEN
/* 2 high bits:
00 - not seen - not paged - N/A
01 - N/A - paged - not locked
10 - seen - not paged - N/A
11 - N/A - paged - locked
*/
/* FIXME: tune this stuff */
#define UNPAGE_THRSHLD_LO 4 * 1024 * 1024
#define UNPAGE_THRSHLD_HI 8 * 1024 * 1024
#define READAHEAD_PAGES 8
#if defined(ANONYMOUS_MAP) && defined(C_LINUX) && defined(CL_THREAD_SAFE)
/*
WORKAROUND
Relieve some stress on mmap_sem.
When mmap_sem is heavily hammered, the scheduler
tends to fail to wake us up properly.
*/
pthread_mutex_t fmap_mutex = PTHREAD_MUTEX_INITIALIZER;
#define fmap_lock pthread_mutex_lock(&fmap_mutex)
#define fmap_unlock pthread_mutex_unlock(&fmap_mutex);
#else
#define fmap_lock
#define fmap_unlock
#endif
#ifndef MADV_DONTFORK
#define MADV_DONTFORK 0
#endif
#define fmap_bitmap (m->bitmap)
fmap: win32 fixes
2009-10-10 20:46:05 +02:00
static inline unsigned int fmap_align_items(unsigned int sz, unsigned int al);
static inline unsigned int fmap_align_to(unsigned int sz, unsigned int al);
static inline unsigned int fmap_which_page(fmap_t *m, size_t at);
fmap: win32 support and tidy
2009-10-10 19:10:15 +02:00
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
static const void *handle_need(fmap_t *m, size_t at, size_t len, int lock);
static void handle_unneed_off(fmap_t *m, size_t at, size_t len);
static const void *handle_need_offstr(fmap_t *m, size_t at, size_t len_hint);
static const void *handle_gets(fmap_t *m, char *dst, size_t *at, size_t max_len);
static void unmap_mmap(fmap_t *m);
static void unmap_malloc(fmap_t *m);
fmap: win32 fixes
2009-10-10 20:46:05 +02:00
#ifndef _WIN32
move pread proto
2012-01-10 23:07:29 +02:00
/* pread proto here in order to avoid the use of XOPEN and BSD_SOURCE
which may in turn prevent some mmap constants to be defined */
ssize_t pread(int fd, void *buf, size_t count, off_t offset);
fmap: win32 support and tidy
2009-10-10 19:10:15 +02:00
/* vvvvv POSIX STUFF BELOW vvvvv */
move pread_cb
2012-01-09 12:43:21 +02:00
static off_t pread_cb(void *handle, void *buf, size_t count, off_t offset)
{
return pread((int)(ssize_t)handle, buf, count, offset);
}
Record names of extracted files A way is needed to record scanned file names for two purposes: 1. File names (and extensions) must be stored in the json metadata properties recorded when using the --gen-json clamscan option. Future work may use this to compare file extensions with detected file types. 2. File names are useful when interpretting tmp directory output when using the --leave-temps option. This commit enables file name retention for later use by storing file names in the fmap header structure, if a file name exists. To store the names in fmaps, an optional name argument has been added to any internal scan API's that create fmaps and every call to these APIs has been modified to pass a file name or NULL if a file name is not required. The zip and gpt parsers required some modification to record file names. The NSIS and XAR parsers fail to collect file names at all and will require future work to support file name extraction. Also: - Added recursive extraction to the tmp directory when the --leave-temps option is enabled. When not enabled, the tmp directory structure remains flat so as to prevent the likelihood of exceeding MAX_PATH. The current tmp directory is stored in the scan context. - Made the cli_scanfile() internal API non-static and added it to scanners.h so it would be accessible outside of scanners.c in order to remove code duplication within libmspack.c. - Added function comments to scanners.h and matcher.h - Converted a TDB-type macros and LSIG-type macros to enums for improved type safey. - Converted more return status variables from `int` to `cl_error_t` for improved type safety, and corrected ooxml file typing functions so they use `cli_file_t` exclusively rather than mixing types with `cl_error_t`. - Restructured the magic_scandesc() function to use goto's for error handling and removed the early_ret_from_magicscan() macro and magic_scandesc_cleanup() function. This makes the code easier to read and made it easier to add the recursive tmp directory cleanup to magic_scandesc(). - Corrected zip, egg, rar filename extraction issues. - Removed use of extra sub-directory layer for zip, egg, and rar file extraction. For Zip, this also involved changing the extracted filenames to be randomly generated rather than using the "zip.###" file name scheme.
2020-03-19 21:23:54 -04:00
fmap_t *fmap_check_empty(int fd, off_t offset, size_t len, int *empty, const char *name)
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
{
BB#3737 - Value too large for specified data type Create compile-time preprocessor defines for switching from calling stat() to stat64(). Add --enable-stat64 switch in configure script.
2012-07-16 15:36:49 -04:00
STATBUF st;
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
fmap_t *m = NULL;
libclamav: Generate hash for each new fmap Signature alerts on content extracted into a new fmap such as normalized HTML resulted in checking FP signatures against the fmap's hash value that was initialized to all zeroes, and never computed. This patch seeks will enable FP signatures of normalized HTML files or other content that is extracted to a new fmap to work. This patch doesn't resolve the issue that normal people will write FP signatures targeting the original file, not the normalized file and thus won't really see benefit from this bug-fix. Additional work is needed to traverse the fmap recursion lists and FP-check all parent fmaps when an alert occurs. In addition, the HTML normalization method of temporarily overriding the ctx->fmap instead of increasing the recursion depth and doing ctx->fmap++/-- will need to be corrected for fmap reverse recursion traversal to work.
2020-02-23 12:38:18 -05:00
unsigned char hash[16] = {'\0'};
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
*empty = 0;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (FSTAT(fd, &st)) {
cli_warnmsg("fmap: fstat failed\n");
return NULL;
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!len) len = st.st_size - offset; /* bound checked later */
if (!len) {
cli_dbgmsg("fmap: attempted void mapping\n");
*empty = 1;
return NULL;
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!CLI_ISCONTAINED(0, st.st_size, offset, len)) {
cli_warnmsg("fmap: attempted oof mapping\n");
return NULL;
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
m = cl_fmap_open_handle((void *)(ssize_t)fd, offset, len, pread_cb, 1);
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
if (!m)
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
return NULL;
m->mtime = st.st_mtime;
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
m->handle_is_fd = 1;
libclamav: Generate hash for each new fmap Signature alerts on content extracted into a new fmap such as normalized HTML resulted in checking FP signatures against the fmap's hash value that was initialized to all zeroes, and never computed. This patch seeks will enable FP signatures of normalized HTML files or other content that is extracted to a new fmap to work. This patch doesn't resolve the issue that normal people will write FP signatures targeting the original file, not the normalized file and thus won't really see benefit from this bug-fix. Additional work is needed to traverse the fmap recursion lists and FP-check all parent fmaps when an alert occurs. In addition, the HTML normalization method of temporarily overriding the ctx->fmap instead of increasing the recursion depth and doing ctx->fmap++/-- will need to be corrected for fmap reverse recursion traversal to work.
2020-02-23 12:38:18 -05:00
/* Calculate the fmap hash to be used by the FP check later */
if (CL_SUCCESS != fmap_get_MD5(hash, m)) {
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
funmap(m);
libclamav: Generate hash for each new fmap Signature alerts on content extracted into a new fmap such as normalized HTML resulted in checking FP signatures against the fmap's hash value that was initialized to all zeroes, and never computed. This patch seeks will enable FP signatures of normalized HTML files or other content that is extracted to a new fmap to work. This patch doesn't resolve the issue that normal people will write FP signatures targeting the original file, not the normalized file and thus won't really see benefit from this bug-fix. Additional work is needed to traverse the fmap recursion lists and FP-check all parent fmaps when an alert occurs. In addition, the HTML normalization method of temporarily overriding the ctx->fmap instead of increasing the recursion depth and doing ctx->fmap++/-- will need to be corrected for fmap reverse recursion traversal to work.
2020-02-23 12:38:18 -05:00
return NULL;
}
memcpy(m->maphash, hash, 16);
Record names of extracted files A way is needed to record scanned file names for two purposes: 1. File names (and extensions) must be stored in the json metadata properties recorded when using the --gen-json clamscan option. Future work may use this to compare file extensions with detected file types. 2. File names are useful when interpretting tmp directory output when using the --leave-temps option. This commit enables file name retention for later use by storing file names in the fmap header structure, if a file name exists. To store the names in fmaps, an optional name argument has been added to any internal scan API's that create fmaps and every call to these APIs has been modified to pass a file name or NULL if a file name is not required. The zip and gpt parsers required some modification to record file names. The NSIS and XAR parsers fail to collect file names at all and will require future work to support file name extraction. Also: - Added recursive extraction to the tmp directory when the --leave-temps option is enabled. When not enabled, the tmp directory structure remains flat so as to prevent the likelihood of exceeding MAX_PATH. The current tmp directory is stored in the scan context. - Made the cli_scanfile() internal API non-static and added it to scanners.h so it would be accessible outside of scanners.c in order to remove code duplication within libmspack.c. - Added function comments to scanners.h and matcher.h - Converted a TDB-type macros and LSIG-type macros to enums for improved type safey. - Converted more return status variables from `int` to `cl_error_t` for improved type safety, and corrected ooxml file typing functions so they use `cli_file_t` exclusively rather than mixing types with `cl_error_t`. - Restructured the magic_scandesc() function to use goto's for error handling and removed the early_ret_from_magicscan() macro and magic_scandesc_cleanup() function. This makes the code easier to read and made it easier to add the recursive tmp directory cleanup to magic_scandesc(). - Corrected zip, egg, rar filename extraction issues. - Removed use of extra sub-directory layer for zip, egg, and rar file extraction. For Zip, this also involved changing the extracted filenames to be randomly generated rather than using the "zip.###" file name scheme.
2020-03-19 21:23:54 -04:00
if (NULL != name) {
m->name = cli_strdup(name);
if (NULL == m->name) {
funmap(m);
return NULL;
}
}
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
return m;
}
#else
/* vvvvv WIN32 STUFF BELOW vvvvv */
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
static void unmap_win32(fmap_t *m)
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
{
if (NULL != m) {
if (NULL != m->data) {
UnmapViewOfFile(m->data);
}
if (NULL != m->mh) {
CloseHandle(m->mh);
}
Record names of extracted files A way is needed to record scanned file names for two purposes: 1. File names (and extensions) must be stored in the json metadata properties recorded when using the --gen-json clamscan option. Future work may use this to compare file extensions with detected file types. 2. File names are useful when interpretting tmp directory output when using the --leave-temps option. This commit enables file name retention for later use by storing file names in the fmap header structure, if a file name exists. To store the names in fmaps, an optional name argument has been added to any internal scan API's that create fmaps and every call to these APIs has been modified to pass a file name or NULL if a file name is not required. The zip and gpt parsers required some modification to record file names. The NSIS and XAR parsers fail to collect file names at all and will require future work to support file name extraction. Also: - Added recursive extraction to the tmp directory when the --leave-temps option is enabled. When not enabled, the tmp directory structure remains flat so as to prevent the likelihood of exceeding MAX_PATH. The current tmp directory is stored in the scan context. - Made the cli_scanfile() internal API non-static and added it to scanners.h so it would be accessible outside of scanners.c in order to remove code duplication within libmspack.c. - Added function comments to scanners.h and matcher.h - Converted a TDB-type macros and LSIG-type macros to enums for improved type safey. - Converted more return status variables from `int` to `cl_error_t` for improved type safety, and corrected ooxml file typing functions so they use `cli_file_t` exclusively rather than mixing types with `cl_error_t`. - Restructured the magic_scandesc() function to use goto's for error handling and removed the early_ret_from_magicscan() macro and magic_scandesc_cleanup() function. This makes the code easier to read and made it easier to add the recursive tmp directory cleanup to magic_scandesc(). - Corrected zip, egg, rar filename extraction issues. - Removed use of extra sub-directory layer for zip, egg, and rar file extraction. For Zip, this also involved changing the extracted filenames to be randomly generated rather than using the "zip.###" file name scheme.
2020-03-19 21:23:54 -04:00
if (NULL != m->name) {
free(m->name);
}
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
free((void *)m);
}
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
}
Record names of extracted files A way is needed to record scanned file names for two purposes: 1. File names (and extensions) must be stored in the json metadata properties recorded when using the --gen-json clamscan option. Future work may use this to compare file extensions with detected file types. 2. File names are useful when interpretting tmp directory output when using the --leave-temps option. This commit enables file name retention for later use by storing file names in the fmap header structure, if a file name exists. To store the names in fmaps, an optional name argument has been added to any internal scan API's that create fmaps and every call to these APIs has been modified to pass a file name or NULL if a file name is not required. The zip and gpt parsers required some modification to record file names. The NSIS and XAR parsers fail to collect file names at all and will require future work to support file name extraction. Also: - Added recursive extraction to the tmp directory when the --leave-temps option is enabled. When not enabled, the tmp directory structure remains flat so as to prevent the likelihood of exceeding MAX_PATH. The current tmp directory is stored in the scan context. - Made the cli_scanfile() internal API non-static and added it to scanners.h so it would be accessible outside of scanners.c in order to remove code duplication within libmspack.c. - Added function comments to scanners.h and matcher.h - Converted a TDB-type macros and LSIG-type macros to enums for improved type safey. - Converted more return status variables from `int` to `cl_error_t` for improved type safety, and corrected ooxml file typing functions so they use `cli_file_t` exclusively rather than mixing types with `cl_error_t`. - Restructured the magic_scandesc() function to use goto's for error handling and removed the early_ret_from_magicscan() macro and magic_scandesc_cleanup() function. This makes the code easier to read and made it easier to add the recursive tmp directory cleanup to magic_scandesc(). - Corrected zip, egg, rar filename extraction issues. - Removed use of extra sub-directory layer for zip, egg, and rar file extraction. For Zip, this also involved changing the extracted filenames to be randomly generated rather than using the "zip.###" file name scheme.
2020-03-19 21:23:54 -04:00
fmap_t *fmap_check_empty(int fd, off_t offset, size_t len, int *empty, const char *name)
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
{ /* WIN32 */
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
unsigned int pages, mapsz;
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
int pgsz = cli_getpagesize();
BB#3737 - Value too large for specified data type Create compile-time preprocessor defines for switching from calling stat() to stat64(). Add --enable-stat64 switch in configure script.
2012-07-16 15:36:49 -04:00
STATBUF st;
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
fmap_t *m = NULL;
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
const void *data;
HANDLE fh;
HANDLE mh;
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
unsigned char hash[16] = {'\0'};
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
*empty = 0;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (FSTAT(fd, &st)) {
cli_warnmsg("fmap: fstat failed\n");
return NULL;
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (offset < 0 || offset != fmap_align_to(offset, pgsz)) {
cli_warnmsg("fmap: attempted mapping with unaligned offset\n");
return NULL;
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!len) len = st.st_size - offset; /* bound checked later */
if (!len) {
cli_dbgmsg("fmap: attempted void mapping\n");
*empty = 1;
return NULL;
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!CLI_ISCONTAINED(0, st.st_size, offset, len)) {
cli_warnmsg("fmap: attempted oof mapping\n");
return NULL;
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
}
pages = fmap_align_items(len, pgsz);
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if ((fh = (HANDLE)_get_osfhandle(fd)) == INVALID_HANDLE_VALUE) {
cli_errmsg("fmap: cannot get a valid handle for descriptor %d\n", fd);
return NULL;
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!(mh = CreateFileMapping(fh, NULL, PAGE_READONLY, (DWORD)((len >> 31) >> 1), (DWORD)len, NULL))) {
cli_errmsg("fmap: cannot create a map of descriptor %d\n", fd);
CloseHandle(fh);
return NULL;
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!(data = MapViewOfFile(mh, FILE_MAP_READ, (DWORD)((offset >> 31) >> 1), (DWORD)(offset), len))) {
cli_errmsg("fmap: cannot map file descriptor %d\n", fd);
CloseHandle(mh);
CloseHandle(fh);
return NULL;
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!(m = cl_fmap_open_memory(data, len))) {
cli_errmsg("fmap: cannot allocate fmap_t\n", fd);
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
UnmapViewOfFile(data);
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
CloseHandle(mh);
CloseHandle(fh);
return NULL;
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
m->handle = (void *)(size_t)fd;
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
m->handle_is_fd = 1;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
m->fh = fh;
m->mh = mh;
m->unmap = unmap_win32;
libclamav: Generate hash for each new fmap Signature alerts on content extracted into a new fmap such as normalized HTML resulted in checking FP signatures against the fmap's hash value that was initialized to all zeroes, and never computed. This patch seeks will enable FP signatures of normalized HTML files or other content that is extracted to a new fmap to work. This patch doesn't resolve the issue that normal people will write FP signatures targeting the original file, not the normalized file and thus won't really see benefit from this bug-fix. Additional work is needed to traverse the fmap recursion lists and FP-check all parent fmaps when an alert occurs. In addition, the HTML normalization method of temporarily overriding the ctx->fmap instead of increasing the recursion depth and doing ctx->fmap++/-- will need to be corrected for fmap reverse recursion traversal to work.
2020-02-23 12:38:18 -05:00
/* Calculate the fmap hash to be used by the FP check later */
if (CL_SUCCESS != fmap_get_MD5(hash, m)) {
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
funmap(m);
libclamav: Generate hash for each new fmap Signature alerts on content extracted into a new fmap such as normalized HTML resulted in checking FP signatures against the fmap's hash value that was initialized to all zeroes, and never computed. This patch seeks will enable FP signatures of normalized HTML files or other content that is extracted to a new fmap to work. This patch doesn't resolve the issue that normal people will write FP signatures targeting the original file, not the normalized file and thus won't really see benefit from this bug-fix. Additional work is needed to traverse the fmap recursion lists and FP-check all parent fmaps when an alert occurs. In addition, the HTML normalization method of temporarily overriding the ctx->fmap instead of increasing the recursion depth and doing ctx->fmap++/-- will need to be corrected for fmap reverse recursion traversal to work.
2020-02-23 12:38:18 -05:00
return NULL;
}
memcpy(m->maphash, hash, 16);
Record names of extracted files A way is needed to record scanned file names for two purposes: 1. File names (and extensions) must be stored in the json metadata properties recorded when using the --gen-json clamscan option. Future work may use this to compare file extensions with detected file types. 2. File names are useful when interpretting tmp directory output when using the --leave-temps option. This commit enables file name retention for later use by storing file names in the fmap header structure, if a file name exists. To store the names in fmaps, an optional name argument has been added to any internal scan API's that create fmaps and every call to these APIs has been modified to pass a file name or NULL if a file name is not required. The zip and gpt parsers required some modification to record file names. The NSIS and XAR parsers fail to collect file names at all and will require future work to support file name extraction. Also: - Added recursive extraction to the tmp directory when the --leave-temps option is enabled. When not enabled, the tmp directory structure remains flat so as to prevent the likelihood of exceeding MAX_PATH. The current tmp directory is stored in the scan context. - Made the cli_scanfile() internal API non-static and added it to scanners.h so it would be accessible outside of scanners.c in order to remove code duplication within libmspack.c. - Added function comments to scanners.h and matcher.h - Converted a TDB-type macros and LSIG-type macros to enums for improved type safey. - Converted more return status variables from `int` to `cl_error_t` for improved type safety, and corrected ooxml file typing functions so they use `cli_file_t` exclusively rather than mixing types with `cl_error_t`. - Restructured the magic_scandesc() function to use goto's for error handling and removed the early_ret_from_magicscan() macro and magic_scandesc_cleanup() function. This makes the code easier to read and made it easier to add the recursive tmp directory cleanup to magic_scandesc(). - Corrected zip, egg, rar filename extraction issues. - Removed use of extra sub-directory layer for zip, egg, and rar file extraction. For Zip, this also involved changing the extracted filenames to be randomly generated rather than using the "zip.###" file name scheme.
2020-03-19 21:23:54 -04:00
if (NULL != name) {
m->name = cli_strdup(name);
if (NULL == m->name) {
funmap(m);
return NULL;
}
}
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
return m;
}
#endif /* _WIN32 */
/* vvvvv SHARED STUFF BELOW vvvvv */
fmap: win32 support and tidy
2009-10-10 19:10:15 +02:00
Record names of extracted files A way is needed to record scanned file names for two purposes: 1. File names (and extensions) must be stored in the json metadata properties recorded when using the --gen-json clamscan option. Future work may use this to compare file extensions with detected file types. 2. File names are useful when interpretting tmp directory output when using the --leave-temps option. This commit enables file name retention for later use by storing file names in the fmap header structure, if a file name exists. To store the names in fmaps, an optional name argument has been added to any internal scan API's that create fmaps and every call to these APIs has been modified to pass a file name or NULL if a file name is not required. The zip and gpt parsers required some modification to record file names. The NSIS and XAR parsers fail to collect file names at all and will require future work to support file name extraction. Also: - Added recursive extraction to the tmp directory when the --leave-temps option is enabled. When not enabled, the tmp directory structure remains flat so as to prevent the likelihood of exceeding MAX_PATH. The current tmp directory is stored in the scan context. - Made the cli_scanfile() internal API non-static and added it to scanners.h so it would be accessible outside of scanners.c in order to remove code duplication within libmspack.c. - Added function comments to scanners.h and matcher.h - Converted a TDB-type macros and LSIG-type macros to enums for improved type safey. - Converted more return status variables from `int` to `cl_error_t` for improved type safety, and corrected ooxml file typing functions so they use `cli_file_t` exclusively rather than mixing types with `cl_error_t`. - Restructured the magic_scandesc() function to use goto's for error handling and removed the early_ret_from_magicscan() macro and magic_scandesc_cleanup() function. This makes the code easier to read and made it easier to add the recursive tmp directory cleanup to magic_scandesc(). - Corrected zip, egg, rar filename extraction issues. - Removed use of extra sub-directory layer for zip, egg, and rar file extraction. For Zip, this also involved changing the extracted filenames to be randomly generated rather than using the "zip.###" file name scheme.
2020-03-19 21:23:54 -04:00
fmap_t *fmap_duplicate(cl_fmap_t *map, off_t offset, size_t length, const char *name)
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
{
cl_error_t status = CL_ERROR;
cl_fmap_t *duplicate_map = NULL;
unsigned char hash[16] = {'\0'};
duplicate_map = cli_malloc(sizeof(cl_fmap_t));
if (!duplicate_map) {
cli_warnmsg("fmap_duplicate: map allocation failed\n");
goto done;
}
fmap_aging + fmap_unneed
2009-08-23 20:06:39 +02:00
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
/* Duplicate the state of the original map */
memcpy(duplicate_map, map, sizeof(cl_fmap_t));
/* Set the new offset and length for the new map */
/* can't change offset because then we'd have to discard/move cached
* data, instead use another offset to reuse the already cached data */
duplicate_map->nested_offset += offset;
duplicate_map->len = length;
duplicate_map->real_len = duplicate_map->nested_offset + length;
if (!CLI_ISCONTAINED(map->nested_offset, map->len,
duplicate_map->nested_offset, duplicate_map->len)) {
uint64_t len1, len2;
len1 = map->nested_offset + map->len;
len2 = duplicate_map->nested_offset + duplicate_map->len;
cli_warnmsg("fmap_duplicate: internal map error: %zu, " STDu64 "; %zu, " STDu64 "\n",
(size_t)map->nested_offset,
(uint64_t)len1,
(size_t)duplicate_map->offset,
(uint64_t)len2);
}
fuck mmap_sem!
2009-09-10 03:20:02 +02:00
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
/* Calculate the fmap hash to be used by the FP check later */
if (CL_SUCCESS != fmap_get_MD5(hash, duplicate_map)) {
cli_warnmsg("fmap_duplicate: failed to get fmap MD5\n");
goto done;
}
memcpy(duplicate_map->maphash, hash, 16);
fmap: antistress mutex only in linux, some cleanup
2009-10-10 15:39:31 +02:00
Record names of extracted files A way is needed to record scanned file names for two purposes: 1. File names (and extensions) must be stored in the json metadata properties recorded when using the --gen-json clamscan option. Future work may use this to compare file extensions with detected file types. 2. File names are useful when interpretting tmp directory output when using the --leave-temps option. This commit enables file name retention for later use by storing file names in the fmap header structure, if a file name exists. To store the names in fmaps, an optional name argument has been added to any internal scan API's that create fmaps and every call to these APIs has been modified to pass a file name or NULL if a file name is not required. The zip and gpt parsers required some modification to record file names. The NSIS and XAR parsers fail to collect file names at all and will require future work to support file name extraction. Also: - Added recursive extraction to the tmp directory when the --leave-temps option is enabled. When not enabled, the tmp directory structure remains flat so as to prevent the likelihood of exceeding MAX_PATH. The current tmp directory is stored in the scan context. - Made the cli_scanfile() internal API non-static and added it to scanners.h so it would be accessible outside of scanners.c in order to remove code duplication within libmspack.c. - Added function comments to scanners.h and matcher.h - Converted a TDB-type macros and LSIG-type macros to enums for improved type safey. - Converted more return status variables from `int` to `cl_error_t` for improved type safety, and corrected ooxml file typing functions so they use `cli_file_t` exclusively rather than mixing types with `cl_error_t`. - Restructured the magic_scandesc() function to use goto's for error handling and removed the early_ret_from_magicscan() macro and magic_scandesc_cleanup() function. This makes the code easier to read and made it easier to add the recursive tmp directory cleanup to magic_scandesc(). - Corrected zip, egg, rar filename extraction issues. - Removed use of extra sub-directory layer for zip, egg, and rar file extraction. For Zip, this also involved changing the extracted filenames to be randomly generated rather than using the "zip.###" file name scheme.
2020-03-19 21:23:54 -04:00
if (NULL != name) {
map->name = cli_strdup(name);
if (NULL == map->name) {
funmap(map);
return NULL;
}
} else {
map->name = NULL;
}
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
status = CL_SUCCESS;
check for madvise()
2009-10-10 16:37:55 +02:00
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
done:
if (CL_SUCCESS != status) {
if (NULL != duplicate_map) {
free(duplicate_map);
duplicate_map = NULL;
}
}
read ahead test
2009-08-27 12:08:54 +02:00
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
return duplicate_map;
}
Record names of extracted files A way is needed to record scanned file names for two purposes: 1. File names (and extensions) must be stored in the json metadata properties recorded when using the --gen-json clamscan option. Future work may use this to compare file extensions with detected file types. 2. File names are useful when interpretting tmp directory output when using the --leave-temps option. This commit enables file name retention for later use by storing file names in the fmap header structure, if a file name exists. To store the names in fmaps, an optional name argument has been added to any internal scan API's that create fmaps and every call to these APIs has been modified to pass a file name or NULL if a file name is not required. The zip and gpt parsers required some modification to record file names. The NSIS and XAR parsers fail to collect file names at all and will require future work to support file name extraction. Also: - Added recursive extraction to the tmp directory when the --leave-temps option is enabled. When not enabled, the tmp directory structure remains flat so as to prevent the likelihood of exceeding MAX_PATH. The current tmp directory is stored in the scan context. - Made the cli_scanfile() internal API non-static and added it to scanners.h so it would be accessible outside of scanners.c in order to remove code duplication within libmspack.c. - Added function comments to scanners.h and matcher.h - Converted a TDB-type macros and LSIG-type macros to enums for improved type safey. - Converted more return status variables from `int` to `cl_error_t` for improved type safety, and corrected ooxml file typing functions so they use `cli_file_t` exclusively rather than mixing types with `cl_error_t`. - Restructured the magic_scandesc() function to use goto's for error handling and removed the early_ret_from_magicscan() macro and magic_scandesc_cleanup() function. This makes the code easier to read and made it easier to add the recursive tmp directory cleanup to magic_scandesc(). - Corrected zip, egg, rar filename extraction issues. - Removed use of extra sub-directory layer for zip, egg, and rar file extraction. For Zip, this also involved changing the extracted filenames to be randomly generated rather than using the "zip.###" file name scheme.
2020-03-19 21:23:54 -04:00
void free_duplicate_fmap(cl_fmap_t *map)
{
if (NULL != map) {
if (NULL != map->name) {
free(map->name);
map->name = NULL;
}
free(map);
}
}
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
static void unmap_handle(fmap_t *m)
{
if (NULL != m) {
if (NULL != m->data) {
if (m->aging) {
unmap_mmap(m);
} else {
free((void *)m->data);
}
m->data = NULL;
}
if (NULL != m->bitmap) {
free(m->bitmap);
m->bitmap = NULL;
}
Record names of extracted files A way is needed to record scanned file names for two purposes: 1. File names (and extensions) must be stored in the json metadata properties recorded when using the --gen-json clamscan option. Future work may use this to compare file extensions with detected file types. 2. File names are useful when interpretting tmp directory output when using the --leave-temps option. This commit enables file name retention for later use by storing file names in the fmap header structure, if a file name exists. To store the names in fmaps, an optional name argument has been added to any internal scan API's that create fmaps and every call to these APIs has been modified to pass a file name or NULL if a file name is not required. The zip and gpt parsers required some modification to record file names. The NSIS and XAR parsers fail to collect file names at all and will require future work to support file name extraction. Also: - Added recursive extraction to the tmp directory when the --leave-temps option is enabled. When not enabled, the tmp directory structure remains flat so as to prevent the likelihood of exceeding MAX_PATH. The current tmp directory is stored in the scan context. - Made the cli_scanfile() internal API non-static and added it to scanners.h so it would be accessible outside of scanners.c in order to remove code duplication within libmspack.c. - Added function comments to scanners.h and matcher.h - Converted a TDB-type macros and LSIG-type macros to enums for improved type safey. - Converted more return status variables from `int` to `cl_error_t` for improved type safety, and corrected ooxml file typing functions so they use `cli_file_t` exclusively rather than mixing types with `cl_error_t`. - Restructured the magic_scandesc() function to use goto's for error handling and removed the early_ret_from_magicscan() macro and magic_scandesc_cleanup() function. This makes the code easier to read and made it easier to add the recursive tmp directory cleanup to magic_scandesc(). - Corrected zip, egg, rar filename extraction issues. - Removed use of extra sub-directory layer for zip, egg, and rar file extraction. For Zip, this also involved changing the extracted filenames to be randomly generated rather than using the "zip.###" file name scheme.
2020-03-19 21:23:54 -04:00
if (NULL != m->name) {
free(m->name);
}
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
free((void *)m);
}
}
implement fmap descriptor API in terms of cl_fmap_open_handle API
2011-06-14 21:15:23 +03:00
implement fmap Win32 API in terms of cl_fmap_open_memory
2011-06-14 21:19:01 +03:00
extern cl_fmap_t *cl_fmap_open_handle(void *handle, size_t offset, size_t len,
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
clcb_pread pread_cb, int use_aging)
implement fmap descriptor API in terms of cl_fmap_open_handle API
2011-06-14 21:15:23 +03:00
{
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
cl_error_t status = CL_EMEM;
unsigned int pages;
size_t mapsz, bitmap_size;
cl_fmap_t *m = NULL;
int pgsz = cli_getpagesize();
implement fmap descriptor API in terms of cl_fmap_open_handle API
2011-06-14 21:15:23 +03:00
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if ((off_t)offset < 0 || offset != fmap_align_to(offset, pgsz)) {
cli_warnmsg("fmap: attempted mapping with unaligned offset\n");
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
goto done;
fmap()
2009-08-19 20:42:40 +02:00
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!len) {
cli_dbgmsg("fmap: attempted void mapping\n");
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
goto done;
fmap()
2009-08-19 20:42:40 +02:00
}
implement fmap descriptor API in terms of cl_fmap_open_handle API
2011-06-14 21:15:23 +03:00
if (offset >= len) {
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
cli_warnmsg("fmap: attempted oof mapping\n");
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
goto done;
fmap()
2009-08-19 20:42:40 +02:00
}
fmap: win32 support and tidy
2009-10-10 19:10:15 +02:00
fmap()
2009-08-19 20:42:40 +02:00
pages = fmap_align_items(len, pgsz);
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
bitmap_size = pages * sizeof(uint32_t);
mapsz = pages * pgsz;
m = cli_calloc(1, sizeof(fmap_t));
if (!m) {
cli_warnmsg("fmap: map header allocation failed\n");
goto done;
}
m->bitmap = cli_calloc(1, bitmap_size);
if (!m) {
cli_warnmsg("fmap: map header allocation failed\n");
goto done;
}
implement fmap descriptor API in terms of cl_fmap_open_handle API
2011-06-14 21:15:23 +03:00
#ifndef ANONYMOUS_MAP
use_aging = 0;
#endif
bb#1940
2010-05-15 22:32:44 +02:00
#ifdef ANONYMOUS_MAP
implement fmap descriptor API in terms of cl_fmap_open_handle API
2011-06-14 21:15:23 +03:00
if (use_aging) {
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
fmap_lock;
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
if ((m->data = (fmap_t *)mmap(NULL,
mapsz,
PROT_READ | PROT_WRITE, MAP_PRIVATE | /* FIXME: MAP_POPULATE is ~8% faster but more memory intensive */ ANONYMOUS_MAP,
-1,
0)) == MAP_FAILED) {
m->data = NULL;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
} else {
check for madvise()
2009-10-10 16:37:55 +02:00
#if HAVE_MADVISE
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
madvise((void *)m->data, mapsz, MADV_RANDOM | MADV_DONTFORK);
check for madvise()
2009-10-10 16:37:55 +02:00
#endif /* madvise */
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
}
fmap_unlock;
fill the header while the mutex is held, same for prefaulting the pages
2009-09-11 22:58:31 +02:00
}
bb#1940
2010-05-15 22:32:44 +02:00
#endif /* ANONYMOUS_MAP */
implement fmap descriptor API in terms of cl_fmap_open_handle API
2011-06-14 21:15:23 +03:00
if (!use_aging) {
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
m->data = (fmap_t *)cli_malloc(mapsz);
if (!(m->data)) {
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
cli_warnmsg("fmap: map allocation failed\n");
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
goto done;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
}
}
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
if (!m->data) {
Check for NULL allocation
2014-04-15 10:27:34 -04:00
cli_warnmsg("fmap: map allocation failed\n");
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
goto done;
Check for NULL allocation
2014-04-15 10:27:34 -04:00
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
m->handle = handle;
m->pread_cb = pread_cb;
m->aging = use_aging;
m->offset = offset;
m->nested_offset = 0;
m->len = len; /* m->nested_offset + m->len = m->real_len */
m->real_len = len;
m->pages = pages;
m->pgsz = pgsz;
m->paged = 0;
add the do not cache flag to fmap_t
2010-03-05 17:42:25 +01:00
m->dont_cache_flag = 0;
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
m->unmap = unmap_handle;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
m->need = handle_need;
m->need_offstr = handle_need_offstr;
m->gets = handle_gets;
m->unneed_off = handle_unneed_off;
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
status = CL_SUCCESS;
done:
if (CL_SUCCESS != status) {
unmap_handle(m);
m = NULL;
}
fmap()
2009-08-19 20:42:40 +02:00
return m;
}
fmap_need, paged read
2009-08-20 01:07:33 +02:00
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
static void fmap_aging(fmap_t *m)
{
bb#1940
2010-05-15 22:32:44 +02:00
#ifdef ANONYMOUS_MAP
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!m->aging) return;
if (m->paged * m->pgsz > UNPAGE_THRSHLD_HI) { /* we alloc'd too much */
unsigned int i, avail = 0, freeme[2048], maxavail = MIN(sizeof(freeme) / sizeof(*freeme), m->paged - UNPAGE_THRSHLD_LO / m->pgsz) - 1;
for (i = 0; i < m->pages; i++) {
uint32_t s = fmap_bitmap[i];
if ((s & (FM_MASK_PAGED | FM_MASK_LOCKED)) == FM_MASK_PAGED) {
/* page is paged and not locked: dec age */
if (s & FM_MASK_COUNT) fmap_bitmap[i]--;
/* and make it available for unpaging */
if (!avail) {
freeme[0] = i;
avail++;
} else {
/* Insert sort onto a stack'd array - same performance as quickselect */
unsigned int insert_to = MIN(maxavail, avail) - 1, age = fmap_bitmap[i] & FM_MASK_COUNT;
if (avail <= maxavail || (fmap_bitmap[freeme[maxavail]] & FM_MASK_COUNT) > age) {
while ((fmap_bitmap[freeme[insert_to]] & FM_MASK_COUNT) > age) {
freeme[insert_to + 1] = freeme[insert_to];
if (!insert_to--) break;
}
freeme[insert_to + 1] = i;
if (avail <= maxavail) avail++;
}
}
}
}
if (avail) { /* at least one page is paged and not locked */
char *lastpage = NULL;
char *firstpage = NULL;
for (i = 0; i < avail; i++) {
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
char *pptr = (char *)m->data + freeme[i] * m->pgsz;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
/* we mark the page as seen */
fmap_bitmap[freeme[i]] = FM_MASK_SEEN;
/* and we mmap the page over so the kernel knows there's nothing good in there */
/* reduce number of mmap calls: if pages are adjacent only do 1 mmap call */
if (lastpage && pptr == lastpage) {
lastpage = pptr + m->pgsz;
continue;
}
if (!lastpage) {
firstpage = pptr;
lastpage = pptr + m->pgsz;
continue;
}
fmap_lock;
if (mmap(firstpage, lastpage - firstpage, PROT_READ | PROT_WRITE, MAP_FIXED | MAP_PRIVATE | ANONYMOUS_MAP, -1, 0) == MAP_FAILED)
cli_dbgmsg("fmap_aging: kernel hates you\n");
fmap_unlock;
firstpage = pptr;
lastpage = pptr + m->pgsz;
}
if (lastpage) {
fmap_lock;
if (mmap(firstpage, lastpage - firstpage, PROT_READ | PROT_WRITE, MAP_FIXED | MAP_PRIVATE | ANONYMOUS_MAP, -1, 0) == MAP_FAILED)
cli_dbgmsg("fmap_aging: kernel hates you\n");
fmap_unlock;
}
m->paged -= avail;
}
fmap_aging + fmap_unneed
2009-08-23 20:06:39 +02:00
}
fmap: dumb mode
2009-09-07 11:15:18 +02:00
#endif
fmap_aging + fmap_unneed
2009-08-23 20:06:39 +02:00
}
bb12332 - fix segfault when scanning bz2 compressed iso9660s by limiting total page prefaulting to the 4GB max
2020-01-30 09:15:44 -08:00
static int fmap_readpage(fmap_t *m, uint64_t first_page, uint32_t count, uint32_t lock_count)
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
{
bb#2306
2010-10-14 16:16:15 +02:00
size_t readsz = 0, eintr_off;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
char *pptr = NULL, errtxt[256];
bb12332 - fix segfault when scanning bz2 compressed iso9660s by limiting total page prefaulting to the 4GB max
2020-01-30 09:15:44 -08:00
uint32_t sbitmap;
uint64_t i, page = first_page, force_read = 0;
if ((size_t)(m->real_len) > (size_t)(UINT_MAX)) {
cli_dbgmsg("fmap_readage: size of file exceeds total prefaultible page size (unpacked file is too large)\n");
return 1;
}
squash preads
2009-08-27 18:29:03 +02:00
fmap: antistress mutex only in linux, some cleanup
2009-10-10 15:39:31 +02:00
fmap_lock;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
for (i = 0; i < count; i++) { /* prefault */
/* Not worth checking if the page is already paged, just ping each */
/* Also not worth reusing the loop below */
volatile char faultme;
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
faultme = ((char *)m->data)[(first_page + i) * m->pgsz];
fuck mmap_sem!
2009-09-10 03:20:02 +02:00
}
fmap: antistress mutex only in linux, some cleanup
2009-10-10 15:39:31 +02:00
fmap_unlock;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
for (i = 0; i <= count; i++, page++) {
int lock;
if (lock_count) {
lock_count--;
lock = 1;
} else
lock = 0;
if (i == count) {
/* we count one page too much to flush pending reads */
if (!pptr) return 0; /* if we have any */
force_read = 1;
bb12332 - fix segfault when scanning bz2 compressed iso9660s by limiting total page prefaulting to the 4GB max
2020-01-30 09:15:44 -08:00
} else if ((sbitmap = fmap_bitmap[page]) & FM_MASK_PAGED) {
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
/* page already paged */
if (lock) {
/* we want locking */
bb12332 - fix segfault when scanning bz2 compressed iso9660s by limiting total page prefaulting to the 4GB max
2020-01-30 09:15:44 -08:00
if (sbitmap & FM_MASK_LOCKED) {
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
/* page already locked */
bb12332 - fix segfault when scanning bz2 compressed iso9660s by limiting total page prefaulting to the 4GB max
2020-01-30 09:15:44 -08:00
sbitmap &= FM_MASK_COUNT;
if (sbitmap == FM_MASK_COUNT) { /* lock count already at max: fial! */
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
cli_errmsg("fmap_readpage: lock count exceeded\n");
return 1;
}
/* acceptable lock count: inc lock count */
fmap_bitmap[page]++;
} else /* page not currently locked: set lock count = 1 */
fmap_bitmap[page] = 1 | FM_MASK_LOCKED | FM_MASK_PAGED;
} else {
/* we don't want locking */
bb12332 - fix segfault when scanning bz2 compressed iso9660s by limiting total page prefaulting to the 4GB max
2020-01-30 09:15:44 -08:00
if (!(sbitmap & FM_MASK_LOCKED)) {
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
/* page is not locked: we reset aging to max */
fmap_bitmap[page] = FM_MASK_PAGED | FM_MASK_COUNT;
}
}
if (!pptr) continue;
force_read = 1;
}
if (force_read) {
/* we have some pending reads to perform */
if (m->handle_is_fd) {
unsigned int j;
int _fd = (int)(ptrdiff_t)m->handle;
for (j = first_page; j < page; j++) {
if (fmap_bitmap[j] & FM_MASK_SEEN) {
/* page we've seen before: check mtime */
STATBUF st;
if (FSTAT(_fd, &st)) {
cli_strerror(errno, errtxt, sizeof(errtxt));
cli_warnmsg("fmap_readpage: fstat failed: %s\n", errtxt);
return 1;
}
if (m->mtime != st.st_mtime) {
cli_warnmsg("fmap_readpage: file changed as we read it\n");
return 1;
}
break;
}
}
}
eintr_off = 0;
while (readsz) {
ssize_t got;
off_t target_offset = eintr_off + m->offset + (first_page * m->pgsz);
got = m->pread_cb(m->handle, pptr, readsz, target_offset);
if (got < 0 && errno == EINTR)
continue;
if (got > 0) {
pptr += got;
eintr_off += got;
readsz -= got;
continue;
}
if (got < 0) {
cli_strerror(errno, errtxt, sizeof(errtxt));
cli_errmsg("fmap_readpage: pread error: %s\n", errtxt);
} else {
cli_warnmsg("fmap_readpage: pread fail: asked for %lu bytes @ offset %lu, got %lu\n", (long unsigned int)readsz, (long unsigned int)target_offset, (long unsigned int)got);
}
return 1;
}
pptr = NULL;
force_read = 0;
readsz = 0;
continue;
}
/* page is not already paged */
if (!pptr) {
/* set a new start for pending reads if we don't have one */
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
pptr = (char *)m->data + page * m->pgsz;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
first_page = page;
}
if ((page == m->pages - 1) && (m->real_len % m->pgsz))
readsz += m->real_len % m->pgsz;
else
readsz += m->pgsz;
if (lock) /* lock requested: set paged, lock page and set lock count to 1 */
fmap_bitmap[page] = FM_MASK_PAGED | FM_MASK_LOCKED | 1;
else /* no locking: set paged and set aging to max */
fmap_bitmap[page] = FM_MASK_PAGED | FM_MASK_COUNT;
m->paged++;
fmap_aging + fmap_unneed
2009-08-23 20:06:39 +02:00
}
fmap_need, paged read
2009-08-20 01:07:33 +02:00
return 0;
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
static const void *handle_need(fmap_t *m, size_t at, size_t len, int lock)
{
bb12332 - fix segfault when scanning bz2 compressed iso9660s by limiting total page prefaulting to the 4GB max
2020-01-30 09:15:44 -08:00
uint64_t first_page, last_page, lock_count;
fmap_need, paged read
2009-08-20 01:07:33 +02:00
char *ret;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!len)
return NULL;
fmap_need, paged read
2009-08-20 01:07:33 +02:00
Introduce cli_map_scandesc to scan a portion of the existing file And switch CPIO, MACHO, and SWF to use it. Now they no longer need to dump a tempfile and remap. To investigate if it is possible to do this with TAR.
2011-06-17 23:08:31 +03:00
at += m->nested_offset;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!CLI_ISCONTAINED(0, m->real_len, at, len))
return NULL;
fmap some fixes
2009-08-24 10:17:45 +02:00
fmap_aging(m);
fmap_need, paged read
2009-08-20 01:07:33 +02:00
first_page = fmap_which_page(m, at);
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
last_page = fmap_which_page(m, at + len - 1);
lock_count = (lock != 0) * (last_page - first_page + 1);
read ahead test
2009-08-27 12:08:54 +02:00
#ifdef READAHED_PAGES
last_page += READAHED_PAGES;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (last_page >= m->pages) last_page = m->pages - 1;
read ahead test
2009-08-27 12:08:54 +02:00
#endif
fmap_need, paged read
2009-08-20 01:07:33 +02:00
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (fmap_readpage(m, first_page, last_page - first_page + 1, lock_count))
return NULL;
fmap_aging + fmap_unneed
2009-08-23 20:06:39 +02:00
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
ret = (char *)m->data + at;
fmap: dumb mode
2009-09-07 11:15:18 +02:00
return (void *)ret;
fmap_need, paged read
2009-08-20 01:07:33 +02:00
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
static void fmap_unneed_page(fmap_t *m, unsigned int page)
{
fmap: do not use flexible bitmap array, inline minimal funcs
2009-10-10 16:04:55 +02:00
uint32_t s = fmap_bitmap[page];
fmap some fixes
2009-08-24 10:17:45 +02:00
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if ((s & (FM_MASK_PAGED | FM_MASK_LOCKED)) == (FM_MASK_PAGED | FM_MASK_LOCKED)) {
/* page is paged and locked: check lock count */
s &= FM_MASK_COUNT;
if (s > 1) /* locked more than once: dec lock count */
fmap_bitmap[page]--;
else if (s == 1) /* only one lock left: unlock and begin aging */
fmap_bitmap[page] = FM_MASK_COUNT | FM_MASK_PAGED;
else
cli_errmsg("fmap_unneed: inconsistent map state\n");
return;
fmap_aging + fmap_unneed
2009-08-23 20:06:39 +02:00
}
cli_warnmsg("fmap_unneed: unneed on a unlocked page\n");
return;
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
static void handle_unneed_off(fmap_t *m, size_t at, size_t len)
{
wrap unneed, unneed in ishield - warning: code is buggy
2009-08-23 21:21:13 +02:00
unsigned int i, first_page, last_page;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!m->aging) return;
if (!len) {
cli_warnmsg("fmap_unneed: attempted void unneed\n");
return;
wrap unneed, unneed in ishield - warning: code is buggy
2009-08-23 21:21:13 +02:00
}
bb #9222: make fmap_unneed respect nested maps
2013-10-24 18:01:41 -04:00
at += m->nested_offset;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!CLI_ISCONTAINED(0, m->real_len, at, len)) {
cli_warnmsg("fmap: attempted oof unneed\n");
return;
wrap unneed, unneed in ishield - warning: code is buggy
2009-08-23 21:21:13 +02:00
}
fmap some fixes
2009-08-24 10:17:45 +02:00
wrap unneed, unneed in ishield - warning: code is buggy
2009-08-23 21:21:13 +02:00
first_page = fmap_which_page(m, at);
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
last_page = fmap_which_page(m, at + len - 1);
wrap unneed, unneed in ishield - warning: code is buggy
2009-08-23 21:21:13 +02:00
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
for (i = first_page; i <= last_page; i++) {
fmap_unneed_page(m, i);
wrap unneed, unneed in ishield - warning: code is buggy
2009-08-23 21:21:13 +02:00
}
}
prepare for new fmap API Introduce a vtable for core fmap functions, and provide static inline wrappers that call these. Also switch over the POSIX interface to use the vtable.
2011-06-14 20:33:15 +03:00
static void unmap_mmap(fmap_t *m)
{
bb#1940
2010-05-15 22:32:44 +02:00
#ifdef ANONYMOUS_MAP
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
size_t len = m->pages * m->pgsz;
prepare for new fmap API Introduce a vtable for core fmap functions, and provide static inline wrappers that call these. Also switch over the POSIX interface to use the vtable.
2011-06-14 20:33:15 +03:00
fmap_lock;
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
if (munmap((void *)m->data, len) == -1) /* munmap() failed */
cli_warnmsg("funmap: unable to unmap memory segment at address: %p with length: %zu\n", (void *)m->data, len);
prepare for new fmap API Introduce a vtable for core fmap functions, and provide static inline wrappers that call these. Also switch over the POSIX interface to use the vtable.
2011-06-14 20:33:15 +03:00
fmap_unlock;
fmap: dumb mode
2009-09-07 11:15:18 +02:00
#endif
fmunmap
2009-08-20 02:19:57 +02:00
}
ishiled full fmap - pt 2
2009-09-05 20:16:10 +02:00
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
static void unmap_malloc(fmap_t *m)
{
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
if (NULL != m) {
Record names of extracted files A way is needed to record scanned file names for two purposes: 1. File names (and extensions) must be stored in the json metadata properties recorded when using the --gen-json clamscan option. Future work may use this to compare file extensions with detected file types. 2. File names are useful when interpretting tmp directory output when using the --leave-temps option. This commit enables file name retention for later use by storing file names in the fmap header structure, if a file name exists. To store the names in fmaps, an optional name argument has been added to any internal scan API's that create fmaps and every call to these APIs has been modified to pass a file name or NULL if a file name is not required. The zip and gpt parsers required some modification to record file names. The NSIS and XAR parsers fail to collect file names at all and will require future work to support file name extraction. Also: - Added recursive extraction to the tmp directory when the --leave-temps option is enabled. When not enabled, the tmp directory structure remains flat so as to prevent the likelihood of exceeding MAX_PATH. The current tmp directory is stored in the scan context. - Made the cli_scanfile() internal API non-static and added it to scanners.h so it would be accessible outside of scanners.c in order to remove code duplication within libmspack.c. - Added function comments to scanners.h and matcher.h - Converted a TDB-type macros and LSIG-type macros to enums for improved type safey. - Converted more return status variables from `int` to `cl_error_t` for improved type safety, and corrected ooxml file typing functions so they use `cli_file_t` exclusively rather than mixing types with `cl_error_t`. - Restructured the magic_scandesc() function to use goto's for error handling and removed the early_ret_from_magicscan() macro and magic_scandesc_cleanup() function. This makes the code easier to read and made it easier to add the recursive tmp directory cleanup to magic_scandesc(). - Corrected zip, egg, rar filename extraction issues. - Removed use of extra sub-directory layer for zip, egg, and rar file extraction. For Zip, this also involved changing the extracted filenames to be randomly generated rather than using the "zip.###" file name scheme.
2020-03-19 21:23:54 -04:00
if (NULL != m->name) {
free(m->name);
}
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
free((void *)m);
}
prepare for new fmap API Introduce a vtable for core fmap functions, and provide static inline wrappers that call these. Also switch over the POSIX interface to use the vtable.
2011-06-14 20:33:15 +03:00
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
static const void *handle_need_offstr(fmap_t *m, size_t at, size_t len_hint)
{
ishiled full fmap - pt 2
2009-09-05 20:16:10 +02:00
unsigned int i, first_page, last_page;
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
void *ptr = (void *)((char *)m->data + at);
ishiled full fmap - pt 2
2009-09-05 20:16:10 +02:00
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!len_hint || len_hint > m->real_len - at)
len_hint = m->real_len - at;
ishiled full fmap - pt 2
2009-09-05 20:16:10 +02:00
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!CLI_ISCONTAINED(0, m->real_len, at, len_hint))
return NULL;
ishiled full fmap - pt 2
2009-09-05 20:16:10 +02:00
fmap_aging(m);
first_page = fmap_which_page(m, at);
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
last_page = fmap_which_page(m, at + len_hint - 1);
for (i = first_page; i <= last_page; i++) {
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
char *thispage = (char *)m->data + i * m->pgsz;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
unsigned int scanat, scansz;
if (fmap_readpage(m, i, 1, 1)) {
last_page = i - 1;
break;
}
if (i == first_page) {
scanat = at % m->pgsz;
scansz = MIN(len_hint, m->pgsz - scanat);
} else {
scanat = 0;
scansz = MIN(len_hint, m->pgsz);
}
len_hint -= scansz;
if (memchr(&thispage[scanat], 0, scansz))
return ptr;
}
for (i = first_page; i <= last_page; i++)
fmap_unneed_page(m, i);
ishiled full fmap - pt 2
2009-09-05 20:16:10 +02:00
return NULL;
}
fuck mmap_sem!
2009-09-10 03:20:02 +02:00
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
static const void *handle_gets(fmap_t *m, char *dst, size_t *at, size_t max_len)
{
fuck mmap_sem!
2009-09-10 03:20:02 +02:00
unsigned int i, first_page, last_page;
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
char *src = (void *)((char *)m->data + *at);
char *endptr = NULL;
size_t len = MIN(max_len - 1, m->real_len - *at);
size_t fullen = len;
fuck mmap_sem!
2009-09-10 03:20:02 +02:00
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!len || !CLI_ISCONTAINED(0, m->real_len, *at, len))
return NULL;
fuck mmap_sem!
2009-09-10 03:20:02 +02:00
fmap_aging(m);
first_page = fmap_which_page(m, *at);
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
last_page = fmap_which_page(m, *at + len - 1);
for (i = first_page; i <= last_page; i++) {
libclamav: Fixes scanning of embedded fmaps Specifically this fixes use of cli_map_scandesc(). The cli_map_scandesc() function used to override the current fmap settings with a new size and offset, performing a scan of the embedded content. This broke the ability to iterate backwards through the fmap recursion array when an alert occurs to check each map's hash for whitelist matches. In order to fix this issue, it needed to be possible to duplicate an fmap header for the scan of the embedded file without duplicating the actual map/data. This wasn't feasible with the posix fmap handle implementation where the fmap header, bitmap array, and memory map were all contiguouus. This commit makes it possible by extracting the fmap header and bitmap array from the mmap region, using instead a pointer for both the bitmap array and mmap/data. The resulting posix fmap handle implementation as a result ended up working more similarly to existing the Windows implementation. In addition to the above changes, this commit fixes: - fmap recursion tracking for cli_scandesc() - a recursion tracking issue in cli_scanembpe() error handling
2020-02-28 18:29:35 -05:00
char *thispage = (char *)m->data + i * m->pgsz;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
unsigned int scanat, scansz;
if (fmap_readpage(m, i, 1, 0))
return NULL;
if (i == first_page) {
scanat = *at % m->pgsz;
scansz = MIN(len, m->pgsz - scanat);
} else {
scanat = 0;
scansz = MIN(len, m->pgsz);
}
len -= scansz;
if ((endptr = memchr(&thispage[scanat], '\n', scansz))) {
endptr++;
break;
}
}
if (endptr) {
memcpy(dst, src, endptr - src);
dst[endptr - src] = '\0';
*at += endptr - src;
fuck mmap_sem!
2009-09-10 03:20:02 +02:00
} else {
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
memcpy(dst, src, fullen);
dst[fullen] = '\0';
*at += fullen;
fuck mmap_sem!
2009-09-10 03:20:02 +02:00
}
return dst;
}
fmap: win32 support and tidy
2009-10-10 19:10:15 +02:00
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
/* vvvvv MEMORY STUFF BELOW vvvvv */
fmap: win32 support and tidy
2009-10-10 19:10:15 +02:00
Make both handle and memory based fmap API available always The POSIX vs Win32 specific stuff is now only fmap_check_empty and a few helpers only.
2011-06-14 21:26:59 +03:00
static const void *mem_need(fmap_t *m, size_t at, size_t len, int lock);
fmap: use the vtable for win32 code too
2011-06-14 20:59:30 +03:00
static void mem_unneed_off(fmap_t *m, size_t at, size_t len);
static const void *mem_need_offstr(fmap_t *m, size_t at, size_t len_hint);
static const void *mem_gets(fmap_t *m, char *dst, size_t *at, size_t max_len);
Record names of extracted files A way is needed to record scanned file names for two purposes: 1. File names (and extensions) must be stored in the json metadata properties recorded when using the --gen-json clamscan option. Future work may use this to compare file extensions with detected file types. 2. File names are useful when interpretting tmp directory output when using the --leave-temps option. This commit enables file name retention for later use by storing file names in the fmap header structure, if a file name exists. To store the names in fmaps, an optional name argument has been added to any internal scan API's that create fmaps and every call to these APIs has been modified to pass a file name or NULL if a file name is not required. The zip and gpt parsers required some modification to record file names. The NSIS and XAR parsers fail to collect file names at all and will require future work to support file name extraction. Also: - Added recursive extraction to the tmp directory when the --leave-temps option is enabled. When not enabled, the tmp directory structure remains flat so as to prevent the likelihood of exceeding MAX_PATH. The current tmp directory is stored in the scan context. - Made the cli_scanfile() internal API non-static and added it to scanners.h so it would be accessible outside of scanners.c in order to remove code duplication within libmspack.c. - Added function comments to scanners.h and matcher.h - Converted a TDB-type macros and LSIG-type macros to enums for improved type safey. - Converted more return status variables from `int` to `cl_error_t` for improved type safety, and corrected ooxml file typing functions so they use `cli_file_t` exclusively rather than mixing types with `cl_error_t`. - Restructured the magic_scandesc() function to use goto's for error handling and removed the early_ret_from_magicscan() macro and magic_scandesc_cleanup() function. This makes the code easier to read and made it easier to add the recursive tmp directory cleanup to magic_scandesc(). - Corrected zip, egg, rar filename extraction issues. - Removed use of extra sub-directory layer for zip, egg, and rar file extraction. For Zip, this also involved changing the extracted filenames to be randomly generated rather than using the "zip.###" file name scheme.
2020-03-19 21:23:54 -04:00
fmap_t *fmap_open_memory(const void *start, size_t len, const char *name)
implement fmap Win32 API in terms of cl_fmap_open_memory
2011-06-14 21:19:01 +03:00
{
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
int pgsz = cli_getpagesize();
implement fmap Win32 API in terms of cl_fmap_open_memory
2011-06-14 21:19:01 +03:00
cl_fmap_t *m = cli_calloc(1, sizeof(*m));
if (!m) {
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
cli_warnmsg("fmap: map allocation failed\n");
return NULL;
}
m->data = start;
m->len = len;
m->real_len = len;
m->pgsz = pgsz;
m->pages = fmap_align_items(len, pgsz);
m->unmap = unmap_malloc;
m->need = mem_need;
implement fmap Win32 API in terms of cl_fmap_open_memory
2011-06-14 21:19:01 +03:00
m->need_offstr = mem_need_offstr;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
m->gets = mem_gets;
m->unneed_off = mem_unneed_off;
Record names of extracted files A way is needed to record scanned file names for two purposes: 1. File names (and extensions) must be stored in the json metadata properties recorded when using the --gen-json clamscan option. Future work may use this to compare file extensions with detected file types. 2. File names are useful when interpretting tmp directory output when using the --leave-temps option. This commit enables file name retention for later use by storing file names in the fmap header structure, if a file name exists. To store the names in fmaps, an optional name argument has been added to any internal scan API's that create fmaps and every call to these APIs has been modified to pass a file name or NULL if a file name is not required. The zip and gpt parsers required some modification to record file names. The NSIS and XAR parsers fail to collect file names at all and will require future work to support file name extraction. Also: - Added recursive extraction to the tmp directory when the --leave-temps option is enabled. When not enabled, the tmp directory structure remains flat so as to prevent the likelihood of exceeding MAX_PATH. The current tmp directory is stored in the scan context. - Made the cli_scanfile() internal API non-static and added it to scanners.h so it would be accessible outside of scanners.c in order to remove code duplication within libmspack.c. - Added function comments to scanners.h and matcher.h - Converted a TDB-type macros and LSIG-type macros to enums for improved type safey. - Converted more return status variables from `int` to `cl_error_t` for improved type safety, and corrected ooxml file typing functions so they use `cli_file_t` exclusively rather than mixing types with `cl_error_t`. - Restructured the magic_scandesc() function to use goto's for error handling and removed the early_ret_from_magicscan() macro and magic_scandesc_cleanup() function. This makes the code easier to read and made it easier to add the recursive tmp directory cleanup to magic_scandesc(). - Corrected zip, egg, rar filename extraction issues. - Removed use of extra sub-directory layer for zip, egg, and rar file extraction. For Zip, this also involved changing the extracted filenames to be randomly generated rather than using the "zip.###" file name scheme.
2020-03-19 21:23:54 -04:00
if (NULL != name) {
m->name = cli_strdup(name);
if (NULL == m->name) {
free(m);
return NULL;
}
}
fix mem API of new fmap
2011-06-14 22:54:44 +03:00
return m;
implement fmap Win32 API in terms of cl_fmap_open_memory
2011-06-14 21:19:01 +03:00
}
Record names of extracted files A way is needed to record scanned file names for two purposes: 1. File names (and extensions) must be stored in the json metadata properties recorded when using the --gen-json clamscan option. Future work may use this to compare file extensions with detected file types. 2. File names are useful when interpretting tmp directory output when using the --leave-temps option. This commit enables file name retention for later use by storing file names in the fmap header structure, if a file name exists. To store the names in fmaps, an optional name argument has been added to any internal scan API's that create fmaps and every call to these APIs has been modified to pass a file name or NULL if a file name is not required. The zip and gpt parsers required some modification to record file names. The NSIS and XAR parsers fail to collect file names at all and will require future work to support file name extraction. Also: - Added recursive extraction to the tmp directory when the --leave-temps option is enabled. When not enabled, the tmp directory structure remains flat so as to prevent the likelihood of exceeding MAX_PATH. The current tmp directory is stored in the scan context. - Made the cli_scanfile() internal API non-static and added it to scanners.h so it would be accessible outside of scanners.c in order to remove code duplication within libmspack.c. - Added function comments to scanners.h and matcher.h - Converted a TDB-type macros and LSIG-type macros to enums for improved type safey. - Converted more return status variables from `int` to `cl_error_t` for improved type safety, and corrected ooxml file typing functions so they use `cli_file_t` exclusively rather than mixing types with `cl_error_t`. - Restructured the magic_scandesc() function to use goto's for error handling and removed the early_ret_from_magicscan() macro and magic_scandesc_cleanup() function. This makes the code easier to read and made it easier to add the recursive tmp directory cleanup to magic_scandesc(). - Corrected zip, egg, rar filename extraction issues. - Removed use of extra sub-directory layer for zip, egg, and rar file extraction. For Zip, this also involved changing the extracted filenames to be randomly generated rather than using the "zip.###" file name scheme.
2020-03-19 21:23:54 -04:00
extern cl_fmap_t *cl_fmap_open_memory(const void *start, size_t len)
{
return (cl_fmap_t *)fmap_open_memory(start, len, NULL);
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
static const void *mem_need(fmap_t *m, size_t at, size_t len, int lock)
{ /* WIN32 */
Silence a bunch of compiler warnings in libclamav
2014-07-10 18:11:49 -04:00
UNUSEDPARAM(lock);
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!len) {
return NULL;
fix mem API of new fmap
2011-06-14 22:54:44 +03:00
}
Introduce cli_map_scandesc to scan a portion of the existing file And switch CPIO, MACHO, and SWF to use it. Now they no longer need to dump a tempfile and remap. To investigate if it is possible to do this with TAR.
2011-06-17 23:08:31 +03:00
at += m->nested_offset;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!CLI_ISCONTAINED(0, m->real_len, at, len)) {
return NULL;
fix mem API of new fmap
2011-06-14 22:54:44 +03:00
}
fmap: win32 support and tidy
2009-10-10 19:10:15 +02:00
return (void *)((char *)m->data + at);
}
Silence a bunch of compiler warnings in libclamav
2014-07-10 18:11:49 -04:00
static void mem_unneed_off(fmap_t *m, size_t at, size_t len)
{
UNUSEDPARAM(m);
UNUSEDPARAM(at);
UNUSEDPARAM(len);
}
fmap: win32 support and tidy
2009-10-10 19:10:15 +02:00
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
static const void *mem_need_offstr(fmap_t *m, size_t at, size_t len_hint)
{
fmap: win32 support and tidy
2009-10-10 19:10:15 +02:00
char *ptr = (char *)m->data + at;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!len_hint || len_hint > m->real_len - at)
len_hint = m->real_len - at;
fmap: win32 support and tidy
2009-10-10 19:10:15 +02:00
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!CLI_ISCONTAINED(0, m->real_len, at, len_hint))
return NULL;
fmap: win32 support and tidy
2009-10-10 19:10:15 +02:00
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (memchr(ptr, 0, len_hint))
return (void *)ptr;
fmap: win32 support and tidy
2009-10-10 19:10:15 +02:00
return NULL;
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
static const void *mem_gets(fmap_t *m, char *dst, size_t *at, size_t max_len)
{
fmap: win32 support and tidy
2009-10-10 19:10:15 +02:00
char *src = (char *)m->data + *at, *endptr = NULL;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
size_t len = MIN(max_len - 1, m->real_len - *at);
fmap: win32 support and tidy
2009-10-10 19:10:15 +02:00
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if (!len || !CLI_ISCONTAINED(0, m->real_len, *at, len))
return NULL;
fmap: win32 support and tidy
2009-10-10 19:10:15 +02:00
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
if ((endptr = memchr(src, '\n', len))) {
endptr++;
memcpy(dst, src, endptr - src);
dst[endptr - src] = '\0';
*at += endptr - src;
fmap: win32 support and tidy
2009-10-10 19:10:15 +02:00
} else {
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
memcpy(dst, src, len);
dst[len] = '\0';
*at += len;
fmap: win32 support and tidy
2009-10-10 19:10:15 +02:00
}
return dst;
}
Record names of extracted files A way is needed to record scanned file names for two purposes: 1. File names (and extensions) must be stored in the json metadata properties recorded when using the --gen-json clamscan option. Future work may use this to compare file extensions with detected file types. 2. File names are useful when interpretting tmp directory output when using the --leave-temps option. This commit enables file name retention for later use by storing file names in the fmap header structure, if a file name exists. To store the names in fmaps, an optional name argument has been added to any internal scan API's that create fmaps and every call to these APIs has been modified to pass a file name or NULL if a file name is not required. The zip and gpt parsers required some modification to record file names. The NSIS and XAR parsers fail to collect file names at all and will require future work to support file name extraction. Also: - Added recursive extraction to the tmp directory when the --leave-temps option is enabled. When not enabled, the tmp directory structure remains flat so as to prevent the likelihood of exceeding MAX_PATH. The current tmp directory is stored in the scan context. - Made the cli_scanfile() internal API non-static and added it to scanners.h so it would be accessible outside of scanners.c in order to remove code duplication within libmspack.c. - Added function comments to scanners.h and matcher.h - Converted a TDB-type macros and LSIG-type macros to enums for improved type safey. - Converted more return status variables from `int` to `cl_error_t` for improved type safety, and corrected ooxml file typing functions so they use `cli_file_t` exclusively rather than mixing types with `cl_error_t`. - Restructured the magic_scandesc() function to use goto's for error handling and removed the early_ret_from_magicscan() macro and magic_scandesc_cleanup() function. This makes the code easier to read and made it easier to add the recursive tmp directory cleanup to magic_scandesc(). - Corrected zip, egg, rar filename extraction issues. - Removed use of extra sub-directory layer for zip, egg, and rar file extraction. For Zip, this also involved changing the extracted filenames to be randomly generated rather than using the "zip.###" file name scheme.
2020-03-19 21:23:54 -04:00
fmap_t *fmap(int fd, off_t offset, size_t len, const char *name)
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
{
fix win32 build
2010-05-05 12:51:59 +02:00
int unused;
Record names of extracted files A way is needed to record scanned file names for two purposes: 1. File names (and extensions) must be stored in the json metadata properties recorded when using the --gen-json clamscan option. Future work may use this to compare file extensions with detected file types. 2. File names are useful when interpretting tmp directory output when using the --leave-temps option. This commit enables file name retention for later use by storing file names in the fmap header structure, if a file name exists. To store the names in fmaps, an optional name argument has been added to any internal scan API's that create fmaps and every call to these APIs has been modified to pass a file name or NULL if a file name is not required. The zip and gpt parsers required some modification to record file names. The NSIS and XAR parsers fail to collect file names at all and will require future work to support file name extraction. Also: - Added recursive extraction to the tmp directory when the --leave-temps option is enabled. When not enabled, the tmp directory structure remains flat so as to prevent the likelihood of exceeding MAX_PATH. The current tmp directory is stored in the scan context. - Made the cli_scanfile() internal API non-static and added it to scanners.h so it would be accessible outside of scanners.c in order to remove code duplication within libmspack.c. - Added function comments to scanners.h and matcher.h - Converted a TDB-type macros and LSIG-type macros to enums for improved type safey. - Converted more return status variables from `int` to `cl_error_t` for improved type safety, and corrected ooxml file typing functions so they use `cli_file_t` exclusively rather than mixing types with `cl_error_t`. - Restructured the magic_scandesc() function to use goto's for error handling and removed the early_ret_from_magicscan() macro and magic_scandesc_cleanup() function. This makes the code easier to read and made it easier to add the recursive tmp directory cleanup to magic_scandesc(). - Corrected zip, egg, rar filename extraction issues. - Removed use of extra sub-directory layer for zip, egg, and rar file extraction. For Zip, this also involved changing the extracted filenames to be randomly generated rather than using the "zip.###" file name scheme.
2020-03-19 21:23:54 -04:00
return fmap_check_empty(fd, offset, len, &unused, name);
fix win32 build
2010-05-05 12:51:59 +02:00
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
static inline unsigned int fmap_align_items(unsigned int sz, unsigned int al)
{
fmap: win32 fixes
2009-10-10 20:46:05 +02:00
return sz / al + (sz % al != 0);
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
static inline unsigned int fmap_align_to(unsigned int sz, unsigned int al)
{
fmap: win32 fixes
2009-10-10 20:46:05 +02:00
return al * fmap_align_items(sz, al);
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
static inline unsigned int fmap_which_page(fmap_t *m, size_t at)
{
fmap: win32 fixes
2009-10-10 20:46:05 +02:00
return at / m->pgsz;
}
provide fmap_fd() accessor to fd. Accessing fd directly is deprecated, and most unpackers can unpack directly the map, with the rest being fixed shortly. Only the pre/post callbacks need the fd (they will get -1 if we not scanning a fd), and the zlib_from_the_80s.
2011-06-14 18:48:50 +03:00
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
cl_error_t fmap_dump_to_file(fmap_t *map, const char *filepath, const char *tmpdir, char **outname, int *outfd, size_t start_offset, size_t end_offset)
bb #9576: add fmap_dump_to_file function
2013-11-22 19:41:46 -05:00
{
Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.
2018-07-30 20:19:28 -04:00
cl_error_t ret = CL_EARG;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
char *filebase = NULL;
char *prefix = NULL;
Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.
2018-07-30 20:19:28 -04:00
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
char *tmpname = NULL;
int tmpfd = -1;
Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.
2018-07-30 20:19:28 -04:00
size_t pos = 0, len = 0, bytes_remaining = 0, write_size = 0;
if ((start_offset > map->real_len) || (end_offset < start_offset)) {
cli_dbgmsg("fmap_dump_to_file: Invalid offset arguments: start %zu, end %zu\n", start_offset, end_offset);
return ret;
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
pos = start_offset;
end_offset = MIN(end_offset, map->real_len);
Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.
2018-07-30 20:19:28 -04:00
bytes_remaining = end_offset - start_offset;
/* Create a filename prefix that includes the original filename, if available */
if (filepath != NULL) {
if (CL_SUCCESS != cli_basename(filepath, strlen(filepath), &filebase)) {
cli_dbgmsg("fmap_dump_to_file: Unable to determine basename from filepath.\n");
} else if ((start_offset != 0) && (end_offset != map->real_len)) {
/* If we're only dumping a portion of the file, inlcude the offsets in the prefix,...
* e.g. tmp filename will become something like: filebase.500-1200.<randhex> */
uint32_t prefix_len = strlen(filebase) + 1 + SIZE_T_CHARLEN + 1 + SIZE_T_CHARLEN + 1;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
prefix = malloc(prefix_len);
Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.
2018-07-30 20:19:28 -04:00
if (NULL == prefix) {
cli_errmsg("fmap_dump_to_file: Failed to allocate memory for tempfile prefix.\n");
if (NULL != filebase)
free(filebase);
return CL_EMEM;
}
snprintf(prefix, prefix_len, "%s.%zu-%zu", filebase, start_offset, end_offset);
Fixes to a handful of bugs identified during regression testing of PDF and UnRAR changes. Fix for minor memory leak in fmap_dump_to_file(). Fix to PDF object stream logic, accounting for a realloc() issue when the only pdf object stream fails to parse, and for when pdf objects in a stream appear to extend further than the size of the stream. Fix for memory leak cleaning up PDF object stream buffer in error condition. Fix to bug in pdf_decodestream wherein objects were found in an object stream, but the object stream could later be free'd if max scansize was exceeded, resulting in a NULL dereference. General cleanup of pdf_decodestream/pdf_decodestream_internal exit code logic.
2018-10-01 19:46:23 -04:00
free(filebase);
filebase = NULL;
Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.
2018-07-30 20:19:28 -04:00
} else {
/* Else if we're dumping the whole thing, use the filebase as the prefix */
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
prefix = filebase;
Fixes to a handful of bugs identified during regression testing of PDF and UnRAR changes. Fix for minor memory leak in fmap_dump_to_file(). Fix to PDF object stream logic, accounting for a realloc() issue when the only pdf object stream fails to parse, and for when pdf objects in a stream appear to extend further than the size of the stream. Fix for memory leak cleaning up PDF object stream buffer in error condition. Fix to bug in pdf_decodestream wherein objects were found in an object stream, but the object stream could later be free'd if max scansize was exceeded, resulting in a NULL dereference. General cleanup of pdf_decodestream/pdf_decodestream_internal exit code logic.
2018-10-01 19:46:23 -04:00
filebase = NULL;
Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.
2018-07-30 20:19:28 -04:00
}
}
bb #9576: add fmap_dump_to_file function
2013-11-22 19:41:46 -05:00
cli_dbgmsg("fmap_dump_to_file: dumping fmap not backed by file...\n");
Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.
2018-07-30 20:19:28 -04:00
ret = cli_gentempfd_with_prefix(tmpdir, prefix, &tmpname, &tmpfd);
if (ret != CL_SUCCESS) {
bb #9576: add fmap_dump_to_file function
2013-11-22 19:41:46 -05:00
cli_dbgmsg("fmap_dump_to_file: failed to generate temporary file.\n");
Fixes to a handful of bugs identified during regression testing of PDF and UnRAR changes. Fix for minor memory leak in fmap_dump_to_file(). Fix to PDF object stream logic, accounting for a realloc() issue when the only pdf object stream fails to parse, and for when pdf objects in a stream appear to extend further than the size of the stream. Fix for memory leak cleaning up PDF object stream buffer in error condition. Fix to bug in pdf_decodestream wherein objects were found in an object stream, but the object stream could later be free'd if max scansize was exceeded, resulting in a NULL dereference. General cleanup of pdf_decodestream/pdf_decodestream_internal exit code logic.
2018-10-01 19:46:23 -04:00
if (NULL != prefix) {
Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.
2018-07-30 20:19:28 -04:00
free(prefix);
prefix = NULL;
}
bb #9576: add fmap_dump_to_file function
2013-11-22 19:41:46 -05:00
return ret;
}
Fixes to a handful of bugs identified during regression testing of PDF and UnRAR changes. Fix for minor memory leak in fmap_dump_to_file(). Fix to PDF object stream logic, accounting for a realloc() issue when the only pdf object stream fails to parse, and for when pdf objects in a stream appear to extend further than the size of the stream. Fix for memory leak cleaning up PDF object stream buffer in error condition. Fix to bug in pdf_decodestream wherein objects were found in an object stream, but the object stream could later be free'd if max scansize was exceeded, resulting in a NULL dereference. General cleanup of pdf_decodestream/pdf_decodestream_internal exit code logic.
2018-10-01 19:46:23 -04:00
if (NULL != prefix) {
Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.
2018-07-30 20:19:28 -04:00
free(prefix);
prefix = NULL;
}
bb #9576: add fmap_dump_to_file function
2013-11-22 19:41:46 -05:00
do {
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
const char *b;
len = 0;
Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.
2018-07-30 20:19:28 -04:00
write_size = MIN(BUFSIZ, bytes_remaining);
b = fmap_need_off_once_len(map, pos, write_size, &len);
bb #9576: add fmap_dump_to_file function
2013-11-22 19:41:46 -05:00
pos += len;
Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.
2018-07-30 20:19:28 -04:00
if (b && (len > 0)) {
Argument and return types for fmap_readn(), cli_writen(), cli_readn() converted to use size_t instead of int.
2019-05-04 15:54:54 -04:00
if (cli_writen(tmpfd, b, len) != len) {
bb #9576: add fmap_dump_to_file function
2013-11-22 19:41:46 -05:00
cli_warnmsg("fmap_dump_to_file: write failed to %s!\n", tmpname);
close(tmpfd);
unlink(tmpname);
free(tmpname);
return CL_EWRITE;
}
}
Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.
2018-07-30 20:19:28 -04:00
if (len <= bytes_remaining) {
bytes_remaining -= len;
} else {
bytes_remaining = 0;
}
} while ((len > 0) && (bytes_remaining > 0));
bb #9576: add fmap_dump_to_file function
2013-11-22 19:41:46 -05:00
Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.
2018-07-30 20:19:28 -04:00
if (lseek(tmpfd, 0, SEEK_SET) == -1) {
bb #9576: add fmap_dump_to_file function
2013-11-22 19:41:46 -05:00
cli_dbgmsg("fmap_dump_to_file: lseek failed\n");
}
*outname = tmpname;
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
*outfd = tmpfd;
bb #9576: add fmap_dump_to_file function
2013-11-22 19:41:46 -05:00
return CL_SUCCESS;
}
clang-format'd using new .clang-format rules.
2018-12-03 12:40:13 -05:00
int fmap_fd(fmap_t *m)
provide fmap_fd() accessor to fd. Accessing fd directly is deprecated, and most unpackers can unpack directly the map, with the rest being fixed shortly. Only the pre/post callbacks need the fd (they will get -1 if we not scanning a fd), and the zlib_from_the_80s.
2011-06-14 18:48:50 +03:00
{
Silence a bunch of compiler warnings in libclamav
2014-07-10 18:11:49 -04:00
int fd;
workaround for unrar not supporting fmap. When we try to scan a fmap-ed file, and the fmap is not backed by a file descriptor then dump to a tmpfile, and give that to unrar. This can only happen if you scan a fmap created with cl_fmap_open_*, it won't happen with clamscan and clamd.
2012-01-04 15:33:33 +02:00
if (!m->handle_is_fd)
Updating libclamunrar from legacy C implementation to modern unrar 5.6.5. API changes and supporting changes included to pass the filepath of the scanned file into libclamav through the cli_ctx structure, required by the unrar library to open archives. The filename argument may be optional for the scandesc scanning variant, but libclamav will make a best effort to identify the filename from the file descriptor if it was not provided. In addition, included the ability to prefix temp file and directory names with file basenames.
2018-07-30 20:19:28 -04:00
return -1;
eliminating compile warnings in windows 10, vs2015, x86 and x64.
2017-08-31 16:38:41 -04:00
fd = (int)(ptrdiff_t)m->handle;
provide fmap_fd() accessor to fd. Accessing fd directly is deprecated, and most unpackers can unpack directly the map, with the rest being fixed shortly. Only the pre/post callbacks need the fd (they will get -1 if we not scanning a fd), and the zlib_from_the_80s.
2011-06-14 18:48:50 +03:00
lseek(fd, 0, SEEK_SET);
return fd;
}
cli_map_scandesc convenience API
2011-06-17 23:14:36 +03:00
extern void cl_fmap_close(cl_fmap_t *map)
{
funmap(map);
}
libclamav: Generate hash for each new fmap Signature alerts on content extracted into a new fmap such as normalized HTML resulted in checking FP signatures against the fmap's hash value that was initialized to all zeroes, and never computed. This patch seeks will enable FP signatures of normalized HTML files or other content that is extracted to a new fmap to work. This patch doesn't resolve the issue that normal people will write FP signatures targeting the original file, not the normalized file and thus won't really see benefit from this bug-fix. Additional work is needed to traverse the fmap recursion lists and FP-check all parent fmaps when an alert occurs. In addition, the HTML normalization method of temporarily overriding the ctx->fmap instead of increasing the recursion depth and doing ctx->fmap++/-- will need to be corrected for fmap reverse recursion traversal to work.
2020-02-23 12:38:18 -05:00
cl_error_t fmap_get_MD5(unsigned char *hash, fmap_t *map)
{
size_t todo, at = 0;
void *hashctx;
todo = map->len;
hashctx = cl_hash_init("md5");
if (!(hashctx)) {
cli_errmsg("ctx_get_MD5: error initializing new md5 hash!\n");
return CL_ERROR;
}
while (todo) {
const void *buf;
size_t readme = todo < FILEBUFF ? todo : FILEBUFF;
if (!(buf = fmap_need_off_once(map, at, readme))) {
cl_hash_destroy(hashctx);
return CL_EREAD;
}
todo -= readme;
at += readme;
if (cl_update_hash(hashctx, (void *)buf, readme)) {
cl_hash_destroy(hashctx);
cli_errmsg("ctx_get_MD5: error reading while generating hash!\n");
return CL_EREAD;
}
}
cl_finish_hash(hashctx, hash);
return CL_CLEAN;
}
Reference in a new issue Copy permalink