[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Tomasz Kojm
tkojm at clamav.net
Sun Apr 4 01:14:44 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit 570b1d0050ebc727c069945f4dc2ee5b8816f665
Author: Tomasz Kojm <tkojm at clamav.net>
Date: Thu Jan 14 23:32:35 2010 +0100
libclamav: cdb: drop FileType; cover ARJ, CAB, TAR, CPIO and 7Z
diff --git a/ChangeLog b/ChangeLog
index 5df789e..cefdb1c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Thu Jan 14 23:31:51 CET 2010 (tk)
+---------------------------------
+ * libclamav: cdb: drop FileType; cover ARJ, CAB, TAR, CPIO and 7Z
+
Thu Jan 14 19:43:43 CET 2010 (tk)
---------------------------------
* libclamav/readdb.c: fix compatibility issue with .zmd sigs (bb#1793)
diff --git a/libclamav/7z.c b/libclamav/7z.c
index 43c9611..7136fdb 100644
--- a/libclamav/7z.c
+++ b/libclamav/7z.c
@@ -32,6 +32,7 @@
#include "others.h"
#include "lzma_iface.h"
#include "scanners.h"
+#include "matcher.h"
#include "7z/7zFile.h"
#include "7z/7zCrc.h"
#include "7z/Archive/7z/7zIn.h"
@@ -80,6 +81,10 @@ int cli_7unz (int fd, cli_ctx *ctx) {
cli_dbgmsg("cli_7unz: skipping stream due to size limits (%llu vs %llu)\n", (long long)f->Size, (long long)ctx->engine->maxfilesize);
continue;
}
+ if(cli_matchmeta(ctx, f->Name, 0, f->Size, 0, i + 1, 0, NULL) == CL_VIRUS) {
+ ret = CL_VIRUS;
+ break;
+ }
if (ctx->engine->maxfiles && fu>=ctx->engine->maxfiles) {
cli_dbgmsg("cli_7unz: Files limit reached (max: %u)\n", ctx->engine->maxfiles);
ret=CL_EMAXFILES;
diff --git a/libclamav/cpio.c b/libclamav/cpio.c
index fceaa66..9f3e11e 100644
--- a/libclamav/cpio.c
+++ b/libclamav/cpio.c
@@ -36,6 +36,7 @@
#include "others.h"
#include "cpio.h"
#include "scanners.h"
+#include "matcher.h"
struct cpio_hdr_old {
uint16_t magic;
@@ -143,6 +144,9 @@ int cli_scancpio_old(int fd, cli_ctx *ctx)
if(!filesize)
continue;
+ if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS)
+ return CL_VIRUS;
+
pos = lseek(fd, 0, SEEK_CUR);
if((EC16(hdr_old.mode, conv) & 0170000) != 0100000) {
@@ -220,6 +224,9 @@ int cli_scancpio_odc(int fd, cli_ctx *ctx)
if(!filesize)
continue;
+ if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS)
+ return CL_VIRUS;
+
pos = lseek(fd, 0, SEEK_CUR);
ret = cli_checklimits("cli_scancpio_odc", ctx, filesize, 0, 0);
@@ -296,6 +303,9 @@ int cli_scancpio_newc(int fd, cli_ctx *ctx, int crc)
if(!filesize)
continue;
+ if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS)
+ return CL_VIRUS;
+
pos = lseek(fd, 0, SEEK_CUR);
ret = cli_checklimits("cli_scancpio_newc", ctx, filesize, 0, 0);
diff --git a/libclamav/matcher.c b/libclamav/matcher.c
index 002062d..b4bf352 100644
--- a/libclamav/matcher.c
+++ b/libclamav/matcher.c
@@ -545,7 +545,7 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
return (acmode & AC_SCAN_FT) ? type : CL_CLEAN;
}
-int cli_matchmeta(cli_ctx *ctx, cli_file_t ftype, const char *fname, size_t fsizec, size_t fsizer, int encrypted, int filepos, int res1, void *res2)
+int cli_matchmeta(cli_ctx *ctx, const char *fname, size_t fsizec, size_t fsizer, int encrypted, int filepos, int res1, void *res2)
{
const struct cli_cdb *cdb;
@@ -556,9 +556,6 @@ int cli_matchmeta(cli_ctx *ctx, cli_file_t ftype, const char *fname, size_t fsiz
if(cdb->ctype != CL_TYPE_ANY && cdb->ctype != ctx->container_type)
continue;
- if(cdb->ftype != CL_TYPE_ANY && cdb->ftype != ftype)
- continue;
-
if(cdb->encrypted != 2 && cdb->encrypted != encrypted)
continue;
diff --git a/libclamav/matcher.h b/libclamav/matcher.h
index 8d7f37a..0d419d6 100644
--- a/libclamav/matcher.h
+++ b/libclamav/matcher.h
@@ -105,7 +105,6 @@ struct cli_cdb
{
char *virname; /* virus name */
cli_file_t ctype; /* container type */
- cli_file_t ftype; /* file type */
regex_t name; /* filename regex */
size_t csize[2]; /* container size (min, max); if csize[0] != csize[1]
* then value of 0 makes the field ignored
@@ -166,6 +165,6 @@ int cli_caloff(const char *offstr, struct cli_target_info *info, fmap_t *map, un
int cli_checkfp(int fd, cli_ctx *ctx);
-int cli_matchmeta(cli_ctx *ctx, cli_file_t ftype, const char *fname, size_t fsizec, size_t fsizer, int encrypted, int filepos, int res1, void *res2);
+int cli_matchmeta(cli_ctx *ctx, const char *fname, size_t fsizec, size_t fsizer, int encrypted, int filepos, int res1, void *res2);
#endif
diff --git a/libclamav/readdb.c b/libclamav/readdb.c
index e479f0f..458e94c 100644
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@@ -1805,7 +1805,6 @@ static int cli_loadmd(FILE *fs, struct cl_engine *engine, unsigned int *signo, i
break;
}
new->ctype = (type == 1) ? CL_TYPE_ZIP : CL_TYPE_RAR;
- new->ftype = CL_TYPE_ANY;
if(engine->ignored && cli_chkign(engine->ignored, new->virname, buffer/*_cpy*/)) {
mpool_free(engine->mempool, new->virname);
@@ -1875,10 +1874,11 @@ static int cli_loadmd(FILE *fs, struct cl_engine *engine, unsigned int *signo, i
return CL_SUCCESS;
}
-/* 0 1 2 3 4 5 6 7 8 9 10 11 12
- * VirusName:ContainerType:FileType:FileNameREGEX:ContainerSize:FileSizeInContainer:FileSizeReal:IsEncrypted:FilePos:Res1:Res2[:MinFL[:MaxFL]]
+/* 0 1 2 3 4 5 6 7 8 9 10 11
+ * VirusName:ContainerType:ContainerSize:FileNameREGEX:FileSizeInContainer:FileSizeReal:IsEncrypted:FilePos:Res1:Res2[:MinFL[:MaxFL]]
*/
-#define CDB_TOKENS 13
+
+#define CDB_TOKENS 12
static int cli_loadcdb(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigned int options, struct cli_dbio *dbio)
{
const char *tokens[CDB_TOKENS + 1];
@@ -1907,21 +1907,21 @@ static int cli_loadcdb(FILE *fs, struct cl_engine *engine, unsigned int *signo,
break;
}
- if(tokens_count > 11) { /* min version */
- if(!cli_isnumber(tokens[11])) {
+ if(tokens_count > 10) { /* min version */
+ if(!cli_isnumber(tokens[10])) {
ret = CL_EMALFDB;
break;
}
- if((unsigned int) atoi(tokens[11]) > cl_retflevel()) {
+ if((unsigned int) atoi(tokens[10]) > cl_retflevel()) {
cli_dbgmsg("cli_loadcdb: Container signature for %s not loaded (required f-level: %u)\n", tokens[0], atoi(tokens[10]));
continue;
}
- if(tokens_count == 13) { /* max version */
- if(!cli_isnumber(tokens[12])) {
+ if(tokens_count == CDB_TOKENS) { /* max version */
+ if(!cli_isnumber(tokens[11])) {
ret = CL_EMALFDB;
break;
}
- if((unsigned int) atoi(tokens[12]) < cl_retflevel())
+ if((unsigned int) atoi(tokens[11]) < cl_retflevel())
continue;
}
}
@@ -1954,15 +1954,6 @@ static int cli_loadcdb(FILE *fs, struct cl_engine *engine, unsigned int *signo,
continue;
}
- if(!strcmp(tokens[2], "*")) {
- new->ftype = CL_TYPE_ANY;
- } else if((new->ftype = cli_ftcode(tokens[2])) == CL_TYPE_ERROR) {
- cli_dbgmsg("cli_loadcdb: Unknown file type %s in signature for %s, skipping\n", tokens[2], tokens[0]);
- mpool_free(engine->mempool, new->virname);
- mpool_free(engine->mempool, new);
- continue;
- }
-
if(strcmp(tokens[3], "*") && cli_regcomp(&new->name, tokens[3], REG_EXTENDED | REG_NOSUB)) {
cli_errmsg("cli_loadcdb: Can't compile regular expression %s in signature for %s\n", tokens[3], tokens[0]);
mpool_free(engine->mempool, new->virname);
@@ -2000,15 +1991,15 @@ static int cli_loadcdb(FILE *fs, struct cl_engine *engine, unsigned int *signo,
dest[0] = dest[1] = CLI_OFF_ANY; \
}
- CDBRANGE(tokens[4], new->csize);
- CDBRANGE(tokens[5], new->fsizec);
- CDBRANGE(tokens[6], new->fsizer);
- CDBRANGE(tokens[8], new->filepos);
+ CDBRANGE(tokens[2], new->csize);
+ CDBRANGE(tokens[4], new->fsizec);
+ CDBRANGE(tokens[5], new->fsizer);
+ CDBRANGE(tokens[7], new->filepos);
- if(!strcmp(tokens[7], "*")) {
+ if(!strcmp(tokens[6], "*")) {
new->encrypted = 2;
} else {
- if(strcmp(tokens[7], "0") && strcmp(tokens[7], "1")) {
+ if(strcmp(tokens[6], "0") && strcmp(tokens[6], "1")) {
cli_errmsg("cli_loadcdb: Invalid encryption flag value in signature for %s\n", tokens[0]);
if(new->name.re_magic)
cli_regfree(&new->name);
@@ -2017,11 +2008,11 @@ static int cli_loadcdb(FILE *fs, struct cl_engine *engine, unsigned int *signo,
ret = CL_EMEM;
break;
}
- new->encrypted = *tokens[7] - 0x30;
+ new->encrypted = *tokens[6] - 0x30;
}
- if(strcmp(tokens[10], "*")) {
- new->res2 = cli_mpool_strdup(engine->mempool, tokens[10]);
+ if(strcmp(tokens[9], "*")) {
+ new->res2 = cli_mpool_strdup(engine->mempool, tokens[9]);
if(!new->res2) {
cli_errmsg("cli_loadcdb: Can't allocate memory for res2 in signature for %s\n", tokens[0]);
if(new->name.re_magic)
diff --git a/libclamav/scanners.c b/libclamav/scanners.c
index afd74a4..53fa5e6 100644
--- a/libclamav/scanners.c
+++ b/libclamav/scanners.c
@@ -178,7 +178,7 @@ static int cli_unrar_scanmetadata(int desc, unrar_metadata_t *metadata, cli_ctx
(unsigned int) metadata->unpack_size, metadata->method,
metadata->pack_size ? (unsigned int) (metadata->unpack_size / metadata->pack_size) : 0);
- if(cli_matchmeta(ctx, CL_TYPE_ANY, metadata->filename, metadata->pack_size, metadata->unpack_size, metadata->encrypted, files, metadata->crc, NULL) == CL_VIRUS)
+ if(cli_matchmeta(ctx, metadata->filename, metadata->pack_size, metadata->unpack_size, metadata->encrypted, files, metadata->crc, NULL) == CL_VIRUS)
return CL_VIRUS;
if(DETECT_ENCRYPTED && metadata->encrypted) {
@@ -318,7 +318,7 @@ static int cli_scanrar(int desc, cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_c
static int cli_scanarj(int desc, cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_check)
{
- int ret = CL_CLEAN, rc;
+ int ret = CL_CLEAN, rc, file = 0;
arj_metadata_t metadata;
char *dir;
@@ -352,6 +352,10 @@ static int cli_scanarj(int desc, cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_c
if (ret != CL_SUCCESS) {
break;
}
+ file++;
+ if(cli_matchmeta(ctx, metadata.filename, metadata.comp_size, metadata.orig_size, metadata.encrypted, file, 0, NULL) == CL_VIRUS)
+ return CL_VIRUS;
+
if ((ret = cli_checklimits("ARJ", ctx, metadata.orig_size, metadata.comp_size, 0))!=CL_CLEAN) {
ret = CL_SUCCESS;
if (metadata.filename)
@@ -643,8 +647,8 @@ static int cli_scanmscab(int desc, cli_ctx *ctx, off_t sfx_offset)
for(file = cab.files; file; file = file->next) {
files++;
- if(!(tempname = cli_gentemp(ctx->engine->tmpdir))) {
- ret = CL_EMEM;
+ if(cli_matchmeta(ctx, file->name, 0, file->length, 0, files, 0, NULL) == CL_VIRUS) {
+ ret = CL_VIRUS;
break;
}
@@ -652,6 +656,12 @@ static int cli_scanmscab(int desc, cli_ctx *ctx, off_t sfx_offset)
ret = CL_CLEAN;
break;
}
+
+ if(!(tempname = cli_gentemp(ctx->engine->tmpdir))) {
+ ret = CL_EMEM;
+ break;
+ }
+
if(ctx->engine->maxscansize && ctx->scansize + ctx->engine->maxfilesize >= ctx->engine->maxscansize)
file->max_size = ctx->engine->maxscansize - ctx->scansize;
else
diff --git a/libclamav/untar.c b/libclamav/untar.c
index ca3fa6d..7fd2ab1 100644
--- a/libclamav/untar.c
+++ b/libclamav/untar.c
@@ -42,6 +42,7 @@ static char const rcsid[] = "$Id: untar.c,v 1.35 2007/02/12 20:46:09 njh Exp $";
#include "mbox.h"
#include "blob.h"
#include "scanners.h"
+#include "matcher.h"
#define BLOCKSIZE 512
@@ -180,6 +181,9 @@ cli_untar(const char *dir, int desc, unsigned int posix, cli_ctx *ctx)
strncpy(name, block, 100);
name[100] = '\0';
+ if(cli_matchmeta(ctx, name, size, size, 0, files, 0, NULL) == CL_VIRUS)
+ return CL_VIRUS;
+
snprintf(fullname, sizeof(fullname)-1, "%s"PATHSEP"tar%02u", dir, files);
fullname[sizeof(fullname)-1] = '\0';
fout = open(fullname, O_RDWR|O_CREAT|O_EXCL|O_TRUNC|O_BINARY, 0600);
diff --git a/libclamav/unzip.c b/libclamav/unzip.c
index f881f7e..ad15362 100644
--- a/libclamav/unzip.c
+++ b/libclamav/unzip.c
@@ -336,7 +336,7 @@ static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int
cli_dbgmsg("cli_unzip: lh - ZMDNAME:%d:%s:%u:%u:%x:%u:%u:%u\n", ((LH_flags & F_ENCR)!=0), name, LH_usize, LH_csize, LH_crc32, LH_method, fc, ctx->recursion);
/* ZMDfmt virname:encrypted(0-1):filename(exact|*):usize(exact|*):csize(exact|*):crc32(exact|*):method(exact|*):fileno(exact|*):maxdepth(exact|*) */
- if(cli_matchmeta(ctx, CL_TYPE_ANY, name, LH_csize, LH_usize, (LH_flags & F_ENCR)!=0, fc, LH_crc32, NULL) == CL_VIRUS) {
+ if(cli_matchmeta(ctx, name, LH_csize, LH_usize, (LH_flags & F_ENCR)!=0, fc, LH_crc32, NULL) == CL_VIRUS) {
*ret = CL_VIRUS;
return 0;
}
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list