open-dsi
/
clamav
mirror of https://github.com/Cisco-Talos/clamav
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

libclamav: provide information about lsig matches to bytecode (bb#1799)

Browse Source
0.96
Tomasz Kojm 16 years ago
parent dfb9c279cc
commit baf2e702e2
6 changed files with 47 additions and 4 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      ChangeLog
  2. 2
      libclamav/bytecode.c
  3. 2
      libclamav/bytecode.h
  4. 40
      libclamav/matcher-ac.c
  5. 1
      libclamav/matcher-ac.h
  6. 2
      libclamav/matcher.c

4
ChangeLog
Unescape View File

@ -1,3 +1,7 @@
Thu Jan 28 12:53:45 CET 2010 (tk)
---------------------------------
* libclamav: provide information about lsig matches to bytecode (bb#1799)
Wed Jan 27 18:33:09 CET 2010 (tk)
---------------------------------
* libclamav: provide offset in cli_ac_result (bb#1799)

2
libclamav/bytecode.c
Unescape View File

@ -1624,7 +1624,7 @@ int cli_bytecode_context_setfile(struct cli_bc_ctx *ctx, fmap_t *map)
return 0;
}
int cli_bytecode_runlsig(cli_ctx *cctx, const struct cli_all_bc *bcs, const struct cli_bc *bc, const char **virname, const uint32_t* lsigcnt, fmap_t *map)
int cli_bytecode_runlsig(cli_ctx *cctx, const struct cli_all_bc *bcs, const struct cli_bc *bc, const char **virname, const uint32_t* lsigcnt, const uint32_t *lsigsuboff, fmap_t *map)
{
int ret;
struct cli_bc_ctx ctx;

2
libclamav/bytecode.h
Unescape View File

@ -108,7 +108,7 @@ void cli_bytecode_describe(const struct cli_bc *bc);
/* Hooks */
struct cli_exe_info;
struct cli_ctx_tag;
int cli_bytecode_runlsig(struct cli_ctx_tag *ctx, const struct cli_all_bc *bcs, const struct cli_bc* bc, const char **virname, const uint32_t* lsigcnt, fmap_t *fmap);
int cli_bytecode_runlsig(struct cli_ctx_tag *ctx, const struct cli_all_bc *bcs, const struct cli_bc *bc, const char **virname, const uint32_t* lsigcnt, const uint32_t *lsigsuboff, fmap_t *map);
int cli_bytecode_runhook(struct cli_ctx_tag *cctx, const struct cl_engine *engine, struct cli_bc_ctx *ctx, unsigned id, fmap_t *map, const char **virname);
#ifdef __cplusplus

40
libclamav/matcher-ac.c
Unescape View File

@ -864,7 +864,7 @@ inline static int ac_findmatch(const unsigned char *buffer, uint32_t offset, uin
int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint32_t lsigs, uint32_t reloffsigs, uint8_t tracklen)
{
unsigned int i;
unsigned int i, j;
if(!data) {
@ -919,6 +919,38 @@ int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint32_t lsigs,
}
for(i = 1; i < lsigs; i++)
data->lsigcnt[i] = data->lsigcnt[0] + 64 * i;
/* subsig offsets */
data->lsigsuboff = (uint32_t **) cli_malloc(lsigs * sizeof(uint32_t *));
if(!data->lsigsuboff) {
free(data->lsigcnt[0]);
free(data->lsigcnt);
if(partsigs)
free(data->offmatrix);
if(reloffsigs)
free(data->offset);
cli_errmsg("cli_ac_init: Can't allocate memory for data->lsigsuboff\n");
return CL_EMEM;
}
data->lsigsuboff[0] = (uint32_t *) cli_calloc(lsigs * 64, sizeof(uint32_t));
if(!data->lsigsuboff[0]) {
free(data->lsigsuboff);
free(data->lsigcnt[0]);
free(data->lsigcnt);
if(partsigs)
free(data->offmatrix);
if(reloffsigs)
free(data->offset);
cli_errmsg("cli_ac_init: Can't allocate memory for data->lsigsuboff[0]\n");
return CL_EMEM;
}
for(j = 0; j < 64; j++)
data->lsigsuboff[0][j] = CLI_OFF_NONE;
for(i = 1; i < lsigs; i++) {
data->lsigsuboff[i] = data->lsigsuboff[0] + 64 * i;
for(j = 0; j < 64; j++)
data->lsigsuboff[i][j] = CLI_OFF_NONE;
}
}
return CL_SUCCESS;
@ -977,6 +1009,8 @@ void cli_ac_freedata(struct cli_ac_data *data)
if(data && data->lsigs) {
free(data->lsigcnt[0]);
free(data->lsigcnt);
free(data->lsigsuboff[0]);
free(data->lsigsuboff);
data->lsigs = 0;
}
@ -1177,6 +1211,8 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v
} else { /* !pt->type */
if(pt->lsigid[0]) {
mdata->lsigcnt[pt->lsigid[1]][pt->lsigid[2]]++;
if(mdata->lsigsuboff[pt->lsigid[1]][pt->lsigid[2]] == CLI_OFF_NONE)
mdata->lsigsuboff[pt->lsigid[1]][pt->lsigid[2]] = realoff;
pt = pt->next_same;
continue;
}
@ -1220,6 +1256,8 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v
} else {
if(pt->lsigid[0]) {
mdata->lsigcnt[pt->lsigid[1]][pt->lsigid[2]]++;
if(mdata->lsigsuboff[pt->lsigid[1]][pt->lsigid[2]] == CLI_OFF_NONE)
mdata->lsigsuboff[pt->lsigid[1]][pt->lsigid[2]] = realoff;
pt = pt->next_same;
continue;
}

1
libclamav/matcher-ac.h
Unescape View File

@ -37,6 +37,7 @@ struct cli_ac_data {
int32_t ***offmatrix;
uint32_t partsigs, lsigs, reloffsigs;
uint32_t **lsigcnt;
uint32_t **lsigsuboff;
uint32_t *offset;
/** Hashset for versioninfo matching */
struct cli_hashset vinfo;

2
libclamav/matcher.c
Unescape View File

@ -512,7 +512,7 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli
ret = CL_VIRUS; \
break; \
} \
if(cli_bytecode_runlsig(ctx, &ctx->engine->bcs, xroot->ac_lsigtable[i]->bc, ctx->virname, xdata.lsigcnt[i], map) == CL_VIRUS) { \
if(cli_bytecode_runlsig(ctx, &ctx->engine->bcs, xroot->ac_lsigtable[i]->bc, ctx->virname, xdata.lsigcnt[i], xdata.lsigsuboff[i], map) == CL_VIRUS) { \
ret = CL_VIRUS; \
break; \
} \

Write Preview
Loading…
Cancel
Save