unioned lsig logic and future yara conditional

2025-10-19 18:33:16 +00:00 · 2015-02-11 10:36:43 -08:00 · 2015-02-11 10:36:43 -08:00 · b5b3fecd6c
commit b5b3fecd6c
parent a1924d1407
3 changed files with 14 additions and 5 deletions
--- a/libclamav/matcher.c
+++ b/libclamav/matcher.c
@ -697,7 +697,8 @@ int cli_lsig_eval(cli_ctx *ctx, struct cli_matcher *root, struct cli_ac_data *ac
 	evalcnt = 0;
 	evalids = 0;
 	cli_ac_chkmacro(root, acdata, i);
-	if(cli_ac_chklsig(root->ac_lsigtable[i]->logic, root->ac_lsigtable[i]->logic + strlen(root->ac_lsigtable[i]->logic), acdata->lsigcnt[i], &evalcnt, &evalids, 0) == 1) {
+    //TODO - handle CLI_NORMAL_YARA lsigs here
 	if(cli_ac_chklsig(root->ac_lsigtable[i]->u.logic, root->ac_lsigtable[i]->u.logic + strlen(root->ac_lsigtable[i]->u.logic), acdata->lsigcnt[i], &evalcnt, &evalids, 0) == 1) {
 	    if(root->ac_lsigtable[i]->tdb.container && root->ac_lsigtable[i]->tdb.container[0] != ctx->container_type)
 		continue;
 	    if(root->ac_lsigtable[i]->tdb.filesize && (root->ac_lsigtable[i]->tdb.filesize[0] > map->len || root->ac_lsigtable[i]->tdb.filesize[1] < map->len))
--- a/libclamav/matcher.h
+++ b/libclamav/matcher.h
@ -79,9 +79,15 @@ struct cli_lsig_tdb {
 struct cli_bc;
 struct cli_ac_lsig {
 #define CLI_NORMAL_LSIG 0
 #define CLI_NORMAL_YARA 1
    uint32_t id;
    unsigned bc_idx;
-    char *logic;
+    uint8_t type;
    union {
        char *logic;
        void *other;
    } u;
    const char *virname;
    struct cli_lsig_tdb tdb;
 };
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@ -1459,8 +1459,9 @@ static int load_oneldb(char *buffer, int chkpua, struct cl_engine *engine, unsig
        return CL_EMEM;
    }
-    lsig->logic = cli_mpool_strdup(engine->mempool, logic);
+    lsig->type = CLI_NORMAL_LSIG;
-    if(!lsig->logic) {
+    lsig->u.logic = cli_mpool_strdup(engine->mempool, logic);
    if(!lsig->u.logic) {
        cli_errmsg("cli_loadldb: Can't allocate memory for lsig->logic\n");
        FREE_TDB(tdb);
        mpool_free(engine->mempool, lsig);
@ -3731,7 +3732,8 @@ int cl_engine_free(struct cl_engine *engine)
 		cli_ac_free(root);
 		if(root->ac_lsigtable) {
 		    for(j = 0; j < root->ac_lsigs; j++) {
-			mpool_free(engine->mempool, root->ac_lsigtable[j]->logic);
+			if (root->ac_lsigtable[j]->type == CLI_NORMAL_LSIG)
 			    mpool_free(engine->mempool, root->ac_lsigtable[j]->u.logic);
 			FREE_TDB(root->ac_lsigtable[j]->tdb);
 			mpool_free(engine->mempool, root->ac_lsigtable[j]);
 		    }