open-dsi
/
clamav
mirror of https://github.com/Cisco-Talos/clamav
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

added wide support for word marker char class

Browse Source 
reason: differs from what is expected in yara
TODO: handle this case for all character classes/cases
remotes/push_mirror/klin/altstr-yara
Kevin Lin 10 years ago
parent f3db2bbdc7
commit f22d89ee6b
2 changed files with 29 additions and 3 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 29
      libclamav/matcher-ac.c
  2. 3
      libclamav/readdb.c

29
libclamav/matcher-ac.c
Unescape View File

@ -981,7 +981,19 @@ inline static int ac_findmatch(const unsigned char *buffer, uint32_t offset, uin
if(pattern->boundary & AC_WORD_MARKER_LEFT) {
match = !!(pattern->boundary & AC_WORD_MARKER_LEFT_NEGATIVE);
if(!fileoffset || (offset && !isalnum(buffer[offset - 1])))
/* absolute beginning of file */
if(!fileoffset)
match = !match;
/* 'wide' characters need a 'wider' check */
else if(pattern->sigopts & ACPATT_OPTION_WIDE) {
/* beginning of file has only one preceding character */
if(fileoffset-1 == 0)
match = !match;
if(offset - 1 && offset && !(isalnum(buffer[offset - 2]) && buffer[offset - 1] == '\0'))
match = !match;
}
/* 'normal' characters */
else if(offset && !isalnum(buffer[offset - 1]))
match = !match;
if(!match)
@ -990,8 +1002,19 @@ inline static int ac_findmatch(const unsigned char *buffer, uint32_t offset, uin
if(pattern->boundary & AC_WORD_MARKER_RIGHT) {
match = !!(pattern->boundary & AC_WORD_MARKER_RIGHT_NEGATIVE);
if((length <= SCANBUFF) && (bp == length || !isalnum(buffer[offset - 1])))
match = !match;
if(length <= SCANBUFF) {
/* absolute end of file */
if(bp == length)
match = !match;
/* 'wide' characters need a 'wider' check */
else if(pattern->sigopts & ACPATT_OPTION_WIDE) {
if(!(isalnum(buffer[bp]) && buffer[bp + 1] == '\0'))
match = !match;
}
/* 'normal' characters */
else if(!isalnum(buffer[offset - 1]))
match = !match;
}
if(!match)
return 0;

3
libclamav/readdb.c
Unescape View File

@ -219,6 +219,9 @@ static int sigopts_handler(struct cli_matcher *root, const char *virname, const
if (ret != CL_SUCCESS || !(sigopts & ACPATT_OPTION_ASCII)) {
free(hexcpy);
return ret;
} else {
/* disable wide sigopt for ascii variant */
sigopts &= ~ACPATT_OPTION_WIDE;
}
}

Write Preview
Loading…
Cancel
Save