| cf0cd429 |
/*
* ClamAV bytecode internal API
* |
| c442ca9c |
* Copyright (C) 2013-2019 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
* Copyright (C) 2009-2013 Sourcefire, Inc. |
| cf0cd429 |
* |
| d0af4afe |
* Authors: Török Edvin
* |
| cf0cd429 |
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*/
|
| 3ff75dbf |
#ifdef HAVE_CONFIG_H
#include "clamav-config.h"
#endif
#ifdef HAVE_UNISTD_H |
| 29227461 |
#include <unistd.h> |
| 3ff75dbf |
#endif |
| 4789b8a5 |
#include <stdlib.h> |
| 3ae0a76d |
#include <fcntl.h>
#include <errno.h> |
| 565e677f |
#include <string.h> |
| 7a7365ef |
#include <math.h> |
| a5b201c8 |
#include <ctype.h> |
| b2e7c931 |
|
| 60d8d2c3 |
#include "clamav.h" |
| 4789b8a5 |
#include "clambc.h" |
| 0a11015b |
#include "bytecode.h" |
| 4789b8a5 |
#include "bytecode_priv.h" |
| cf0cd429 |
#include "type_desc.h"
#include "bytecode_api.h" |
| d0af4afe |
#include "bytecode_api_impl.h" |
| 7189addb |
#include "others.h" |
| 0fa95ef2 |
#include "pe.h" |
| dc200c6b |
#include "pdf.h" |
| e5d112d8 |
#include "disasm.h" |
| 9aa1d725 |
#include "scanners.h" |
| b00a7cc8 |
#include "jsparse/js-norm.h" |
| 7a7365ef |
#include "hashtab.h"
#include "str.h"
#include "filetypes.h" |
| fa7ae4cc |
#if HAVE_JSON |
| 51f8cc3c |
#include "json.h" |
| fa7ae4cc |
#endif |
| cf0cd429 |
|
| ae8dc8c2 |
#define EV ctx->bc_events
#define STRINGIFY(x) #x
#define TOSTRING(x) STRINGIFY(x)
#define API_MISUSE() cli_event_error_str(EV, "API misuse @" TOSTRING(__LINE__ ))
|
| d0af4afe |
uint32_t cli_bcapi_test1(struct cli_bc_ctx *ctx, uint32_t a, uint32_t b) |
| cf0cd429 |
{ |
| cd94be7a |
UNUSEDPARAM(ctx); |
| cf0cd429 |
return (a==0xf00dbeef && b==0xbeeff00d) ? 0x12345678 : 0x55;
} |
| 4789b8a5 |
|
| 2d45ef06 |
uint32_t cli_bcapi_test2(struct cli_bc_ctx *ctx, uint32_t a)
{ |
| cd94be7a |
UNUSEDPARAM(ctx); |
| 2d45ef06 |
return a == 0xf00d ? 0xd00f : 0x5555;
}
|
| 4789b8a5 |
int32_t cli_bcapi_read(struct cli_bc_ctx* ctx, uint8_t *data, int32_t size)
{ |
| 4395bb9a |
int n; |
| ae8dc8c2 |
if (!ctx->fmap) { |
| 90c0acc7 |
API_MISUSE();
return -1; |
| ae8dc8c2 |
} |
| b56bea54 |
if (size < 0 || size > CLI_MAX_ALLOCATION) { |
| 90c0acc7 |
cli_warnmsg("bytecode: negative read size: %d\n", size);
API_MISUSE();
return -1; |
| 4395bb9a |
}
n = fmap_readn(ctx->fmap, data, ctx->off, size); |
| 7f6b55a1 |
if (n <= 0) { |
| 90c0acc7 |
cli_dbgmsg("bcapi_read: fmap_readn failed (requested %d)\n", size);
cli_event_count(EV, BCEV_READ_ERR);
return n; |
| 7f6b55a1 |
} |
| ae8dc8c2 |
cli_event_int(EV, BCEV_OFFSET, ctx->off);
cli_event_fastdata(EV, BCEV_READ, data, size);
//cli_event_data(EV, BCEV_READ, data, n); |
| 4395bb9a |
ctx->off += n;
return n; |
| 4789b8a5 |
}
int32_t cli_bcapi_seek(struct cli_bc_ctx* ctx, int32_t pos, uint32_t whence)
{
off_t off; |
| 7f6b55a1 |
if (!ctx->fmap) { |
| 90c0acc7 |
cli_dbgmsg("bcapi_seek: no fmap\n");
API_MISUSE();
return -1; |
| 7f6b55a1 |
} |
| 4789b8a5 |
switch (whence) { |
| 90c0acc7 |
case 0:
off = pos;
break;
case 1:
off = ctx->off + pos;
break;
case 2:
off = ctx->file_size + pos;
break;
default:
API_MISUSE();
cli_dbgmsg("bcapi_seek: invalid whence value\n");
return -1; |
| 4789b8a5 |
} |
| 7f6b55a1 |
if (off < 0 || off > ctx->file_size) { |
| ea4ab2bc |
cli_dbgmsg("bcapi_seek: out of file: %lld (max %d)\n",
(long long)off, ctx->file_size); |
| 90c0acc7 |
return -1; |
| 7f6b55a1 |
} |
| ae8dc8c2 |
cli_event_int(EV, BCEV_OFFSET, off); |
| 4789b8a5 |
ctx->off = off;
return off;
} |
| 7189addb |
|
| dcee45cc |
uint32_t cli_bcapi_debug_print_str(struct cli_bc_ctx *ctx, const uint8_t *str, uint32_t len) |
| 7189addb |
{ |
| cd94be7a |
UNUSEDPARAM(len); |
| d7531f2a |
cli_event_fastdata(EV, BCEV_DBG_STR, str, strlen((const char*)str)); |
| 7189addb |
cli_dbgmsg("bytecode debug: %s\n", str);
return 0;
}
|
| 2d45ef06 |
uint32_t cli_bcapi_debug_print_uint(struct cli_bc_ctx *ctx, uint32_t a) |
| 7189addb |
{ |
| ae8dc8c2 |
cli_event_int(EV, BCEV_DBG_INT, a); |
| fa7ae4cc |
//cli_dbgmsg("bytecode debug: %d\n", a);
//return 0; |
| 3de96271 |
if (!cli_debug_flag) |
| 90c0acc7 |
return 0; |
| 3de96271 |
return fprintf(stderr, "%d", a); |
| 7189addb |
} |
| d38d6dad |
/*TODO: compiler should make sure that only constants are passed here, and not
* pointers to arbitrary locations that may not be valid when bytecode finishes
* executing */
uint32_t cli_bcapi_setvirusname(struct cli_bc_ctx* ctx, const uint8_t *name, uint32_t len)
{ |
| cd94be7a |
UNUSEDPARAM(len); |
| e4a0f2c9 |
ctx->virname = (const char*)name; |
| 646395bb |
return 0; |
| d38d6dad |
} |
| 250d92c5 |
uint32_t cli_bcapi_disasm_x86(struct cli_bc_ctx *ctx, struct DISASM_RESULT *res, uint32_t len)
{ |
| e5d112d8 |
int n; |
| e4a0f2c9 |
const unsigned char *buf;
const unsigned char* next; |
| cd94be7a |
UNUSEDPARAM(len);
if (!res || !ctx->fmap || (size_t)(ctx->off) >= ctx->fmap->len) { |
| 90c0acc7 |
API_MISUSE();
return -1; |
| ae8dc8c2 |
} |
| 242bc10b |
/* 32 should be longest instr we support decoding.
* When we'll support mmx/sse instructions this should be updated! */
n = MIN(32, ctx->fmap->len - ctx->off); |
| e5d112d8 |
buf = fmap_need_off_once(ctx->fmap, ctx->off, n); |
| 4a836f43 |
if (buf)
next = cli_disasm_one(buf, n, res, 0);
else
next = NULL; |
| 7f6b55a1 |
if (!next) { |
| 90c0acc7 |
cli_dbgmsg("bcapi_disasm: failed\n");
cli_event_count(EV, BCEV_DISASM_FAIL);
return -1; |
| 7f6b55a1 |
} |
| e5d112d8 |
return ctx->off + next - buf; |
| 250d92c5 |
}
|
| 65c740d7 |
/* TODO: field in ctx, id of last bytecode that called magicscandesc, reset
* after hooks/other bytecodes are run. TODO: need a more generic solution
* to avoid uselessly recursing on bytecode-unpacked files, but also a way to
* override the limit if we need it in a special situation */ |
| 250d92c5 |
int32_t cli_bcapi_write(struct cli_bc_ctx *ctx, uint8_t*data, int32_t len)
{ |
| ae8dc8c2 |
char err[128]; |
| 3ae0a76d |
int32_t res; |
| ae8dc8c2 |
|
| 3ae0a76d |
cli_ctx *cctx = (cli_ctx*)ctx->ctx;
if (len < 0) { |
| 90c0acc7 |
cli_warnmsg("Bytecode API: called with negative length!\n");
API_MISUSE();
return -1; |
| 3ae0a76d |
} |
| d9fbce26 |
if (!ctx->outfd) { |
| 90c0acc7 |
ctx->tempfile = cli_gentemp(cctx ? cctx->engine->tmpdir : NULL);
if (!ctx->tempfile) {
cli_dbgmsg("Bytecode API: Unable to allocate memory for tempfile\n");
cli_event_error_oom(EV, 0);
return -1;
}
ctx->outfd = open(ctx->tempfile, O_RDWR|O_CREAT|O_EXCL|O_TRUNC|O_BINARY, 0600);
if (ctx->outfd == -1) {
ctx->outfd = 0;
cli_warnmsg("Bytecode API: Can't create file %s: %s\n", ctx->tempfile, cli_strerror(errno, err, sizeof(err)));
cli_event_error_str(EV, "cli_bcapi_write: Can't create temporary file");
free(ctx->tempfile);
return -1;
}
cli_dbgmsg("bytecode opened new tempfile: %s\n", ctx->tempfile); |
| 3ae0a76d |
} |
| ae8dc8c2 |
cli_event_fastdata(ctx->bc_events, BCEV_WRITE, data, len); |
| 3ae0a76d |
if (cli_checklimits("bytecode api", cctx, ctx->written + len, 0, 0)) |
| 90c0acc7 |
return -1; |
| 3ae0a76d |
res = cli_writen(ctx->outfd, data, len);
if (res > 0) ctx->written += res; |
| ae8dc8c2 |
if (res == -1) { |
| 90c0acc7 |
cli_warnmsg("Bytecode API: write failed: %s\n", cli_strerror(errno, err, sizeof(err)));
cli_event_error_str(EV, "cli_bcapi_write: write failed"); |
| ae8dc8c2 |
} |
| 3ae0a76d |
return res; |
| 250d92c5 |
}
|
| 92ba8d66 |
void cli_bytecode_context_set_trace(struct cli_bc_ctx* ctx, unsigned level, |
| 90c0acc7 |
bc_dbg_callback_trace trace,
bc_dbg_callback_trace_op trace_op,
bc_dbg_callback_trace_val trace_val,
bc_dbg_callback_trace_ptr trace_ptr) |
| 0a11015b |
{
ctx->trace = trace;
ctx->trace_op = trace_op;
ctx->trace_val = trace_val; |
| 688799d1 |
ctx->trace_ptr = trace_ptr; |
| 0a11015b |
ctx->trace_level = level;
}
|
| 3f25b35d |
uint32_t cli_bcapi_trace_scope(struct cli_bc_ctx *ctx, const uint8_t *scope, uint32_t scopeid) |
| 65c740d7 |
{ |
| 0a11015b |
if (LIKELY(!ctx->trace_level)) |
| 90c0acc7 |
return 0; |
| 0a11015b |
if (ctx->scope != (const char*)scope) { |
| 90c0acc7 |
ctx->scope = (const char*)scope ? (const char*)scope : "?";
ctx->scopeid = scopeid; |
| 7cd9337a |
ctx->trace_level |= 0x80;/* temporarily increase level to print params */ |
| 0a11015b |
} else if ((ctx->trace_level >= trace_scope) && ctx->scopeid != scopeid) { |
| 90c0acc7 |
ctx->scopeid = scopeid; |
| 7cd9337a |
ctx->trace_level |= 0x40;/* temporarily increase level to print location */ |
| 65c740d7 |
} |
| 0a11015b |
return 0; |
| 65c740d7 |
}
|
| 3f25b35d |
uint32_t cli_bcapi_trace_directory(struct cli_bc_ctx *ctx, const uint8_t* dir, uint32_t dummy) |
| 65c740d7 |
{ |
| cd94be7a |
UNUSEDPARAM(dummy); |
| 0a11015b |
if (LIKELY(!ctx->trace_level)) |
| 90c0acc7 |
return 0; |
| 0a11015b |
ctx->directory = (const char*)dir ? (const char*)dir : ""; |
| 65c740d7 |
return 0;
}
|
| 3f25b35d |
uint32_t cli_bcapi_trace_source(struct cli_bc_ctx *ctx, const uint8_t *file, uint32_t line) |
| 65c740d7 |
{ |
| 0a11015b |
if (LIKELY(ctx->trace_level < trace_line)) |
| 90c0acc7 |
return 0; |
| 0a11015b |
if (ctx->file != (const char*)file || ctx->line != line) { |
| 90c0acc7 |
ctx->col = 0;
ctx->file =(const char*)file ? (const char*)file : "??";
ctx->line = line; |
| 65c740d7 |
}
return 0;
}
|
| 3f25b35d |
uint32_t cli_bcapi_trace_op(struct cli_bc_ctx *ctx, const uint8_t *op, uint32_t col) |
| 65c740d7 |
{ |
| 0a11015b |
if (LIKELY(ctx->trace_level < trace_col)) |
| 90c0acc7 |
return 0; |
| 0a11015b |
if (ctx->trace_level&0xc0) { |
| 90c0acc7 |
ctx->col = col;
/* func/scope changed and they needed param/location event */
ctx->trace(ctx, (ctx->trace_level&0x80) ? trace_func : trace_scope);
ctx->trace_level &= ~0xc0; |
| 124af5e8 |
} |
| 0a11015b |
if (LIKELY(ctx->trace_level < trace_col)) |
| 90c0acc7 |
return 0; |
| 0a11015b |
if (ctx->col != col) { |
| 90c0acc7 |
ctx->col = col;
ctx->trace(ctx, trace_col); |
| 0a11015b |
} else { |
| 90c0acc7 |
ctx->trace(ctx, trace_line); |
| 65c740d7 |
} |
| 0a11015b |
if (LIKELY(ctx->trace_level < trace_op)) |
| 90c0acc7 |
return 0; |
| 0a11015b |
if (ctx->trace_op && op) |
| 90c0acc7 |
ctx->trace_op(ctx, (const char*)op); |
| 65c740d7 |
return 0;
} |
| 250d92c5 |
|
| 3f25b35d |
uint32_t cli_bcapi_trace_value(struct cli_bc_ctx *ctx, const uint8_t* name, uint32_t value) |
| 65c740d7 |
{ |
| 0a11015b |
if (LIKELY(ctx->trace_level < trace_val)) |
| 90c0acc7 |
return 0; |
| 0a11015b |
if (ctx->trace_level&0x80) { |
| 90c0acc7 |
if ((ctx->trace_level&0x7f) < trace_param)
return 0;
ctx->trace(ctx, trace_param); |
| 0a11015b |
}
if (ctx->trace_val && name) |
| 90c0acc7 |
ctx->trace_val(ctx, (const char*)name, value); |
| 0a11015b |
return 0; |
| 65c740d7 |
} |
| 688799d1 |
|
| 3f25b35d |
uint32_t cli_bcapi_trace_ptr(struct cli_bc_ctx *ctx, const uint8_t* ptr, uint32_t dummy) |
| 688799d1 |
{ |
| cd94be7a |
UNUSEDPARAM(dummy); |
| 688799d1 |
if (LIKELY(ctx->trace_level < trace_val)) |
| 90c0acc7 |
return 0; |
| 688799d1 |
if (ctx->trace_level&0x80) { |
| 90c0acc7 |
if ((ctx->trace_level&0x7f) < trace_param)
return 0;
ctx->trace(ctx, trace_param); |
| 688799d1 |
}
if (ctx->trace_ptr) |
| 90c0acc7 |
ctx->trace_ptr(ctx, ptr); |
| 688799d1 |
return 0;
} |
| 0fa95ef2 |
|
| 2d45ef06 |
uint32_t cli_bcapi_pe_rawaddr(struct cli_bc_ctx *ctx, uint32_t rva) |
| 0fa95ef2 |
{
uint32_t ret; |
| e4a0f2c9 |
unsigned err = 0; |
| 0fa95ef2 |
const struct cli_pe_hook_data *pe = ctx->hooks.pedata; |
| 236fb136 |
ret = cli_rawaddr(rva, ctx->sections, pe->nsections, &err, |
| 90c0acc7 |
ctx->file_size, pe->hdr_size); |
| 7f6b55a1 |
if (err) {
cli_dbgmsg("bcapi_pe_rawaddr invalid rva: %u\n", rva); |
| 0fa95ef2 |
return PE_INVALID_RVA; |
| 7f6b55a1 |
} |
| 0fa95ef2 |
return ret;
} |
| 565e677f |
static inline const char* cli_memmem(const char *haystack, unsigned hlen, |
| 90c0acc7 |
const unsigned char *needle, unsigned nlen) |
| 565e677f |
{
const char *p;
unsigned char c; |
| ae8dc8c2 |
if (!needle || !haystack) { |
| 90c0acc7 |
return NULL; |
| ae8dc8c2 |
} |
| 565e677f |
c = *needle++;
if (nlen == 1) |
| 90c0acc7 |
return memchr(haystack, c, hlen); |
| 565e677f |
while (hlen >= nlen) { |
| 90c0acc7 |
p = haystack;
haystack = memchr(haystack, c, hlen - nlen + 1);
if (!haystack)
return NULL;
hlen -= haystack+1 - p;
p = haystack + 1;
if (!memcmp(p, needle, nlen-1))
return haystack;
haystack = p; |
| 565e677f |
}
return NULL;
}
int32_t cli_bcapi_file_find(struct cli_bc_ctx *ctx, const uint8_t* data, uint32_t len)
{ |
| 7a7365ef |
fmap_t *map = ctx->fmap;
if (!map || len <= 0) { |
| 90c0acc7 |
cli_dbgmsg("bcapi_file_find preconditions not met\n");
API_MISUSE();
return -1; |
| 7a7365ef |
}
return cli_bcapi_file_find_limit(ctx, data, len, map->len);
}
int32_t cli_bcapi_file_find_limit(struct cli_bc_ctx *ctx , const uint8_t* data, uint32_t len, int32_t limit)
{ |
| 565e677f |
char buf[4096];
fmap_t *map = ctx->fmap; |
| e4a0f2c9 |
uint32_t off = ctx->off; |
| 565e677f |
int n;
|
| 7a7365ef |
if (!map || len > sizeof(buf)/4 || len <= 0 || limit <= 0) { |
| 90c0acc7 |
cli_dbgmsg("bcapi_file_find_limit preconditions not met\n");
API_MISUSE();
return -1; |
| 7f6b55a1 |
} |
| ae8dc8c2 |
cli_event_int(EV, BCEV_OFFSET, off);
cli_event_fastdata(EV, BCEV_FIND, data, len); |
| 565e677f |
for (;;) { |
| 90c0acc7 |
const char *p;
int32_t readlen = sizeof(buf); |
| cd94be7a |
if (off + readlen > (unsigned int)limit) { |
| 90c0acc7 |
readlen = limit - off;
if (readlen < 0)
return -1;
}
n = fmap_readn(map, buf, off, readlen);
if ((unsigned)n < len || n < 0)
return -1;
p = cli_memmem(buf, n, data, len);
if (p)
return off + p - buf;
off += n; |
| 565e677f |
}
return -1;
}
|
| 2d45ef06 |
int32_t cli_bcapi_file_byteat(struct cli_bc_ctx *ctx, uint32_t off) |
| 565e677f |
{
unsigned char c; |
| 7f6b55a1 |
if (!ctx->fmap) { |
| 90c0acc7 |
cli_dbgmsg("bcapi_file_byteat: no fmap\n");
return -1; |
| 7f6b55a1 |
} |
| ae8dc8c2 |
cli_event_int(EV, BCEV_OFFSET, off); |
| 7f6b55a1 |
if (fmap_readn(ctx->fmap, &c, off, 1) != 1) { |
| 90c0acc7 |
cli_dbgmsg("bcapi_file_byteat: fmap_readn failed at %u\n", off);
return -1; |
| 7f6b55a1 |
} |
| 565e677f |
return c;
} |
| 2d45ef06 |
uint8_t* cli_bcapi_malloc(struct cli_bc_ctx *ctx, uint32_t size)
{ |
| ae8dc8c2 |
void *v; |
| 2d45ef06 |
#if USE_MPOOL
if (!ctx->mpool) { |
| 90c0acc7 |
ctx->mpool = mpool_create();
if (!ctx->mpool) {
cli_dbgmsg("bytecode: mpool_create failed!\n");
cli_event_error_oom(EV, 0);
return NULL;
} |
| 2d45ef06 |
} |
| ae8dc8c2 |
v = mpool_malloc(ctx->mpool, size); |
| 2d45ef06 |
#else
/* TODO: implement using a list of pointers we allocated! */
cli_errmsg("cli_bcapi_malloc not implemented for systems without mmap yet!\n"); |
| ae8dc8c2 |
v = cli_malloc(size); |
| 2d45ef06 |
#endif |
| ae8dc8c2 |
if (!v) |
| 90c0acc7 |
cli_event_error_oom(EV, size); |
| ae8dc8c2 |
return v; |
| 2d45ef06 |
}
|
| fa7ae4cc |
int32_t cli_bcapi_get_pe_section(struct cli_bc_ctx *ctx, struct cli_exe_section* section, uint32_t num) |
| 236fb136 |
{
if (num < ctx->hooks.pedata->nsections) { |
| 90c0acc7 |
memcpy(section, &ctx->sections[num], sizeof(struct cli_exe_section));
return 0; |
| 236fb136 |
}
return -1;
} |
| b56bea54 |
int32_t cli_bcapi_fill_buffer(struct cli_bc_ctx *ctx, uint8_t* buf, |
| 90c0acc7 |
uint32_t buflen, uint32_t filled,
uint32_t pos, uint32_t fill) |
| b56bea54 |
{
int32_t res, remaining, tofill; |
| cd94be7a |
UNUSEDPARAM(fill); |
| d9fbce26 |
if (!buf || !buflen || buflen > CLI_MAX_ALLOCATION || filled > buflen) { |
| 90c0acc7 |
cli_dbgmsg("fill_buffer1\n");
API_MISUSE();
return -1; |
| d9fbce26 |
}
if (ctx->off >= ctx->file_size) { |
| 90c0acc7 |
cli_dbgmsg("fill_buffer2\n");
API_MISUSE();
return 0; |
| d9fbce26 |
} |
| b56bea54 |
remaining = filled - pos;
if (remaining) { |
| 90c0acc7 |
if (!CLI_ISCONTAINED(buf, buflen, buf+pos, remaining)) {
cli_dbgmsg("fill_buffer3\n");
API_MISUSE();
return -1;
}
memmove(buf, buf+pos, remaining); |
| b56bea54 |
}
tofill = buflen - remaining; |
| d9fbce26 |
if (!CLI_ISCONTAINED(buf, buflen, buf+remaining, tofill)) { |
| 90c0acc7 |
cli_dbgmsg("fill_buffer4\n");
API_MISUSE();
return -1; |
| d9fbce26 |
} |
| b56bea54 |
res = cli_bcapi_read(ctx, buf+remaining, tofill); |
| 7f6b55a1 |
if (res <= 0) { |
| 90c0acc7 |
cli_dbgmsg("fill_buffer5\n");
API_MISUSE();
return res; |
| 7f6b55a1 |
} |
| b56bea54 |
return remaining + res;
} |
| d9fbce26 |
int32_t cli_bcapi_extract_new(struct cli_bc_ctx *ctx, int32_t id)
{
cli_ctx *cctx; |
| e4a0f2c9 |
int res = -1; |
| ae8dc8c2 |
cli_event_count(EV, BCEV_EXTRACTED); |
| d9fbce26 |
cli_dbgmsg("previous tempfile had %u bytes\n", ctx->written);
if (!ctx->written) |
| 90c0acc7 |
return 0; |
| 349e6e11 |
if (ctx->ctx && cli_updatelimits(ctx->ctx, ctx->written)) |
| 90c0acc7 |
return -1; |
| d9fbce26 |
ctx->written = 0; |
| 96914546 |
if (lseek(ctx->outfd, 0, SEEK_SET) == -1) {
cli_dbgmsg("bytecode: call to lseek() has failed\n");
return CL_ESEEK;
} |
| d9fbce26 |
cli_dbgmsg("bytecode: scanning extracted file %s\n", ctx->tempfile);
cctx = (cli_ctx*)ctx->ctx; |
| 349e6e11 |
if (cctx) { |
| 90c0acc7 |
cctx->recursion++; |
| 031fe00a |
if (ctx->containertype != CL_TYPE_ANY) { |
| 631cb6a0 |
size_t csize = cli_get_container_size(cctx, -2); |
| 031fe00a |
cli_set_container(cctx, ctx->containertype, csize);
} |
| d39cb658 |
res = cli_magic_scandesc(ctx->outfd, ctx->tempfile, cctx); |
| 90c0acc7 |
cctx->recursion--;
if (res == CL_VIRUS) {
ctx->virname = cli_get_last_virus(cctx);
ctx->found = 1;
} |
| 349e6e11 |
} |
| d9fbce26 |
if ((cctx && cctx->engine->keeptmp) || |
| 90c0acc7 |
(ftruncate(ctx->outfd, 0) == -1)) { |
| d9fbce26 |
|
| 90c0acc7 |
close(ctx->outfd);
if (!(cctx && cctx->engine->keeptmp) && ctx->tempfile)
cli_unlink(ctx->tempfile);
free(ctx->tempfile);
ctx->tempfile = NULL;
ctx->outfd = 0; |
| d9fbce26 |
}
cli_dbgmsg("bytecode: extracting new file with id %u\n", id);
return res;
} |
| f6471bc9 |
#define BUF 16
int32_t cli_bcapi_read_number(struct cli_bc_ctx *ctx, uint32_t radix)
{
unsigned i; |
| f304dc68 |
const char *p; |
| f6471bc9 |
int32_t result;
|
| 9aa1d725 |
if ((radix != 10 && radix != 16) || !ctx->fmap) |
| 90c0acc7 |
return -1; |
| ae8dc8c2 |
cli_event_int(EV, BCEV_OFFSET, ctx->off); |
| f6471bc9 |
while ((p = fmap_need_off_once(ctx->fmap, ctx->off, BUF))) { |
| 90c0acc7 |
for (i=0;i<BUF;i++) {
if ((p[i] >= '0' && p[i] <= '9') || (radix == 16 && ((p[i] >= 'a' && p[i] <= 'f') || (p[i] >= 'A' && p[i] <= 'F')))) {
char *endptr;
p = fmap_need_ptr_once(ctx->fmap, p+i, 16);
if (!p)
return -1;
result = strtoul(p, &endptr, radix);
ctx->off += i + (endptr - p);
return result;
}
}
ctx->off += BUF; |
| f6471bc9 |
}
return -1;
}
|
| 75e18b29 |
int32_t cli_bcapi_hashset_new(struct cli_bc_ctx *ctx )
{ |
| 7b33a366 |
unsigned n = ctx->nhashsets+1;
struct cli_hashset *s = cli_realloc(ctx->hashsets, sizeof(*ctx->hashsets)*n); |
| ae8dc8c2 |
if (!s) { |
| 90c0acc7 |
cli_event_error_oom(EV, 0);
return -1; |
| ae8dc8c2 |
} |
| 7b33a366 |
ctx->hashsets = s;
ctx->nhashsets = n;
s = &s[n-1];
cli_hashset_init(s, 16, 80);
return n-1;
}
static struct cli_hashset *get_hashset(struct cli_bc_ctx *ctx, int32_t id)
{ |
| cd94be7a |
if (id < 0 || (unsigned int)id >= ctx->nhashsets || !ctx->hashsets) { |
| 90c0acc7 |
API_MISUSE();
return NULL; |
| ae8dc8c2 |
} |
| 7b33a366 |
return &ctx->hashsets[id]; |
| 75e18b29 |
} |
| 7b33a366 |
|
| 75e18b29 |
int32_t cli_bcapi_hashset_add(struct cli_bc_ctx *ctx , int32_t id, uint32_t key)
{ |
| 7b33a366 |
struct cli_hashset *s = get_hashset(ctx, id);
if (!s) |
| 90c0acc7 |
return -1; |
| 7b33a366 |
return cli_hashset_addkey(s, key); |
| 75e18b29 |
} |
| 7b33a366 |
|
| 75e18b29 |
int32_t cli_bcapi_hashset_remove(struct cli_bc_ctx *ctx , int32_t id, uint32_t key)
{ |
| 7b33a366 |
struct cli_hashset *s = get_hashset(ctx, id);
if (!s) |
| 90c0acc7 |
return -1; |
| ded1cddc |
return cli_hashset_removekey(s, key); |
| 75e18b29 |
} |
| 7b33a366 |
|
| 75e18b29 |
int32_t cli_bcapi_hashset_contains(struct cli_bc_ctx *ctx , int32_t id, uint32_t key)
{ |
| 7b33a366 |
struct cli_hashset *s = get_hashset(ctx, id);
if (!s) |
| 90c0acc7 |
return -1; |
| 7b33a366 |
return cli_hashset_contains(s, key);
}
int32_t cli_bcapi_hashset_empty(struct cli_bc_ctx *ctx, int32_t id)
{
struct cli_hashset *s = get_hashset(ctx, id); |
| 6a049897 |
return s ? !s->count : 1; |
| 75e18b29 |
} |
| 7b33a366 |
|
| 75e18b29 |
int32_t cli_bcapi_hashset_done(struct cli_bc_ctx *ctx , int32_t id)
{ |
| 778df8c2 |
struct cli_hashset *s = get_hashset(ctx, id);
if (!s) |
| 90c0acc7 |
return -1; |
| 778df8c2 |
cli_hashset_destroy(s); |
| cd94be7a |
if ((unsigned int)id == ctx->nhashsets-1) { |
| 90c0acc7 |
ctx->nhashsets--;
if (!ctx->nhashsets) {
free(ctx->hashsets);
ctx->hashsets = NULL;
} else {
s = cli_realloc(ctx->hashsets, ctx->nhashsets*sizeof(*s));
if (s)
ctx->hashsets = s;
} |
| 7a7365ef |
} |
| 778df8c2 |
return 0; |
| 75e18b29 |
}
|
| 6ad39a40 |
int32_t cli_bcapi_buffer_pipe_new(struct cli_bc_ctx *ctx, uint32_t size) |
| 75e18b29 |
{ |
| 6ad39a40 |
unsigned char *data;
struct bc_buffer *b;
unsigned n = ctx->nbuffers + 1;
|
| e439954b |
data = cli_calloc(1, size); |
| 6ad39a40 |
if (!data) |
| 90c0acc7 |
return -1; |
| 6ad39a40 |
b = cli_realloc(ctx->buffers, sizeof(*ctx->buffers)*n);
if (!b) { |
| 90c0acc7 |
free(data);
return -1; |
| 6ad39a40 |
}
ctx->buffers = b;
ctx->nbuffers = n;
b = &b[n-1];
b->data = data;
b->size = size;
b->write_cursor = b->read_cursor = 0;
return n-1;
}
int32_t cli_bcapi_buffer_pipe_new_fromfile(struct cli_bc_ctx *ctx , uint32_t at)
{
struct bc_buffer *b;
unsigned n = ctx->nbuffers + 1;
if (at >= ctx->file_size) |
| 90c0acc7 |
return -1; |
| 6ad39a40 |
b = cli_realloc(ctx->buffers, sizeof(*ctx->buffers)*n);
if (!b) { |
| 90c0acc7 |
return -1; |
| 6ad39a40 |
}
ctx->buffers = b;
ctx->nbuffers = n; |
| 7b33a366 |
b = &b[n-1]; |
| 6ad39a40 |
/* NULL data means read from file at pos read_cursor */
b->data = NULL;
b->size = 0;
b->read_cursor = at;
b->write_cursor = 0; |
| 7b33a366 |
return n-1; |
| 6ad39a40 |
}
static struct bc_buffer *get_buffer(struct cli_bc_ctx *ctx, int32_t id)
{ |
| cd94be7a |
if (!ctx->buffers || id < 0 || (unsigned int)id >= ctx->nbuffers) { |
| 90c0acc7 |
cli_dbgmsg("bytecode api: invalid buffer id %u\n", id);
return NULL; |
| 7b33a366 |
} |
| 6ad39a40 |
return &ctx->buffers[id];
}
uint32_t cli_bcapi_buffer_pipe_read_avail(struct cli_bc_ctx *ctx , int32_t id)
{
struct bc_buffer *b = get_buffer(ctx, id);
if (!b) |
| 90c0acc7 |
return 0; |
| 6ad39a40 |
if (b->data) { |
| 90c0acc7 |
if (b->write_cursor <= b->read_cursor)
return 0;
return b->write_cursor - b->read_cursor; |
| 6ad39a40 |
} |
| db219b50 |
if (!ctx->fmap || b->read_cursor >= ctx->file_size) |
| 90c0acc7 |
return 0; |
| db219b50 |
if (b->read_cursor + BUFSIZ <= ctx->file_size) |
| 90c0acc7 |
return BUFSIZ; |
| db219b50 |
return ctx->file_size - b->read_cursor; |
| 6ad39a40 |
}
|
| f304dc68 |
const uint8_t* cli_bcapi_buffer_pipe_read_get(struct cli_bc_ctx *ctx , int32_t id, uint32_t size) |
| 6ad39a40 |
{
struct bc_buffer *b = get_buffer(ctx, id);
if (!b || size > cli_bcapi_buffer_pipe_read_avail(ctx, id) || !size) |
| 90c0acc7 |
return NULL; |
| 6ad39a40 |
if (b->data) |
| 90c0acc7 |
return b->data + b->read_cursor; |
| 6ad39a40 |
return fmap_need_off(ctx->fmap, b->read_cursor, size);
}
int32_t cli_bcapi_buffer_pipe_read_stopped(struct cli_bc_ctx *ctx , int32_t id, uint32_t amount)
{
struct bc_buffer *b = get_buffer(ctx, id);
if (!b) |
| 90c0acc7 |
return -1; |
| 6ad39a40 |
if (b->data) { |
| 90c0acc7 |
if (b->write_cursor <= b->read_cursor)
return -1;
if (b->read_cursor + amount > b->write_cursor)
b->read_cursor = b->write_cursor;
else
b->read_cursor += amount;
if (b->read_cursor >= b->size &&
b->write_cursor >= b->size)
b->read_cursor = b->write_cursor = 0;
return 0; |
| 6ad39a40 |
}
b->read_cursor += amount;
return 0;
}
uint32_t cli_bcapi_buffer_pipe_write_avail(struct cli_bc_ctx *ctx, int32_t id)
{
struct bc_buffer *b = get_buffer(ctx, id);
if (!b) |
| 90c0acc7 |
return 0; |
| 6ad39a40 |
if (!b->data) |
| 90c0acc7 |
return 0; |
| 6ad39a40 |
if (b->write_cursor >= b->size) |
| 90c0acc7 |
return 0; |
| 6ad39a40 |
return b->size - b->write_cursor;
}
uint8_t* cli_bcapi_buffer_pipe_write_get(struct cli_bc_ctx *ctx, int32_t id, uint32_t size)
{
struct bc_buffer *b = get_buffer(ctx, id);
if (!b || size > cli_bcapi_buffer_pipe_write_avail(ctx, id) || !size) |
| 90c0acc7 |
return NULL; |
| 6ad39a40 |
if (!b->data) |
| 90c0acc7 |
return NULL; |
| 6ad39a40 |
return b->data + b->write_cursor;
}
int32_t cli_bcapi_buffer_pipe_write_stopped(struct cli_bc_ctx *ctx , int32_t id, uint32_t size)
{
struct bc_buffer *b = get_buffer(ctx, id);
if (!b || !b->data) |
| 90c0acc7 |
return -1; |
| 6ad39a40 |
if (b->write_cursor + size >= b->size) |
| 90c0acc7 |
b->write_cursor = b->size; |
| 6ad39a40 |
else |
| 90c0acc7 |
b->write_cursor += size; |
| 6ad39a40 |
return 0;
}
int32_t cli_bcapi_buffer_pipe_done(struct cli_bc_ctx *ctx , int32_t id)
{ |
| 778df8c2 |
struct bc_buffer *b = get_buffer(ctx, id);
if (!b) |
| 90c0acc7 |
return -1; |
| 778df8c2 |
free(b->data);
b->data = NULL;
return -0; |
| 6ad39a40 |
}
int32_t cli_bcapi_inflate_init(struct cli_bc_ctx *ctx, int32_t from, int32_t to, int32_t windowBits)
{
int ret;
z_stream stream;
struct bc_inflate *b;
unsigned n = ctx->ninflates + 1; |
| 7b33a366 |
if (!get_buffer(ctx, from) || !get_buffer(ctx, to)) { |
| 90c0acc7 |
cli_dbgmsg("bytecode api: inflate_init: invalid buffers!\n");
return -1; |
| 7b33a366 |
} |
| 48fef7b8 |
b = cli_realloc(ctx->inflates, sizeof(*ctx->inflates)*n);
if (!b) {
return -1;
}
ctx->inflates = b;
ctx->ninflates = n;
b = &b[n-1];
b->from = from;
b->to = to;
b->needSync = 0;
memset(&b->stream, 0, sizeof(stream));
ret = inflateInit2(&b->stream, windowBits); |
| 6ad39a40 |
switch (ret) { |
| 90c0acc7 |
case Z_MEM_ERROR:
cli_dbgmsg("bytecode api: inflateInit2: out of memory!\n");
return -1;
case Z_VERSION_ERROR:
cli_dbgmsg("bytecode api: inflateinit2: zlib version error!\n");
return -1;
case Z_STREAM_ERROR:
cli_dbgmsg("bytecode api: inflateinit2: zlib stream error!\n");
return -1;
case Z_OK:
break;
default:
cli_dbgmsg("bytecode api: inflateInit2: unknown error %d\n", ret);
return -1; |
| 6ad39a40 |
}
return n-1; |
| 75e18b29 |
}
|
| 6ad39a40 |
static struct bc_inflate *get_inflate(struct cli_bc_ctx *ctx, int32_t id) |
| 75e18b29 |
{ |
| cd94be7a |
if (id < 0 || (unsigned int)id >= ctx->ninflates || !ctx->inflates) |
| 90c0acc7 |
return NULL; |
| 6ad39a40 |
return &ctx->inflates[id];
}
int32_t cli_bcapi_inflate_process(struct cli_bc_ctx *ctx , int32_t id)
{
int ret;
unsigned avail_in_orig, avail_out_orig;
struct bc_inflate *b = get_inflate(ctx, id); |
| 7b33a366 |
if (!b || b->from == -1 || b->to == -1) |
| 90c0acc7 |
return -1; |
| 6ad39a40 |
b->stream.avail_in = avail_in_orig = |
| 90c0acc7 |
cli_bcapi_buffer_pipe_read_avail(ctx, b->from); |
| 6ad39a40 |
|
| f304dc68 |
b->stream.next_in = (void*)cli_bcapi_buffer_pipe_read_get(ctx, b->from, |
| 90c0acc7 |
b->stream.avail_in); |
| 6ad39a40 |
b->stream.avail_out = avail_out_orig = |
| 90c0acc7 |
cli_bcapi_buffer_pipe_write_avail(ctx, b->to); |
| 6ad39a40 |
b->stream.next_out = cli_bcapi_buffer_pipe_write_get(ctx, b->to, |
| 90c0acc7 |
b->stream.avail_out); |
| 6ad39a40 |
|
| 50436cbd |
if (!b->stream.avail_in || !b->stream.avail_out || !b->stream.next_in || !b->stream.next_out) |
| 90c0acc7 |
return -1; |
| 6ad39a40 |
/* try hard to extract data, skipping over corrupted data */
do { |
| 90c0acc7 |
if (!b->needSync) {
ret = inflate(&b->stream, Z_NO_FLUSH);
if (ret == Z_DATA_ERROR) {
cli_dbgmsg("bytecode api: inflate at %lu: %s, trying to recover\n", b->stream.total_in,
b->stream.msg);
b->needSync = 1;
}
}
if (b->needSync) {
ret = inflateSync(&b->stream);
if (ret == Z_OK) {
cli_dbgmsg("bytecode api: successfully recovered inflate stream\n");
b->needSync = 0;
continue;
}
}
break; |
| 6ad39a40 |
} while (1);
cli_bcapi_buffer_pipe_read_stopped(ctx, b->from, avail_in_orig - b->stream.avail_in);
cli_bcapi_buffer_pipe_write_stopped(ctx, b->to, avail_out_orig - b->stream.avail_out);
if (ret == Z_MEM_ERROR) { |
| 90c0acc7 |
cli_dbgmsg("bytecode api: out of memory!\n");
cli_bcapi_inflate_done(ctx, id);
return ret; |
| 6ad39a40 |
}
if (ret == Z_STREAM_END) { |
| 90c0acc7 |
cli_bcapi_inflate_done(ctx, id); |
| 6ad39a40 |
}
if (ret == Z_BUF_ERROR) { |
| 90c0acc7 |
cli_dbgmsg("bytecode api: buffer error!\n"); |
| 6ad39a40 |
}
return ret; |
| 75e18b29 |
}
int32_t cli_bcapi_inflate_done(struct cli_bc_ctx *ctx , int32_t id)
{ |
| 6ad39a40 |
int ret;
struct bc_inflate *b = get_inflate(ctx, id);
if (!b || b->from == -1 || b->to == -1) |
| 90c0acc7 |
return -1; |
| 6ad39a40 |
ret = inflateEnd(&b->stream);
if (ret == Z_STREAM_ERROR) |
| 90c0acc7 |
cli_dbgmsg("bytecode api: inflateEnd: %s\n", b->stream.msg); |
| 6ad39a40 |
b->from = b->to = -1;
return ret; |
| 75e18b29 |
} |
| 6ad39a40 |
|
| 02068643 |
int32_t cli_bcapi_bytecode_rt_error(struct cli_bc_ctx *ctx , int32_t id)
{
int32_t line = id >> 8;
int32_t col = id&0xff; |
| cd94be7a |
UNUSEDPARAM(ctx); |
| 02068643 |
cli_warnmsg("Bytecode runtime error at line %u, col %u\n", line, col);
return 0;
}
|
| b00a7cc8 |
int32_t cli_bcapi_jsnorm_init(struct cli_bc_ctx *ctx, int32_t from)
{
struct parser_state *state;
struct bc_jsnorm *b;
unsigned n = ctx->njsnorms + 1;
if (!get_buffer(ctx, from)) { |
| 90c0acc7 |
cli_dbgmsg("bytecode api: jsnorm_init: invalid buffers!\n");
return -1; |
| b00a7cc8 |
}
state = cli_js_init();
if (!state) |
| 90c0acc7 |
return -1; |
| b00a7cc8 |
b = cli_realloc(ctx->jsnorms, sizeof(*ctx->jsnorms)*n);
if (!b) { |
| 90c0acc7 |
cli_js_destroy(state);
return -1; |
| b00a7cc8 |
}
ctx->jsnorms = b;
ctx->njsnorms = n;
b = &b[n-1];
b->from = from;
b->state = state;
if (!ctx->jsnormdir) { |
| 90c0acc7 |
cli_ctx *cctx = (cli_ctx*)ctx->ctx;
ctx->jsnormdir = cli_gentemp(cctx ? cctx->engine->tmpdir : NULL);
if (ctx->jsnormdir) {
if (mkdir(ctx->jsnormdir, 0700)) {
cli_dbgmsg("js: can't create temp dir %s\n", ctx->jsnormdir);
free(ctx->jsnormdir);
return CL_ETMPDIR;
}
} |
| b00a7cc8 |
}
return n-1;
}
static struct bc_jsnorm *get_jsnorm(struct cli_bc_ctx *ctx, int32_t id)
{ |
| cd94be7a |
if (id < 0 || (unsigned int)id >= ctx->njsnorms || !ctx->jsnorms) |
| 90c0acc7 |
return NULL; |
| b00a7cc8 |
return &ctx->jsnorms[id];
}
int32_t cli_bcapi_jsnorm_process(struct cli_bc_ctx *ctx, int32_t id)
{
unsigned avail; |
| f304dc68 |
const unsigned char *in; |
| b00a7cc8 |
cli_ctx *cctx = ctx->ctx;
struct bc_jsnorm *b = get_jsnorm(ctx, id);
if (!b || b->from == -1 || !b->state) |
| 90c0acc7 |
return -1; |
| b00a7cc8 |
avail = cli_bcapi_buffer_pipe_read_avail(ctx, b->from);
in = cli_bcapi_buffer_pipe_read_get(ctx, b->from, avail);
if (!avail || !in) |
| 90c0acc7 |
return -1; |
| b00a7cc8 |
if (cctx && cli_checklimits("bytecode js api", cctx, ctx->jsnormwritten + avail, 0, 0)) |
| 90c0acc7 |
return -1; |
| b00a7cc8 |
cli_bcapi_buffer_pipe_read_stopped(ctx, b->from, avail); |
| e4a0f2c9 |
cli_js_process_buffer(b->state, (char*)in, avail); |
| b00a7cc8 |
return 0;
}
int32_t cli_bcapi_jsnorm_done(struct cli_bc_ctx *ctx , int32_t id)
{
struct bc_jsnorm *b = get_jsnorm(ctx, id);
if (!b || b->from == -1) |
| 90c0acc7 |
return -1; |
| b00a7cc8 |
if (ctx->ctx && cli_updatelimits(ctx->ctx, ctx->jsnormwritten)) |
| 90c0acc7 |
return -1; |
| b00a7cc8 |
ctx->jsnormwritten = 0;
cli_js_parse_done(b->state);
cli_js_output(b->state, ctx->jsnormdir);
cli_js_destroy(b->state);
b->from = -1;
return 0;
} |
| 7a7365ef |
|
| 51d25fde |
static inline double myround(double a)
{
if (a < 0) |
| 90c0acc7 |
return a-0.5; |
| 51d25fde |
return a+0.5;
}
|
| 7a7365ef |
int32_t cli_bcapi_ilog2(struct cli_bc_ctx *ctx, uint32_t a, uint32_t b)
{
double f; |
| cd94be7a |
UNUSEDPARAM(ctx); |
| 7a7365ef |
if (!b) |
| 90c0acc7 |
return 0x7fffffff; |
| 7a7365ef |
/* log(a/b) is -32..32, so 2^26*32=2^31 covers the entire range of int32 */
f = (1<<26)*log((double)a / b) / log(2); |
| 51d25fde |
return (int32_t)myround(f); |
| 7a7365ef |
}
int32_t cli_bcapi_ipow(struct cli_bc_ctx *ctx, int32_t a, int32_t b, int32_t c)
{ |
| cd94be7a |
UNUSEDPARAM(ctx); |
| 7a7365ef |
if (!a && b < 0) |
| 90c0acc7 |
return 0x7fffffff; |
| 51d25fde |
return (int32_t)myround(c*pow(a,b)); |
| 7a7365ef |
}
|
| da91503d |
uint32_t cli_bcapi_iexp(struct cli_bc_ctx *ctx, int32_t a, int32_t b, int32_t c) |
| 7a7365ef |
{
double f; |
| cd94be7a |
UNUSEDPARAM(ctx); |
| 7a7365ef |
if (!b) |
| 90c0acc7 |
return 0x7fffffff; |
| 7a7365ef |
f= c*exp((double)a/b); |
| 51d25fde |
return (uint32_t)myround(f); |
| 7a7365ef |
}
int32_t cli_bcapi_isin(struct cli_bc_ctx *ctx, int32_t a, int32_t b, int32_t c)
{
double f; |
| cd94be7a |
UNUSEDPARAM(ctx); |
| 7a7365ef |
if (!b) |
| 90c0acc7 |
return 0x7fffffff; |
| 7a7365ef |
f = c*sin((double)a/b); |
| 51d25fde |
return (int32_t)myround(f); |
| 7a7365ef |
}
int32_t cli_bcapi_icos(struct cli_bc_ctx *ctx, int32_t a, int32_t b, int32_t c)
{
double f; |
| cd94be7a |
UNUSEDPARAM(ctx); |
| 7a7365ef |
if (!b) |
| 90c0acc7 |
return 0x7fffffff; |
| 7a7365ef |
f = c*cos((double)a/b); |
| 51d25fde |
return (int32_t)myround(f); |
| 7a7365ef |
}
int32_t cli_bcapi_memstr(struct cli_bc_ctx *ctx, const uint8_t* h, int32_t hs, |
| 90c0acc7 |
const uint8_t*n, int32_t ns) |
| 7a7365ef |
{
const uint8_t *s; |
| ae8dc8c2 |
if (!h || !n || hs < 0 || ns < 0) { |
| 90c0acc7 |
API_MISUSE();
return -1; |
| ae8dc8c2 |
}
cli_event_fastdata(EV, BCEV_MEM_1, h, hs);
cli_event_fastdata(EV, BCEV_MEM_2, n, ns); |
| dc200c6b |
s = (const uint8_t*) cli_memstr((const char*)h, hs, (const char*)n, ns); |
| 7a7365ef |
if (!s) |
| 90c0acc7 |
return -1; |
| 7a7365ef |
return s - h;
}
int32_t cli_bcapi_hex2ui(struct cli_bc_ctx *ctx, uint32_t ah, uint32_t bh)
{ |
| dc200c6b |
char result = 0; |
| 7a7365ef |
unsigned char in[2]; |
| cd94be7a |
UNUSEDPARAM(ctx);
|
| 7a7365ef |
in[0] = ah;
in[1] = bh;
|
| dc200c6b |
if (cli_hex2str_to((const char*)in, &result, 2) == -1) |
| 90c0acc7 |
return -1; |
| 7a7365ef |
return result;
}
int32_t cli_bcapi_atoi(struct cli_bc_ctx *ctx, const uint8_t* str, int32_t len)
{
int32_t number = 0;
const uint8_t *end = str + len; |
| cd94be7a |
UNUSEDPARAM(ctx);
|
| 7a7365ef |
while (isspace(*str) && str < end) str++;
if (str == end) |
| 90c0acc7 |
return -1;/* all spaces */ |
| 7a7365ef |
if (*str == '+') str++;
if (str == end) |
| 90c0acc7 |
return -1;/* all spaces and +*/ |
| 7a7365ef |
if (*str == '-') |
| 90c0acc7 |
return -1;/* only positive numbers */ |
| 7a7365ef |
if (!isdigit(*str)) |
| 90c0acc7 |
return -1; |
| 7a7365ef |
while (isdigit(*str) && str < end) { |
| 90c0acc7 |
number = number*10 + (*str - '0'); |
| 7a7365ef |
}
return number;
}
uint32_t cli_bcapi_debug_print_str_start(struct cli_bc_ctx *ctx , const uint8_t* s, uint32_t len)
{ |
| cd94be7a |
UNUSEDPARAM(ctx);
|
| 7a7365ef |
if (!s || len <= 0) |
| 90c0acc7 |
return -1; |
| ae8dc8c2 |
cli_event_fastdata(EV, BCEV_DBG_STR, s, len); |
| a5b201c8 |
cli_dbgmsg("bytecode debug: %.*s", len, s); |
| 7a7365ef |
return 0;
}
uint32_t cli_bcapi_debug_print_str_nonl(struct cli_bc_ctx *ctx , const uint8_t* s, uint32_t len)
{ |
| cd94be7a |
UNUSEDPARAM(ctx);
|
| 7a7365ef |
if (!s || len <= 0) |
| 90c0acc7 |
return -1; |
| 3de96271 |
if (!cli_debug_flag) |
| 90c0acc7 |
return 0; |
| a5b201c8 |
return fwrite(s, 1, len, stderr); |
| 7a7365ef |
}
uint32_t cli_bcapi_entropy_buffer(struct cli_bc_ctx *ctx , uint8_t* s, int32_t len)
{
uint32_t probTable[256]; |
| cd94be7a |
unsigned int i; |
| 7a7365ef |
double entropy = 0;
double log2 = log(2);
|
| cd94be7a |
UNUSEDPARAM(ctx);
|
| 7a7365ef |
if (!s || len <= 0) |
| 90c0acc7 |
return -1; |
| 7a7365ef |
memset(probTable, 0, sizeof(probTable)); |
| cd94be7a |
for (i=0;i<(unsigned int)len;i++) { |
| 90c0acc7 |
probTable[s[i]]++; |
| 7a7365ef |
}
for (i=0;i<256;i++) { |
| 90c0acc7 |
double p;
if (!probTable[i])
continue;
p = (double)probTable[i] / len;
entropy += -p*log(p)/log2; |
| 7a7365ef |
}
entropy *= 1<<26;
return (uint32_t)entropy;
}
int32_t cli_bcapi_map_new(struct cli_bc_ctx *ctx, int32_t keysize, int32_t valuesize)
{
unsigned n = ctx->nmaps+1; |
| aadccfd1 |
struct cli_map *s;
if (!keysize) |
| 90c0acc7 |
return -1; |
| aadccfd1 |
s = cli_realloc(ctx->maps, sizeof(*ctx->maps)*n);
if (!s) |
| 90c0acc7 |
return -1; |
| 7a7365ef |
ctx->maps = s;
ctx->nmaps = n;
s = &s[n-1];
cli_map_init(s, keysize, valuesize, 16);
return n-1;
}
static struct cli_map *get_hashtab(struct cli_bc_ctx *ctx, int32_t id)
{ |
| cd94be7a |
if (id < 0 || (unsigned int)id >= ctx->nmaps || !ctx->maps) |
| 90c0acc7 |
return NULL; |
| 7a7365ef |
return &ctx->maps[id];
}
int32_t cli_bcapi_map_addkey(struct cli_bc_ctx *ctx , const uint8_t* key, int32_t keysize, int32_t id)
{
struct cli_map *s = get_hashtab(ctx, id);
if (!s) |
| 90c0acc7 |
return -1; |
| 7a7365ef |
return cli_map_addkey(s, key, keysize);
}
int32_t cli_bcapi_map_setvalue(struct cli_bc_ctx *ctx, const uint8_t* value, int32_t valuesize, int32_t id)
{
struct cli_map *s = get_hashtab(ctx, id);
if (!s) |
| 90c0acc7 |
return -1; |
| 7a7365ef |
return cli_map_setvalue(s, value, valuesize);
}
int32_t cli_bcapi_map_remove(struct cli_bc_ctx *ctx , const uint8_t* key, int32_t keysize, int32_t id)
{
struct cli_map *s = get_hashtab(ctx, id);
if (!s) |
| 90c0acc7 |
return -1; |
| 7a7365ef |
return cli_map_removekey(s, key, keysize);
}
int32_t cli_bcapi_map_find(struct cli_bc_ctx *ctx , const uint8_t* key, int32_t keysize, int32_t id)
{
struct cli_map *s = get_hashtab(ctx, id);
if (!s) |
| 90c0acc7 |
return -1; |
| 7a7365ef |
return cli_map_find(s, key, keysize);
}
int32_t cli_bcapi_map_getvaluesize(struct cli_bc_ctx *ctx, int32_t id)
{
struct cli_map *s = get_hashtab(ctx, id);
if (!s) |
| 90c0acc7 |
return -1; |
| 7a7365ef |
return cli_map_getvalue_size(s);
}
uint8_t* cli_bcapi_map_getvalue(struct cli_bc_ctx *ctx , int32_t id, int32_t valuesize)
{
struct cli_map *s = get_hashtab(ctx, id);
if (!s) |
| 90c0acc7 |
return NULL; |
| 7a7365ef |
if (cli_map_getvalue_size(s) != valuesize) |
| 90c0acc7 |
return NULL; |
| 7a7365ef |
return cli_map_getvalue(s);
}
int32_t cli_bcapi_map_done(struct cli_bc_ctx *ctx , int32_t id)
{
struct cli_map *s = get_hashtab(ctx, id);
if (!s) |
| 90c0acc7 |
return -1; |
| 7a7365ef |
cli_map_delete(s); |
| cd94be7a |
if ((unsigned int)id == ctx->nmaps-1) { |
| 90c0acc7 |
ctx->nmaps--;
if (!ctx->nmaps) {
free(ctx->maps);
ctx->maps = NULL;
} else {
s = cli_realloc(ctx->maps, ctx->nmaps*(sizeof(*s)));
if (s)
ctx->maps = s;
} |
| 7a7365ef |
}
return 0;
}
uint32_t cli_bcapi_engine_functionality_level(struct cli_bc_ctx *ctx)
{ |
| cd94be7a |
UNUSEDPARAM(ctx); |
| 7a7365ef |
return cl_retflevel();
}
uint32_t cli_bcapi_engine_dconf_level(struct cli_bc_ctx *ctx)
{ |
| cd94be7a |
UNUSEDPARAM(ctx); |
| 7a7365ef |
return CL_FLEVEL_DCONF;
}
uint32_t cli_bcapi_engine_scan_options(struct cli_bc_ctx *ctx)
{
cli_ctx *cctx = (cli_ctx*)ctx->ctx; |
| d7979d4f |
uint32_t options = CL_SCAN_RAW;
if (cctx->options->general & CL_SCAN_GENERAL_ALLMATCHES)
options |= CL_SCAN_ALLMATCHES;
if (cctx->options->general & CL_SCAN_GENERAL_HEURISTICS)
options |= CL_SCAN_ALGORITHMIC;
if (cctx->options->general & CL_SCAN_GENERAL_COLLECT_METADATA)
options |= CL_SCAN_FILE_PROPERTIES;
if (cctx->options->general & CL_SCAN_GENERAL_HEURISTIC_PRECEDENCE)
options |= CL_SCAN_HEURISTIC_PRECEDENCE;
if (cctx->options->parse & CL_SCAN_PARSE_ARCHIVE)
options |= CL_SCAN_ARCHIVE;
if (cctx->options->parse & CL_SCAN_PARSE_ELF)
options |= CL_SCAN_ELF;
if (cctx->options->parse & CL_SCAN_PARSE_PDF)
options |= CL_SCAN_PDF;
if (cctx->options->parse & CL_SCAN_PARSE_SWF)
options |= CL_SCAN_SWF;
if (cctx->options->parse & CL_SCAN_PARSE_HWP3)
options |= CL_SCAN_HWP3;
if (cctx->options->parse & CL_SCAN_PARSE_XMLDOCS)
options |= CL_SCAN_XMLDOCS;
if (cctx->options->parse & CL_SCAN_PARSE_MAIL)
options |= CL_SCAN_MAIL;
if (cctx->options->parse & CL_SCAN_PARSE_OLE2)
options |= CL_SCAN_OLE2;
if (cctx->options->parse & CL_SCAN_PARSE_HTML)
options |= CL_SCAN_HTML;
if (cctx->options->parse & CL_SCAN_PARSE_PE)
options |= CL_SCAN_PE;
// if (cctx->options->parse & CL_SCAN_MAIL_URL)
// options |= CL_SCAN_MAILURL; /* deprecated circa 2009 */
if (cctx->options->heuristic & CL_SCAN_HEURISTIC_BROKEN)
options |= CL_SCAN_BLOCKBROKEN;
if (cctx->options->heuristic & CL_SCAN_HEURISTIC_EXCEEDS_MAX)
options |= CL_SCAN_BLOCKMAX;
if (cctx->options->heuristic & CL_SCAN_HEURISTIC_PHISHING_SSL_MISMATCH)
options |= CL_SCAN_PHISHING_BLOCKSSL;
if (cctx->options->heuristic & CL_SCAN_HEURISTIC_PHISHING_CLOAK)
options |= CL_SCAN_PHISHING_BLOCKCLOAK;
if (cctx->options->heuristic & CL_SCAN_HEURISTIC_MACROS)
options |= CL_SCAN_BLOCKMACROS; |
| f61e92da |
if ((cctx->options->heuristic & CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE) ||
(cctx->options->heuristic & CL_SCAN_HEURISTIC_ENCRYPTED_DOC)) |
| d7979d4f |
options |= CL_SCAN_BLOCKENCRYPTED;
if (cctx->options->heuristic & CL_SCAN_HEURISTIC_PARTITION_INTXN)
options |= CL_SCAN_PARTITION_INTXN;
if (cctx->options->heuristic & CL_SCAN_HEURISTIC_STRUCTURED)
options |= CL_SCAN_STRUCTURED;
if (cctx->options->heuristic & CL_SCAN_HEURISTIC_STRUCTURED_SSN_NORMAL)
options |= CL_SCAN_STRUCTURED_SSN_NORMAL;
if (cctx->options->heuristic & CL_SCAN_HEURISTIC_STRUCTURED_SSN_STRIPPED)
options |= CL_SCAN_STRUCTURED_SSN_STRIPPED;
if (cctx->options->mail & CL_SCAN_MAIL_PARTIAL_MESSAGE)
options |= CL_SCAN_PARTIAL_MESSAGE;
if (cctx->options->dev & CL_SCAN_DEV_COLLECT_SHA)
options |= CL_SCAN_INTERNAL_COLLECT_SHA;
if (cctx->options->dev & CL_SCAN_DEV_COLLECT_PERFORMANCE_INFO)
options |= CL_SCAN_PERFORMANCE_INFO;
return options;
}
uint32_t cli_bcapi_engine_scan_options_ex(struct cli_bc_ctx *ctx, const uint8_t *option_name, uint32_t name_len)
{
uint32_t i = 0;
char *option_name_l = NULL;
if (ctx == NULL || option_name == NULL || name_len == 0) {
cli_warnmsg("engine_scan_options_ex: Invalid arguments!");
return 0;
}
cli_ctx *cctx = (cli_ctx*)ctx->ctx;
if (cctx == NULL || cctx->options == NULL) {
cli_warnmsg("engine_scan_options_ex: Invalid arguments!");
return 0;
}
option_name_l = malloc(name_len + 1);
for (i = 0; i < name_len; i++) {
option_name_l[0] = tolower(option_name[i]);
}
option_name_l[name_len] = '\0';
if (strncmp(option_name_l, "general", MIN(name_len, sizeof("general")))) {
if (cli_memstr(option_name_l, name_len, "allmatch", sizeof("allmatch"))) {
return (cctx->options->general & CL_SCAN_GENERAL_ALLMATCHES) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "collect metadata", sizeof("collect metadata"))) {
return (cctx->options->general & CL_SCAN_GENERAL_COLLECT_METADATA) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "heuristics", sizeof("heuristics"))) {
return (cctx->options->general & CL_SCAN_GENERAL_HEURISTICS) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "precedence", sizeof("precedence"))) {
return (cctx->options->general & CL_SCAN_GENERAL_HEURISTIC_PRECEDENCE) ? 1 : 0;
}
/* else unknown option */
return 0;
}
else if (strncmp(option_name_l, "parse", MIN(name_len, sizeof("parse")))) {
if (cli_memstr(option_name_l, name_len, "archive", sizeof("archive"))) {
return (cctx->options->parse & CL_SCAN_PARSE_ARCHIVE) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "elf", sizeof("elf"))) {
return (cctx->options->parse & CL_SCAN_PARSE_ELF) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "pdf", sizeof("pdf"))) {
return (cctx->options->parse & CL_SCAN_PARSE_PDF) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "swf", sizeof("swf"))) {
return (cctx->options->parse & CL_SCAN_PARSE_SWF) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "hwp3", sizeof("hwp3"))) {
return (cctx->options->parse & CL_SCAN_PARSE_HWP3) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "xmldocs", sizeof("xmldocs"))) {
return (cctx->options->parse & CL_SCAN_PARSE_XMLDOCS) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "mail", sizeof("mail"))) {
return (cctx->options->parse & CL_SCAN_PARSE_MAIL) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "ole2", sizeof("ole2"))) {
return (cctx->options->parse & CL_SCAN_PARSE_OLE2) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "html", sizeof("html"))) {
return (cctx->options->parse & CL_SCAN_PARSE_HTML) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "pe", sizeof("pe"))) {
return (cctx->options->parse & CL_SCAN_PARSE_PE) ? 1 : 0;
}
/* else unknown option */
return 0;
}
else if (strncmp(option_name_l, "heuristic", MIN(name_len, sizeof("heuristic")))) {
if (cli_memstr(option_name_l, name_len, "broken", sizeof("broken"))) {
return (cctx->options->heuristic & CL_SCAN_HEURISTIC_BROKEN) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "exceeds max", sizeof("exceeds max"))) {
return (cctx->options->heuristic & CL_SCAN_HEURISTIC_EXCEEDS_MAX) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "phishing ssl mismatch", sizeof("phishing ssl mismatch"))) {
return (cctx->options->heuristic & CL_SCAN_HEURISTIC_PHISHING_SSL_MISMATCH) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "phishing cloak", sizeof("phishing cloak"))) {
return (cctx->options->heuristic & CL_SCAN_HEURISTIC_PHISHING_CLOAK) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "macros", sizeof("macros"))) {
return (cctx->options->heuristic & CL_SCAN_HEURISTIC_MACROS) ? 1 : 0;
} |
| f61e92da |
if (cli_memstr(option_name_l, name_len, "encrypted archive", sizeof("encrypted archive"))) {
return (cctx->options->heuristic & CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "encrypted doc", sizeof("encrypted doc"))) {
return (cctx->options->heuristic & CL_SCAN_HEURISTIC_ENCRYPTED_DOC) ? 1 : 0; |
| d7979d4f |
}
if (cli_memstr(option_name_l, name_len, "partition intxn", sizeof("partition intxn"))) {
return (cctx->options->heuristic & CL_SCAN_HEURISTIC_PARTITION_INTXN) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "structured", sizeof("structured"))) {
return (cctx->options->heuristic & CL_SCAN_HEURISTIC_STRUCTURED) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "structured ssn normal", sizeof("structured ssn normal"))) {
return (cctx->options->heuristic & CL_SCAN_HEURISTIC_STRUCTURED_SSN_NORMAL) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "structured ssn stripped", sizeof("structured ssn stripped"))) {
return (cctx->options->heuristic & CL_SCAN_HEURISTIC_STRUCTURED_SSN_STRIPPED) ? 1 : 0;
}
/* else unknown option */
return 0;
}
else if (strncmp(option_name_l, "mail", MIN(name_len, sizeof("mail")))) {
if (cli_memstr(option_name_l, name_len, "partial message", sizeof("partial message"))) {
return (cctx->options->mail & CL_SCAN_MAIL_PARTIAL_MESSAGE) ? 1 : 0;
}
/* else unknown option */
return 0;
}
else if (strncmp(option_name_l, "dev", MIN(name_len, sizeof("dev")))) {
if (cli_memstr(option_name_l, name_len, "collect sha", sizeof("collect sha"))) {
return (cctx->options->dev & CL_SCAN_DEV_COLLECT_SHA) ? 1 : 0;
}
if (cli_memstr(option_name_l, name_len, "collect performance info", sizeof("collect performance info"))) {
return (cctx->options->dev & CL_SCAN_DEV_COLLECT_PERFORMANCE_INFO) ? 1 : 0;
}
/* else unknown option */
return 0;
} else {
/* else unknown option */
return 0;
} |
| 7a7365ef |
}
uint32_t cli_bcapi_engine_db_options(struct cli_bc_ctx *ctx)
{
cli_ctx *cctx = (cli_ctx*)ctx->ctx;
return cctx->engine->dboptions;
}
int32_t cli_bcapi_extract_set_container(struct cli_bc_ctx *ctx, uint32_t ftype)
{
if (ftype > CL_TYPE_IGNORED) |
| 90c0acc7 |
return -1; |
| 7a7365ef |
ctx->containertype = ftype; |
| a5b201c8 |
return 0; |
| 7a7365ef |
}
int32_t cli_bcapi_input_switch(struct cli_bc_ctx *ctx , int32_t extracted_file)
{
fmap_t *map; |
| cd94be7a |
if (ctx->extracted_file_input == (unsigned int)extracted_file) |
| 90c0acc7 |
return 0; |
| 7a7365ef |
if (!extracted_file) { |
| 90c0acc7 |
cli_dbgmsg("bytecode api: input switched back to main file\n");
ctx->fmap = ctx->save_map;
ctx->extracted_file_input = 0;
return 0; |
| 7a7365ef |
}
if (ctx->outfd < 0) |
| 90c0acc7 |
return -1; |
| 7a7365ef |
map = fmap(ctx->outfd, 0, 0);
if (!map) { |
| 90c0acc7 |
cli_warnmsg("can't mmap() extracted temporary file %s\n", ctx->tempfile);
return -1; |
| 7a7365ef |
}
ctx->save_map = ctx->fmap;
cli_bytecode_context_setfile(ctx, map);
ctx->extracted_file_input = 1;
cli_dbgmsg("bytecode api: input switched to extracted file\n");
return 0;
} |
| 9f1715cc |
uint32_t cli_bcapi_get_environment(struct cli_bc_ctx *ctx , struct cli_environment* env, uint32_t len)
{
if (len > sizeof(*env)) { |
| fa7ae4cc |
cli_dbgmsg("cli_bcapi_get_environment len %u > %lu\n", len, (unsigned long)sizeof(*env)); |
| 90c0acc7 |
return -1; |
| 9f1715cc |
}
memcpy(env, ctx->env, len);
return 0;
}
uint32_t cli_bcapi_disable_bytecode_if(struct cli_bc_ctx *ctx , const int8_t* reason, uint32_t len, uint32_t cond)
{ |
| cd94be7a |
UNUSEDPARAM(len); |
| 9f1715cc |
if (ctx->bc->kind != BC_STARTUP) { |
| 90c0acc7 |
cli_dbgmsg("Bytecode must be BC_STARTUP to call disable_bytecode_if\n");
return -1; |
| 9f1715cc |
}
if (!cond) |
| 90c0acc7 |
return ctx->bytecode_disable_status; |
| 9f1715cc |
if (*reason == '^') |
| 90c0acc7 |
cli_warnmsg("Bytecode: disabling completely because %s\n", reason+1); |
| 9f1715cc |
else |
| 90c0acc7 |
cli_dbgmsg("Bytecode: disabling completely because %s\n", reason); |
| 9f1715cc |
ctx->bytecode_disable_status = 2;
return ctx->bytecode_disable_status;
}
uint32_t cli_bcapi_disable_jit_if(struct cli_bc_ctx *ctx , const int8_t* reason, uint32_t len, uint32_t cond)
{ |
| cd94be7a |
UNUSEDPARAM(len); |
| 9f1715cc |
if (ctx->bc->kind != BC_STARTUP) { |
| 90c0acc7 |
cli_dbgmsg("Bytecode must be BC_STARTUP to call disable_jit_if\n");
return -1; |
| 9f1715cc |
}
if (!cond) |
| 90c0acc7 |
return ctx->bytecode_disable_status; |
| 9f1715cc |
if (*reason == '^') |
| 90c0acc7 |
cli_warnmsg("Bytecode: disabling JIT because %s\n", reason+1); |
| 9f1715cc |
else |
| 90c0acc7 |
cli_dbgmsg("Bytecode: disabling JIT because %s\n", reason); |
| 9f1715cc |
if (ctx->bytecode_disable_status != 2) /* no reenabling */ |
| 90c0acc7 |
ctx->bytecode_disable_status = 1; |
| 9f1715cc |
return ctx->bytecode_disable_status;
}
int32_t cli_bcapi_version_compare(struct cli_bc_ctx *ctx , const uint8_t* lhs, uint32_t lhs_len, |
| 90c0acc7 |
const uint8_t* rhs, uint32_t rhs_len) |
| 9f1715cc |
{
unsigned i = 0, j = 0; |
| 69650bea |
unsigned long li=0, ri=0; |
| cd94be7a |
UNUSEDPARAM(ctx); |
| 9f1715cc |
do { |
| 90c0acc7 |
while (i < lhs_len && j < rhs_len && lhs[i] == rhs[j] &&
!isdigit(lhs[i]) && !isdigit(rhs[j])) {
i++; j++;
}
if (i == lhs_len && j == rhs_len)
return 0;
if (i == lhs_len)
return -1;
if (j == rhs_len)
return 1;
if (!isdigit(lhs[i]) || !isdigit(rhs[j]))
return lhs[i] < rhs[j] ? -1 : 1;
while (isdigit(lhs[i]) && i < lhs_len)
li = 10*li + (lhs[i++] - '0');
while (isdigit(rhs[j]) && j < rhs_len)
ri = 10*ri + (rhs[j++] - '0');
if (li < ri)
return -1;
if (li > ri)
return 1; |
| 9f1715cc |
} while (1);
}
static int check_bits(uint32_t query, uint32_t value, uint8_t shift, uint8_t mask)
{
uint8_t q = (query >> shift)&mask;
uint8_t v = (value >> shift)&mask;
/* q == mask -> ANY */
if (q == v || q == mask) |
| 90c0acc7 |
return 1; |
| 9f1715cc |
return 0;
}
uint32_t cli_bcapi_check_platform(struct cli_bc_ctx *ctx , uint32_t a, uint32_t b , uint32_t c)
{
unsigned ret = |
| 90c0acc7 |
check_bits(a, ctx->env->platform_id_a, 24, 0xff) &&
check_bits(a, ctx->env->platform_id_a, 20, 0xf) &&
check_bits(a, ctx->env->platform_id_a, 16, 0xf) &&
check_bits(a, ctx->env->platform_id_a, 8, 0xff) &&
check_bits(a, ctx->env->platform_id_a, 0, 0xff) &&
check_bits(b, ctx->env->platform_id_b, 28, 0xf) &&
check_bits(b, ctx->env->platform_id_b, 24, 0xf) &&
check_bits(b, ctx->env->platform_id_b, 16, 0xff) &&
check_bits(b, ctx->env->platform_id_b, 8, 0xff) &&
check_bits(b, ctx->env->platform_id_b, 0, 0xff) &&
check_bits(c, ctx->env->platform_id_c, 24, 0xff) &&
check_bits(c, ctx->env->platform_id_c, 16, 0xff) &&
check_bits(c, ctx->env->platform_id_c, 8, 0xff) &&
check_bits(c, ctx->env->platform_id_c, 0, 0xff); |
| 9f1715cc |
if (ret) { |
| 90c0acc7 |
cli_dbgmsg("check_platform(0x%08x,0x%08x,0x%08x) = match\n",a,b,c); |
| 9f1715cc |
}
return ret;
}
|
| dc200c6b |
int cli_bytecode_context_setpdf(struct cli_bc_ctx *ctx, unsigned phase, |
| 90c0acc7 |
unsigned nobjs, |
| 89d5207b |
struct pdf_obj **objs, uint32_t *pdf_flags, |
| 90c0acc7 |
uint32_t pdfsize, uint32_t pdfstartoff) |
| dc200c6b |
{
ctx->pdf_nobjs = nobjs;
ctx->pdf_objs = objs;
ctx->pdf_flags = pdf_flags;
ctx->pdf_size = pdfsize;
ctx->pdf_startoff = pdfstartoff;
ctx->pdf_phase = phase;
return 0;
}
int32_t cli_bcapi_pdf_get_obj_num(struct cli_bc_ctx *ctx)
{
if (!ctx->pdf_phase) |
| 90c0acc7 |
return -1; |
| dc200c6b |
return ctx->pdf_nobjs;
}
int32_t cli_bcapi_pdf_get_flags(struct cli_bc_ctx *ctx)
{
if (!ctx->pdf_phase) |
| 90c0acc7 |
return -1; |
| dc200c6b |
return *ctx->pdf_flags;
}
int32_t cli_bcapi_pdf_set_flags(struct cli_bc_ctx *ctx , int32_t flags)
{
if (!ctx->pdf_phase) |
| 90c0acc7 |
return -1; |
| dc200c6b |
cli_dbgmsg("cli_pdf: bytecode set_flags %08x -> %08x\n", |
| 90c0acc7 |
*ctx->pdf_flags,
flags); |
| dc200c6b |
*ctx->pdf_flags = flags;
return 0;
}
int32_t cli_bcapi_pdf_lookupobj(struct cli_bc_ctx *ctx , uint32_t objid)
{
unsigned i;
if (!ctx->pdf_phase) |
| 90c0acc7 |
return -1; |
| dc200c6b |
for (i=0;i<ctx->pdf_nobjs;i++) { |
| 89d5207b |
if (ctx->pdf_objs[i]->id == objid) |
| 90c0acc7 |
return i; |
| dc200c6b |
}
return -1;
}
uint32_t cli_bcapi_pdf_getobjsize(struct cli_bc_ctx *ctx , int32_t objidx)
{
if (!ctx->pdf_phase || |
| cd94be7a |
(uint32_t)objidx >= ctx->pdf_nobjs || |
| 90c0acc7 |
ctx->pdf_phase == PDF_PHASE_POSTDUMP /* map is obj itself, no access to pdf anymore */ |
| dc200c6b |
) |
| 90c0acc7 |
return 0; |
| cd94be7a |
if ((uint32_t)(objidx + 1) == ctx->pdf_nobjs) |
| 89d5207b |
return ctx->pdf_size - ctx->pdf_objs[objidx]->start;
return ctx->pdf_objs[objidx+1]->start - ctx->pdf_objs[objidx]->start - 4; |
| dc200c6b |
}
|
| f304dc68 |
const uint8_t* cli_bcapi_pdf_getobj(struct cli_bc_ctx *ctx , int32_t objidx, uint32_t amount) |
| dc200c6b |
{
uint32_t size = cli_bcapi_pdf_getobjsize(ctx, objidx);
if (amount > size) |
| 90c0acc7 |
return NULL; |
| 89d5207b |
return fmap_need_off(ctx->fmap, ctx->pdf_objs[objidx]->start, amount); |
| dc200c6b |
}
int32_t cli_bcapi_pdf_getobjid(struct cli_bc_ctx *ctx , int32_t objidx)
{
if (!ctx->pdf_phase || |
| cd94be7a |
(uint32_t)objidx >= ctx->pdf_nobjs) |
| 90c0acc7 |
return -1; |
| 89d5207b |
return ctx->pdf_objs[objidx]->id; |
| dc200c6b |
}
int32_t cli_bcapi_pdf_getobjflags(struct cli_bc_ctx *ctx , int32_t objidx)
{
if (!ctx->pdf_phase || |
| cd94be7a |
(uint32_t)objidx >= ctx->pdf_nobjs) |
| 90c0acc7 |
return -1; |
| 89d5207b |
return ctx->pdf_objs[objidx]->flags; |
| dc200c6b |
}
int32_t cli_bcapi_pdf_setobjflags(struct cli_bc_ctx *ctx , int32_t objidx, int32_t flags)
{
if (!ctx->pdf_phase || |
| cd94be7a |
(uint32_t)objidx >= ctx->pdf_nobjs) |
| 90c0acc7 |
return -1; |
| dc200c6b |
cli_dbgmsg("cli_pdf: bytecode setobjflags %08x -> %08x\n", |
| 89d5207b |
ctx->pdf_objs[objidx]->flags, |
| 90c0acc7 |
flags); |
| 89d5207b |
ctx->pdf_objs[objidx]->flags = flags; |
| dc200c6b |
return 0;
}
int32_t cli_bcapi_pdf_get_offset(struct cli_bc_ctx *ctx , int32_t objidx)
{
if (!ctx->pdf_phase || |
| cd94be7a |
(uint32_t)objidx >= ctx->pdf_nobjs) |
| 90c0acc7 |
return -1; |
| 89d5207b |
return ctx->pdf_startoff + ctx->pdf_objs[objidx]->start; |
| dc200c6b |
}
int32_t cli_bcapi_pdf_get_phase(struct cli_bc_ctx *ctx)
{
return ctx->pdf_phase;
}
int32_t cli_bcapi_pdf_get_dumpedobjid(struct cli_bc_ctx *ctx)
{
if (ctx->pdf_phase != PDF_PHASE_POSTDUMP) |
| 90c0acc7 |
return -1; |
| dc200c6b |
return ctx->pdf_dumpedid;
} |
| 1dae00eb |
|
| 4116c65d |
int32_t cli_bcapi_running_on_jit(struct cli_bc_ctx *ctx )
{
ctx->no_diff = 1;
return ctx->on_jit;
} |
| acc8bccb |
int32_t cli_bcapi_get_file_reliability(struct cli_bc_ctx *ctx )
{
cli_ctx *cctx = (cli_ctx*)ctx->ctx;
return cctx ? cctx->corrupted_input : 3;
} |
| fa7ae4cc |
int32_t cli_bcapi_json_is_active(struct cli_bc_ctx *ctx )
{
#if HAVE_JSON
cli_ctx *cctx = (cli_ctx*)ctx->ctx;
if (cctx->properties != NULL) {
return 1;
}
#else |
| cd94be7a |
UNUSEDPARAM(ctx); |
| fa7ae4cc |
cli_dbgmsg("bytecode api: libjson is not enabled!\n");
#endif
return 0;
}
static int32_t cli_bcapi_json_objs_init(struct cli_bc_ctx *ctx) {
#if HAVE_JSON
unsigned n = ctx->njsonobjs + 1; |
| c6a3b294 |
json_object **j, **jobjs = (json_object **)(ctx->jsonobjs); |
| fa7ae4cc |
cli_ctx *cctx = (cli_ctx *)ctx->ctx;
|
| c6a3b294 |
j = cli_realloc(jobjs, sizeof(json_object *)*n); |
| fa7ae4cc |
if (!j) { /* memory allocation failure */
cli_event_error_oom(EV, 0);
return -1;
} |
| c6a3b294 |
ctx->jsonobjs = (void **)j; |
| fa7ae4cc |
ctx->njsonobjs = n;
j[n-1] = cctx->properties;
return 0;
#else |
| cd94be7a |
UNUSEDPARAM(ctx); |
| fa7ae4cc |
return -1;
#endif
}
|
| 546e168b |
#define INIT_JSON_OBJS(ctx) \
if (!cli_bcapi_json_is_active(ctx)) \
return -1; \ |
| fa7ae4cc |
if (ctx->njsonobjs == 0) { \
if (cli_bcapi_json_objs_init(ctx)) { \
return -1; \
} \
} \
int32_t cli_bcapi_json_get_object(struct cli_bc_ctx *ctx, const int8_t* name, int32_t name_len, int32_t objid)
{
#if HAVE_JSON
unsigned n; |
| 9048572c |
json_object **j, *jobj, **jobjs; |
| fa7ae4cc |
char *namep;
INIT_JSON_OBJS(ctx); |
| 9048572c |
jobjs = ((json_object **)(ctx->jsonobjs)); |
| cd94be7a |
if (objid < 0 || (unsigned int)objid >= ctx->njsonobjs) { |
| fa7ae4cc |
cli_dbgmsg("bytecode api[json_get_object]: invalid json objid requested\n");
return -1;
}
if (!name || name_len < 0) {
cli_dbgmsg("bytecode api[json_get_object]: unnamed object queried\n");
return -1;
}
n = ctx->njsonobjs + 1; |
| 3107a6c2 |
jobj = jobjs[objid]; |
| fa7ae4cc |
if (!jobj) /* shouldn't be possible */
return -1;
namep = (char*)cli_malloc(sizeof(char)*(name_len+1));
if (!namep)
return -1;
strncpy(namep, (char*)name, name_len);
namep[name_len] = '\0';
|
| 6c048b8a |
if (!json_object_object_get_ex(jobj, namep, &jobj)) { /* object not found */ |
| fa7ae4cc |
free(namep);
return 0;
}
|
| c6a3b294 |
j = cli_realloc(jobjs, sizeof(json_object *)*n); |
| fa7ae4cc |
if (!j) { /* memory allocation failure */
free(namep);
cli_event_error_oom(EV, 0);
return -1;
} |
| c6a3b294 |
ctx->jsonobjs = (void **)j; |
| fa7ae4cc |
ctx->njsonobjs = n;
j[n-1] = jobj;
cli_dbgmsg("bytecode api[json_get_object]: assigned %s => ID %d\n", namep, n-1);
free(namep);
return n-1;
#else |
| cd94be7a |
UNUSEDPARAM(ctx);
UNUSEDPARAM(name);
UNUSEDPARAM(name_len);
UNUSEDPARAM(objid); |
| fa7ae4cc |
cli_dbgmsg("bytecode api: libjson is not enabled!\n");
return -1;
#endif
}
int32_t cli_bcapi_json_get_type(struct cli_bc_ctx *ctx, int32_t objid)
{
#if HAVE_JSON
enum json_type type; |
| 9048572c |
json_object **jobjs; |
| fa7ae4cc |
INIT_JSON_OBJS(ctx); |
| 9048572c |
jobjs = ((json_object **)(ctx->jsonobjs)); |
| cd94be7a |
if (objid < 0 || (unsigned int)objid >= ctx->njsonobjs) { |
| fa7ae4cc |
cli_dbgmsg("bytecode api[json_get_type]: invalid json objid requested\n");
return -1;
}
|
| 3107a6c2 |
type = json_object_get_type(jobjs[objid]); |
| fa7ae4cc |
switch (type) {
case json_type_null:
return JSON_TYPE_NULL;
case json_type_boolean:
return JSON_TYPE_BOOLEAN;
case json_type_double:
return JSON_TYPE_DOUBLE;
case json_type_int:
return JSON_TYPE_INT;
case json_type_object:
return JSON_TYPE_OBJECT;
case json_type_array:
return JSON_TYPE_ARRAY;
case json_type_string:
return JSON_TYPE_STRING;
default:
cli_dbgmsg("bytecode api[json_get_type]: unrecognized json type %d\n", type);
}
#else |
| cd94be7a |
UNUSEDPARAM(ctx);
UNUSEDPARAM(objid); |
| fa7ae4cc |
cli_dbgmsg("bytecode api: libjson is not enabled!\n");
#endif
return -1;
}
int32_t cli_bcapi_json_get_array_length(struct cli_bc_ctx *ctx, int32_t objid)
{
#if HAVE_JSON
enum json_type type; |
| 9048572c |
json_object **jobjs; |
| fa7ae4cc |
INIT_JSON_OBJS(ctx); |
| 9048572c |
jobjs = (json_object **)(ctx->jsonobjs); |
| cd94be7a |
if (objid < 0 || (unsigned int)objid >= ctx->njsonobjs) { |
| fa7ae4cc |
cli_dbgmsg("bytecode api[json_array_get_length]: invalid json objid requested\n");
return -1;
}
|
| 3107a6c2 |
type = json_object_get_type(jobjs[objid]); |
| fa7ae4cc |
if (type != json_type_array) {
return -2; /* error code for not an array */
}
|
| 3107a6c2 |
return json_object_array_length(jobjs[objid]); |
| fa7ae4cc |
#else |
| cd94be7a |
UNUSEDPARAM(ctx);
UNUSEDPARAM(objid); |
| fa7ae4cc |
cli_dbgmsg("bytecode api: libjson is not enabled!\n");
return -1;
#endif
}
int32_t cli_bcapi_json_get_array_idx(struct cli_bc_ctx *ctx, int32_t idx, int32_t objid)
{
#if HAVE_JSON
enum json_type type;
unsigned n;
int length; |
| 9048572c |
json_object **j, *jarr = NULL, *jobj = NULL, **jobjs; |
| fa7ae4cc |
INIT_JSON_OBJS(ctx); |
| 9048572c |
jobjs = (json_object **)(ctx->jsonobjs); |
| cd94be7a |
if (objid < 0 || (unsigned int)objid >= ctx->njsonobjs) { |
| fa7ae4cc |
cli_dbgmsg("bytecode api[json_array_get_idx]: invalid json objid requested\n");
return -1;
}
|
| 3107a6c2 |
jarr = jobjs[objid]; |
| fa7ae4cc |
if (!jarr) /* shouldn't be possible */
return -1;
type = json_object_get_type(jarr);
if (type != json_type_array) {
return -2; /* error code for not an array */
}
length = json_object_array_length(jarr);
if (idx >= 0 && idx < length) {
n = ctx->njsonobjs + 1;
jobj = json_object_array_get_idx(jarr,idx);
if (!jobj) { /* object not found */
return 0;
}
|
| c6a3b294 |
j = cli_realloc(jobjs, sizeof(json_object *)*n); |
| fa7ae4cc |
if (!j) { /* memory allocation failure */
cli_event_error_oom(EV, 0);
return -1;
} |
| c6a3b294 |
ctx->jsonobjs = (void **)j; |
| fa7ae4cc |
ctx->njsonobjs = n;
j[n-1] = jobj;
cli_dbgmsg("bytecode api[json_array_get_idx]: assigned array @ %d => ID %d\n", idx, n-1);
return n-1;
}
return 0;
#else |
| cd94be7a |
UNUSEDPARAM(ctx);
UNUSEDPARAM(idx);
UNUSEDPARAM(objid); |
| fa7ae4cc |
cli_dbgmsg("bytecode api: libjson is not enabled!\n");
return -1;
#endif
}
int32_t cli_bcapi_json_get_string_length(struct cli_bc_ctx *ctx, int32_t objid)
{
#if HAVE_JSON
enum json_type type; |
| 9048572c |
json_object *jobj, **jobjs; |
| fa7ae4cc |
int32_t len;
const char *jstr;
INIT_JSON_OBJS(ctx); |
| 9048572c |
jobjs = (json_object **)(ctx->jsonobjs); |
| cd94be7a |
if (objid < 0 || (unsigned int)objid >= ctx->njsonobjs) { |
| 61e3637d |
cli_dbgmsg("bytecode api[json_get_string_length]: invalid json objid requested\n"); |
| fa7ae4cc |
return -1;
}
|
| 3107a6c2 |
jobj = jobjs[objid]; |
| fa7ae4cc |
if (!jobj) /* shouldn't be possible */
return -1;
type = json_object_get_type(jobj);
if (type != json_type_string) {
return -2; /* error code for not an array */
}
//len = json_object_get_string_len(jobj); /* not in JSON <0.10 */
jstr = json_object_get_string(jobj);
len = strlen(jstr);
return len;
#else |
| cd94be7a |
UNUSEDPARAM(ctx);
UNUSEDPARAM(objid); |
| fa7ae4cc |
cli_dbgmsg("bytecode api: libjson is not enabled!\n");
return -1;
#endif
}
int32_t cli_bcapi_json_get_string(struct cli_bc_ctx *ctx, int8_t* str, int32_t str_len, int32_t objid)
{
#if HAVE_JSON
enum json_type type; |
| 9048572c |
json_object *jobj, **jobjs; |
| fa7ae4cc |
int32_t len;
const char *jstr;
INIT_JSON_OBJS(ctx); |
| 9048572c |
jobjs = (json_object **)(ctx->jsonobjs); |
| cd94be7a |
if (objid < 0 || (unsigned int)objid >= ctx->njsonobjs) { |
| 61e3637d |
cli_dbgmsg("bytecode api[json_get_string]: invalid json objid requested\n"); |
| fa7ae4cc |
return -1;
}
|
| 3107a6c2 |
jobj = jobjs[objid]; |
| fa7ae4cc |
if (!jobj) /* shouldn't be possible */
return -1;
type = json_object_get_type(jobj);
if (type != json_type_string) {
return -2; /* error code for not an array */
}
//len = json_object_get_string_len(jobj); /* not in JSON <0.10 */
jstr = json_object_get_string(jobj);
len = strlen(jstr);
if (len+1 > str_len) {
/* limit on str-len */ |
| cd94be7a |
strncpy((char *)str, jstr, str_len-1); |
| fa7ae4cc |
str[str_len-1] = '\0';
return str_len;
}
else {
/* limit on len+1 */ |
| cd94be7a |
strncpy((char *)str, jstr, len); |
| fa7ae4cc |
str[len] = '\0';
return len+1;
}
#else |
| cd94be7a |
UNUSEDPARAM(ctx);
UNUSEDPARAM(str);
UNUSEDPARAM(str_len);
UNUSEDPARAM(objid); |
| fa7ae4cc |
cli_dbgmsg("bytecode api: libjson is not enabled!\n");
return -1;
#endif
} |
| 61e3637d |
int32_t cli_bcapi_json_get_boolean(struct cli_bc_ctx *ctx, int32_t objid)
{
#if HAVE_JSON |
| 9048572c |
json_object *jobj, **jobjs; |
| 61e3637d |
INIT_JSON_OBJS(ctx); |
| 9048572c |
jobjs = (json_object **)(ctx->jsonobjs); |
| cd94be7a |
if (objid < 0 || (unsigned int)objid >= ctx->njsonobjs) { |
| 61e3637d |
cli_dbgmsg("bytecode api[json_get_boolean]: invalid json objid requested\n");
return -1;
}
|
| 3107a6c2 |
jobj = jobjs[objid]; |
| 61e3637d |
return json_object_get_boolean(jobj);
#else |
| cd94be7a |
UNUSEDPARAM(ctx);
UNUSEDPARAM(objid); |
| 61e3637d |
cli_dbgmsg("bytecode api: libjson is not enabled!\n");
return 0;
#endif
}
int32_t cli_bcapi_json_get_int(struct cli_bc_ctx *ctx, int32_t objid)
{
#if HAVE_JSON |
| 9048572c |
json_object *jobj, **jobjs; |
| 61e3637d |
INIT_JSON_OBJS(ctx); |
| 9048572c |
jobjs = (json_object **)(ctx->jsonobjs); |
| cd94be7a |
if (objid < 0 || (unsigned int)objid >= ctx->njsonobjs) { |
| 61e3637d |
cli_dbgmsg("bytecode api[json_get_int]: invalid json objid requested\n");
return -1;
}
|
| 3107a6c2 |
jobj = jobjs[objid]; |
| 61e3637d |
return json_object_get_int(jobj);
#else |
| cd94be7a |
UNUSEDPARAM(ctx);
UNUSEDPARAM(objid); |
| 61e3637d |
cli_dbgmsg("bytecode api: libjson is not enabled!\n");
return 0;
#endif
}
//int64_t cli_bcapi_json_get_int64(struct cli_bc_ctx *ctx, int32_t objid);
//double cli_bcapi_json_get_double(struct cli_bc_ctx *ctx, int32_t objid); |