Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 10:23:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

ZIP: Always parse file names

Browse source 
Having the filename is useful for certain callbacks, and will likely be
more useful in the future if we can start comparing detected filetypes
with file extensions.

E.g. if filetype is just "binary" or "text" we may be able to do better
by trusting a ".js" extension to determine the type.
Or else if detected file type is "pe" but the extension is ".png" we may
want to say it's suspicious.

Also adjusted the example callback program to disable metadata option.
The CL_SCAN_GENERAL_COLLECT_METADATA is no longer required for the Zip
parser to record filenames for embedded files, and described in the
previous commit.
This program can be used to demonstrate that it is behaving as desired.
This commit is contained in:
Micah Snyder 2023-08-23 17:41:40 -07:00 committed by GitHub
parent 0c03b8b6bb
commit e27a450bf8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

26
libclamav/unzip.c
View file

@ -624,6 +624,9 @@ static unsigned int parse_local_file_header(
uint32_t csize, usize;
unsigned int size_of_fileheader_and_data = 0;
uint32_t nsize = 0;
const char *src = NULL;
if (!(local_header = fmap_need_off(map, loff, SIZEOF_LOCAL_HEADER))) {
cli_dbgmsg("cli_unzip: local header - out of file\n");
goto done;
@ -647,18 +650,19 @@ static unsigned int parse_local_file_header(
fmap_unneed_off(map, loff, SIZEOF_LOCAL_HEADER);
goto done;
}
if (ctx->engine->cdb || cli_debug_flag || ctx->engine->keeptmp || ctx->options->general & CL_SCAN_GENERAL_COLLECT_METADATA) {
uint32_t nsize = (LOCAL_HEADER_flen >= sizeof(name)) ? sizeof(name) - 1 : LOCAL_HEADER_flen;
const char *src;
if (nsize && (src = fmap_need_ptr_once(map, zip, nsize))) {
memcpy(name, zip, nsize);
name[nsize] = '\0';
if (CL_SUCCESS != cli_basename(name, nsize, &original_filename)) {
original_filename = NULL;
}
} else
name[0] = '\0';
nsize = (LOCAL_HEADER_flen >= sizeof(name)) ? sizeof(name) - 1 : LOCAL_HEADER_flen;
src = fmap_need_ptr_once(map, zip, nsize);
if (nsize && (NULL != src)) {
memcpy(name, zip, nsize);
name[nsize] = '\0';
if (CL_SUCCESS != cli_basename(name, nsize, &original_filename)) {
original_filename = NULL;
}
} else {
name[0] = '\0';
}
zip += LOCAL_HEADER_flen;
zsize -= LOCAL_HEADER_flen;