Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-20 02:43:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

Support hex strings

Browse source
This commit is contained in:
Shawn Webb 2014-10-21 13:49:59 -04:00
parent 3cdfd031e0
commit f901b0ad82
1 changed files with 34 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

39
libclamav/readdb.c
View file

@ -2687,7 +2687,21 @@ static int cli_loadyara(FILE *fs, const char *dbname, struct cl_engine *engine,
totsize = strlen(rule->id) + 2 + strlen(YARATARGET); totsize = strlen(rule->id) + 2 + strlen(YARATARGET);
STAILQ_FOREACH(string, &rule->strings, link) { STAILQ_FOREACH(string, &rule->strings, link) {
nstrings++; nstrings++;
allstringsize += strlen(string->string); if (STRING_IS_HEX(string)) {
size_t len = strlen(string->string);
for (i=0; i < len; i++) {
int ch = string->string[i];
if (isalnum(ch))
allstringsize++;
}
} else {
allstringsize += strlen(string->string);
}
}
if (!nstrings) {
cli_errmsg("Rule %s contains to readable strings\n", rule->id);
return CL_EMALFDB;
} }
allstringsize *= 2; /* For converting to hex */ allstringsize *= 2; /* For converting to hex */
@ -2717,9 +2731,21 @@ static int cli_loadyara(FILE *fs, const char *dbname, struct cl_engine *engine,
string = STAILQ_FIRST(&rule->strings); string = STAILQ_FIRST(&rule->strings);
STAILQ_REMOVE(&rule->strings, string, _yc_string, link); STAILQ_REMOVE(&rule->strings, string, _yc_string, link);
for (i=0; i < strlen(string->string); i++) { if (STRING_IS_HEX(string)) {
size_t len = strlen(rulestr); size_t len = strlen(string->string);
snprintf(rulestr+len, totsize-len, "%02x", string->string[i]); size_t rulelen = strlen(rulestr);
size_t j;
for (j=0, i=0; i < len; i++) {
int ch = string->string[i];
if (isalnum(ch))
rulestr[rulelen+(j++)] = string->string[i];
}
rulestr[rulelen + j] = '\0';
} else {
for (i=0; i < strlen(string->string); i++) {
size_t len = strlen(rulestr);
snprintf(rulestr+len, totsize-len, "%02x", string->string[i]);
}
} }
if (!STAILQ_EMPTY(&rule->strings)) if (!STAILQ_EMPTY(&rule->strings))
@ -2730,6 +2756,9 @@ static int cli_loadyara(FILE *fs, const char *dbname, struct cl_engine *engine,
free(string); free(string);
} }
if (rulestr[strlen(rulestr)-1] == ';')
rulestr[strlen(rulestr)-1] = '\0';
printf("[+] computed ldb: \"%s\"\n", rulestr); printf("[+] computed ldb: \"%s\"\n", rulestr);
ruledup = cli_malloc(strlen(rulestr)+1); ruledup = cli_malloc(strlen(rulestr)+1);
if (!ruledup) { if (!ruledup) {
@ -2748,7 +2777,7 @@ static int cli_loadyara(FILE *fs, const char *dbname, struct cl_engine *engine,
engine, options, rule->id, line++, &sigs, 0, ruledup, NULL); engine, options, rule->id, line++, &sigs, 0, ruledup, NULL);
#endif #endif
printf("totsize: %zu\treal size: %zu\n", totsize, strlen(rulestr)); printf("totsize: %zu\treal size: %zu\n", totsize, strlen(ruledup));
free(rulestr); free(rulestr);
free(ruledup); free(ruledup);