| e3aaff8e |
/* |
| 2023340a |
* Copyright (C) 2007-2008 Sourcefire, Inc. |
| 24555841 |
* |
| 2023340a |
* Authors: Tomasz Kojm |
| e3aaff8e |
*
* This program is free software; you can redistribute it and/or modify |
| bb34cb31 |
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. |
| e3aaff8e |
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software |
| 48b7b4a7 |
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA. |
| e3aaff8e |
*/
|
| 724b2bf7 |
#include "matcher.h"
|
| 8000d078 |
#ifndef __OTHERS_H_LC
#define __OTHERS_H_LC |
| e3aaff8e |
|
| a087f040 |
#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif
|
| 0c8d7368 |
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
|
| d9e258d5 |
#include <stdio.h> |
| e3aaff8e |
#include <stdlib.h> |
| 5ae8bdd5 |
#include "cltypes.h" |
| e3aaff8e |
|
| 375beda4 |
#include "clamav.h" |
| bc93eda0 |
#include "dconf.h" |
| f5a4018b |
#include "libclamunrar_iface/unrar_iface.h" |
| 2bc065d4 |
#include "regex/regex.h" |
| 375beda4 |
|
| a37a861e |
/*
* CL_FLEVEL is the signature f-level specific to the current code and
* should never be modified
* CL_FLEVEL_DCONF is used in the dconf module and can be bumped by
* distribution packagers provided they fix *all* security issues found
* in the old versions of ClamAV. Updating CL_FLEVEL_DCONF will result
* in re-enabling affected modules.
*/
|
| 81fded11 |
#define CL_FLEVEL 47 |
| a37a861e |
#define CL_FLEVEL_DCONF CL_FLEVEL
|
| 33068e09 |
extern uint8_t cli_debug_flag; |
| a7ac5978 |
|
| 9c291186 |
/*
* CLI_ISCONTAINED(buf1, size1, buf2, size2) checks if buf2 is contained
* within buf1.
*
* buf1 and buf2 are pointers (or offsets) for the main buffer and the
* sub-buffer respectively, and size1/2 are their sizes
*
* The macro can be used to protect against wraps.
*/ |
| 1f280d21 |
#define CLI_ISCONTAINED(bb, bb_size, sb, sb_size) \ |
| bdd4b77c |
((bb_size) > 0 && (sb_size) > 0 && (size_t)(sb_size) <= (size_t)(bb_size) \
&& (sb) >= (bb) && ((sb) + (sb_size)) <= ((bb) + (bb_size)) && ((sb) + (sb_size)) > (bb) && (sb) < ((bb) + (bb_size))) |
| 1f280d21 |
|
| 941c735c |
#define CLI_ISCONTAINED2(bb, bb_size, sb, sb_size) \ |
| bdd4b77c |
((bb_size) > 0 && (sb_size) >= 0 && (size_t)(sb_size) <= (size_t)(bb_size) \
&& (sb) >= (bb) && ((sb) + (sb_size)) <= ((bb) + (bb_size)) && ((sb) + (sb_size)) >= (bb) && (sb) < ((bb) + (bb_size))) |
| 941c735c |
|
| 573cac8f |
#define CLI_MAX_ALLOCATION 184549376 |
| 1e9c4900 |
|
| a087f040 |
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h> /* for NAME_MAX */
#endif
|
| 06646acf |
/* Maximum filenames under various systems - njh */
#ifndef NAME_MAX /* e.g. Linux */
# ifdef MAXNAMELEN /* e.g. Solaris */
# define NAME_MAX MAXNAMELEN
# else
# ifdef FILENAME_MAX /* e.g. SCO */
# define NAME_MAX FILENAME_MAX |
| 7d34797b |
# else
# define NAME_MAX 256 |
| 06646acf |
# endif
# endif
#endif
|
| 7d34797b |
#if NAME_MAX < 256
#undef NAME_MAX
#define NAME_MAX 256
#endif
|
| 3c91998b |
/* internal clamav context */
typedef struct {
const char **virname;
unsigned long int *scanned;
const struct cli_matcher *root;
const struct cl_engine *engine; |
| bf45cebe |
unsigned long scansize; |
| 3c91998b |
unsigned int options; |
| 4ad62d4e |
unsigned int recursion; |
| d91ab809 |
unsigned int scannedfiles; |
| 25380806 |
unsigned int found_possibly_unwanted; |
| bc93eda0 |
struct cli_dconf *dconf; |
| 3c91998b |
} cli_ctx;
|
| 724b2bf7 |
struct cl_engine {
uint32_t refcount; /* reference counter */
uint32_t sdb;
uint32_t dboptions;
uint32_t dbversion[2]; |
| ab0d2f05 |
uint32_t ac_only;
uint32_t ac_mindepth;
uint32_t ac_maxdepth; |
| 33068e09 |
char *tmpdir;
uint32_t keeptmp; |
| 724b2bf7 |
/* Limits */
uint64_t maxscansize; /* during the scanning of archives this size
* will never be exceeded
*/
uint64_t maxfilesize; /* compressed files will only be decompressed
* and scanned up to this size
*/
uint32_t maxreclevel; /* maximum recursion level for archives */
uint32_t maxfiles; /* maximum number of files to be scanned
* within a single archive
*/
/* This is for structured data detection. You can set the minimum
* number of occurences of an CC# or SSN before the system will
* generate a notification.
*/
uint32_t min_cc_count;
uint32_t min_ssn_count;
/* Roots table */
struct cli_matcher **root;
/* B-M matcher for standard MD5 sigs */
struct cli_matcher *md5_hdb;
/* B-M matcher for MD5 sigs for PE sections */
struct cli_matcher *md5_mdb;
/* B-M matcher for whitelist db */
struct cli_matcher *md5_fp;
/* Zip metadata */
struct cli_meta_node *zip_mlist;
/* RAR metadata */
struct cli_meta_node *rar_mlist;
/* Phishing .pdb and .wdb databases*/
struct regex_matcher *whitelist_matcher;
struct regex_matcher *domainlist_matcher;
struct phishcheck *phishcheck;
/* Dynamic configuration */
struct cli_dconf *dconf;
/* Filetype definitions */
struct cli_ftype *ftypes;
/* Ignored signatures */
struct cli_ignored *ignored;
/* PUA categories (to be included or excluded) */
char *pua_cats;
/* Used for memory pools */ |
| 47d40feb |
mpool_t *mempool; |
| 724b2bf7 |
};
|
| 99f817e7 |
struct cl_settings {
/* don't store dboptions here; it needs to be provided to cl_load() and
* can be optionally obtained with cl_engine_get() or from the original
* settings stored by the application
*/
uint32_t ac_only;
uint32_t ac_mindepth;
uint32_t ac_maxdepth;
char *tmpdir;
uint32_t keeptmp;
uint64_t maxscansize;
uint64_t maxfilesize;
uint32_t maxreclevel;
uint32_t maxfiles;
uint32_t min_cc_count;
uint32_t min_ssn_count;
char *pua_cats;
};
|
| f5a4018b |
extern int (*cli_unrar_open)(int fd, const char *dirname, unrar_state_t *state);
extern int (*cli_unrar_extract_next_prepare)(unrar_state_t *state, const char *dirname);
extern int (*cli_unrar_extract_next)(unrar_state_t *state, const char *dirname);
extern void (*cli_unrar_close)(unrar_state_t *state);
extern int have_rar;
|
| 3c91998b |
#define SCAN_ARCHIVE (ctx->options & CL_SCAN_ARCHIVE)
#define SCAN_MAIL (ctx->options & CL_SCAN_MAIL)
#define SCAN_OLE2 (ctx->options & CL_SCAN_OLE2) |
| c5107e70 |
#define SCAN_PDF (ctx->options & CL_SCAN_PDF) |
| 3c91998b |
#define SCAN_HTML (ctx->options & CL_SCAN_HTML)
#define SCAN_PE (ctx->options & CL_SCAN_PE) |
| 3f97a1e7 |
#define SCAN_ELF (ctx->options & CL_SCAN_ELF) |
| 6fd2fb47 |
#define SCAN_ALGO (ctx->options & CL_SCAN_ALGORITHMIC) |
| 3c91998b |
#define DETECT_ENCRYPTED (ctx->options & CL_SCAN_BLOCKENCRYPTED) |
| d91ab809 |
/* #define BLOCKMAX (ctx->options & CL_SCAN_BLOCKMAX) */ |
| 3c91998b |
#define DETECT_BROKEN (ctx->options & CL_SCAN_BLOCKBROKEN) |
| a6e38800 |
#define SCAN_STRUCTURED (ctx->options & CL_SCAN_STRUCTURED) |
| 3c91998b |
|
| 1266e3e0 |
/* based on macros from A. Melnikoff */
#define cbswap16(v) (((v & 0xff) << 8) | (((v) >> 8) & 0xff))
#define cbswap32(v) ((((v) & 0x000000ff) << 24) | (((v) & 0x0000ff00) << 8) | \
(((v) & 0x00ff0000) >> 8) | (((v) & 0xff000000) >> 24)) |
| c726840c |
#define cbswap64(v) ((((v) & 0x00000000000000ffULL) << 56) | \
(((v) & 0x000000000000ff00ULL) << 40) | \
(((v) & 0x0000000000ff0000ULL) << 24) | \
(((v) & 0x00000000ff000000ULL) << 8) | \
(((v) & 0x000000ff00000000ULL) >> 8) | \
(((v) & 0x0000ff0000000000ULL) >> 24) | \
(((v) & 0x00ff000000000000ULL) >> 40) | \
(((v) & 0xff00000000000000ULL) >> 56)) |
| 1266e3e0 |
|
| 72617ba2 |
union unaligned_64 {
uint64_t una_u64;
int64_t una_s64;
} __attribute__((packed));
union unaligned_32 {
uint32_t una_u32;
int32_t una_s32;
} __attribute__((packed));
union unaligned_16 {
uint16_t una_u16;
int16_t una_s16;
} __attribute__((packed)); |
| 75282b5c |
#if WORDS_BIGENDIAN == 0 |
| 415543ef |
|
| 2b481467 |
#ifndef HAVE_ATTRIB_PACKED |
| 2565ef49 |
#define __attribute__(x) |
| 2b481467 |
#endif |
| 415543ef |
#ifdef HAVE_PRAGMA_PACK
#pragma pack(1)
#endif
#ifdef HAVE_PRAGMA_PACK_HPPA
#pragma pack 1
#endif
#ifdef HAVE_PRAGMA_PACK
#pragma pack()
#endif
#ifdef HAVE_PRAGMA_PACK_HPPA
#pragma pack
#endif |
| 1266e3e0 |
/* Little endian */ |
| 75282b5c |
#define le16_to_host(v) (v)
#define le32_to_host(v) (v)
#define le64_to_host(v) (v) |
| 1266e3e0 |
#define be16_to_host(v) cbswap16(v)
#define be32_to_host(v) cbswap32(v)
#define be64_to_host(v) cbswap64(v) |
| f8c4a43f |
#define cli_readint32(buff) (((const union unaligned_32 *)(buff))->una_s32)
#define cli_readint16(buff) (((const union unaligned_16 *)(buff))->una_s16)
#define cli_writeint32(offset, value) (((union unaligned_32 *)(offset))->una_u32=(uint32_t)(value)) |
| 75282b5c |
#else |
| 1266e3e0 |
/* Big endian */
#define le16_to_host(v) cbswap16(v)
#define le32_to_host(v) cbswap32(v)
#define le64_to_host(v) cbswap64(v) |
| 75282b5c |
#define be16_to_host(v) (v)
#define be32_to_host(v) (v)
#define be64_to_host(v) (v) |
| 1266e3e0 |
static inline int32_t cli_readint32(const char *buff)
{
int32_t ret;
ret = buff[0] & 0xff;
ret |= (buff[1] & 0xff) << 8;
ret |= (buff[2] & 0xff) << 16;
ret |= (buff[3] & 0xff) << 24;
return ret;
}
|
| a170cc4f |
static inline int16_t cli_readint16(const char *buff) |
| 1266e3e0 |
{
int16_t ret;
ret = buff[0] & 0xff;
ret |= (buff[1] & 0xff) << 8;
return ret;
}
static inline void cli_writeint32(char *offset, uint32_t value)
{
offset[0] = value & 0xff;
offset[1] = (value & 0xff00) >> 8;
offset[2] = (value & 0xff0000) >> 16;
offset[3] = (value & 0xff000000) >> 24;
} |
| 75282b5c |
#endif
/* used by: spin, yc (C) aCaB */ |
| adc98193 |
#define CLI_ROL(a,b) a = ( a << (b % (sizeof(a)<<3) )) | (a >> ( (sizeof(a)<<3) - (b % (sizeof(a)<<3 )) ) )
#define CLI_ROR(a,b) a = ( a >> (b % (sizeof(a)<<3) )) | (a << ( (sizeof(a)<<3) - (b % (sizeof(a)<<3 )) ) ) |
| 75282b5c |
|
| 35eb6354 |
/* Implementation independent sign-extended signed right shift */
#ifdef HAVE_SAR |
| adc98193 |
#define CLI_SRS(n,s) ((n)>>(s)) |
| 35eb6354 |
#else |
| e54f3fd1 |
#define CLI_SRS(n,s) ((((n)>>(s)) ^ (1<<(sizeof(n)*8-1-s))) - (1<<(sizeof(n)*8-1-s))) |
| 35eb6354 |
#endif |
| adc98193 |
#define CLI_SAR(n,s) n = CLI_SRS(n,s) |
| 35eb6354 |
|
| b58fdfc2 |
#ifndef FALSE |
| 75282b5c |
#define FALSE (0) |
| b58fdfc2 |
#endif
#ifndef TRUE |
| 75282b5c |
#define TRUE (1) |
| b58fdfc2 |
#endif |
| 75282b5c |
#ifndef MIN
#define MIN(a, b) (((a) < (b)) ? (a) : (b))
#endif
#ifndef MAX
#define MAX(a,b) (((a) > (b)) ? (a) : (b))
#endif
|
| 8a9c2d19 |
typedef struct bitset_tag
{
unsigned char *bitset;
unsigned long length;
} bitset_t;
|
| 3c30b19b |
#ifdef __GNUC__
void cli_warnmsg(const char *str, ...) __attribute__((format(printf, 1, 2)));
#else |
| e3aaff8e |
void cli_warnmsg(const char *str, ...); |
| 3c30b19b |
#endif
#ifdef __GNUC__
void cli_errmsg(const char *str, ...) __attribute__((format(printf, 1, 2)));
#else |
| e3aaff8e |
void cli_errmsg(const char *str, ...); |
| 3c30b19b |
#endif
|
| 7be8d871 |
/* tell compiler about branches that are very rarely taken,
* such as debug paths, and error paths */
#if (__GNUC__ >= 4) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 2)
#define UNLIKELY(cond) __builtin_expect(!!(cond), 0)
#else
#define UNLIKELY(cond) (cond)
#endif
|
| cfec3d90 |
#ifdef __GNUC__
#define always_inline inline __attribute__((always_inline))
#else
#define always_inline inline
#endif
|
| aeebf2ea |
#define cli_dbgmsg (!UNLIKELY(cli_debug_flag)) ? (void)0 : cli_dbgmsg_internal |
| 7be8d871 |
|
| 3c30b19b |
#ifdef __GNUC__ |
| 7be8d871 |
void cli_dbgmsg_internal(const char *str, ...) __attribute__((format(printf, 1, 2))); |
| 3c30b19b |
#else |
| 7be8d871 |
void cli_dbgmsg_internal(const char *str, ...); |
| 3c30b19b |
#endif
|
| 46026ca7 |
#ifdef HAVE_CLI_GETPAGESIZE
#undef HAVE_CLI_GETPAGESIZE
#endif
|
| 86d59b24 |
#if HAVE_SYSCONF_SC_PAGESIZE |
| 51bbedb1 |
static inline int cli_getpagesize(void) { return sysconf(_SC_PAGESIZE); } |
| 86d59b24 |
#define HAVE_CLI_GETPAGESIZE 1
#else
#if HAVE_GETPAGESIZE |
| 51bbedb1 |
static inline int cli_getpagesize(void) { return getpagesize(); } |
| 86d59b24 |
#define HAVE_CLI_GETPAGESIZE 1
#endif
#endif
|
| e3aaff8e |
void *cli_malloc(size_t nmemb);
void *cli_calloc(size_t nmemb, size_t size); |
| 8139fd99 |
void *cli_realloc(void *ptr, size_t size); |
| 423d6b6a |
void *cli_realloc2(void *ptr, size_t size); |
| 786b43b6 |
char *cli_strdup(const char *s); |
| e3aaff8e |
int cli_rmdirs(const char *dirname); |
| db65451b |
unsigned char *cli_md5digest(int desc); |
| 335d1663 |
char *cli_md5stream(FILE *fs, unsigned char *digcpy);
char *cli_md5file(const char *filename); |
| 997a0e0b |
int cli_unlink(const char *pathname); |
| 5b25b5e8 |
int cli_readn(int fd, void *buff, unsigned int count); |
| 5d2d2d77 |
int cli_writen(int fd, const void *buff, unsigned int count); |
| 8000d078 |
char *cli_gentemp(const char *dir); |
| a7ac5978 |
int cli_gentempfd(const char *dir, char **name, int *fd); |
| 8000d078 |
unsigned int cli_rndnum(unsigned int max); |
| b067a7dd |
int cli_filecopy(const char *src, const char *dest); |
| 3222a096 |
int cli_dumpscan(int fd, off_t offset, size_t size, cli_ctx *ctx); |
| 079229d6 |
bitset_t *cli_bitset_init(void); |
| 8a9c2d19 |
void cli_bitset_free(bitset_t *bs);
int cli_bitset_set(bitset_t *bs, unsigned long bit_offset);
int cli_bitset_test(bitset_t *bs, unsigned long bit_offset); |
| 24555841 |
const char* cli_ctime(const time_t *timep, char *buf, const size_t bufsize); |
| b80ae277 |
int cli_checklimits(const char *, cli_ctx *, unsigned long, unsigned long, unsigned long);
int cli_updatelimits(cli_ctx *, unsigned long); |
| d91ab809 |
unsigned long cli_getsizelimit(cli_ctx *, unsigned long); |
| 92f585fb |
int cli_matchregex(const char *str, const char *regex); |
| e5e4a554 |
/* symlink behaviour */
#define CLI_FTW_FOLLOW_FILE_SYMLINK 0x01
#define CLI_FTW_FOLLOW_DIR_SYMLINK 0x02
/* if the callback needs the stat */
#define CLI_FTW_NEED_STAT 0x04
|
| a1598d7c |
/* remove leading/trailing slashes */
#define CLI_FTW_TRIM_SLASHES 0x08
#define CLI_FTW_STD (CLI_FTW_NEED_STAT | CLI_FTW_TRIM_SLASHES) |
| e5e4a554 |
enum cli_ftw_reason {
visit_file,
visit_directory_toplev, /* this is a directory at toplevel of recursion */
error_mem, /* recommended to return CL_EMEM */
/* recommended to return CL_SUCCESS below */
error_stat,
warning_skipped_link,
warning_skipped_special,
warning_skipped_dir
};
/* wrap void*, so that we don't mix it with some other pointer */
struct cli_ftw_cbdata {
void *data;
};
/*
* return CL_BREAK to break out without an error, CL_SUCCESS to continue,
* or any CL_E* to break out due to error.
* The callback is responsible for freeing filename when it is done using it.
* Note that callback decides if directory traversal should continue
* after an error, we call the callback with reason == error,
* and if it returns CL_BREAK we break.
*/
typedef int (*cli_ftw_cb)(struct stat *stat_buf, char *filename, const char *path, enum cli_ftw_reason reason, struct cli_ftw_cbdata *data);
/* |
| 51bbedb1 |
* returns 1 if the path should be skipped and 0 otherwise
* uses callback data
*/
typedef int (*cli_ftw_pathchk)(const char *path, struct cli_ftw_cbdata *data);
/* |
| e5e4a554 |
* returns
* CL_SUCCESS if it traversed all files and subdirs
* CL_BREAK if traversal has stopped at some point
* CL_E* if error encountered during traversal and we had to break out
* This is regardless of virus found/not, that is the callback's job to store.
* Note that the callback may dispatch async the scan, so that when cli_ftw
* returns we don't know the infected/notinfected status of the directory yet!
* Due to this if the callback scans synchronously it should store the infected
* status in its cbdata.
* This works for both files and directories. It stats the path to determine
* which one it is.
* If it is a file, it simply calls the callback once, otherwise recurses.
*/ |
| 51bbedb1 |
int cli_ftw(char *base, int flags, int maxdepth, cli_ftw_cb callback, struct cli_ftw_cbdata *data, cli_ftw_pathchk pathchk); |
| e5e4a554 |
|
| e68d70e7 |
const char *cli_strerror(int errnum, char* buf, size_t len); |
| e3aaff8e |
#endif |