Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 10:23:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

make some cleanups and add support for nibble matching

Browse source 
git-svn: trunk@2992
This commit is contained in:
Tomasz Kojm 2007-03-28 21:38:07 +00:00
parent 05afa8e118
commit bedc58dee1
20 changed files with 169 additions and 144 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog
View file

@ -1,3 +1,7 @@
Wed Mar 28 21:45:12 CEST 2007 (tk)
----------------------------------
* libclamav: make some cleanups and add support for nibble matching
Tue Mar 27 22:05:28 BST 2007 (njh)
----------------------------------
* clamav-milter.c: Added IPv6 support, based on a patch by

1
freshclam/manager.c
View file

@ -50,7 +50,6 @@
#include <sys/stat.h>
#include <errno.h>
#include "defaults.h"
#include "manager.h"
#include "notify.h"
#include "dns.h"

1
libclamav/Makefile.am
View file

@ -47,7 +47,6 @@ libclamav_la_SOURCES = \
dsig.h \
str.c \
str.h \
defaults.h \
scanners.c \
scanners.h \
filetypes.c \

1
libclamav/Makefile.in
View file

@ -260,7 +260,6 @@ libclamav_la_SOURCES = \
dsig.h \
str.c \
str.h \
defaults.h \
scanners.c \
scanners.h \
filetypes.c \

42
libclamav/clamav.h
View file

@ -109,32 +109,6 @@ extern "C"
#define cl_perror cl_strerror
/* internal structures */
struct cli_bm_patt {
unsigned char *pattern;
char *virname, *offset;
const char *viralias;
unsigned int length;
unsigned short target;
struct cli_bm_patt *next;
};
struct cli_ac_patt {
short int *pattern, *prefix;
unsigned int length, mindist, maxdist, prefix_length;
char *virname, *offset;
const char *viralias;
unsigned short int sigid, parts, partno, alt, *altn, alt_pattern;
unsigned short type, target;
unsigned char **altc;
struct cli_ac_patt *next;
};
struct cli_ac_node {
unsigned char islast;
struct cli_ac_patt *list;
struct cli_ac_node *trans[256], *fail;
};
struct cli_md5_node {
char *virname, *viralias;
unsigned char *md5;
@ -150,20 +124,6 @@ struct cli_meta_node {
struct cli_meta_node *next;
};
struct cli_matcher {
unsigned int maxpatlen; /* maximal length of pattern in db */
unsigned short ac_only;
/* Extended Boyer-Moore */
int *bm_shift;
struct cli_bm_patt **bm_suffix;
/* Extended Aho-Corasick */
unsigned int ac_depth;
struct cli_ac_node *ac_root, **ac_nodetable;
unsigned int ac_partsigs, ac_nodes;
};
struct cl_engine {
unsigned int refcount; /* reference counter */
unsigned short ncore;
@ -171,7 +131,7 @@ struct cl_engine {
unsigned int dboptions;
/* Roots table */
struct cli_matcher **root;
void **root;
/* MD5 */
struct cli_md5_node **md5_hlist;

25
libclamav/defaults.h
View file

@ -1,25 +0,0 @@
/*
* Copyright (C) 2002 - 2005 Tomasz Kojm <tkojm@clamav.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*/
#ifndef DATADIR
# define DATADIR "/usr/local/share/clamav"
#endif
#define CLI_IGN -200
#define CLI_ALT -201

7
libclamav/filetypes.c
View file

@ -382,13 +382,6 @@ int cli_addtypesigs(struct cl_engine *engine)
return CL_EMEM;
}
if(engine->ncore) {
/*
cli_dbgmsg("cli_addtypesigs: AC depth 10 (ncore mode)\n");
cli_ac_setdepth(10);
*/
}
root->ac_root = (struct cli_ac_node *) cli_calloc(1, sizeof(struct cli_ac_node));
if(!root->ac_root) {
cli_errmsg("cli_addtypesigs: Can't initialise AC pattern matcher\n");

54
libclamav/matcher-ac.c
View file

@ -4,7 +4,7 @@
* http://www-sr.informatik.uni-tuebingen.de/~buehler/AC/AC.html
* Thanks to Kurt Huwig for pointing me to this page.
*
* Copyright (C) 2002 - 2006 Tomasz Kojm <tkojm@clamav.net>
* Copyright (C) 2002 - 2007 Tomasz Kojm <tkojm@clamav.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -37,7 +37,6 @@
#include "others.h"
#include "matcher.h"
#include "matcher-ac.h"
#include "defaults.h"
#include "filetypes.h"
#include "cltypes.h"
@ -46,12 +45,12 @@ struct nodelist {
struct nodelist *next;
};
unsigned short ac_depth = AC_DEFAULT_DEPTH;
static uint8_t ac_depth = AC_DEFAULT_DEPTH;
int cli_ac_addpatt(struct cli_matcher *root, struct cli_ac_patt *pattern)
{
struct cli_ac_node *pos, *next;
int i;
uint8_t i;
if(pattern->length < ac_depth)
return CL_EPATSHORT;
@ -59,7 +58,7 @@ int cli_ac_addpatt(struct cli_matcher *root, struct cli_ac_patt *pattern)
pos = root->ac_root;
for(i = 0; i < ac_depth; i++) {
next = pos->trans[((unsigned char) pattern->pattern[i]) & 0xff];
next = pos->trans[(unsigned char) (pattern->pattern[i] & 0xff)];
if(!next) {
next = (struct cli_ac_node *) cli_calloc(1, sizeof(struct cli_ac_node));
@ -248,7 +247,7 @@ inline static int cli_findpos(const unsigned char *buffer, unsigned int depth, u
if(bufferpos == postfixend)
return 0;
if(pattern->pattern[i] == CLI_ALT) {
if((pattern->pattern[i] & CLI_MATCH_WILDCARD) == CLI_MATCH_ALTERNATIVE) {
found = 0;
for(j = 0; j < pattern->altn[alt]; j++) {
if(pattern->altc[alt][j] == buffer[bufferpos]) {
@ -261,7 +260,15 @@ inline static int cli_findpos(const unsigned char *buffer, unsigned int depth, u
return 0;
alt++;
} else if(pattern->pattern[i] != CLI_IGN && (unsigned char) pattern->pattern[i] != buffer[bufferpos])
} else if((pattern->pattern[i] & CLI_MATCH_WILDCARD) == CLI_MATCH_NIBBLE_HIGH) {
if((unsigned char) (pattern->pattern[i] & 0x00f0) != (buffer[bufferpos] & 0xf0))
return 0;
} else if((pattern->pattern[i] & CLI_MATCH_WILDCARD) == CLI_MATCH_NIBBLE_LOW) {
if((unsigned char) (pattern->pattern[i] & 0x000f) != (buffer[bufferpos] & 0x0f))
return 0;
} else if((pattern->pattern[i] & CLI_MATCH_WILDCARD) != CLI_MATCH_IGNORE && (unsigned char) pattern->pattern[i] != buffer[bufferpos])
return 0;
bufferpos++;
@ -276,7 +283,7 @@ inline static int cli_findpos(const unsigned char *buffer, unsigned int depth, u
for(i = 0; i < pattern->prefix_length; i++) {
if(pattern->prefix[i] == CLI_ALT) {
if((pattern->prefix[i] & CLI_MATCH_WILDCARD) == CLI_MATCH_ALTERNATIVE) {
found = 0;
for(j = 0; j < pattern->altn[alt]; j++) {
if(pattern->altc[alt][j] == buffer[bufferpos]) {
@ -289,7 +296,15 @@ inline static int cli_findpos(const unsigned char *buffer, unsigned int depth, u
return 0;
alt++;
} else if(pattern->prefix[i] != CLI_IGN && (unsigned char) pattern->prefix[i] != buffer[bufferpos])
} else if((pattern->prefix[i] & CLI_MATCH_WILDCARD) == CLI_MATCH_NIBBLE_HIGH) {
if((unsigned char) (pattern->prefix[i] & 0x00f0) != (buffer[bufferpos] & 0xf0))
return 0;
} else if((pattern->prefix[i] & CLI_MATCH_WILDCARD) == CLI_MATCH_NIBBLE_LOW) {
if((unsigned char) (pattern->prefix[i] & 0x000f) != (buffer[bufferpos] & 0x0f))
return 0;
} else if(!(pattern->prefix[i] & CLI_MATCH_IGNORE) && (unsigned char) pattern->prefix[i] != buffer[bufferpos])
return 0;
bufferpos++;
@ -299,7 +314,7 @@ inline static int cli_findpos(const unsigned char *buffer, unsigned int depth, u
return 1;
}
int cli_ac_initdata(struct cli_ac_data *data, unsigned int partsigs, unsigned int tracklen)
int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint8_t tracklen)
{
unsigned int i, j;
@ -321,7 +336,7 @@ int cli_ac_initdata(struct cli_ac_data *data, unsigned int partsigs, unsigned in
}
memset(data->inioff, -1, partsigs * sizeof(off_t));
data->partcnt = (unsigned int *) cli_calloc(partsigs, sizeof(unsigned int));
data->partcnt = (uint16_t *) cli_calloc(partsigs, sizeof(uint16_t));
if(!data->partcnt) {
cli_errmsg("cli_ac_init(): unable to cli_calloc(%u, %u)\n", partsigs, sizeof(unsigned int));
@ -348,7 +363,7 @@ int cli_ac_initdata(struct cli_ac_data *data, unsigned int partsigs, unsigned in
return CL_EMEM;
}
data->maxshift = (int *) cli_malloc(partsigs * sizeof(int));
data->maxshift = (int32_t *) cli_malloc(partsigs * sizeof(int32_t));
if(!data->maxshift) {
cli_errmsg("cli_ac_init(): unable to cli_malloc(%u)\n", partsigs * sizeof(int));
@ -359,9 +374,9 @@ int cli_ac_initdata(struct cli_ac_data *data, unsigned int partsigs, unsigned in
return CL_EMEM;
}
memset(data->maxshift, -1, partsigs * sizeof(int));
memset(data->maxshift, -1, partsigs * sizeof(int32_t));
data->partoff = (unsigned int **) cli_calloc(partsigs, sizeof(unsigned int *));
data->partoff = (uint32_t **) cli_calloc(partsigs, sizeof(uint32_t *));
if(!data->partoff) {
cli_errmsg("cli_ac_init(): unable to cli_calloc(%u, %u)\n", partsigs, sizeof(unsigned int));
@ -379,7 +394,7 @@ int cli_ac_initdata(struct cli_ac_data *data, unsigned int partsigs, unsigned in
*/
for(i = 0; i < partsigs; i++) {
data->partoff[i] = (unsigned int *) cli_calloc(tracklen, sizeof(unsigned int));
data->partoff[i] = (uint32_t *) cli_calloc(tracklen, sizeof(uint32_t));
if(!data->partoff[i]) {
for(j = 0; j < i; j++)
@ -418,12 +433,12 @@ void cli_ac_freedata(struct cli_ac_data *data)
}
}
int cli_ac_scanbuff(const unsigned char *buffer, unsigned int length, const char **virname, const struct cli_matcher *root, struct cli_ac_data *mdata, unsigned short otfrec, unsigned long int offset, cli_file_t ftype, int fd, struct cli_matched_type **ftoffset)
int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, const struct cli_matcher *root, struct cli_ac_data *mdata, uint8_t otfrec, uint32_t offset, cli_file_t ftype, int fd, struct cli_matched_type **ftoffset)
{
struct cli_ac_node *current;
struct cli_ac_patt *pt;
int type = CL_CLEAN, j;
unsigned int i, position, curroff;
uint32_t i, position, curroff;
uint8_t offnum, found;
struct cli_matched_type *tnode, *tnode_last = NULL;
struct cli_target_info info;
@ -614,8 +629,3 @@ int cli_ac_scanbuff(const unsigned char *buffer, unsigned int length, const char
return otfrec ? type : CL_CLEAN;
}
void cli_ac_setdepth(unsigned int depth)
{
ac_depth = depth;
}

38
libclamav/matcher-ac.h
View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2002 - 2005 Tomasz Kojm <tkojm@clamav.net>
* Copyright (C) 2002 - 2007 Tomasz Kojm <tkojm@clamav.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -22,8 +22,6 @@
#include <sys/types.h>
#include "clamav.h"
#include "matcher.h"
#include "filetypes.h"
#include "cltypes.h"
@ -31,21 +29,41 @@
#define AC_DEFAULT_TRACKLEN 8
struct cli_ac_data {
unsigned int partsigs;
uint32_t partsigs;
off_t *inioff;
unsigned int *partcnt;
unsigned int **partoff;
uint16_t *partcnt;
uint32_t **partoff;
uint8_t *offcnt;
uint8_t *offidx;
int *maxshift;
int32_t *maxshift;
};
struct cli_ac_patt {
uint16_t *pattern, *prefix, length, prefix_length;
uint32_t mindist, maxdist;
char *virname, *offset;
const char *viralias;
uint32_t sigid;
uint16_t parts, partno, alt, *altn, alt_pattern;
uint8_t target;
uint16_t type;
unsigned char **altc;
struct cli_ac_patt *next;
};
struct cli_ac_node {
uint8_t islast;
struct cli_ac_patt *list;
struct cli_ac_node *trans[256], *fail;
};
#include "matcher.h"
int cli_ac_addpatt(struct cli_matcher *root, struct cli_ac_patt *pattern);
int cli_ac_initdata(struct cli_ac_data *data, unsigned int partsigs, unsigned int histlen);
int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint8_t tracklen);
void cli_ac_freedata(struct cli_ac_data *data);
int cli_ac_scanbuff(const unsigned char *buffer, unsigned int length, const char **virname, const struct cli_matcher *root, struct cli_ac_data *mdata, unsigned short otfrec, unsigned long int offset, cli_file_t ftype, int fd, struct cli_matched_type **ftoffset);
int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, const struct cli_matcher *root, struct cli_ac_data *mdata, uint8_t otfrec, uint32_t offset, cli_file_t ftype, int fd, struct cli_matched_type **ftoffset);
int cli_ac_buildtrie(struct cli_matcher *root);
void cli_ac_free(struct cli_matcher *root);
void cli_ac_setdepth(unsigned int depth);
#endif

8
libclamav/matcher-bm.c
View file

@ -17,6 +17,12 @@
* MA 02110-1301, USA.
*/
#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif
#include <stdio.h>
#include "clamav.h"
#include "memory.h"
#include "others.h"
@ -129,7 +135,7 @@ void cli_bm_free(struct cli_matcher *root)
}
}
int cli_bm_scanbuff(const unsigned char *buffer, unsigned int length, const char **virname, const struct cli_matcher *root, unsigned long int offset, cli_file_t ftype, int fd)
int cli_bm_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, const struct cli_matcher *root, uint32_t offset, cli_file_t ftype, int fd)
{
unsigned int i, j, shift, off, found = 0;
int idxtest;

14
libclamav/matcher-bm.h
View file

@ -20,14 +20,22 @@
#ifndef __MATCHER_BM_H
#define __MATCHER_BM_H
#include "clamav.h"
#include "matcher.h"
#include "matcher-bm.h"
#include "filetypes.h"
#include "cltypes.h"
struct cli_bm_patt {
unsigned char *pattern;
uint32_t length;
char *virname, *offset;
const char *viralias;
uint8_t target;
struct cli_bm_patt *next;
};
int cli_bm_addpatt(struct cli_matcher *root, struct cli_bm_patt *pattern);
int cli_bm_init(struct cli_matcher *root);
int cli_bm_scanbuff(const unsigned char *buffer, unsigned int length, const char **virname, const struct cli_matcher *root, unsigned long int offset, cli_file_t ftype, int fd);
int cli_bm_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, const struct cli_matcher *root, uint32_t offset, cli_file_t ftype, int fd);
void cli_bm_free(struct cli_matcher *root);
#endif

11
libclamav/matcher.c
View file

@ -41,6 +41,7 @@
#include "execs.h"
#include "special.h"
#include "str.h"
#include "cltypes.h"
#ifdef HAVE_NCORE
#include "matcher-ncore.h"
@ -50,9 +51,10 @@ static cli_file_t targettab[CL_TARGET_TABLE_SIZE] = { 0, CL_TYPE_MSEXE, CL_TYPE_
extern short cli_debug_flag;
int cli_scanbuff(const unsigned char *buffer, unsigned int length, const char **virname, const struct cl_engine *engine, cli_file_t ftype)
int cli_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, const struct cl_engine *engine, cli_file_t ftype)
{
int ret = CL_CLEAN, i;
int ret = CL_CLEAN;
unsigned int i;
struct cli_ac_data mdata;
struct cli_matcher *groot, *troot = NULL;
@ -285,12 +287,11 @@ int cli_validatesig(cli_file_t ftype, const char *offstr, off_t fileoff, struct
return 1;
}
int cli_scandesc(int desc, cli_ctx *ctx, unsigned short otfrec, cli_file_t ftype, unsigned short ftonly, struct cli_matched_type **ftoffset)
int cli_scandesc(int desc, cli_ctx *ctx, uint8_t otfrec, cli_file_t ftype, uint8_t ftonly, struct cli_matched_type **ftoffset)
{
unsigned char *buffer, *buff, *endbl, *upt;
int ret = CL_CLEAN, type = CL_CLEAN, i, bytes;
unsigned int buffersize, length, maxpatlen, shift = 0;
unsigned long int offset = 0;
uint32_t buffersize, length, maxpatlen, shift = 0, offset = 0;
struct cli_ac_data gdata, tdata;
cli_md5_ctx md5ctx;
unsigned char digest[16];

27
libclamav/matcher.h
View file

@ -29,6 +29,29 @@
#include "cltypes.h"
#include "md5.h"
#include "matcher-ac.h"
#include "matcher-bm.h"
#define CLI_MATCH_WILDCARD 0xff00
#define CLI_MATCH_IGNORE 0x0100
#define CLI_MATCH_ALTERNATIVE 0x0200
#define CLI_MATCH_NIBBLE_HIGH 0x0300
#define CLI_MATCH_NIBBLE_LOW 0x0400
struct cli_matcher {
uint16_t maxpatlen;
uint8_t ac_only;
/* Extended Boyer-Moore */
int32_t *bm_shift;
struct cli_bm_patt **bm_suffix;
/* Extended Aho-Corasick */
uint8_t ac_depth;
struct cli_ac_node *ac_root, **ac_nodetable;
uint32_t ac_partsigs, ac_nodes;
};
#define CL_TARGET_TABLE_SIZE 7
struct cli_target_info {
@ -37,9 +60,9 @@ struct cli_target_info {
int8_t status; /* 0 == not initialised, 1 == initialised OK, -1 == error */
};
int cli_scandesc(int desc, cli_ctx *ctx, unsigned short otfrec, cli_file_t ftype, unsigned short ftonly, struct cli_matched_type **ftoffset);
int cli_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, const struct cl_engine *engine, cli_file_t ftype);
int cli_scanbuff(const unsigned char *buffer, unsigned int length, const char **virname, const struct cl_engine *engine, cli_file_t ftype);
int cli_scandesc(int desc, cli_ctx *ctx, uint8_t otfrec, cli_file_t ftype, uint8_t ftonly, struct cli_matched_type **ftoffset);
int cli_validatesig(cli_file_t ftype, const char *offstr, off_t fileoff, struct cli_target_info *info, int desc, const char *virname);

1
libclamav/mbox.c
View file

@ -70,7 +70,6 @@ static char const rcsid[] = "$Id: mbox.c,v 1.381 2007/02/15 12:26:44 njh Exp $";
#endif
#include "others.h"
#include "defaults.h"
#include "str.h"
#include "filetypes.h"
#include "mbox.h"

8
libclamav/others.c
View file

@ -81,7 +81,7 @@ static pthread_mutex_t cli_gentempname_mutex = PTHREAD_MUTEX_INITIALIZER;
#define P_tmpdir "C:\\WINDOWS\\TEMP"
#endif
#define CL_FLEVEL 14 /* don't touch it */
#define CL_FLEVEL 15 /* don't touch it */
short cli_debug_flag = 0, cli_leavetemps_flag = 0;
@ -286,7 +286,7 @@ char *cli_md5file(const char *filename)
return md5str;
}
static char *cli_md5buff(const char *buffer, unsigned int len, unsigned char *dig)
static char *cli_md5buff(const unsigned char *buffer, unsigned int len, unsigned char *dig)
{
unsigned char digest[16];
char *md5str, *pt;
@ -295,7 +295,7 @@ static char *cli_md5buff(const char *buffer, unsigned int len, unsigned char *di
cli_md5_init(&ctx);
cli_md5_update(&ctx, (const unsigned char *) buffer, len);
cli_md5_update(&ctx, buffer, len);
cli_md5_final(digest, &ctx);
if(dig)
@ -465,7 +465,7 @@ static char *cli_gentempname(const char *dir)
for(i = 16; i < 48; i++)
salt[i] = cli_rndnum(256);
tmp = cli_md5buff((char *) salt, 48, name_salt);
tmp = cli_md5buff(salt, 48, name_salt);
#ifdef CL_THREAD_SAFE
pthread_mutex_unlock(&cli_gentempname_mutex);

21
libclamav/readdb.c
View file

@ -49,9 +49,9 @@
#endif
#include "matcher-ac.h"
#include "matcher-bm.h"
#include "matcher.h"
#include "others.h"
#include "str.h"
#include "defaults.h"
#include "dconf.h"
#include "lockdb.h"
#include "readdb.h"
@ -101,6 +101,9 @@ static int cli_ac_addsig(struct cli_matcher *root, const char *virname, const ch
free(hex); \
}
if(strlen(hexsig) / 2 < AC_DEFAULT_DEPTH)
return CL_EPATSHORT;
if((new = (struct cli_ac_patt *) cli_calloc(1, sizeof(struct cli_ac_patt))) == NULL)
return CL_EMEM;
@ -210,7 +213,7 @@ static int cli_ac_addsig(struct cli_matcher *root, const char *virname, const ch
}
}
if((new->pattern = cli_hex2si(new->alt ? hex : hexsig)) == NULL) {
if((new->pattern = cli_hex2ui(new->alt ? hex : hexsig)) == NULL) {
FREE_ALT;
if(new->offset)
free(new->offset);
@ -221,17 +224,17 @@ static int cli_ac_addsig(struct cli_matcher *root, const char *virname, const ch
new->length = strlen(new->alt ? hex : hexsig) / 2;
for(i = 0; i < AC_DEFAULT_DEPTH; i++) {
if(new->pattern[i] == CLI_IGN || new->pattern[i] == CLI_ALT) {
if(new->pattern[i] & CLI_MATCH_WILDCARD) {
wprefix = 1;
break;
}
}
if(wprefix) {
for(; i < new->length - AC_DEFAULT_DEPTH + 1; i++) {
for(; i < (uint16_t) (new->length - AC_DEFAULT_DEPTH + 1); i++) {
wprefix = 0;
for(j = i; j < i + AC_DEFAULT_DEPTH; j++) {
if(new->pattern[j] == CLI_IGN || new->pattern[j] == CLI_ALT) {
if(new->pattern[j] & CLI_MATCH_WILDCARD) {
wprefix = 1;
break;
}
@ -255,7 +258,7 @@ static int cli_ac_addsig(struct cli_matcher *root, const char *virname, const ch
new->length -= i;
for(i = 0; i < new->prefix_length; i++)
if(new->prefix[i] == CLI_ALT)
if((new->prefix[i] & CLI_MATCH_WILDCARD) == CLI_MATCH_ALTERNATIVE)
new->alt_pattern++;
}
@ -524,7 +527,7 @@ int cli_initengine(struct cl_engine **engine, unsigned int options)
(*engine)->refcount = 1;
(*engine)->root = (struct cli_matcher **) cli_calloc(CL_TARGET_TABLE_SIZE, sizeof(struct cli_matcher *));
(*engine)->root = cli_calloc(CL_TARGET_TABLE_SIZE, sizeof(struct cli_matcher *));
if(!(*engine)->root) {
/* no need to free previously allocated memory here */
cli_errmsg("Can't allocate memory for roots!\n");
@ -1674,9 +1677,9 @@ void cl_free(struct cl_engine *engine)
if(engine->root) {
for(i = 0; i < CL_TARGET_TABLE_SIZE; i++) {
if((root = engine->root[i])) {
cli_ac_free(root);
if(!engine->root[i]->ac_only)
if(!root->ac_only)
cli_bm_free(root);
cli_ac_free(root);
free(root);
}
}

1
libclamav/readdb.h
View file

@ -21,6 +21,7 @@
#define __READDB_H
#include "clamav.h"
#include "matcher.h"
int cli_parse_add(struct cli_matcher *root, const char *virname, const char *hexsig, unsigned short type, const char *offset, unsigned short target);

2
libclamav/scanners.c
View file

@ -1748,7 +1748,7 @@ static int cli_scanembpe(int desc, cli_ctx *ctx)
static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type)
{
int ret = CL_CLEAN, nret = CL_CLEAN;
unsigned short ftrec, break_loop = 0;
uint8_t ftrec, break_loop = 0;
struct cli_matched_type *ftoffset = NULL, *fpt;
uint32_t lastzip, lastrar;
struct cli_exe_info peinfo;

43
libclamav/str.c
View file

@ -33,7 +33,8 @@
#include "clamav.h"
#include "others.h"
#include "defaults.h"
#include "matcher.h"
#include "cltypes.h"
static int cli_hex2int(int c)
{
@ -53,30 +54,53 @@ static int cli_hex2int(int c)
return -1;
}
short int *cli_hex2si(const char *hex)
uint16_t *cli_hex2ui(const char *hex)
{
short int *str, *ptr, val, c;
int i, len;
uint16_t *str, *ptr, val;
unsigned int i, len;
int c;
len = strlen(hex);
if(len % 2 != 0) {
cli_errmsg("cli_hex2si(): Malformed hexstring: %s (length: %d)\n", hex, len);
cli_errmsg("cli_hex2si(): Malformed hexstring: %s (length: %u)\n", hex, len);
return NULL;
}
str = cli_calloc((len / 2) + 1, sizeof(short int));
str = cli_calloc((len / 2) + 1, sizeof(uint16_t));
if(!str)
return NULL;
ptr = str;
for(i = 0; i < len; i += 2) {
if(hex[i] == '?') {
val = CLI_IGN;
val = 0;
if(hex[i] == '?' && hex[i + 1] == '?') {
val |= CLI_MATCH_IGNORE;
} else if(hex[i + 1] == '?') {
if((c = cli_hex2int(hex[i])) >= 0) {
val = c << 4;
} else {
free(str);
return NULL;
}
val |= CLI_MATCH_NIBBLE_HIGH;
} else if(hex[i] == '?') {
if((c = cli_hex2int(hex[i + 1])) >= 0) {
val = c;
} else {
free(str);
return NULL;
}
val |= CLI_MATCH_NIBBLE_LOW;
} else if(hex[i] == '@') {
val = CLI_ALT;
val |= CLI_MATCH_ALTERNATIVE;
} else {
if((c = cli_hex2int(hex[i])) >= 0) {
val = c;
@ -91,6 +115,7 @@ short int *cli_hex2si(const char *hex)
return NULL;
}
}
*ptr++ = val;
}

4
libclamav/str.h
View file

@ -22,10 +22,12 @@
#include <sys/types.h>
#include "cltypes.h"
int cli_strbcasestr(const char *haystack, const char *needle);
int cli_chomp(char *string);
char *cli_strtok(const char *line, int field, const char *delim);
short int *cli_hex2si(const char *hex);
uint16_t *cli_hex2ui(const char *hex);
char *cli_hex2str(const char *hex);
int cli_hex2num(const char *hex);
char *cli_str2hex(const char *string, unsigned int len);