open-dsi
/
clamav
mirror of https://github.com/Cisco-Talos/clamav
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ClamAV is an open source (GPLv2) anti-virus toolkit.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10388 Commits
40 Branches
228 Tags
220 MiB
Tag: Branch: Tree: 034cc77058
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '034cc77058'
${ noResults }
clamav/libclamav/binhex.c

275 lines
10 KiB
Raw Normal View History Unescape

First draft of binhex.c git-svn: trunk@1108
21 years ago
/*
Update copyright dates for 2020
5 years ago
* Copyright (C) 2013-2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
Updating and cleaning up copyright notices.
6 years ago
* Copyright (C) 2010-2013 Sourcefire, Inc.
update copyrights and stick more files to GPLv2; move and add more credits to the AUTHORS file; add COPYING.BSD git-svn: trunk@3749
17 years ago
*
one pass binhex
15 years ago
* Authors: aCaB <acab@clamav.net>
First draft of binhex.c git-svn: trunk@1108
21 years ago
*
* This program is free software; you can redistribute it and/or modify
update copyrights and stick more files to GPLv2; move and add more credits to the AUTHORS file; add COPYING.BSD git-svn: trunk@3749
17 years ago
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
First draft of binhex.c git-svn: trunk@1108
21 years ago
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
update GPL headers with new address for FSF git-svn: trunk@1901
19 years ago
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
First draft of binhex.c git-svn: trunk@1108
21 years ago
*
*/
#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif
one pass binhex
15 years ago
#include <string.h>
Just include mbox.h git-svn: trunk@1986
19 years ago
one pass binhex
15 years ago
#include "scanners.h"
fix several problems introduced by the win32 commits
16 years ago
#include "others.h"
one pass binhex
15 years ago
#include "clamav.h"
"port" binhex to fmap
16 years ago
#include "fmap.h"
Silence a bunch of compiler warnings in libclamav
11 years ago
#include "binhex.h"
First draft of binhex.c git-svn: trunk@1108
21 years ago
Added .clang-format style rules, clam-format script to automate formatting of ClamAV code, and preparing select files so that clang-format does not alter carefully formatted sections.
7 years ago
// clang-format off
one pass binhex
15 years ago
static const uint8_t hqxtbl[] = {
/* 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f */
/* 00-0f */ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
/* 10-1f */ 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
/* 20-2f */ 0xff,0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0xff,0xff,
/* 30-3f */ 0x0d,0x0e,0x0f,0x10,0x11,0x12,0x13,0xff,0x14,0x15,0xff,0xff,0xff,0xff,0xff,0xff,
/* 40-4f */ 0x16,0x17,0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20,0x21,0x22,0x23,0x24,0xff,
/* 50-5f */ 0x25,0x26,0x27,0x28,0x29,0x2a,0x2b,0xff,0x2c,0x2d,0x2e,0x2f,0xff,0xff,0xff,0xff,
/* 60-6f */ 0x30,0x31,0x32,0x33,0x34,0x35,0x36,0xff,0x37,0x38,0x39,0x3a,0x3b,0x3c,0xff,0xff,
/* 70-7f */ 0x3d,0x3e,0x3f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
};
Added .clang-format style rules, clam-format script to automate formatting of ClamAV code, and preparing select files so that clang-format does not alter carefully formatted sections.
7 years ago
// clang-format on
one pass binhex
15 years ago
#define BH_FLUSH_SZ (BUFSIZ - 256)
clang-format'd using new .clang-format rules.
7 years ago
int cli_binhex(cli_ctx *ctx)
{
fmap_t *map = *ctx->fmap;
More cleanup re: variables possibly used before initialized.
8 years ago
const uint8_t *encoded = NULL;
uint8_t decoded[BUFSIZ], spare_bits = 0, last_byte = 0, this_byte = 0, offset = 0;
clang-format'd using new .clang-format rules.
7 years ago
size_t enc_done = 0, enc_todo = map->len;
unsigned int dec_done = 0, chunksz = 0, chunkoff = 0;
More cleanup re: variables possibly used before initialized.
8 years ago
uint32_t datalen = 0, reslen = 0;
binhex minor fixes
15 years ago
int in_data = 0, in_run = 0, datafd, resfd, ret = CL_CLEAN;
clang-format'd using new .clang-format rules.
7 years ago
enum binhex_phase { IN_BANNER,
IN_HEADER,
IN_DATA,
IN_LIMBO1,
IN_LIMBO2,
IN_RES } write_phase = IN_BANNER;
one pass binhex
15 years ago
char *dname, *rname;
cli_dbgmsg("in cli_binhex\n");
clang-format'd using new .clang-format rules.
7 years ago
if (!map->len) return CL_CLEAN;
one pass binhex
15 years ago
Record names of extracted files A way is needed to record scanned file names for two purposes: 1. File names (and extensions) must be stored in the json metadata properties recorded when using the --gen-json clamscan option. Future work may use this to compare file extensions with detected file types. 2. File names are useful when interpretting tmp directory output when using the --leave-temps option. This commit enables file name retention for later use by storing file names in the fmap header structure, if a file name exists. To store the names in fmaps, an optional name argument has been added to any internal scan API's that create fmaps and every call to these APIs has been modified to pass a file name or NULL if a file name is not required. The zip and gpt parsers required some modification to record file names. The NSIS and XAR parsers fail to collect file names at all and will require future work to support file name extraction. Also: - Added recursive extraction to the tmp directory when the --leave-temps option is enabled. When not enabled, the tmp directory structure remains flat so as to prevent the likelihood of exceeding MAX_PATH. The current tmp directory is stored in the scan context. - Made the cli_scanfile() internal API non-static and added it to scanners.h so it would be accessible outside of scanners.c in order to remove code duplication within libmspack.c. - Added function comments to scanners.h and matcher.h - Converted a TDB-type macros and LSIG-type macros to enums for improved type safey. - Converted more return status variables from `int` to `cl_error_t` for improved type safety, and corrected ooxml file typing functions so they use `cli_file_t` exclusively rather than mixing types with `cl_error_t`. - Restructured the magic_scandesc() function to use goto's for error handling and removed the early_ret_from_magicscan() macro and magic_scandesc_cleanup() function. This makes the code easier to read and made it easier to add the recursive tmp directory cleanup to magic_scandesc(). - Corrected zip, egg, rar filename extraction issues. - Removed use of extra sub-directory layer for zip, egg, and rar file extraction. For Zip, this also involved changing the extracted filenames to be randomly generated rather than using the "zip.###" file name scheme.
5 years ago
if ((ret = cli_gentempfd(ctx->sub_tmpdir, &dname, &datafd)) != CL_SUCCESS)
clang-format'd using new .clang-format rules.
7 years ago
return ret;
one pass binhex
15 years ago
Record names of extracted files A way is needed to record scanned file names for two purposes: 1. File names (and extensions) must be stored in the json metadata properties recorded when using the --gen-json clamscan option. Future work may use this to compare file extensions with detected file types. 2. File names are useful when interpretting tmp directory output when using the --leave-temps option. This commit enables file name retention for later use by storing file names in the fmap header structure, if a file name exists. To store the names in fmaps, an optional name argument has been added to any internal scan API's that create fmaps and every call to these APIs has been modified to pass a file name or NULL if a file name is not required. The zip and gpt parsers required some modification to record file names. The NSIS and XAR parsers fail to collect file names at all and will require future work to support file name extraction. Also: - Added recursive extraction to the tmp directory when the --leave-temps option is enabled. When not enabled, the tmp directory structure remains flat so as to prevent the likelihood of exceeding MAX_PATH. The current tmp directory is stored in the scan context. - Made the cli_scanfile() internal API non-static and added it to scanners.h so it would be accessible outside of scanners.c in order to remove code duplication within libmspack.c. - Added function comments to scanners.h and matcher.h - Converted a TDB-type macros and LSIG-type macros to enums for improved type safey. - Converted more return status variables from `int` to `cl_error_t` for improved type safety, and corrected ooxml file typing functions so they use `cli_file_t` exclusively rather than mixing types with `cl_error_t`. - Restructured the magic_scandesc() function to use goto's for error handling and removed the early_ret_from_magicscan() macro and magic_scandesc_cleanup() function. This makes the code easier to read and made it easier to add the recursive tmp directory cleanup to magic_scandesc(). - Corrected zip, egg, rar filename extraction issues. - Removed use of extra sub-directory layer for zip, egg, and rar file extraction. For Zip, this also involved changing the extracted filenames to be randomly generated rather than using the "zip.###" file name scheme.
5 years ago
if ((ret = cli_gentempfd(ctx->sub_tmpdir, &rname, &resfd)) != CL_SUCCESS) {
clang-format'd using new .clang-format rules.
7 years ago
close(datafd);
if (cli_unlink(dname)) ret = CL_EUNLINK;
free(dname);
return ret;
one pass binhex
15 years ago
}
bb#5197: binhex.c
13 years ago
memset(decoded, 0, 24);
clang-format'd using new .clang-format rules.
7 years ago
while (1) {
uint8_t b;
if (!enc_todo || dec_done >= BH_FLUSH_SZ) {
if (write_phase == IN_HEADER) {
uint32_t namelen = (uint32_t)decoded[0], hdrlen = 1 + namelen + 1 + 4 + 4 + 2;
if (!dec_done) {
cli_dbgmsg("cli_binhex: file is empty\n");
break;
}
datalen = (decoded[hdrlen] << 24) | (decoded[hdrlen + 1] << 16) | (decoded[hdrlen + 2] << 8) | decoded[hdrlen + 3];
hdrlen += 4;
reslen = (decoded[hdrlen] << 24) | (decoded[hdrlen + 1] << 16) | (decoded[hdrlen + 2] << 8) | decoded[hdrlen + 3];
hdrlen += 4 + 2;
decoded[namelen + 1] = 0;
if (dec_done <= hdrlen) {
cli_dbgmsg("cli_binhex: file too short for header\n");
break;
}
if ((ret = cli_checklimits("cli_binhex(data)", ctx, datalen, 0, 0)) != CL_CLEAN)
break;
if (cli_checklimits("cli_binhex(resources)", ctx, reslen, 0, 0) != CL_CLEAN)
reslen = 0;
cli_dbgmsg("cli_binhex: decoding '%s' - %u bytes of data to %s - %u bytes or resources to %s\n", decoded + 1, datalen, dname, reslen, rname);
memmove(decoded, &decoded[hdrlen], dec_done - hdrlen);
dec_done -= hdrlen;
write_phase++;
bb6091 - check lseek() return
12 years ago
}
clang-format'd using new .clang-format rules.
7 years ago
if (dec_done && write_phase == IN_DATA) {
unsigned int todo = MIN(dec_done, datalen);
datalen -= todo;
dec_done -= todo;
Argument and return types for fmap_readn(), cli_writen(), cli_readn() converted to use size_t instead of int.
6 years ago
if (cli_writen(datafd, decoded, todo) != todo) {
clang-format'd using new .clang-format rules.
7 years ago
ret = CL_EWRITE;
break;
}
if (!datalen) {
write_phase++;
if (lseek(datafd, 0, SEEK_SET) == -1) {
cli_dbgmsg("cli_binhex: call to lseek() has failed\n");
ret = CL_ESEEK;
break;
}
Rename core scanning functions Many of the core scanning functions' names no longer represent their specific purpose or arguments. This commit aims to make the names more intuitive. Names are now prefixed with "magic" if they involve file-typing and file-type parsing. In addition, each function now includes the type of input being scanned whether its "desc", "fmap", or "buff". Some of the APIs also now specify "type" to indicate that a type other than "ANY" may be passed in to select the type rather than use file type magic for type recognition. | current name | new name | | ------------------------- | --------------------------------- | | magic_scandesc() | cli_magic_scan() | | cli_magic_scandesc_type() | <delete> | | cli_magic_scandesc() | cli_magic_scan_desc() | | cli_base_scandesc() | cli_magic_scan_desc_type() | | cli_partition_scandesc() | <delete> | | cli_map_scandesc() | magic_scan_nested_fmap_type() | | cli_map_scan() | cli_magic_scan_nested_fmap_type() | | cli_mem_scandesc() | cli_magic_scan_buff() | | cli_scanbuff() | cli_scan_buff() | | cli_scandesc() | cli_scan_desc() | | cli_fmap_scandesc() | cli_scan_fmap() | | cli_scanfile() | cli_magic_scan_file() | | cli_scandir() | cli_magic_scan_dir() | | cli_filetype2() | cli_determine_fmap_type() | | cli_filetype() | cli_compare_ftm_file() | | cli_partitiontype() | cli_compare_ftm_partition() | | cli_scanraw() | scanraw() |
5 years ago
ret = cli_magic_scan_desc(datafd, dname, ctx, NULL);
clang-format'd using new .clang-format rules.
7 years ago
if (ret == CL_VIRUS) break;
}
if (dec_done)
memmove(decoded, &decoded[todo], dec_done);
bb6091 - check lseek() return
12 years ago
}
clang-format'd using new .clang-format rules.
7 years ago
if (dec_done && write_phase == IN_LIMBO1) {
if (dec_done > 1) {
if (reslen < 5) {
cli_dbgmsg("cli_binhex: skipping resources (too small)\n");
break;
}
dec_done -= 2;
write_phase += 2;
if (dec_done)
memmove(decoded, &decoded[2], dec_done);
} else {
dec_done--;
write_phase++;
if (dec_done)
memmove(decoded, &decoded[1], dec_done);
}
bb6091 - check lseek() return
12 years ago
}
clang-format'd using new .clang-format rules.
7 years ago
if (dec_done && write_phase == IN_LIMBO2) {
if (reslen < 5) {
cli_dbgmsg("cli_binhex: skipping resources (too small)\n");
break;
}
write_phase++;
if (--dec_done)
memmove(decoded, &decoded[1], dec_done);
}
if (dec_done && write_phase == IN_RES) {
unsigned int todo = MIN(dec_done, reslen);
reslen -= todo;
dec_done -= todo;
Argument and return types for fmap_readn(), cli_writen(), cli_readn() converted to use size_t instead of int.
6 years ago
if (cli_writen(resfd, decoded, todo) != todo) {
clang-format'd using new .clang-format rules.
7 years ago
ret = CL_EWRITE;
break;
}
if (!reslen) {
if (lseek(resfd, 0, SEEK_SET) == -1) {
cli_dbgmsg("cli_binhex: call to lseek() has failed\n");
ret = CL_ESEEK;
break;
}
Rename core scanning functions Many of the core scanning functions' names no longer represent their specific purpose or arguments. This commit aims to make the names more intuitive. Names are now prefixed with "magic" if they involve file-typing and file-type parsing. In addition, each function now includes the type of input being scanned whether its "desc", "fmap", or "buff". Some of the APIs also now specify "type" to indicate that a type other than "ANY" may be passed in to select the type rather than use file type magic for type recognition. | current name | new name | | ------------------------- | --------------------------------- | | magic_scandesc() | cli_magic_scan() | | cli_magic_scandesc_type() | <delete> | | cli_magic_scandesc() | cli_magic_scan_desc() | | cli_base_scandesc() | cli_magic_scan_desc_type() | | cli_partition_scandesc() | <delete> | | cli_map_scandesc() | magic_scan_nested_fmap_type() | | cli_map_scan() | cli_magic_scan_nested_fmap_type() | | cli_mem_scandesc() | cli_magic_scan_buff() | | cli_scanbuff() | cli_scan_buff() | | cli_scandesc() | cli_scan_desc() | | cli_fmap_scandesc() | cli_scan_fmap() | | cli_scanfile() | cli_magic_scan_file() | | cli_scandir() | cli_magic_scan_dir() | | cli_filetype2() | cli_determine_fmap_type() | | cli_filetype() | cli_compare_ftm_file() | | cli_partitiontype() | cli_compare_ftm_partition() | | cli_scanraw() | scanraw() |
5 years ago
ret = cli_magic_scan_desc(resfd, rname, ctx, NULL);
clang-format'd using new .clang-format rules.
7 years ago
break;
}
}
if (!enc_todo) {
if (write_phase == IN_DATA) {
cli_dbgmsg("cli_binhex: scanning partially extracted data fork\n");
if (lseek(datafd, 0, SEEK_SET) == -1) {
cli_dbgmsg("cli_binhex: call to lseek() has failed\n");
ret = CL_ESEEK;
break;
}
Rename core scanning functions Many of the core scanning functions' names no longer represent their specific purpose or arguments. This commit aims to make the names more intuitive. Names are now prefixed with "magic" if they involve file-typing and file-type parsing. In addition, each function now includes the type of input being scanned whether its "desc", "fmap", or "buff". Some of the APIs also now specify "type" to indicate that a type other than "ANY" may be passed in to select the type rather than use file type magic for type recognition. | current name | new name | | ------------------------- | --------------------------------- | | magic_scandesc() | cli_magic_scan() | | cli_magic_scandesc_type() | <delete> | | cli_magic_scandesc() | cli_magic_scan_desc() | | cli_base_scandesc() | cli_magic_scan_desc_type() | | cli_partition_scandesc() | <delete> | | cli_map_scandesc() | magic_scan_nested_fmap_type() | | cli_map_scan() | cli_magic_scan_nested_fmap_type() | | cli_mem_scandesc() | cli_magic_scan_buff() | | cli_scanbuff() | cli_scan_buff() | | cli_scandesc() | cli_scan_desc() | | cli_fmap_scandesc() | cli_scan_fmap() | | cli_scanfile() | cli_magic_scan_file() | | cli_scandir() | cli_magic_scan_dir() | | cli_filetype2() | cli_determine_fmap_type() | | cli_filetype() | cli_compare_ftm_file() | | cli_partitiontype() | cli_compare_ftm_partition() | | cli_scanraw() | scanraw() |
5 years ago
ret = cli_magic_scan_desc(datafd, dname, ctx, NULL);
clang-format'd using new .clang-format rules.
7 years ago
} else if (write_phase == IN_RES) {
cli_dbgmsg("cli_binhex: scanning partially extracted resource fork\n");
if (lseek(resfd, 0, SEEK_SET) == -1) {
cli_dbgmsg("cli_binhex: call to lseek() has failed\n");
ret = CL_ESEEK;
break;
}
Rename core scanning functions Many of the core scanning functions' names no longer represent their specific purpose or arguments. This commit aims to make the names more intuitive. Names are now prefixed with "magic" if they involve file-typing and file-type parsing. In addition, each function now includes the type of input being scanned whether its "desc", "fmap", or "buff". Some of the APIs also now specify "type" to indicate that a type other than "ANY" may be passed in to select the type rather than use file type magic for type recognition. | current name | new name | | ------------------------- | --------------------------------- | | magic_scandesc() | cli_magic_scan() | | cli_magic_scandesc_type() | <delete> | | cli_magic_scandesc() | cli_magic_scan_desc() | | cli_base_scandesc() | cli_magic_scan_desc_type() | | cli_partition_scandesc() | <delete> | | cli_map_scandesc() | magic_scan_nested_fmap_type() | | cli_map_scan() | cli_magic_scan_nested_fmap_type() | | cli_mem_scandesc() | cli_magic_scan_buff() | | cli_scanbuff() | cli_scan_buff() | | cli_scandesc() | cli_scan_desc() | | cli_fmap_scandesc() | cli_scan_fmap() | | cli_scanfile() | cli_magic_scan_file() | | cli_scandir() | cli_magic_scan_dir() | | cli_filetype2() | cli_determine_fmap_type() | | cli_filetype() | cli_compare_ftm_file() | | cli_partitiontype() | cli_compare_ftm_partition() | | cli_scanraw() | scanraw() |
5 years ago
ret = cli_magic_scan_desc(resfd, rname, ctx, NULL);
clang-format'd using new .clang-format rules.
7 years ago
}
bb6091 - check lseek() return
12 years ago
break;
}
clang-format'd using new .clang-format rules.
7 years ago
}
First draft of binhex.c git-svn: trunk@1108
21 years ago
clang-format'd using new .clang-format rules.
7 years ago
// 'chunksz' must be 0 the first iteration,
// so that 'encoded' will be initialized before first dereference.
if (!chunksz) {
chunksz = MIN(enc_todo, map->pgsz);
encoded = fmap_need_off_once(map, enc_done, chunksz);
if (!encoded) {
ret = CL_EREAD;
break;
}
chunkoff = 0;
}
chunksz--;
Various tidy git-svn: trunk@2719
19 years ago
clang-format'd using new .clang-format rules.
7 years ago
b = encoded[chunkoff++];
enc_done++;
enc_todo--;
libclamav: fix error reporting for BinHex files (bb#1685)
16 years ago
clang-format'd using new .clang-format rules.
7 years ago
if ((char)b == '\r' || (char)b == '\n') {
in_data = 1;
continue;
}
if (!in_data) continue;
if (write_phase == IN_BANNER) {
if ((char)b != ':') {
cli_dbgmsg("cli_binhex: broken file (missing stream start identifier)\n");
break;
}
write_phase++;
}
if ((char)b == ':')
continue;
if (b > 0x7f || (b = hqxtbl[b]) == 0xff) {
cli_dbgmsg("cli_binhex: Invalid character (%02x)\n", encoded[chunkoff - 1]);
break;
}
switch ((offset++) & 3) { /* 6 bits per char */
case 0: /* left-6h */
spare_bits = b << 2;
continue;
case 1: /* left-2l + middle-4h */
this_byte = spare_bits | (b >> 4);
spare_bits = b << 4;
break;
case 2: /* middle-4l + right-2h */
this_byte = spare_bits | (b >> 2);
spare_bits = b << 6;
break;
case 3: /* right-6l */
this_byte = spare_bits | b;
}
libclamav: fix error reporting for BinHex files (bb#1685)
16 years ago
clang-format'd using new .clang-format rules.
7 years ago
if (in_run) {
in_run = 0;
if (!this_byte)
this_byte = 0x90;
else {
while (--this_byte)
decoded[dec_done++] = last_byte;
continue;
}
} else if (this_byte == 0x90) {
in_run = 1;
continue;
}
decoded[dec_done++] = this_byte;
last_byte = this_byte;
one pass binhex
15 years ago
}
close(datafd);
close(resfd);
clang-format'd using new .clang-format rules.
7 years ago
if (!ctx->engine->keeptmp) {
if (cli_unlink(dname) && ret != CL_VIRUS) ret = CL_EUNLINK;
if (cli_unlink(rname) && ret != CL_VIRUS) ret = CL_EUNLINK;
one pass binhex
15 years ago
}
free(dname);
free(rname);
return ret;
First draft of binhex.c git-svn: trunk@1108
21 years ago
}