libclamav/matcher.c: add new offset modifier SEx (bb#4008)

ChangeLog

@@ -1,3 +1,7 @@
+Fri Dec  9 16:41:05 CET 2011 (tk)
+---------------------------------
+ * libclamav/matcher.c: add new offset modifier SEx (bb#4008)
+
 Thu Dec  1 15:07:49 CET 2011 (tk)
 ---------------------------------
  * libclamav/readdb.c: allow comments in all db files (bb#3930)

docs/signatures.tex

@@ -356,6 +356,8 @@ MalwareName:TargetType:Offset:HexSignature[:MinFL:[MaxFL]]
 	\item \verb#Sx+n# = start of section \verb+x+'s (counted from 0)
 	data plus \verb+n+ bytes
 	\item \verb#Sx-n# = start of section \verb+x+'s data minus \verb+n+ bytes
+	\item \verb#SEx# = entire section \verb+x+ (offset must lie within section
+	boundaries)
 	\item \verb#SL+n# = start of last section plus \verb+n+ bytes
 	\item \verb#SL-n# = start of last section minus \verb+n+ bytes
     \end{itemize}

libclamav/matcher.c

@@ -245,7 +245,15 @@ int cli_caloff(const char *offstr, const struct cli_target_info *info, unsigned
 	    offdata[1] = atoi(&offcpy[3]);
 
 	} else if(offcpy[0] == 'S') {
-	    if(!strncmp(offstr, "SL+", 3)) {
+	    if(offcpy[1] == 'E') {
+		if(!cli_isnumber(&offcpy[2])) {
+		    cli_errmsg("cli_caloff: Invalid section number\n");
+		    return CL_EMALFDB;
+		}
+		offdata[0] = CLI_OFF_SE;
+		offdata[3] = atoi(&offcpy[2]);
+
+	    } else if(!strncmp(offstr, "SL+", 3)) {
 		offdata[0] = CLI_OFF_SL_PLUS;
 		if(!cli_isnumber(&offcpy[3])) {
 		    cli_errmsg("cli_caloff: Invalid offset value\n");
@@ -303,12 +311,11 @@ int cli_caloff(const char *offstr, const struct cli_target_info *info, unsigned
 
     } else {
 	/* calculate relative offsets */
-	if(info->status == -1) {
-	    *offset_min = CLI_OFF_NONE;
-	    if(offset_max)
-		*offset_max = CLI_OFF_NONE;
+	*offset_min = CLI_OFF_NONE;
+	if(offset_max)
+	    *offset_max = CLI_OFF_NONE;
+	if(info->status == -1)
 	    return CL_SUCCESS;
-	}
 
 	switch(offdata[0]) {
 	    case CLI_OFF_EOF_MINUS:
@@ -333,6 +340,16 @@ int cli_caloff(const char *offstr, const struct cli_target_info *info, unsigned
 		else
 		    *offset_min = info->exeinfo.section[offdata[3]].raw + offdata[1];
 		break;
+
+	    case CLI_OFF_SE:
+		if(offdata[3] >= info->exeinfo.nsections) {
+		    *offset_min = CLI_OFF_NONE;
+		} else {
+		    *offset_min = info->exeinfo.section[offdata[3]].raw;
+		    *offset_max = *offset_min + info->exeinfo.section[offdata[3]].rsz + offdata[2];
+		}
+		break;
+
 	    case CLI_OFF_VERSION:
 		*offset_min = *offset_max = CLI_OFF_ANY;
 		break;
@@ -341,12 +358,8 @@ int cli_caloff(const char *offstr, const struct cli_target_info *info, unsigned
 		return CL_EARG;
 	}
 
-	if(offset_max) {
-	    if(*offset_min != CLI_OFF_NONE)
-		*offset_max = *offset_min + offdata[2];
-	    else
-		*offset_max = CLI_OFF_NONE;
-	}
+	if(offset_max && *offset_max == CLI_OFF_NONE && *offset_min != CLI_OFF_NONE)
+	    *offset_max = *offset_min + offdata[2];
     }
 
     return CL_SUCCESS;

libclamav/matcher.h

@@ -161,6 +161,7 @@ static const struct cli_mtarget cli_mtargets[CLI_MTARGETS] =  {
 #define CLI_OFF_SX_PLUS     6
 #define CLI_OFF_VERSION     7
 #define CLI_OFF_MACRO       8
+#define CLI_OFF_SE	    9
 
 int cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset, cli_ctx *ctx, cli_file_t ftype, struct cli_ac_data **acdata);
 

libclamav/others.h

@@ -54,7 +54,7 @@
  * in re-enabling affected modules.
  */
 
-#define CL_FLEVEL 71
+#define CL_FLEVEL 72
 #define CL_FLEVEL_DCONF	CL_FLEVEL
 #define CL_FLEVEL_SIGTOOL CL_FLEVEL