Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 18:33:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

unioned lsig logic and future yara conditional

Browse source
This commit is contained in:
Kevin Lin 2015-02-11 10:36:43 -08:00
parent a1924d1407
commit b5b3fecd6c
3 changed files with 14 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

3
libclamav/matcher.c
View file

@ -697,7 +697,8 @@ int cli_lsig_eval(cli_ctx *ctx, struct cli_matcher *root, struct cli_ac_data *ac
evalcnt = 0;
evalids = 0;
cli_ac_chkmacro(root, acdata, i);
if(cli_ac_chklsig(root->ac_lsigtable[i]->logic, root->ac_lsigtable[i]->logic + strlen(root->ac_lsigtable[i]->logic), acdata->lsigcnt[i], &evalcnt, &evalids, 0) == 1) {
//TODO - handle CLI_NORMAL_YARA lsigs here
if(cli_ac_chklsig(root->ac_lsigtable[i]->u.logic, root->ac_lsigtable[i]->u.logic + strlen(root->ac_lsigtable[i]->u.logic), acdata->lsigcnt[i], &evalcnt, &evalids, 0) == 1) {
if(root->ac_lsigtable[i]->tdb.container && root->ac_lsigtable[i]->tdb.container[0] != ctx->container_type)
continue;
if(root->ac_lsigtable[i]->tdb.filesize && (root->ac_lsigtable[i]->tdb.filesize[0] > map->len || root->ac_lsigtable[i]->tdb.filesize[1] < map->len))

6
libclamav/matcher.h
View file

@ -79,9 +79,15 @@ struct cli_lsig_tdb {
struct cli_bc;
struct cli_ac_lsig {
#define CLI_NORMAL_LSIG 0
#define CLI_NORMAL_YARA 1
uint32_t id;
unsigned bc_idx;
uint8_t type;
union {
char *logic;
void *other;
} u;
const char *virname;
struct cli_lsig_tdb tdb;
};

8
libclamav/readdb.c
View file

@ -1459,8 +1459,9 @@ static int load_oneldb(char *buffer, int chkpua, struct cl_engine *engine, unsig
return CL_EMEM;
}
lsig->logic = cli_mpool_strdup(engine->mempool, logic);
if(!lsig->logic) {
lsig->type = CLI_NORMAL_LSIG;
lsig->u.logic = cli_mpool_strdup(engine->mempool, logic);
if(!lsig->u.logic) {
cli_errmsg("cli_loadldb: Can't allocate memory for lsig->logic\n");
FREE_TDB(tdb);
mpool_free(engine->mempool, lsig);
@ -3731,7 +3732,8 @@ int cl_engine_free(struct cl_engine *engine)
cli_ac_free(root);
if(root->ac_lsigtable) {
for(j = 0; j < root->ac_lsigs; j++) {
mpool_free(engine->mempool, root->ac_lsigtable[j]->logic);
if (root->ac_lsigtable[j]->type == CLI_NORMAL_LSIG)
mpool_free(engine->mempool, root->ac_lsigtable[j]->u.logic);
FREE_TDB(root->ac_lsigtable[j]->tdb);
mpool_free(engine->mempool, root->ac_lsigtable[j]);
}