libclamav: linked MBR and APM parsing

filetypes: handled file misclassification as mbr
11 years ago · 6c2feae2be
parent 039e798cc8
commit 6c2feae2be
5 changed files with 77 additions and 8 deletions
--- a/libclamav/Makefile.am
+++ b/libclamav/Makefile.am
@ -392,8 +392,14 @@ libclamav_la_SOURCES = \
 	dmg.h \
 	xar.c \
 	xar.h \
+	mbr.c \
+    mbr.h \
 	gpt.c \
 	gpt.h \
+	apm.c \
+	apm.h \
+	prtn_intxn.c \
+	prtn_intxn.h \
 	xz_iface.c \
 	xz_iface.h \
 	sf_base64decode.c \
--- a/libclamav/Makefile.in
+++ b/libclamav/Makefile.in
@ -190,7 +190,8 @@ am_libclamav_la_OBJECTS = libclamav_la-matcher-ac.lo \
 	libclamav_la-bytecode_api_decl.lo libclamav_la-cache.lo \
 	libclamav_la-bytecode_detect.lo libclamav_la-events.lo \
 	libclamav_la-adc.lo libclamav_la-dmg.lo libclamav_la-xar.lo \
-	libclamav_la-gpt.lo libclamav_la-xz_iface.lo \
+	libclamav_la-mbr.lo libclamav_la-gpt.lo libclamav_la-apm.lo \
+	libclamav_la-prtn_intxn.lo libclamav_la-xz_iface.lo \
 	libclamav_la-sf_base64decode.lo libclamav_la-hfsplus.lo \
 	libclamav_la-swf.lo libclamav_la-jpeg.lo libclamav_la-png.lo \
 	libclamav_la-iso9660.lo libclamav_la-arc4.lo \
@ -723,13 +724,14 @@ libclamav_la_SOURCES = clamav.h matcher-ac.c matcher-ac.h matcher-bm.c \
 	bcfeatures.h bytecode_api.c bytecode_api_decl.c bytecode_api.h \
 	bytecode_api_impl.h bytecode_hooks.h cache.c cache.h \
 	bytecode_detect.c bytecode_detect.h builtin_bytecodes.h \
-	events.c events.h adc.c adc.h dmg.c dmg.h xar.c xar.h gpt.c \
-	gpt.h xz_iface.c xz_iface.h sf_base64decode.c \
-	sf_base64decode.h hfsplus.c hfsplus.h swf.c swf.h jpeg.c \
-	jpeg.h png.c png.h iso9660.c iso9660.h arc4.c arc4.h \
-	rijndael.c rijndael.h crtmgr.c crtmgr.h asn1.c asn1.h fpu.c \
-	fpu.h stats.c stats.h www.c www.h json.c json.h hostid.c \
-	hostid.h bignum.h bignum_fast.h tomsfastmath/addsub/fp_add.c \
+	events.c events.h adc.c adc.h dmg.c dmg.h xar.c xar.h mbr.c \
+	mbr.h gpt.c gpt.h apm.c apm.h prtn_intxn.c prtn_intxn.h \
+	xz_iface.c xz_iface.h sf_base64decode.c sf_base64decode.h \
+	hfsplus.c hfsplus.h swf.c swf.h jpeg.c jpeg.h png.c png.h \
+	iso9660.c iso9660.h arc4.c arc4.h rijndael.c rijndael.h \
+	crtmgr.c crtmgr.h asn1.c asn1.h fpu.c fpu.h stats.c stats.h \
+	www.c www.h json.c json.h hostid.c hostid.h bignum.h \
+	bignum_fast.h tomsfastmath/addsub/fp_add.c \
 	tomsfastmath/addsub/fp_add_d.c tomsfastmath/addsub/fp_addmod.c \
 	tomsfastmath/addsub/fp_cmp.c tomsfastmath/addsub/fp_cmp_d.c \
 	tomsfastmath/addsub/fp_cmp_mag.c tomsfastmath/addsub/fp_sub.c \
@ -939,6 +941,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-XzDec.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-XzIn.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-adc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-apm.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-arc4.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-asn1.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-aspack.Plo@am__quote@
@ -1071,6 +1074,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-matcher-hash.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-matcher.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-mbox.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-mbr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-message.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-mew.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-mpool.Plo@am__quote@
@ -1089,6 +1093,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-phish_whitelist.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-phishcheck.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-png.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-prtn_intxn.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-readdb.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-rebuildpe.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-regex_list.Plo@am__quote@
@ -1955,6 +1960,13 @@ libclamav_la-xar.lo: xar.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-xar.lo `test -f 'xar.c' || echo '$(srcdir)/'`xar.c

+libclamav_la-mbr.lo: mbr.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-mbr.lo -MD -MP -MF $(DEPDIR)/libclamav_la-mbr.Tpo -c -o libclamav_la-mbr.lo `test -f 'mbr.c' || echo '$(srcdir)/'`mbr.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_la-mbr.Tpo $(DEPDIR)/libclamav_la-mbr.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='mbr.c' object='libclamav_la-mbr.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-mbr.lo `test -f 'mbr.c' || echo '$(srcdir)/'`mbr.c
+
 libclamav_la-gpt.lo: gpt.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-gpt.lo -MD -MP -MF $(DEPDIR)/libclamav_la-gpt.Tpo -c -o libclamav_la-gpt.lo `test -f 'gpt.c' || echo '$(srcdir)/'`gpt.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_la-gpt.Tpo $(DEPDIR)/libclamav_la-gpt.Plo
@ -1962,6 +1974,20 @@ libclamav_la-gpt.lo: gpt.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-gpt.lo `test -f 'gpt.c' || echo '$(srcdir)/'`gpt.c

+libclamav_la-apm.lo: apm.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-apm.lo -MD -MP -MF $(DEPDIR)/libclamav_la-apm.Tpo -c -o libclamav_la-apm.lo `test -f 'apm.c' || echo '$(srcdir)/'`apm.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_la-apm.Tpo $(DEPDIR)/libclamav_la-apm.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='apm.c' object='libclamav_la-apm.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-apm.lo `test -f 'apm.c' || echo '$(srcdir)/'`apm.c
+
+libclamav_la-prtn_intxn.lo: prtn_intxn.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-prtn_intxn.lo -MD -MP -MF $(DEPDIR)/libclamav_la-prtn_intxn.Tpo -c -o libclamav_la-prtn_intxn.lo `test -f 'prtn_intxn.c' || echo '$(srcdir)/'`prtn_intxn.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_la-prtn_intxn.Tpo $(DEPDIR)/libclamav_la-prtn_intxn.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='prtn_intxn.c' object='libclamav_la-prtn_intxn.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-prtn_intxn.lo `test -f 'prtn_intxn.c' || echo '$(srcdir)/'`prtn_intxn.c
+
 libclamav_la-xz_iface.lo: xz_iface.c
@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-xz_iface.lo -MD -MP -MF $(DEPDIR)/libclamav_la-xz_iface.Tpo -c -o libclamav_la-xz_iface.lo `test -f 'xz_iface.c' || echo '$(srcdir)/'`xz_iface.c
@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_la-xz_iface.Tpo $(DEPDIR)/libclamav_la-xz_iface.Plo
--- a/libclamav/filetypes.c
+++ b/libclamav/filetypes.c
@ -39,6 +39,7 @@
 #include "textdet.h"
 #include "default.h"
 #include "iowrap.h"
+#include "mbr.h"

 #include "htmlnorm.h"
 #include "entconv.h"
@ -104,7 +105,9 @@ static const struct ftmap_s {
    { "CL_TYPE_ISO9660",	CL_TYPE_ISO9660		},
    { "CL_TYPE_JAVA",		CL_TYPE_JAVA		},
    { "CL_TYPE_DMG",		CL_TYPE_DMG		},
+    { "CL_TYPE_MBR",        CL_TYPE_MBR     },
    { "CL_TYPE_GPT",        CL_TYPE_GPT     },
+    { "CL_TYPE_APM",        CL_TYPE_APM     },
    { "CL_TYPE_XAR",		CL_TYPE_XAR		},
    { "CL_TYPE_PART_ANY",	CL_TYPE_PART_ANY	},
    { "CL_TYPE_PART_HFSPLUS",	CL_TYPE_PART_HFSPLUS	},
@ -302,6 +305,27 @@ cli_file_t cli_filetype2(fmap_t *map, const struct cl_engine *engine, cli_file_t
                    }
                }
            }
+        } else if (ret == CL_TYPE_MBR) {
+            const unsigned char *rbuff = buff+512;
+            int ri;
+
+            /* raw dmgs must be a multiple of 512 */
+            if ((map->len % 512) == 0 && map->len > 512) {
+                /* check if detected MBR is protective on GPT */
+                if (0 == memcmp(rbuff, "EFI PART", 8)) {
+                    cli_dbgmsg("Recognized GUID Partition Table file\n");
+                    return CL_TYPE_GPT;
+                }
+
+                /* check if the MBR is a valid configuration */
+                if (cli_mbr_check(buff, bread, map->len) == 0) {
+                    return CL_TYPE_MBR;
+                }
+            }
+
+            /* re-detect type */
+            cli_dbgmsg("Recognized binary data\n");
+            ret = CL_TYPE_BINARY_DATA;
        }
    }

--- a/libclamav/filetypes.h
+++ b/libclamav/filetypes.h
@ -102,7 +102,9 @@ typedef enum {
    CL_TYPE_ISHIELD_MSI,
    CL_TYPE_ISO9660,
    CL_TYPE_DMG,
+    CL_TYPE_MBR,
    CL_TYPE_GPT,
+    CL_TYPE_APM,
    CL_TYPE_IGNORED /* please don't add anything below */
 } cli_file_t;

--- a/libclamav/scanners.c
+++ b/libclamav/scanners.c
@ -99,6 +99,7 @@
 #include "hfsplus.h"
 #include "xz_iface.h"
 #include "gpt.h"
+#include "apm.h"

 #ifdef HAVE_BZLIB_H
 #include <bzlib.h>
@ -2583,11 +2584,21 @@ static int magic_scandesc(cli_ctx *ctx, cli_file_t type)
 		ret = cli_scanxz(ctx);
 	    break;

+	case CL_TYPE_MBR:
+	    //if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_MBR))
+		ret = cli_scanmbr(ctx);
+	    break;
+
 	case CL_TYPE_GPT:
 	    //if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_GPT))
 		ret = cli_scangpt(ctx);
 	    break;

+	case CL_TYPE_APM:
+	    //if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_APM))
+		ret = cli_scanapm(ctx);
+	    break;
+
 	case CL_TYPE_ARJ:
 	    ctx->container_type = CL_TYPE_ARJ;
 	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_ARJ))