libclamav: cdb: drop FileType; cover ARJ, CAB, TAR, CPIO and 7Z

16 years ago · 570b1d0050
parent 545247afb0
commit 570b1d0050
9 changed files with 59 additions and 39 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
+Thu Jan 14 23:31:51 CET 2010 (tk)
+---------------------------------
+ * libclamav: cdb: drop FileType; cover ARJ, CAB, TAR, CPIO and 7Z
+
 Thu Jan 14 19:43:43 CET 2010 (tk)
 ---------------------------------
 * libclamav/readdb.c: fix compatibility issue with .zmd sigs (bb#1793)
--- a/libclamav/7z.c
+++ b/libclamav/7z.c
@ -32,6 +32,7 @@
 #include "others.h"
 #include "lzma_iface.h"
 #include "scanners.h"
+#include "matcher.h"
 #include "7z/7zFile.h"
 #include "7z/7zCrc.h"
 #include "7z/Archive/7z/7zIn.h"
@ -80,6 +81,10 @@ int cli_7unz (int fd, cli_ctx *ctx) {
 	    cli_dbgmsg("cli_7unz: skipping stream due to size limits (%llu vs %llu)\n", (long long)f->Size, (long long)ctx->engine->maxfilesize);
 	    continue;
 	}
+	if(cli_matchmeta(ctx, f->Name, 0, f->Size, 0, i + 1, 0, NULL) == CL_VIRUS) {
+	    ret = CL_VIRUS;
+	    break;
+	}
 	if (ctx->engine->maxfiles && fu>=ctx->engine->maxfiles) {
 	    cli_dbgmsg("cli_7unz: Files limit reached (max: %u)\n", ctx->engine->maxfiles);
 	    ret=CL_EMAXFILES;
--- a/libclamav/cpio.c
+++ b/libclamav/cpio.c
@ -36,6 +36,7 @@
 #include "others.h"
 #include "cpio.h"
 #include "scanners.h"
+#include "matcher.h"

 struct cpio_hdr_old {
    uint16_t magic;
@ -143,6 +144,9 @@ int cli_scancpio_old(int fd, cli_ctx *ctx)
 	if(!filesize)
 	    continue;

+	if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS)
+	    return CL_VIRUS;
+
 	pos = lseek(fd, 0, SEEK_CUR);

 	if((EC16(hdr_old.mode, conv) & 0170000) != 0100000) {
@ -220,6 +224,9 @@ int cli_scancpio_odc(int fd, cli_ctx *ctx)
 	if(!filesize)
 	    continue;

+	if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS)
+	    return CL_VIRUS;
+
 	pos = lseek(fd, 0, SEEK_CUR);

 	ret = cli_checklimits("cli_scancpio_odc", ctx, filesize, 0, 0);
@ -296,6 +303,9 @@ int cli_scancpio_newc(int fd, cli_ctx *ctx, int crc)
 	if(!filesize)
 	    continue;

+	if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS)
+	    return CL_VIRUS;
+
 	pos = lseek(fd, 0, SEEK_CUR);

 	ret = cli_checklimits("cli_scancpio_newc", ctx, filesize, 0, 0);
--- a/libclamav/matcher.c
+++ b/libclamav/matcher.c
@ -545,7 +545,7 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
    return (acmode & AC_SCAN_FT) ? type : CL_CLEAN;
 }

-int cli_matchmeta(cli_ctx *ctx, cli_file_t ftype, const char *fname, size_t fsizec, size_t fsizer, int encrypted, int filepos, int res1, void *res2)
+int cli_matchmeta(cli_ctx *ctx, const char *fname, size_t fsizec, size_t fsizer, int encrypted, int filepos, int res1, void *res2)
 {
 	const struct cli_cdb *cdb;

@ -556,9 +556,6 @@ int cli_matchmeta(cli_ctx *ctx, cli_file_t ftype, const char *fname, size_t fsiz
 	if(cdb->ctype != CL_TYPE_ANY && cdb->ctype != ctx->container_type)
 	    continue;

-	if(cdb->ftype != CL_TYPE_ANY && cdb->ftype != ftype)
-	    continue;
-
 	if(cdb->encrypted != 2 && cdb->encrypted != encrypted)
 	    continue;

--- a/libclamav/matcher.h
+++ b/libclamav/matcher.h
@ -105,7 +105,6 @@ struct cli_cdb
 {
    char	*virname;   /* virus name */
    cli_file_t	ctype;	    /* container type */
-    cli_file_t	ftype;	    /* file type */
    regex_t	name;	    /* filename regex */
    size_t	csize[2];   /* container size (min, max); if csize[0] != csize[1]
 			     * then value of 0 makes the field ignored
@ -166,6 +165,6 @@ int cli_caloff(const char *offstr, struct cli_target_info *info, fmap_t *map, un

 int cli_checkfp(int fd, cli_ctx *ctx);

-int cli_matchmeta(cli_ctx *ctx, cli_file_t ftype, const char *fname, size_t fsizec, size_t fsizer, int encrypted, int filepos, int res1, void *res2);
+int cli_matchmeta(cli_ctx *ctx, const char *fname, size_t fsizec, size_t fsizer, int encrypted, int filepos, int res1, void *res2);

 #endif
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@ -1805,7 +1805,6 @@ static int cli_loadmd(FILE *fs, struct cl_engine *engine, unsigned int *signo, i
 	    break;
 	}
 	new->ctype = (type == 1) ? CL_TYPE_ZIP : CL_TYPE_RAR;
-	new->ftype = CL_TYPE_ANY;

 	if(engine->ignored && cli_chkign(engine->ignored, new->virname, buffer/*_cpy*/)) {
 	    mpool_free(engine->mempool, new->virname);
@ -1875,10 +1874,11 @@ static int cli_loadmd(FILE *fs, struct cl_engine *engine, unsigned int *signo, i
    return CL_SUCCESS;
 }

-/*    0		1	     2		3	       4	       5		 6	     7	      8      9    10     11     12
- * VirusName:ContainerType:FileType:FileNameREGEX:ContainerSize:FileSizeInContainer:FileSizeReal:IsEncrypted:FilePos:Res1:Res2[:MinFL[:MaxFL]]
+/*    0		 1		2		3	         4	       5	      6	      7	      8   9    10     11
+ * VirusName:ContainerType:ContainerSize:FileNameREGEX:FileSizeInContainer:FileSizeReal:IsEncrypted:FilePos:Res1:Res2[:MinFL[:MaxFL]]
 */
-#define CDB_TOKENS 13
+
+#define CDB_TOKENS 12
 static int cli_loadcdb(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigned int options, struct cli_dbio *dbio)
 {
 	const char *tokens[CDB_TOKENS + 1];
@ -1907,21 +1907,21 @@ static int cli_loadcdb(FILE *fs, struct cl_engine *engine, unsigned int *signo,
 	    break;
 	}

-	if(tokens_count > 11) { /* min version */
-	    if(!cli_isnumber(tokens[11])) {
+	if(tokens_count > 10) { /* min version */
+	    if(!cli_isnumber(tokens[10])) {
 		ret = CL_EMALFDB;
 		break;
 	    }
-	    if((unsigned int) atoi(tokens[11]) > cl_retflevel()) {
+	    if((unsigned int) atoi(tokens[10]) > cl_retflevel()) {
 		cli_dbgmsg("cli_loadcdb: Container signature for %s not loaded (required f-level: %u)\n", tokens[0], atoi(tokens[10]));
 		continue;
 	    }
-	    if(tokens_count == 13) { /* max version */
-		if(!cli_isnumber(tokens[12])) {
+	    if(tokens_count == CDB_TOKENS) { /* max version */
+		if(!cli_isnumber(tokens[11])) {
 		    ret = CL_EMALFDB;
 		    break;
 		}
-		if((unsigned int) atoi(tokens[12]) < cl_retflevel())
+		if((unsigned int) atoi(tokens[11]) < cl_retflevel())
 		    continue;
 	    }
 	}
@ -1954,15 +1954,6 @@ static int cli_loadcdb(FILE *fs, struct cl_engine *engine, unsigned int *signo,
 	    continue;
 	}

-	if(!strcmp(tokens[2], "*")) {
-	    new->ftype = CL_TYPE_ANY;
-	} else if((new->ftype = cli_ftcode(tokens[2])) == CL_TYPE_ERROR) {
-	    cli_dbgmsg("cli_loadcdb: Unknown file type %s in signature for %s, skipping\n", tokens[2], tokens[0]);
-	    mpool_free(engine->mempool, new->virname);
-	    mpool_free(engine->mempool, new);
-	    continue;
-	}
-
 	if(strcmp(tokens[3], "*") && cli_regcomp(&new->name, tokens[3], REG_EXTENDED | REG_NOSUB)) {
 	    cli_errmsg("cli_loadcdb: Can't compile regular expression %s in signature for %s\n", tokens[3], tokens[0]);
 	    mpool_free(engine->mempool, new->virname);
@ -2000,15 +1991,15 @@ static int cli_loadcdb(FILE *fs, struct cl_engine *engine, unsigned int *signo,
 	    dest[0] = dest[1] = CLI_OFF_ANY;				    \
 	}

-	CDBRANGE(tokens[4], new->csize);
-	CDBRANGE(tokens[5], new->fsizec);
-	CDBRANGE(tokens[6], new->fsizer);
-	CDBRANGE(tokens[8], new->filepos);
+	CDBRANGE(tokens[2], new->csize);
+	CDBRANGE(tokens[4], new->fsizec);
+	CDBRANGE(tokens[5], new->fsizer);
+	CDBRANGE(tokens[7], new->filepos);

-	if(!strcmp(tokens[7], "*")) {
+	if(!strcmp(tokens[6], "*")) {
 	    new->encrypted = 2;
 	} else {
-	    if(strcmp(tokens[7], "0") && strcmp(tokens[7], "1")) {
+	    if(strcmp(tokens[6], "0") && strcmp(tokens[6], "1")) {
 		cli_errmsg("cli_loadcdb: Invalid encryption flag value in signature for %s\n", tokens[0]);
 		if(new->name.re_magic)
 		    cli_regfree(&new->name);
@ -2017,11 +2008,11 @@ static int cli_loadcdb(FILE *fs, struct cl_engine *engine, unsigned int *signo,
 		ret = CL_EMEM;
 		break;
 	    }
-	    new->encrypted = *tokens[7] - 0x30;
+	    new->encrypted = *tokens[6] - 0x30;
 	}

-	if(strcmp(tokens[10], "*")) {
-	    new->res2 = cli_mpool_strdup(engine->mempool, tokens[10]);
+	if(strcmp(tokens[9], "*")) {
+	    new->res2 = cli_mpool_strdup(engine->mempool, tokens[9]);
 	    if(!new->res2) {
 		cli_errmsg("cli_loadcdb: Can't allocate memory for res2 in signature for %s\n", tokens[0]);
 		if(new->name.re_magic)
--- a/libclamav/scanners.c
+++ b/libclamav/scanners.c
@ -178,7 +178,7 @@ static int cli_unrar_scanmetadata(int desc, unrar_metadata_t *metadata, cli_ctx
 	(unsigned int) metadata->unpack_size, metadata->method,
 	metadata->pack_size ? (unsigned int) (metadata->unpack_size / metadata->pack_size) : 0);

-    if(cli_matchmeta(ctx, CL_TYPE_ANY, metadata->filename, metadata->pack_size, metadata->unpack_size, metadata->encrypted, files, metadata->crc, NULL) == CL_VIRUS)
+    if(cli_matchmeta(ctx, metadata->filename, metadata->pack_size, metadata->unpack_size, metadata->encrypted, files, metadata->crc, NULL) == CL_VIRUS)
 	return CL_VIRUS;

    if(DETECT_ENCRYPTED && metadata->encrypted) {
@ -318,7 +318,7 @@ static int cli_scanrar(int desc, cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_c

 static int cli_scanarj(int desc, cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_check)
 {
-	int ret = CL_CLEAN, rc;
+	int ret = CL_CLEAN, rc, file = 0;
 	arj_metadata_t metadata;
 	char *dir;

@ -352,6 +352,10 @@ static int cli_scanarj(int desc, cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_c
 	if (ret != CL_SUCCESS) {
 	   break;
 	}
+	file++;
+	if(cli_matchmeta(ctx, metadata.filename, metadata.comp_size, metadata.orig_size, metadata.encrypted, file, 0, NULL) == CL_VIRUS)
+	    return CL_VIRUS;
+
 	if ((ret = cli_checklimits("ARJ", ctx, metadata.orig_size, metadata.comp_size, 0))!=CL_CLEAN) {
 	    ret = CL_SUCCESS;
 	    if (metadata.filename)
@ -643,8 +647,8 @@ static int cli_scanmscab(int desc, cli_ctx *ctx, off_t sfx_offset)
    for(file = cab.files; file; file = file->next) {
 	files++;

-	if(!(tempname = cli_gentemp(ctx->engine->tmpdir))) {
-	    ret = CL_EMEM;
+	if(cli_matchmeta(ctx, file->name, 0, file->length, 0, files, 0, NULL) == CL_VIRUS) {
+	    ret = CL_VIRUS;
 	    break;
 	}

@ -652,6 +656,12 @@ static int cli_scanmscab(int desc, cli_ctx *ctx, off_t sfx_offset)
 	    ret = CL_CLEAN;
 	    break;
 	}
+
+	if(!(tempname = cli_gentemp(ctx->engine->tmpdir))) {
+	    ret = CL_EMEM;
+	    break;
+	}
+
 	if(ctx->engine->maxscansize && ctx->scansize + ctx->engine->maxfilesize >= ctx->engine->maxscansize)
 	    file->max_size = ctx->engine->maxscansize - ctx->scansize;
 	else
--- a/libclamav/untar.c
+++ b/libclamav/untar.c
@ -42,6 +42,7 @@ static	char	const	rcsid[] = "$Id: untar.c,v 1.35 2007/02/12 20:46:09 njh Exp $";
 #include "mbox.h"
 #include "blob.h"
 #include "scanners.h"
+#include "matcher.h"

 #define BLOCKSIZE 512

@ -180,6 +181,9 @@ cli_untar(const char *dir, int desc, unsigned int posix, cli_ctx *ctx)

 			strncpy(name, block, 100);
 			name[100] = '\0';
+			if(cli_matchmeta(ctx, name, size, size, 0, files, 0, NULL) == CL_VIRUS)
+			    return CL_VIRUS;
+
 			snprintf(fullname, sizeof(fullname)-1, "%s"PATHSEP"tar%02u", dir, files);
 			fullname[sizeof(fullname)-1] = '\0';
 			fout = open(fullname, O_RDWR|O_CREAT|O_EXCL|O_TRUNC|O_BINARY, 0600);
--- a/libclamav/unzip.c
+++ b/libclamav/unzip.c
@ -336,7 +336,7 @@ static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int
  cli_dbgmsg("cli_unzip: lh - ZMDNAME:%d:%s:%u:%u:%x:%u:%u:%u\n", ((LH_flags & F_ENCR)!=0), name, LH_usize, LH_csize, LH_crc32, LH_method, fc, ctx->recursion);
  /* ZMDfmt virname:encrypted(0-1):filename(exact|*):usize(exact|*):csize(exact|*):crc32(exact|*):method(exact|*):fileno(exact|*):maxdepth(exact|*) */

-  if(cli_matchmeta(ctx, CL_TYPE_ANY, name, LH_csize, LH_usize, (LH_flags & F_ENCR)!=0, fc, LH_crc32, NULL) == CL_VIRUS) {
+  if(cli_matchmeta(ctx, name, LH_csize, LH_usize, (LH_flags & F_ENCR)!=0, fc, LH_crc32, NULL) == CL_VIRUS) {
    *ret = CL_VIRUS;
    return 0;
  }