| d056cc17 |
/* |
| 1eceda0e |
* Copyright (C) 2005-2007 Nigel Horne <njh@bandsman.co.uk> |
| d056cc17 |
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software |
| 67355216 |
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
| 1eceda0e |
*
* TODO: Embedded fonts
* TODO: Predictor image handling |
| d056cc17 |
*/ |
| 95e11e5a |
static char const rcsid[] = "$Id: pdf.c,v 1.61 2007/02/12 20:46:09 njh Exp $"; |
| d056cc17 |
#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif
|
| 8b6f8404 |
#if HAVE_MMAP |
| 240d3307 |
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <ctype.h>
#include <string.h>
#include <fcntl.h>
#include <stdlib.h> |
| 511a59c7 |
#include <errno.h> |
| ed6446ff |
#ifdef HAVE_LIMITS_H
#include <limits.h>
#endif |
| 9443ec4a |
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif |
| ed6446ff |
#ifdef HAVE_SYS_MMAN_H
#include <sys/mman.h>
#endif |
| 240d3307 |
#ifdef HAVE_ZLIB_H
#include <zlib.h>
#endif
|
| 925ece3d |
#ifdef C_WINDOWS
#include <io.h>
#endif
|
| ed6446ff |
#include "clamav.h"
#include "others.h" |
| 240d3307 |
#include "mbox.h" |
| 654c0b96 |
#include "pdf.h" |
| 240d3307 |
|
| 1eceda0e |
#ifdef CL_DEBUG |
| 07d7cd81 |
/*#define SAVE_TMP /* Save the file being worked on in tmp */ |
| 1eceda0e |
#endif
static int try_flatedecode(unsigned char *buf, off_t real_len, off_t calculated_len, int fout, const cli_ctx *ctx); |
| 95e11e5a |
static int flatedecode(unsigned char *buf, off_t len, int fout, const cli_ctx *ctx); |
| b02bab2b |
static int ascii85decode(const char *buf, off_t len, unsigned char *output); |
| bce73fe9 |
static const char *pdf_nextlinestart(const char *ptr, size_t len); |
| ef8219b8 |
static const char *pdf_nextobject(const char *ptr, size_t len); |
| ceabee13 |
static const char *cli_pmemstr(const char *haystack, size_t hs, const char *needle, size_t ns); |
| da653b74 |
|
| 144df7c1 |
/*
* TODO: handle embedded URLs if (options&CL_SCAN_MAILURL)
*/ |
| d056cc17 |
int |
| 2c313298 |
cli_pdf(const char *dir, int desc, const cli_ctx *ctx) |
| d056cc17 |
{ |
| 6c9dc98d |
off_t size; /* total number of bytes in the file */ |
| bce73fe9 |
long bytesleft, trailerlength; |
| bf3e4471 |
char *buf, *alloced; /* start of memory mapped area */ |
| bce73fe9 |
const char *p, *q, *trailerstart; |
| 6c9dc98d |
const char *xrefstart; /* cross reference table */ |
| 70502709 |
/*size_t xreflength;*/ |
| 550ee789 |
int rc = CL_CLEAN; |
| b432851f |
table_t *md5table; |
| 1eceda0e |
int printed_predictor_message;
int printed_embedded_font_message; |
| bf3e4471 |
struct stat statb; |
| 240d3307 |
|
| 925ece3d |
cli_dbgmsg("in cli_pdf(%s)\n", dir); |
| 798308de |
|
| 240d3307 |
if(fstat(desc, &statb) < 0)
return CL_EOPEN;
|
| b432851f |
size = statb.st_size; |
| 240d3307 |
if(size == 0)
return CL_CLEAN;
|
| 139823ca |
if(size <= 7) /* doesn't even include the file header */
return CL_EFORMAT;
|
| 6bcff40f |
p = buf = mmap(NULL, size, PROT_READ, MAP_PRIVATE, desc, 0); |
| 240d3307 |
if(buf == MAP_FAILED)
return CL_EMEM;
|
| bf3e4471 |
alloced = cli_malloc(size);
if(alloced) {
/*
* FIXME: now I have this, there's no need for the lack of
* support on systems without mmap, e.g. cygwin
*/
memcpy(alloced, buf, size);
munmap(buf, size);
p = alloced;
}
|
| 95e11e5a |
cli_dbgmsg("cli_pdf: scanning %lu bytes\n", (unsigned long)size); |
| 0a097146 |
|
| 139823ca |
/* Lines are terminated by \r, \n or both */
/* File Header */
if(memcmp(p, "%PDF-1.", 7) != 0) { |
| bf3e4471 |
if(alloced)
free(alloced);
else
munmap(buf, size); |
| 139823ca |
return CL_EFORMAT;
}
|
| ef8219b8 |
#if 0
q = pdf_nextlinestart(&p[6], size - 6); |
| bce73fe9 |
if(q == NULL) { |
| bf3e4471 |
if(alloced)
free(alloced);
else
munmap(buf, size); |
| bce73fe9 |
return CL_EFORMAT; |
| 139823ca |
} |
| 6c9dc98d |
bytesleft = size - (long)(q - p); |
| bce73fe9 |
p = q; |
| ef8219b8 |
#else
p = &p[6];
bytesleft = size - 6;
#endif |
| 139823ca |
/* Find the file trailer */ |
| 6c9dc98d |
for(q = &p[bytesleft - 6]; q > p; --q) |
| 139823ca |
if(memcmp(q, "%%EOF", 5) == 0)
break;
|
| 7fc055e6 |
if(q <= p) { |
| bf3e4471 |
if(alloced)
free(alloced);
else
munmap(buf, size); |
| 139823ca |
return CL_EFORMAT;
}
|
| b533a221 |
for(trailerstart = &q[-7]; trailerstart > p; --trailerstart) |
| bce73fe9 |
if(memcmp(trailerstart, "trailer", 7) == 0) |
| 139823ca |
break;
/* |
| bce73fe9 |
* q points to the end of the trailer section |
| 139823ca |
*/ |
| bce73fe9 |
trailerlength = (long)(q - trailerstart);
if(cli_pmemstr(trailerstart, trailerlength, "Encrypt", 7)) { |
| 501e5d12 |
/*
* This tends to mean that the file is, in effect, read-only
*/ |
| bf3e4471 |
if(alloced)
free(alloced);
else
munmap(buf, size); |
| 6c9dc98d |
cli_warnmsg("Encrypted PDF files not yet supported\n"); |
| 501e5d12 |
return CL_EFORMAT;
}
|
| ef8219b8 |
/*
* not true, since edits may put data after the trailer |
| bce73fe9 |
bytesleft -= trailerlength; |
| ef8219b8 |
*/ |
| bce73fe9 |
|
| 76fb2ef1 |
/*
* FIXME: Handle more than one xref section in the xref table
*/ |
| 6c9dc98d |
for(xrefstart = trailerstart; xrefstart > p; --xrefstart)
if(memcmp(xrefstart, "xref", 4) == 0) |
| 76fb2ef1 |
/*
* Make sure it's the start of the line, not a startxref
* token
*/
if((xrefstart[-1] == '\n') || (xrefstart[-1] == '\r'))
break; |
| 6c9dc98d |
if(xrefstart == p) { |
| bf3e4471 |
if(alloced)
free(alloced);
else
munmap(buf, size); |
| 6c9dc98d |
return CL_EFORMAT;
}
|
| 1eceda0e |
printed_predictor_message = printed_embedded_font_message = 0;
|
| ff7d16a7 |
md5table = tableCreate(); |
| ef8219b8 |
/*
* not true, since edits may put data after the trailer |
| 70502709 |
xreflength = (size_t)(trailerstart - xrefstart); |
| 6c9dc98d |
bytesleft -= xreflength; |
| ef8219b8 |
*/ |
| 6c9dc98d |
/* |
| ef8219b8 |
* The body section consists of a sequence of indirect objects |
| 6c9dc98d |
*/ |
| 88fbd274 |
while((p < xrefstart) && |
| bf3e4471 |
((q = pdf_nextobject(p, bytesleft)) != NULL)) { |
| f97bcc8a |
int is_ascii85decode, is_flatedecode, fout, len, has_cr; |
| d8ab9ddc |
/*int object_number, generation_number;*/ |
| 6c9dc98d |
const char *objstart, *objend, *streamstart, *streamend; |
| ff7d16a7 |
char *md5digest; |
| b432851f |
unsigned long length, objlen, real_streamlen, calculated_streamlen; |
| 1eceda0e |
int is_embedded_font, predictor; |
| 240d3307 |
char fullname[NAME_MAX + 1]; |
| f53acfcd |
|
| ef8219b8 |
if(q == xrefstart)
break;
if(memcmp(q, "xref", 4) == 0)
break; |
| 616fd006 |
/*object_number = atoi(q);*/
bytesleft -= (q - p);
p = q;
if(memcmp(q, "endobj", 6) == 0)
continue; |
| ef8219b8 |
if(!isdigit(*q)) { |
| a5ade23c |
cli_warnmsg("cli_pdf: Object number missing\n"); |
| ef8219b8 |
rc = CL_EFORMAT;
break;
}
q = pdf_nextobject(p, bytesleft);
if((q == NULL) || !isdigit(*q)) { |
| a5ade23c |
cli_warnmsg("cli_pdf: Generation number missing\n"); |
| ef8219b8 |
rc = CL_EFORMAT;
break;
} |
| a5f514a4 |
/*generation_number = atoi(q);*/ |
| ef8219b8 |
bytesleft -= (q - p);
p = q;
q = pdf_nextobject(p, bytesleft);
if((q == NULL) || (memcmp(q, "obj", 3) != 0)) {
cli_warnmsg("Indirect object missing \"obj\"\n");
rc = CL_EFORMAT;
break;
}
bytesleft -= (q - p) + 3;
objstart = p = &q[3]; |
| 6c9dc98d |
objend = cli_pmemstr(p, bytesleft, "endobj", 6);
if(objend == NULL) { |
| ef8219b8 |
cli_dbgmsg("No matching endobj\n"); |
| 240d3307 |
break;
} |
| 6c9dc98d |
bytesleft -= (objend - p) + 6;
p = &objend[6]; |
| b432851f |
objlen = (unsigned long)(objend - objstart); |
| 240d3307 |
|
| 6c9dc98d |
/* Is this object a stream? */ |
| bce73fe9 |
streamstart = cli_pmemstr(objstart, objlen, "stream", 6);
if(streamstart == NULL)
continue; |
| 240d3307 |
|
| 1eceda0e |
is_embedded_font = length = is_ascii85decode =
is_flatedecode = 0;
predictor = 1;
|
| bce73fe9 |
/*
* TODO: handle F and FFilter?
*/ |
| 9be10a55 |
q = objstart;
while(q < streamstart) { |
| ef8219b8 |
if(*q == '/') { /* name object */ |
| f53acfcd |
/*cli_dbgmsg("Name object %8.8s\n", q+1, q+1);*/ |
| 6c9dc98d |
if(strncmp(++q, "Length ", 7) == 0) {
q += 7;
length = atoi(q);
while(isdigit(*q))
q++; |
| f97bcc8a |
/*
* Note: incremental updates are not
* supported
*/
if((bytesleft > 11) && strncmp(q, " 0 R", 4) == 0) {
const char *r; |
| f0506577 |
char b[14]; |
| f97bcc8a |
q += 4; |
| b432851f |
cli_dbgmsg("Length is in indirect obj %ld\n", |
| f97bcc8a |
length);
snprintf(b, sizeof(b), |
| b432851f |
"\n%ld 0 obj", length);
length = (unsigned long)strlen(b); |
| bf3e4471 |
r = cli_pmemstr(alloced ? alloced : buf,
size, b, length); |
| f0506577 |
if(r == NULL) {
b[0] = '\r';
r = cli_pmemstr(alloced ? alloced : buf,
size, b, length);
} |
| f97bcc8a |
if(r) {
r += length - 1;
r = pdf_nextobject(r, bytesleft - (r - q));
if(r) {
length = atoi(r);
while(isdigit(*r))
r++; |
| b432851f |
cli_dbgmsg("length in '%s' %ld\n", |
| f0506577 |
&b[1],
length); |
| f97bcc8a |
}
} else
cli_warnmsg("Couldn't find '%s'\n", |
| f0506577 |
&b[1]); |
| f97bcc8a |
} |
| 6c9dc98d |
q--; |
| 1eceda0e |
} else if(strncmp(q, "Length2 ", 8) == 0)
is_embedded_font = 1;
else if(strncmp(q, "Predictor ", 10) == 0) {
q += 10;
predictor = atoi(q);
while(isdigit(*q))
q++;
q--; |
| 6c9dc98d |
} else if(strncmp(q, "FlateDecode", 11) == 0) { |
| da653b74 |
is_flatedecode = 1; |
| f53acfcd |
q += 11;
} else if(strncmp(q, "ASCII85Decode", 13) == 0) { |
| da653b74 |
is_ascii85decode = 1; |
| 6c9dc98d |
q += 13; |
| 240d3307 |
}
} |
| ef8219b8 |
q = pdf_nextobject(q, (size_t)(streamstart - q)); |
| 9be10a55 |
if(q == NULL)
break;
} |
| ce42a31a |
|
| 1eceda0e |
if(is_embedded_font) {
/*
* Need some documentation, the only I can find a |
| 1299feef |
* reference to is not free, if some kind soul wishes |
| 1eceda0e |
* to donate a copy, please contact me!
* (http://safari.adobepress.com/0321304748)
*/
if(!printed_embedded_font_message) {
cli_dbgmsg("Embedded fonts not yet supported\n");
printed_embedded_font_message = 1;
}
continue;
}
if(predictor > 1) {
/*
* Needs some thought
*/
if(!printed_predictor_message) {
cli_dbgmsg("Predictor %d not honoured for embedded image\n",
predictor);
printed_predictor_message = 1;
}
continue;
}
|
| 6c9dc98d |
/* objend points to the end of the object (start of "endobj") */
streamstart += 6; /* go past the word "stream" */
len = (int)(objend - streamstart);
q = pdf_nextlinestart(streamstart, len);
if(q == NULL) |
| bce73fe9 |
break; |
| 6c9dc98d |
len -= (int)(q - streamstart);
streamstart = q;
streamend = cli_pmemstr(streamstart, len, "endstream\n", 10);
if(streamend == NULL) {
streamend = cli_pmemstr(streamstart, len, "endstream\r", 10);
if(streamend == NULL) { |
| af3c6acb |
cli_dbgmsg("No endstream\n"); |
| 0a097146 |
break;
} |
| f97bcc8a |
has_cr = 1; |
| 918f7aaa |
} else
has_cr = 0; |
| 240d3307 |
snprintf(fullname, sizeof(fullname), "%s/pdfXXXXXX", dir);
#if defined(C_LINUX) || defined(C_BSD) || defined(HAVE_MKSTEMP) || defined(C_SOLARIS) || defined(C_CYGWIN)
fout = mkstemp(fullname); |
| 925ece3d |
#elif defined(C_WINDOWS)
if(_mktemp(fullname) == NULL) {
/* mktemp only allows 26 files */
char *name = cli_gentemp(dir);
if(name == NULL)
fout = -1;
else {
strcpy(fullname, name);
free(name);
fout = open(fullname,
O_WRONLY|O_CREAT|O_EXCL|O_TRUNC|O_BINARY, 0600);
}
} else
fout = open(fullname, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC|O_BINARY, 0600); |
| f53acfcd |
#else |
| 925ece3d |
mktemp(fullname); |
| 240d3307 |
fout = open(fullname, O_WRONLY|O_CREAT|O_EXCL|O_TRUNC|O_BINARY, 0600);
#endif
if(fout < 0) {
cli_errmsg("cli_pdf: can't create temporary file %s: %s\n", fullname, strerror(errno)); |
| bbc4f890 |
rc = CL_ETMPFILE;
break; |
| 240d3307 |
}
|
| 1eceda0e |
/*
* Calculate the length ourself, the Length parameter is often
* wrong
*/ |
| 39327ef2 |
if(*--streamend != '\n')
streamend++; |
| f97bcc8a |
else if(has_cr && (*--streamend != '\r')) |
| 39327ef2 |
streamend++; |
| 1eceda0e |
if(streamend <= streamstart) { |
| bf3e4471 |
close(fout); |
| 1eceda0e |
cli_dbgmsg("Empty stream\n");
continue;
} |
| f97bcc8a |
calculated_streamlen = (int)(streamend - streamstart); |
| 1eceda0e |
real_streamlen = length;
if(calculated_streamlen != real_streamlen)
cli_dbgmsg("cli_pdf: Incorrect Length field in file attempting to recover\n");
|
| b432851f |
cli_dbgmsg("length %ld, calculated_streamlen %ld isFlate %d isASCII85 %d\n", |
| 1eceda0e |
length, calculated_streamlen,
is_flatedecode, is_ascii85decode); |
| bce73fe9 |
#if 0
/* FIXME: this isn't right... */
if(length)
/*streamlen = (is_flatedecode) ? length : MIN(length, streamlen);*/
streamlen = MIN(length, streamlen);
#endif
|
| da653b74 |
if(is_ascii85decode) { |
| 1eceda0e |
unsigned char *tmpbuf = cli_malloc(calculated_streamlen * 5); |
| bce73fe9 |
int ret; |
| 550ee789 |
|
| 1160fc1d |
if(tmpbuf == NULL) { |
| b8705ec8 |
close(fout); |
| 52a88dee |
unlink(fullname);
rc = CL_EMEM; |
| 1160fc1d |
continue;
}
|
| 1eceda0e |
ret = ascii85decode(streamstart, calculated_streamlen, tmpbuf); |
| bbc4f890 |
|
| bce73fe9 |
if(ret == -1) { |
| da653b74 |
free(tmpbuf); |
| b8705ec8 |
close(fout); |
| 52a88dee |
unlink(fullname);
rc = CL_EFORMAT; |
| 240d3307 |
continue;
} |
| 44399452 |
if(ret) { |
| 9443ec4a |
unsigned char *t; |
| b432851f |
real_streamlen = ret; |
| 44399452 |
/* free unused trailing bytes */ |
| 9443ec4a |
t = (unsigned char *)cli_realloc(tmpbuf, |
| 1eceda0e |
calculated_streamlen); |
| b432851f |
if(t == NULL) {
free(tmpbuf);
close(fout);
unlink(fullname);
rc = CL_EMEM;
continue;
}
tmpbuf = t; |
| 44399452 |
/*
* Note that it will probably be both
* ascii85encoded and flateencoded
*/
if(is_flatedecode) { |
| 1eceda0e |
const int zstat = try_flatedecode((unsigned char *)tmpbuf, real_streamlen, real_streamlen, fout, ctx); |
| 44399452 |
if(zstat != Z_OK)
rc = CL_EZIP; |
| ef8219b8 |
} else |
| 1eceda0e |
cli_writen(fout, (const char *)streamstart, real_streamlen); |
| 550ee789 |
} |
| da653b74 |
free(tmpbuf);
} else if(is_flatedecode) { |
| 1eceda0e |
const int zstat = try_flatedecode((unsigned char *)streamstart, real_streamlen, calculated_streamlen, fout, ctx); |
| 240d3307 |
|
| da653b74 |
if(zstat != Z_OK) |
| 1160fc1d |
rc = CL_EZIP; |
| 88fbd274 |
} else { |
| 95e11e5a |
cli_dbgmsg("cli_pdf: writing %lu bytes from the stream\n", |
| 1eceda0e |
(unsigned long)real_streamlen);
cli_writen(fout, (const char *)streamstart, real_streamlen); |
| 88fbd274 |
} |
| 240d3307 |
close(fout); |
| ff7d16a7 |
md5digest = cli_md5file(fullname);
if(tableFind(md5table, md5digest) >= 0) {
cli_dbgmsg("cli_pdf: not scanning duplicate embedded file '%s'\n", fullname);
unlink(fullname);
} else
tableInsert(md5table, md5digest, 1);
free(md5digest); |
| 240d3307 |
cli_dbgmsg("cli_pdf: extracted to %s\n", fullname);
}
|
| bf3e4471 |
if(alloced)
free(alloced);
else
munmap(buf, size); |
| 0a097146 |
|
| ff7d16a7 |
tableDestroy(md5table);
|
| bbc4f890 |
cli_dbgmsg("cli_pdf: returning %d\n", rc); |
| 550ee789 |
return rc; |
| d056cc17 |
} |
| da653b74 |
/* flate inflation - returns zlib status, e.g. Z_OK */
static int |
| 1eceda0e |
try_flatedecode(unsigned char *buf, off_t real_len, off_t calculated_len, int fout, const cli_ctx *ctx)
{
int ret = flatedecode(buf, real_len, fout, ctx);
if(ret == Z_OK)
return Z_OK;
|
| 9e3242ca |
if(real_len == calculated_len) {
/*
* Nothing more we can do to inflate
*/
cli_warnmsg("Bad compression in flate stream\n"); |
| 1eceda0e |
return ret; |
| 9e3242ca |
} |
| 1eceda0e |
|
| f97bcc8a |
ret = flatedecode(buf, calculated_len, fout, ctx);
if(ret == Z_OK)
return Z_OK;
/* i.e. the PDF file is broken :-( */ |
| bf3e4471 |
cli_warnmsg("cli_pdf: Bad compressed block length in flate stream\n"); |
| f97bcc8a |
return ret; |
| 1eceda0e |
}
static int |
| 95e11e5a |
flatedecode(unsigned char *buf, off_t len, int fout, const cli_ctx *ctx) |
| da653b74 |
{
int zstat; |
| 4c32a40d |
off_t nbytes; |
| da653b74 |
z_stream stream;
unsigned char output[BUFSIZ]; |
| 1eceda0e |
#ifdef SAVE_TMP
char tmpfilename[16];
int tmpfd;
#endif |
| da653b74 |
|
| ed6446ff |
cli_dbgmsg("cli_pdf: flatedecode %lu bytes\n", (unsigned long)len); |
| da653b74 |
|
| f0506577 |
if(len == 0) {
cli_warnmsg("cli_pdf: flatedecode len == 0\n");
return Z_OK;
}
|
| 1eceda0e |
#ifdef SAVE_TMP
/*
* Copy the embedded area for debugging, so that if it falls over
* we have a copy of the offending data. This is debugging code
* that you shouldn't of course install in a live environment. I am
* not interested in hearing about security issues with this section
* of the parser.
*/
strcpy(tmpfilename, "/tmp/pdfXXXXXX");
tmpfd = mkstemp(tmpfilename);
if(tmpfd < 0) {
perror(tmpfilename);
cli_errmsg("Can't make debugging file\n");
} else {
FILE *tmpfp = fdopen(tmpfd, "w");
if(tmpfp) {
fwrite(buf, sizeof(char), len, tmpfp);
fclose(tmpfp); |
| 39327ef2 |
cli_dbgmsg("cli_pdf: flatedecode: debugging file is %s\n",
tmpfilename); |
| 1eceda0e |
} else
cli_errmsg("cli_pdf: can't fdopen debugging file\n");
}
#endif |
| da653b74 |
stream.zalloc = (alloc_func)Z_NULL;
stream.zfree = (free_func)Z_NULL;
stream.opaque = (void *)NULL; |
| 95e11e5a |
stream.next_in = (Bytef *)buf; |
| da653b74 |
stream.avail_in = len; |
| 501e5d12 |
stream.next_out = output;
stream.avail_out = sizeof(output); |
| da653b74 |
zstat = inflateInit(&stream);
if(zstat != Z_OK) {
cli_warnmsg("cli_pdf: inflateInit failed");
return zstat;
} |
| 9f2bc4ca |
|
| 4c32a40d |
nbytes = 0; |
| 9f2bc4ca |
|
| 918f7aaa |
while(stream.avail_in) { |
| 72910996 |
zstat = inflate(&stream, Z_NO_FLUSH); /* zlib */ |
| da653b74 |
switch(zstat) {
case Z_OK: |
| 1160fc1d |
if(stream.avail_out == 0) { |
| 9f2bc4ca |
|
| 4c32a40d |
nbytes += cli_writen(fout, output, sizeof(output)); |
| 9f2bc4ca |
|
| 4c32a40d |
if(ctx->limits &&
ctx->limits->maxfilesize &&
(nbytes > (off_t) ctx->limits->maxfilesize)) { |
| ed6446ff |
cli_dbgmsg("cli_pdf: flatedecode size exceeded (%lu)\n",
(unsigned long)nbytes); |
| 4c32a40d |
inflateEnd(&stream);
*ctx->virname = "PDF.ExceededFileSize";
return Z_DATA_ERROR;
} |
| 1160fc1d |
stream.next_out = output; |
| 501e5d12 |
stream.avail_out = sizeof(output); |
| 1160fc1d |
} |
| da653b74 |
continue;
case Z_STREAM_END:
break;
default: |
| fb53f48e |
if(stream.msg) |
| 1eceda0e |
cli_dbgmsg("pdf: after writing %lu bytes, got error \"%s\" inflating PDF attachment\n", |
| ed6446ff |
(unsigned long)nbytes,
stream.msg); |
| fb53f48e |
else |
| 1eceda0e |
cli_dbgmsg("pdf: after writing %lu bytes, got error %d inflating PDF attachment\n", |
| ed6446ff |
(unsigned long)nbytes, zstat); |
| da653b74 |
inflateEnd(&stream);
return zstat;
}
break;
}
|
| 9f2bc4ca |
if(stream.avail_out != sizeof(output)) |
| 1eceda0e |
if(cli_writen(fout, output, sizeof(output) - stream.avail_out) < 0)
return Z_STREAM_ERROR; |
| 9f2bc4ca |
|
| 4c32a40d |
cli_dbgmsg("cli_pdf: flatedecode in=%lu out=%lu ratio %ld (max %d)\n",
stream.total_in, stream.total_out,
stream.total_out / stream.total_in,
ctx->limits ? ctx->limits->maxratio : 0);
if(ctx->limits &&
ctx->limits->maxratio && |
| 72910996 |
BLOCKMAX && |
| 4c32a40d |
((stream.total_out / stream.total_in) > ctx->limits->maxratio)) {
cli_dbgmsg("cli_pdf: flatedecode Max ratio reached\n");
inflateEnd(&stream);
*ctx->virname = "Oversized.PDF";
return Z_DATA_ERROR;
} |
| 2c313298 |
|
| 1eceda0e |
#ifdef SAVE_TMP
unlink(tmpfilename);
#endif |
| da653b74 |
return inflateEnd(&stream);
}
|
| 67355216 |
/*
* ascii85 inflation, returns number of bytes in output, -1 for error
*
* See http://www.piclist.com/techref/method/encode.htm (look for base85)
*/ |
| da653b74 |
static int |
| b02bab2b |
ascii85decode(const char *buf, off_t len, unsigned char *output) |
| da653b74 |
{ |
| 67355216 |
const char *ptr; |
| da653b74 |
uint32_t sum = 0;
int quintet = 0;
int ret = 0;
|
| 67355216 |
if(cli_pmemstr(buf, len, "~>", 2) == NULL)
cli_warnmsg("ascii85decode: no EOF marker found\n");
ptr = buf;
|
| ed6446ff |
cli_dbgmsg("cli_pdf: ascii85decode %lu bytes\n", (unsigned long)len); |
| da653b74 |
|
| bce73fe9 |
while(len > 0) {
int byte = (len--) ? (int)*ptr++ : EOF; |
| da653b74 |
if((byte == '~') && (*ptr == '>'))
byte = EOF;
if(byte >= '!' && byte <= 'u') { |
| 3fe56d48 |
sum = (sum * 85) + ((uint32_t)byte - '!'); |
| da653b74 |
if(++quintet == 5) { |
| e8130f50 |
*output++ = (unsigned char)(sum >> 24);
*output++ = (unsigned char)((sum >> 16) & 0xFF);
*output++ = (unsigned char)((sum >> 8) & 0xFF);
*output++ = (unsigned char)(sum & 0xFF); |
| da653b74 |
ret += 4;
quintet = 0;
sum = 0;
}
} else if(byte == 'z') {
if(quintet) { |
| 1160fc1d |
cli_warnmsg("ascii85decode: unexpected 'z'\n"); |
| da653b74 |
return -1;
}
*output++ = '\0';
*output++ = '\0';
*output++ = '\0';
*output++ = '\0';
ret += 4;
} else if(byte == EOF) { |
| 67355216 |
cli_dbgmsg("ascii85decode: quintet %d\n", quintet); |
| da653b74 |
if(quintet) {
int i;
if(quintet == 1) {
cli_warnmsg("ascii85Decode: only 1 byte in last quintet\n");
return -1;
} |
| 3fe56d48 |
for(i = quintet; i < 5; i++)
sum *= 85;
|
| da653b74 |
if(quintet > 1)
sum += (0xFFFFFF >> ((quintet - 2) * 8));
ret += quintet;
for(i = 0; i < quintet - 1; i++) |
| e8130f50 |
*output++ = (unsigned char)((sum >> (24 - 8 * i)) & 0xFF); |
| da653b74 |
quintet = 0;
} |
| 6c9dc98d |
len = 0; |
| da653b74 |
break;
} else if(!isspace(byte)) { |
| 95e11e5a |
cli_warnmsg("ascii85Decode: invalid character 0x%x, len %lu\n",
byte & 0xFF, (unsigned long)len); |
| da653b74 |
return -1;
}
}
return ret;
} |
| bce73fe9 |
/*
* Find the start of the next line
*/
static const char *
pdf_nextlinestart(const char *ptr, size_t len)
{
while(strchr("\r\n", *ptr) == NULL) {
if(--len == 0L)
return NULL;
ptr++;
}
while(strchr("\r\n", *ptr) != NULL) {
if(--len == 0L)
return NULL;
ptr++;
}
return ptr;
} |
| 9be10a55 |
|
| ef8219b8 |
/*
* Return the start of the next PDF object.
* This assumes that we're not in a stream.
*/
static const char *
pdf_nextobject(const char *ptr, size_t len)
{
const char *p;
int inobject = 1;
while(len) {
switch(*ptr) {
case '\n':
case '\r':
case '%': /* comment */
p = pdf_nextlinestart(ptr, len);
if(p == NULL)
return NULL;
len -= (size_t)(p - ptr);
ptr = p;
inobject = 0;
break;
|
| 9be10a55 |
case ' ':
case '\t': |
| f53acfcd |
case '[': /* Start of an array object */ |
| ef8219b8 |
case '\v':
case '\f': |
| 1eceda0e |
case '<': /* Start of a dictionary object */ |
| ef8219b8 |
inobject = 0; |
| 9be10a55 |
ptr++;
len--;
break; |
| 1eceda0e |
case '/': /* Start of a name object */
return ptr; |
| 9be10a55 |
default: |
| ef8219b8 |
if(!inobject)
/* TODO: parse and return object type */ |
| 9be10a55 |
return ptr;
ptr++;
len--;
}
}
return NULL;
} |
| ceabee13 |
/*
* like cli_memstr - but returns the location of the match
* FIXME: need a case insensitive version
*/
static const char *
cli_pmemstr(const char *haystack, size_t hs, const char *needle, size_t ns)
{
const char *pt, *hay;
size_t n;
if(haystack == needle)
return haystack;
if(hs < ns)
return NULL;
if(memcmp(haystack, needle, ns) == 0)
return haystack;
pt = hay = haystack;
n = hs;
while((pt = memchr(hay, needle[0], n)) != NULL) { |
| f2ba44ae |
n -= (size_t)(pt - hay); |
| ceabee13 |
if(n < ns)
break;
if(memcmp(pt, needle, ns) == 0)
return pt;
if(hay == pt) {
n--;
hay++;
} else
hay = pt;
}
return NULL;
} |
| 8b6f8404 |
#else /*!HAVE_MMAP*/ |
| 83d14d9a |
#include "clamav.h"
#include "others.h"
#include "pdf.h"
|
| 8b6f8404 |
int |
| 4c8fb94b |
cli_pdf(const char *dir, int desc, const cli_ctx *ctx) |
| 8b6f8404 |
{
cli_warnmsg("File not decoded - PDF decoding needs mmap() (for now)\n");
return CL_CLEAN;
}
#endif |