From f22d89ee6ba7e809d51cfe80fedd778f0f8de586 Mon Sep 17 00:00:00 2001
From: Kevin Lin <klin@sourcefire.com>
Date: Thu, 26 Feb 2015 11:21:34 -0500
Subject: [PATCH] added wide support for word marker char class reason: differs
 from what is expected in yara TODO: handle this case for all character
 classes/cases

---
 libclamav/matcher-ac.c | 29 ++++++++++++++++++++++++++---
 libclamav/readdb.c     |  3 +++
 2 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/libclamav/matcher-ac.c b/libclamav/matcher-ac.c
index c75d44b1c..9635d5520 100644
--- a/libclamav/matcher-ac.c
+++ b/libclamav/matcher-ac.c
@@ -981,7 +981,19 @@ inline static int ac_findmatch(const unsigned char *buffer, uint32_t offset, uin
 
     if(pattern->boundary & AC_WORD_MARKER_LEFT) {
         match = !!(pattern->boundary & AC_WORD_MARKER_LEFT_NEGATIVE);
-        if(!fileoffset || (offset && !isalnum(buffer[offset - 1])))
+        /* absolute beginning of file */
+        if(!fileoffset)
+            match = !match;
+        /* 'wide' characters need a 'wider' check */
+        else if(pattern->sigopts & ACPATT_OPTION_WIDE) {
+            /* beginning of file has only one preceding character */
+            if(fileoffset-1 == 0)
+                match = !match;
+            if(offset - 1 && offset && !(isalnum(buffer[offset - 2]) && buffer[offset - 1] == '\0'))
+                match = !match;
+        }
+        /* 'normal' characters */
+        else if(offset && !isalnum(buffer[offset - 1]))
             match = !match;
 
         if(!match)
@@ -990,8 +1002,19 @@ inline static int ac_findmatch(const unsigned char *buffer, uint32_t offset, uin
 
     if(pattern->boundary & AC_WORD_MARKER_RIGHT) {
         match = !!(pattern->boundary & AC_WORD_MARKER_RIGHT_NEGATIVE);
-        if((length <= SCANBUFF) && (bp == length || !isalnum(buffer[offset - 1])))
-            match = !match;
+        if(length <= SCANBUFF) {
+            /* absolute end of file */
+            if(bp == length)
+                match = !match;
+            /* 'wide' characters need a 'wider' check */
+            else if(pattern->sigopts & ACPATT_OPTION_WIDE) {
+                if(!(isalnum(buffer[bp]) && buffer[bp + 1] == '\0'))
+                    match = !match;
+            }
+            /* 'normal' characters */
+            else if(!isalnum(buffer[offset - 1]))
+                match = !match;
+        }
 
         if(!match)
             return 0;
diff --git a/libclamav/readdb.c b/libclamav/readdb.c
index 44edc629d..c0ac015dd 100644
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@@ -219,6 +219,9 @@ static int sigopts_handler(struct cli_matcher *root, const char *virname, const
             if (ret != CL_SUCCESS || !(sigopts & ACPATT_OPTION_ASCII)) {
                 free(hexcpy);
                 return ret;
+            } else {
+                /* disable wide sigopt for ascii variant */
+                sigopts &= ~ACPATT_OPTION_WIDE;
             }
         }