47bbbc56 |
/* |
f893c0f3 |
* Extract VBA source code for component MS Office Documents |
47bbbc56 |
* |
2023340a |
* Copyright (C) 2007-2008 Sourcefire, Inc.
*
* Authors: Trog, Nigel Horne |
fa53d800 |
* |
47bbbc56 |
* This program is free software; you can redistribute it and/or modify |
2023340a |
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation. |
47bbbc56 |
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software |
48b7b4a7 |
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA. |
47bbbc56 |
*/ |
2023340a |
|
fa53d800 |
#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif |
47bbbc56 |
#include <stdio.h>
#include <string.h> |
b58fdfc2 |
#ifdef HAVE_UNISTD_H |
47bbbc56 |
#include <unistd.h> |
b58fdfc2 |
#endif |
47bbbc56 |
#include <fcntl.h>
#include <stdlib.h>
#include <ctype.h> |
5f02033a |
#include <zlib.h>
#include "clamav.h" |
47bbbc56 |
|
ca90717f |
#include "others.h" |
72ce4b70 |
#include "scanners.h" |
9fe789f8 |
#include "vba_extract.h"
#ifdef CL_DEBUG |
c0195d1f |
#include "mbox.h"
#endif |
fa53d800 |
#include "blob.h" |
47bbbc56 |
|
9294cf21 |
#define PPT_LZW_BUFFSIZE 8192
#define VBA_COMPRESSION_WINDOW 4096 |
9fe789f8 |
#define MIDDLE_SIZE 20 |
16975455 |
#define MAX_VBA_COUNT 1000 /* If there's more than 1000 macros something's up! */ |
9294cf21 |
|
9fe789f8 |
#ifndef HAVE_ATTRIB_PACKED
#define __attribute__(x) |
ffd168d4 |
#endif
|
9fe789f8 |
/*
* VBA (Visual Basic for Applications), versions 5 and 6
*/ |
ffd168d4 |
struct vba56_header {
unsigned char magic[2];
unsigned char version[4]; |
16975455 |
unsigned char ignore[28]; |
ffd168d4 |
};
|
9fe789f8 |
typedef struct { |
24555841 |
uint32_t sig;
const char *ver; |
16975455 |
int big_endian; /* e.g. MAC Office */ |
47bbbc56 |
} vba_version_t;
|
9fe789f8 |
static int skip_past_nul(int fd); |
16975455 |
static int read_uint16(int fd, uint16_t *u, int big_endian);
static int read_uint32(int fd, uint32_t *u, int big_endian); |
9fe789f8 |
static int seekandread(int fd, off_t offset, int whence, void *data, size_t len); |
72ce4b70 |
static vba_project_t *create_vba_project(int record_count, const char *dir, struct uniq *U); |
9fe789f8 |
|
e19ed67b |
static uint16_t
vba_endian_convert_16(uint16_t value, int big_endian) |
31c42eb7 |
{ |
16975455 |
if (big_endian) |
ffd168d4 |
return (uint16_t)be16_to_host(value); |
75282b5c |
else
return le16_to_host(value); |
337cb206 |
} |
fa53d800 |
|
9fe789f8 |
/* Seems to be a duplicate of riff_endian_convert_32() */ |
e19ed67b |
static uint32_t
vba_endian_convert_32(uint32_t value, int big_endian) |
31c42eb7 |
{ |
16975455 |
if (big_endian) |
75282b5c |
return be32_to_host(value);
else
return le32_to_host(value); |
31c42eb7 |
} |
337cb206 |
|
72ce4b70 |
|
fa53d800 |
static char * |
16975455 |
get_unicode_name(const char *name, int size, int big_endian) |
47bbbc56 |
{ |
9fe789f8 |
int i, increment;
char *newname, *ret; |
25ba8c63 |
|
69380565 |
if((name == NULL) || (*name == '\0') || (size <= 0)) |
9fe789f8 |
return NULL; |
25ba8c63 |
|
ddc9e6c3 |
newname = (char *)cli_malloc(size * 7 + 1); |
9fe789f8 |
if(newname == NULL)
return NULL; |
69380565 |
|
16975455 |
if((!big_endian) && (size & 0x1)) { |
69380565 |
cli_dbgmsg("get_unicode_name: odd number of bytes %d\n", size);
--size;
}
|
16975455 |
increment = (big_endian) ? 1 : 2; |
69380565 |
ret = newname;
|
9fe789f8 |
for(i = 0; i < size; i += increment) { |
72ce4b70 |
if((!(name[i]&0x80)) && isprint(name[i])) {
*ret++ = tolower(name[i]);
} else { |
9fe789f8 |
if((name[i] < 10) && (name[i] >= 0)) { |
69380565 |
*ret++ = '_';
*ret++ = (char)(name[i] + '0');
} else { |
9fe789f8 |
const uint16_t x = (uint16_t)((name[i] << 8) | name[i + 1]); |
ffd168d4 |
|
69380565 |
*ret++ = '_';
*ret++ = (char)('a'+((x&0xF)));
*ret++ = (char)('a'+((x>>4)&0xF));
*ret++ = (char)('a'+((x>>8)&0xF)); |
9fe789f8 |
*ret++ = 'a';
*ret++ = 'a'; |
9e7e2c76 |
} |
69380565 |
*ret++ = '_';
}
}
|
9fe789f8 |
*ret = '\0';
/* Saves a lot of memory */
ret = cli_realloc(newname, (ret - newname) + 1);
return ret ? ret : newname; |
47bbbc56 |
} |
349e0502 |
|
9fe789f8 |
|
349e0502 |
static void vba56_test_middle(int fd)
{ |
9fe789f8 |
char test_middle[MIDDLE_SIZE]; |
fe0af0c1 |
/* MacOffice middle */ |
9fe789f8 |
static const uint8_t middle1_str[MIDDLE_SIZE] = { |
dc890a72 |
0x00, 0x01, 0x0d, 0x45, 0x2e, 0xe1, 0xe0, 0x8f, 0x10, 0x1a,
0x85, 0x2e, 0x02, 0x60, 0x8c, 0x4d, 0x0b, 0xb4, 0x00, 0x00 |
349e0502 |
}; |
fe0af0c1 |
/* MS Office middle */ |
9fe789f8 |
static const uint8_t middle2_str[MIDDLE_SIZE] = { |
fa53d800 |
0x00, 0x00, 0xe1, 0x2e, 0x45, 0x0d, 0x8f, 0xe0, 0x1a, 0x10, |
fe0af0c1 |
0x85, 0x2e, 0x02, 0x60, 0x8c, 0x4d, 0x0b, 0xb4, 0x00, 0x00
}; |
349e0502 |
|
9fe789f8 |
if(cli_readn(fd, &test_middle, MIDDLE_SIZE) != MIDDLE_SIZE) |
ffd168d4 |
return; |
25ba8c63 |
|
9fe789f8 |
if((memcmp(test_middle, middle1_str, MIDDLE_SIZE) != 0) &&
(memcmp(test_middle, middle2_str, MIDDLE_SIZE) != 0)) { |
dc890a72 |
cli_dbgmsg("middle not found\n"); |
9fe789f8 |
lseek(fd, -MIDDLE_SIZE, SEEK_CUR);
} else |
dc890a72 |
cli_dbgmsg("middle found\n"); |
349e0502 |
}
|
ac8154d9 |
static int |
16975455 |
vba_read_project_strings(int fd, int big_endian) |
dc890a72 |
{ |
9fe789f8 |
unsigned char *buf = NULL;
uint16_t buflen = 0; |
72ce4b70 |
int ret = 0; |
9fe789f8 |
for(;;) {
off_t offset; |
d92098c8 |
uint16_t length;
char *name;
|
72ce4b70 |
if(!read_uint16(fd, &length, big_endian))
break;
|
dc890a72 |
if (length < 6) {
lseek(fd, -2, SEEK_CUR);
break;
} |
9fe789f8 |
if(length > buflen) {
unsigned char *newbuf = (unsigned char *)cli_realloc(buf, length);
if(newbuf == NULL) {
if(buf)
free(buf); |
72ce4b70 |
return 0; |
9fe789f8 |
}
buflen = length;
buf = newbuf; |
dc890a72 |
} |
9fe789f8 |
|
dc890a72 |
offset = lseek(fd, 0, SEEK_CUR); |
ffd168d4 |
|
9fe789f8 |
if(cli_readn(fd, buf, length) != (int)length) { |
dc890a72 |
cli_dbgmsg("read name failed - rewinding\n");
lseek(fd, offset, SEEK_SET);
break;
} |
16975455 |
name = get_unicode_name((const char *)buf, length, big_endian); |
9fe789f8 |
cli_dbgmsg("length: %d, name: %s\n", length, (name) ? name : "[null]"); |
dc890a72 |
|
ac8154d9 |
if((name == NULL) || (memcmp("*\\", name, 2) != 0) || |
72ce4b70 |
(strchr("ghcd", name[2]) == NULL)) { |
16975455 |
/* Not a string */ |
dc890a72 |
lseek(fd, -(length+2), SEEK_CUR); |
ac8154d9 |
if(name) |
91aaa0ea |
free(name); |
dc890a72 |
break;
}
free(name); |
ac8154d9 |
|
16975455 |
if(!read_uint16(fd, &length, big_endian)) { |
9fe789f8 |
if(buf)
free(buf); |
72ce4b70 |
break; |
9fe789f8 |
} |
ac8154d9 |
|
72ce4b70 |
ret++;
|
ac8154d9 |
if ((length != 0) && (length != 65535)) {
lseek(fd, -2, SEEK_CUR);
continue;
}
offset = lseek(fd, 10, SEEK_CUR); |
9fe789f8 |
cli_dbgmsg("offset: %lu\n", (unsigned long)offset); |
dc890a72 |
vba56_test_middle(fd);
} |
9fe789f8 |
if(buf)
free(buf); |
72ce4b70 |
return ret; |
dc890a72 |
} |
349e0502 |
|
11d24f8a |
vba_project_t * |
72ce4b70 |
cli_vba_readdir(const char *dir, struct uniq *U, uint32_t which) |
47bbbc56 |
{ |
9fe789f8 |
unsigned char *buf; |
ffd168d4 |
const unsigned char vba56_signature[] = { 0xcc, 0x61 }; |
9fe789f8 |
uint16_t record_count, buflen, ffff, byte_count; |
937ade08 |
uint32_t offset; |
72ce4b70 |
int i, j, fd, big_endian = FALSE; |
47bbbc56 |
vba_project_t *vba_project; |
ffd168d4 |
struct vba56_header v56h; |
72ce4b70 |
off_t seekback; |
937ade08 |
char fullname[1024], *hash; |
47bbbc56 |
|
11d24f8a |
cli_dbgmsg("in cli_vba_readdir()\n"); |
f893c0f3 |
|
faa0d267 |
if(dir == NULL)
return NULL;
|
9fe789f8 |
/*
* _VBA_PROJECT files are embedded within office documents (OLE2)
*/ |
72ce4b70 |
if (!uniq_get(U, "_vba_project", 12, &hash))
return NULL; |
58481352 |
snprintf(fullname, sizeof(fullname), "%s"PATHSEP"%s_%u", dir, hash, which); |
72ce4b70 |
fullname[sizeof(fullname)-1] = '\0'; |
9fe789f8 |
fd = open(fullname, O_RDONLY|O_BINARY); |
47bbbc56 |
|
72ce4b70 |
if(fd == -1) |
9fe789f8 |
return NULL; |
47bbbc56 |
|
ffd168d4 |
if(cli_readn(fd, &v56h, sizeof(struct vba56_header)) != sizeof(struct vba56_header)) { |
39ea36b7 |
close(fd); |
47bbbc56 |
return NULL;
} |
ffd168d4 |
if (memcmp(v56h.magic, vba56_signature, sizeof(v56h.magic)) != 0) { |
39ea36b7 |
close(fd); |
47bbbc56 |
return NULL;
}
|
72ce4b70 |
i = vba_read_project_strings(fd, TRUE);
seekback = lseek(fd, 0, SEEK_CUR); |
e357da7b |
if (lseek(fd, sizeof(struct vba56_header), SEEK_SET) == -1) {
close(fd); |
72ce4b70 |
return NULL; |
e357da7b |
} |
72ce4b70 |
j = vba_read_project_strings(fd, FALSE);
if(!i && !j) { |
39ea36b7 |
close(fd); |
72ce4b70 |
cli_warnmsg("vba_readdir: Unable to guess VBA type\n"); |
47bbbc56 |
return NULL;
} |
72ce4b70 |
if (i > j) {
big_endian = TRUE;
lseek(fd, seekback, SEEK_SET);
cli_dbgmsg("vba_readdir: Guessing big-endian\n");
} else {
cli_dbgmsg("vba_readdir: Guessing little-endian\n");
} |
fa53d800 |
|
47bbbc56 |
/* junk some more stuff */ |
e19ed67b |
do |
ffd168d4 |
if (cli_readn(fd, &ffff, 2) != 2) { |
39ea36b7 |
close(fd); |
47bbbc56 |
return NULL;
} |
e19ed67b |
while(ffff != 0xFFFF); |
cee86c13 |
/* check for alignment error */ |
9fe789f8 |
if(!seekandread(fd, -3, SEEK_CUR, &ffff, sizeof(uint16_t))) { |
fa53d800 |
close(fd); |
cee86c13 |
return NULL;
} |
9fe789f8 |
if (ffff != 0xFFFF) |
cee86c13 |
lseek(fd, 1, SEEK_CUR); |
fa53d800 |
|
16975455 |
if(!read_uint16(fd, &ffff, big_endian)) { |
39ea36b7 |
close(fd); |
47bbbc56 |
return NULL;
}
|
9fe789f8 |
if(ffff != 0xFFFF) |
ffd168d4 |
lseek(fd, ffff, SEEK_CUR); |
9fe789f8 |
|
16975455 |
if(!read_uint16(fd, &ffff, big_endian)) { |
39ea36b7 |
close(fd); |
47bbbc56 |
return NULL;
}
|
9fe789f8 |
if(ffff == 0xFFFF)
ffff = 0;
lseek(fd, ffff + 100, SEEK_CUR);
|
16975455 |
if(!read_uint16(fd, &record_count, big_endian)) { |
39ea36b7 |
close(fd); |
47bbbc56 |
return NULL;
} |
72ce4b70 |
cli_dbgmsg("vba_readdir: VBA Record count %d\n", record_count); |
8bf5929e |
if (record_count == 0) { |
16975455 |
/* No macros, assume clean */ |
8bf5929e |
close(fd); |
ffd168d4 |
return NULL;
} |
16975455 |
if (record_count > MAX_VBA_COUNT) { |
4c64f434 |
/* Almost certainly an error */ |
72ce4b70 |
cli_dbgmsg("vba_readdir: VBA Record count too big\n"); |
4c64f434 |
close(fd);
return NULL;
} |
fa53d800 |
|
72ce4b70 |
vba_project = create_vba_project(record_count, dir, U); |
9fe789f8 |
if(vba_project == NULL) { |
bf34c7e7 |
close(fd);
return NULL;
} |
9fe789f8 |
buf = NULL;
buflen = 0; |
ffd168d4 |
for(i = 0; i < record_count; i++) { |
9fe789f8 |
uint16_t length; |
e19ed67b |
char *ptr; |
9fe789f8 |
|
72ce4b70 |
vba_project->colls[i] = 0; |
16975455 |
if(!read_uint16(fd, &length, big_endian)) |
ffd168d4 |
break;
|
dd1f3146 |
if (length == 0) { |
72ce4b70 |
cli_dbgmsg("vba_readdir: zero name length\n"); |
ffd168d4 |
break;
} |
9fe789f8 |
if(length > buflen) {
unsigned char *newbuf = (unsigned char *)cli_realloc(buf, length);
if(newbuf == NULL)
break;
buflen = length;
buf = newbuf; |
47bbbc56 |
} |
9fe789f8 |
if (cli_readn(fd, buf, length) != length) { |
72ce4b70 |
cli_dbgmsg("vba_readdir: read name failed\n"); |
ffd168d4 |
break; |
47bbbc56 |
} |
e19ed67b |
ptr = get_unicode_name((const char *)buf, length, big_endian); |
72ce4b70 |
if(ptr == NULL) break;
if (!(vba_project->colls[i]=uniq_get(U, ptr, strlen(ptr), &hash))) { |
937ade08 |
cli_dbgmsg("vba_readdir: cannot find project %s (%s)\n", ptr, hash); |
ffd168d4 |
break; |
47bbbc56 |
} |
937ade08 |
cli_dbgmsg("vba_readdir: project name: %s (%s)\n", ptr, hash); |
72ce4b70 |
free(ptr);
vba_project->name[i] = hash;
if(!read_uint16(fd, &length, big_endian))
break; |
47bbbc56 |
lseek(fd, length, SEEK_CUR);
|
72ce4b70 |
if(!read_uint16(fd, &ffff, big_endian)) |
ffd168d4 |
break;
if (ffff == 0xFFFF) { |
47bbbc56 |
lseek(fd, 2, SEEK_CUR); |
72ce4b70 |
if(!read_uint16(fd, &ffff, big_endian)) |
ffd168d4 |
break; |
9fe789f8 |
lseek(fd, ffff + 8, SEEK_CUR);
} else
lseek(fd, ffff + 10, SEEK_CUR); |
47bbbc56 |
|
72ce4b70 |
if(!read_uint16(fd, &byte_count, big_endian)) |
ffd168d4 |
break;
lseek(fd, (8 * byte_count) + 5, SEEK_CUR); |
72ce4b70 |
if(!read_uint32(fd, &offset, big_endian)) |
ffd168d4 |
break; |
72ce4b70 |
cli_dbgmsg("vba_readdir: offset: %u\n", (unsigned int)offset); |
e19ed67b |
vba_project->offset[i] = offset; |
47bbbc56 |
lseek(fd, 2, SEEK_CUR);
} |
fa53d800 |
|
9fe789f8 |
if(buf)
free(buf);
|
ffd168d4 |
close(fd); |
fa53d800 |
|
ffd168d4 |
if(i < record_count) {
free(vba_project->name); |
72ce4b70 |
free(vba_project->colls); |
ffd168d4 |
free(vba_project->dir);
free(vba_project->offset);
free(vba_project);
return NULL; |
47bbbc56 |
} |
39ea36b7 |
|
ffd168d4 |
return vba_project; |
47bbbc56 |
}
|
faa0d267 |
unsigned char * |
11d24f8a |
cli_vba_inflate(int fd, off_t offset, int *size) |
47bbbc56 |
{ |
faa0d267 |
unsigned int pos, shift, mask, distance, clean; |
47bbbc56 |
uint8_t flag; |
faa0d267 |
uint16_t token; |
fa53d800 |
blob *b; |
47bbbc56 |
unsigned char buffer[VBA_COMPRESSION_WINDOW]; |
fa53d800 |
|
faa0d267 |
if(fd < 0)
return NULL;
|
fa53d800 |
b = blobCreate();
if(b == NULL)
return NULL;
lseek(fd, offset+3, SEEK_SET); /* 1byte ?? , 2byte length ?? */ |
9fe789f8 |
clean = TRUE; |
faa0d267 |
pos = 0; |
fa53d800 |
|
5b25b5e8 |
while (cli_readn(fd, &flag, 1) == 1) { |
faa0d267 |
for(mask = 1; mask < 0x100; mask<<=1) { |
9fe789f8 |
unsigned int winpos = pos % VBA_COMPRESSION_WINDOW; |
47bbbc56 |
if (flag & mask) { |
faa0d267 |
uint16_t len; |
9fe789f8 |
unsigned int srcpos; |
faa0d267 |
|
9fe789f8 |
if(!read_uint16(fd, &token, FALSE)) { |
fa53d800 |
blobDestroy(b); |
9fe789f8 |
if(size) |
ea399527 |
*size = 0; |
39ea36b7 |
return NULL; |
47bbbc56 |
} |
faa0d267 |
shift = 12 - (winpos > 0x10)
- (winpos > 0x20)
- (winpos > 0x40)
- (winpos > 0x80)
- (winpos > 0x100)
- (winpos > 0x200)
- (winpos > 0x400)
- (winpos > 0x800);
len = (uint16_t)((token & ((1 << shift) - 1)) + 3); |
47bbbc56 |
distance = token >> shift; |
fa53d800 |
|
9fe789f8 |
srcpos = pos - distance - 1;
if((((srcpos + len) % VBA_COMPRESSION_WINDOW) < winpos) &&
((winpos + len) < VBA_COMPRESSION_WINDOW) &&
(((srcpos % VBA_COMPRESSION_WINDOW) + len) < VBA_COMPRESSION_WINDOW) &&
(len <= VBA_COMPRESSION_WINDOW)) {
srcpos %= VBA_COMPRESSION_WINDOW;
memcpy(&buffer[winpos], &buffer[srcpos],
len);
pos += len;
} else |
faa0d267 |
while(len-- > 0) { |
9fe789f8 |
srcpos = (pos - distance - 1) % VBA_COMPRESSION_WINDOW;
buffer[pos++ % VBA_COMPRESSION_WINDOW] = buffer[srcpos];
} |
47bbbc56 |
} else { |
9fe789f8 |
if((pos != 0) && (winpos == 0) && clean) { |
5b25b5e8 |
if (cli_readn(fd, &token, 2) != 2) { |
fa53d800 |
blobDestroy(b);
if(size) |
9fe789f8 |
*size = 0; |
39ea36b7 |
return NULL; |
47bbbc56 |
} |
fa53d800 |
(void)blobAddData(b, buffer, VBA_COMPRESSION_WINDOW); |
9fe789f8 |
clean = FALSE; |
47bbbc56 |
break;
} |
9fe789f8 |
if(cli_readn(fd, &buffer[winpos], 1) == 1) |
47bbbc56 |
pos++;
} |
9fe789f8 |
clean = TRUE; |
47bbbc56 |
}
}
|
9fe789f8 |
if(blobAddData(b, buffer, pos%VBA_COMPRESSION_WINDOW) < 0) { |
fa53d800 |
blobDestroy(b);
if(size) |
9fe789f8 |
*size = 0; |
fa53d800 |
return NULL;
} |
9fe789f8 |
|
fa53d800 |
if(size) |
9fe789f8 |
*size = (int)blobGetDataSize(b);
return (unsigned char *)blobToMem(b); |
47bbbc56 |
} |
7b9aed8c |
|
9fe789f8 |
/*
* See also cli_filecopy()
*/
static void
ole_copy_file_data(int s, int d, uint32_t len) |
892d2f56 |
{ |
9fe789f8 |
unsigned char data[FILEBUFF];
while(len > 0) { |
16975455 |
int todo = MIN(sizeof(data), len); |
9fe789f8 |
|
16975455 |
if(cli_readn(s, data, (unsigned int)todo) != todo) |
9fe789f8 |
break; |
16975455 |
if(cli_writen(d, data, (unsigned int)todo) != todo) |
9fe789f8 |
break; |
16975455 |
len -= todo; |
9fe789f8 |
} |
892d2f56 |
}
|
faa0d267 |
int |
72ce4b70 |
cli_scan_ole10(int fd, cli_ctx *ctx) |
892d2f56 |
{ |
72ce4b70 |
int ofd, ret; |
892d2f56 |
uint32_t object_size; |
9fe789f8 |
struct stat statbuf; |
bbd6ca3f |
char *fullname; |
892d2f56 |
|
faa0d267 |
if(fd < 0) |
72ce4b70 |
return CL_CLEAN; |
faa0d267 |
|
72ce4b70 |
lseek(fd, 0, SEEK_SET); |
9fe789f8 |
if(!read_uint32(fd, &object_size, FALSE)) |
72ce4b70 |
return CL_CLEAN; |
fa53d800 |
|
9fe789f8 |
if(fstat(fd, &statbuf) == -1) |
871177cd |
return CL_ESTAT; |
892d2f56 |
|
9fe789f8 |
if ((statbuf.st_size - object_size) >= 4) { |
892d2f56 |
/* Probably the OLE type id */
if (lseek(fd, 2, SEEK_CUR) == -1) { |
72ce4b70 |
return CL_CLEAN; |
892d2f56 |
} |
fa53d800 |
|
16975455 |
/* Attachment name */ |
9fe789f8 |
if(!skip_past_nul(fd)) |
72ce4b70 |
return CL_CLEAN; |
fa53d800 |
|
16975455 |
/* Attachment full path */ |
9fe789f8 |
if(!skip_past_nul(fd)) |
72ce4b70 |
return CL_CLEAN; |
fa53d800 |
|
16975455 |
/* ??? */ |
9fe789f8 |
if(lseek(fd, 8, SEEK_CUR) == -1) |
72ce4b70 |
return CL_CLEAN; |
fa53d800 |
|
16975455 |
/* Attachment full path */ |
9fe789f8 |
if(!skip_past_nul(fd)) |
72ce4b70 |
return CL_CLEAN; |
fa53d800 |
|
9fe789f8 |
if(!read_uint32(fd, &object_size, FALSE)) |
72ce4b70 |
return CL_CLEAN; |
892d2f56 |
} |
33068e09 |
if(!(fullname = cli_gentemp(ctx ? ctx->engine->tmpdir : NULL))) { |
72ce4b70 |
return CL_EMEM; |
bbd6ca3f |
} |
16975455 |
ofd = open(fullname, O_RDWR|O_CREAT|O_TRUNC|O_BINARY|O_EXCL,
S_IWUSR|S_IRUSR); |
ffd168d4 |
if (ofd < 0) { |
bbd6ca3f |
cli_warnmsg("cli_decode_ole_object: can't create %s\n", fullname);
free(fullname); |
871177cd |
return CL_ECREAT; |
892d2f56 |
} |
72ce4b70 |
cli_dbgmsg("cli_decode_ole_object: decoding to %s\n", fullname); |
892d2f56 |
ole_copy_file_data(fd, ofd, object_size); |
c2d5447d |
lseek(ofd, 0, SEEK_SET); |
72ce4b70 |
ret = cli_magic_scandesc(ofd, ctx);
close(ofd); |
33068e09 |
if(ctx && !ctx->engine->keeptmp) |
72ce4b70 |
if (cli_unlink(fullname)) |
871177cd |
ret = CL_EUNLINK; |
72ce4b70 |
free(fullname);
return ret; |
892d2f56 |
}
|
9fe789f8 |
/*
* Powerpoint files
*/
typedef struct { |
5f02033a |
uint16_t type;
uint32_t length;
} atom_header_t;
|
9fe789f8 |
static int
ppt_read_atom_header(int fd, atom_header_t *atom_header) |
5f02033a |
{ |
9fe789f8 |
uint16_t v;
struct ppt_header {
uint16_t ver;
uint16_t type;
uint32_t length;
} h;
cli_dbgmsg("in ppt_read_atom_header\n");
if(cli_readn(fd, &h, sizeof(struct ppt_header)) != sizeof(struct ppt_header)) {
cli_dbgmsg("read ppt_header failed\n"); |
5f02033a |
return FALSE;
} |
9fe789f8 |
v = vba_endian_convert_16(h.ver, FALSE); |
16975455 |
cli_dbgmsg("\tversion: 0x%.2x\n", v & 0xF);
cli_dbgmsg("\tinstance: 0x%.2x\n", v >> 4); |
5f02033a |
|
9fe789f8 |
atom_header->type = vba_endian_convert_16(h.type, FALSE);
cli_dbgmsg("\ttype: 0x%.4x\n", atom_header->type);
atom_header->length = vba_endian_convert_32(h.length, FALSE);
cli_dbgmsg("\tlength: 0x%.8x\n", (int)atom_header->length);
return TRUE; |
5f02033a |
}
|
9fe789f8 |
/* |
16975455 |
* TODO: combine shared code with flatedecode() or cli_unzip_single()
* Needs cli_unzip_single to have a "length" argument |
9fe789f8 |
*/ |
16975455 |
static int
ppt_unlzw(const char *dir, int fd, uint32_t length) |
5f02033a |
{ |
16975455 |
int ofd; |
5f02033a |
z_stream stream; |
9fe789f8 |
unsigned char inbuff[PPT_LZW_BUFFSIZE], outbuff[PPT_LZW_BUFFSIZE]; |
9294cf21 |
char fullname[NAME_MAX + 1]; |
fa53d800 |
|
58481352 |
snprintf(fullname, sizeof(fullname) - 1, "%s"PATHSEP"ppt%.8lx.doc", |
9294cf21 |
dir, (long)lseek(fd, 0L, SEEK_CUR)); |
fa53d800 |
|
16975455 |
ofd = open(fullname, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY|O_EXCL,
S_IWUSR|S_IRUSR); |
ffd168d4 |
if (ofd == -1) { |
16975455 |
cli_warnmsg("ppt_unlzw: can't create %s\n", fullname); |
ffd168d4 |
return FALSE;
} |
fa53d800 |
|
5f02033a |
stream.zalloc = Z_NULL;
stream.zfree = Z_NULL; |
9fe789f8 |
stream.opaque = (void *)NULL;
stream.next_in = (Bytef *)inbuff;
stream.next_out = outbuff;
stream.avail_out = sizeof(outbuff);
stream.avail_in = MIN(length, PPT_LZW_BUFFSIZE); |
fa53d800 |
|
9fe789f8 |
if(cli_readn(fd, inbuff, stream.avail_in) != (int)stream.avail_in) { |
5f02033a |
close(ofd); |
c0a95e0c |
cli_unlink(fullname); |
5f02033a |
return FALSE;
}
length -= stream.avail_in; |
fa53d800 |
|
16975455 |
if(inflateInit(&stream) != Z_OK) {
close(ofd); |
c0a95e0c |
cli_unlink(fullname); |
16975455 |
cli_warnmsg("ppt_unlzw: inflateInit failed\n");
return FALSE; |
5f02033a |
} |
fa53d800 |
|
5f02033a |
do {
if (stream.avail_out == 0) {
if (cli_writen(ofd, outbuff, PPT_LZW_BUFFSIZE)
!= PPT_LZW_BUFFSIZE) {
close(ofd);
inflateEnd(&stream);
return FALSE;
}
stream.next_out = outbuff;
stream.avail_out = PPT_LZW_BUFFSIZE;
}
if (stream.avail_in == 0) {
stream.next_in = inbuff; |
b81763ab |
stream.avail_in = MIN(length, PPT_LZW_BUFFSIZE); |
9fe789f8 |
if (cli_readn(fd, inbuff, stream.avail_in) != (int)stream.avail_in) { |
5f02033a |
close(ofd);
inflateEnd(&stream);
return FALSE;
}
length -= stream.avail_in;
} |
9fe789f8 |
} while(inflate(&stream, Z_NO_FLUSH) == Z_OK); |
fa53d800 |
|
a45c7039 |
if (cli_writen(ofd, outbuff, PPT_LZW_BUFFSIZE-stream.avail_out) != (int)(PPT_LZW_BUFFSIZE-stream.avail_out)) { |
5f02033a |
close(ofd);
inflateEnd(&stream);
return FALSE;
} |
9fe789f8 |
close(ofd);
return inflateEnd(&stream) == Z_OK; |
5f02033a |
}
|
9fe789f8 |
static const char *
ppt_stream_iter(int fd, const char *dir) |
42034091 |
{ |
fa53d800 |
atom_header_t atom_header;
while(ppt_read_atom_header(fd, &atom_header)) { |
9fe789f8 |
if(atom_header.length == 0) |
8c601f9f |
return NULL;
|
9fe789f8 |
if(atom_header.type == 0x1011) { |
16975455 |
uint32_t length; |
9fe789f8 |
|
16975455 |
/* Skip over ID */
if(lseek(fd, sizeof(uint32_t), SEEK_CUR) == -1) {
cli_dbgmsg("ppt_stream_iter: seek failed\n"); |
42034091 |
return NULL;
} |
9fe789f8 |
length = atom_header.length - 4; |
16975455 |
cli_dbgmsg("length: %d\n", (int)length); |
9fe789f8 |
if (!ppt_unlzw(dir, fd, length)) { |
42034091 |
cli_dbgmsg("ppt_unlzw failed\n");
return NULL;
}
} else { |
9fe789f8 |
off_t offset = lseek(fd, 0, SEEK_CUR); |
3863b5ce |
/* Check we don't wrap */ |
9d3c38ba |
if ((offset + (off_t)atom_header.length) < offset) { |
3863b5ce |
break;
}
offset += atom_header.length; |
9fe789f8 |
if (lseek(fd, offset, SEEK_SET) != offset) { |
42034091 |
break;
}
}
} |
9fe789f8 |
return dir; |
42034091 |
}
|
9fe789f8 |
char * |
33068e09 |
cli_ppt_vba_read(int ifd, cli_ctx *ctx) |
5f02033a |
{ |
9fe789f8 |
char *dir;
const char *ret; |
fa53d800 |
|
9fe789f8 |
/* Create a directory to store the extracted OLE2 objects */ |
33068e09 |
dir = cli_gentemp(ctx ? ctx->engine->tmpdir : NULL); |
11d24f8a |
if(dir == NULL)
return NULL; |
9fe789f8 |
if(mkdir(dir, 0700)) { |
11d24f8a |
cli_errmsg("cli_ppt_vba_read: Can't create temporary directory %s\n", dir); |
9fe789f8 |
free(dir);
return NULL;
} |
72ce4b70 |
ret = ppt_stream_iter(ifd, dir); |
9fe789f8 |
if(ret == NULL) {
cli_rmdirs(dir);
free(dir);
return NULL;
}
return dir; |
42034091 |
}
|
9fe789f8 |
/*
* Word 6 macros
*/
typedef struct {
unsigned char unused[12];
uint32_t macro_offset;
uint32_t macro_len; |
7b9aed8c |
} mso_fib_t;
typedef struct macro_entry_tag {
uint32_t len;
uint32_t offset; |
b5231f5f |
unsigned char key; |
7b9aed8c |
} macro_entry_t;
typedef struct macro_info_tag { |
9fe789f8 |
struct macro_entry_tag *entries; |
b5231f5f |
uint16_t count; |
7b9aed8c |
} macro_info_t;
|
9fe789f8 |
static int
word_read_fib(int fd, mso_fib_t *fib) |
7b9aed8c |
{ |
9fe789f8 |
struct {
uint32_t offset;
uint32_t len;
} macro_details; |
fa53d800 |
|
9fe789f8 |
if(!seekandread(fd, 0x118, SEEK_SET, ¯o_details, sizeof(macro_details))) {
cli_dbgmsg("read word_fib failed\n"); |
7b9aed8c |
return FALSE;
} |
9fe789f8 |
fib->macro_offset = vba_endian_convert_32(macro_details.offset, FALSE);
fib->macro_len = vba_endian_convert_32(macro_details.len, FALSE); |
fa53d800 |
|
7b9aed8c |
return TRUE;
}
|
9fe789f8 |
static int
word_read_macro_entry(int fd, macro_info_t *macro_info) |
7b9aed8c |
{ |
faa0d267 |
int msize; |
9fe789f8 |
int count = macro_info->count;
macro_entry_t *macro_entry;
#ifdef HAVE_PRAGMA_PACK
#pragma pack(1)
#endif
#ifdef HAVE_PRAGMA_PACK_HPPA
#pragma pack 1
#endif
struct macro {
unsigned char version;
unsigned char key;
unsigned char ignore[10];
uint32_t len __attribute__ ((packed));
uint32_t state __attribute__ ((packed));
uint32_t offset __attribute__ ((packed));
} *m;
const struct macro *n;
#ifdef HAVE_PRAGMA_PACK
#pragma pack()
#endif
#ifdef HAVE_PRAGMA_PACK_HPPA
#pragma pack
#endif
if(count == 0)
return TRUE;
msize = count * sizeof(struct macro);
m = cli_malloc(msize);
if(m == NULL) |
7b9aed8c |
return FALSE; |
9fe789f8 |
if(cli_readn(fd, m, msize) != msize) {
free(m);
cli_warnmsg("read %d macro_entries failed\n", count); |
7b9aed8c |
return FALSE;
} |
9fe789f8 |
macro_entry = macro_info->entries;
n = m; |
faa0d267 |
do { |
9fe789f8 |
macro_entry->key = n->key;
macro_entry->len = vba_endian_convert_32(n->len, FALSE);
macro_entry->offset = vba_endian_convert_32(n->offset, FALSE);
macro_entry++;
n++; |
faa0d267 |
} while(--count > 0); |
9fe789f8 |
free(m); |
7b9aed8c |
return TRUE;
}
|
9fe789f8 |
static macro_info_t *
word_read_macro_info(int fd, macro_info_t *macro_info) |
7b9aed8c |
{ |
9fe789f8 |
if(!read_uint16(fd, ¯o_info->count, FALSE)) { |
bf79f6c3 |
cli_dbgmsg("read macro_info failed\n"); |
9fe789f8 |
macro_info->count = 0; |
7b9aed8c |
return NULL;
}
cli_dbgmsg("macro count: %d\n", macro_info->count); |
9fe789f8 |
if(macro_info->count == 0)
return NULL;
macro_info->entries = (macro_entry_t *)cli_malloc(sizeof(macro_entry_t) * macro_info->count);
if(macro_info->entries == NULL) {
macro_info->count = 0; |
7b9aed8c |
return NULL;
} |
9fe789f8 |
if(!word_read_macro_entry(fd, macro_info)) {
free(macro_info->entries);
macro_info->count = 0;
return NULL; |
7b9aed8c |
}
return macro_info;
}
|
9fe789f8 |
static int
word_skip_oxo3(int fd) |
7b9aed8c |
{
uint8_t count;
if (cli_readn(fd, &count, 1) != 1) {
cli_dbgmsg("read oxo3 record1 failed\n");
return FALSE;
}
cli_dbgmsg("oxo3 records1: %d\n", count); |
fa53d800 |
|
9fe789f8 |
if(!seekandread(fd, count * 14, SEEK_CUR, &count, 1)) { |
bf79f6c3 |
cli_dbgmsg("read oxo3 record2 failed\n"); |
7b9aed8c |
return FALSE;
} |
9fe789f8 |
if(count == 0) {
uint8_t twobytes[2];
if(cli_readn(fd, twobytes, 2) != 2) { |
bf79f6c3 |
cli_dbgmsg("read oxo3 failed\n"); |
7b9aed8c |
return FALSE;
} |
9fe789f8 |
if(twobytes[0] != 2) {
lseek(fd, -2, SEEK_CUR); |
7b9aed8c |
return TRUE;
} |
9fe789f8 |
count = twobytes[1]; |
7b9aed8c |
} |
faa0d267 |
if(count > 0) |
7b9aed8c |
if (lseek(fd, (count*4)+1, SEEK_CUR) == -1) { |
bf79f6c3 |
cli_dbgmsg("lseek oxo3 failed\n"); |
7b9aed8c |
return FALSE;
} |
faa0d267 |
|
7b9aed8c |
cli_dbgmsg("oxo3 records2: %d\n", count);
return TRUE;
}
|
ac8154d9 |
static int |
9fe789f8 |
word_skip_menu_info(int fd) |
7b9aed8c |
{ |
ac8154d9 |
uint16_t count; |
fa53d800 |
|
9fe789f8 |
if(!read_uint16(fd, &count, FALSE)) { |
bf79f6c3 |
cli_dbgmsg("read menu_info failed\n"); |
ac8154d9 |
return FALSE; |
7b9aed8c |
} |
ac8154d9 |
cli_dbgmsg("menu_info count: %d\n", count); |
7b9aed8c |
|
ac8154d9 |
if(count)
if(lseek(fd, count * 12, SEEK_CUR) == -1)
return FALSE;
return TRUE; |
7b9aed8c |
}
|
a27be3c7 |
static int |
9fe789f8 |
word_skip_macro_extnames(int fd) |
7b9aed8c |
{ |
9fe789f8 |
int is_unicode, nbytes; |
7b9aed8c |
int16_t size; |
fa53d800 |
|
9fe789f8 |
if(!read_uint16(fd, (uint16_t *)&size, FALSE)) { |
7b9aed8c |
cli_dbgmsg("read macro_extnames failed\n"); |
a27be3c7 |
return FALSE; |
7b9aed8c |
}
if (size == -1) { /* Unicode flag */ |
9fe789f8 |
if(!read_uint16(fd, (uint16_t *)&size, FALSE)) { |
bf79f6c3 |
cli_dbgmsg("read macro_extnames failed\n"); |
a27be3c7 |
return FALSE; |
7b9aed8c |
} |
a27be3c7 |
is_unicode = 1;
} else
is_unicode = 0;
|
7b9aed8c |
cli_dbgmsg("ext names size: 0x%x\n", size);
|
9fe789f8 |
nbytes = size;
while(nbytes > 0) { |
a27be3c7 |
uint8_t length; |
96911b50 |
off_t offset; |
a27be3c7 |
if (cli_readn(fd, &length, 1) != 1) { |
69435d2d |
cli_dbgmsg("read macro_extnames failed\n"); |
a27be3c7 |
return FALSE; |
7b9aed8c |
} |
69435d2d |
|
96911b50 |
if(is_unicode) |
d9a9e1fc |
offset = (off_t)length * 2 + 1; |
96911b50 |
else |
d9a9e1fc |
offset = (off_t)length; |
96911b50 |
|
16975455 |
/* ignore numref as well */
if(lseek(fd, offset + sizeof(uint16_t), SEEK_CUR) == -1) { |
96911b50 |
cli_dbgmsg("read macro_extnames failed to seek\n"); |
a27be3c7 |
return FALSE; |
fa53d800 |
} |
9fe789f8 |
nbytes -= size; |
7b9aed8c |
} |
a27be3c7 |
return TRUE; |
7b9aed8c |
}
|
d9a9e1fc |
static int |
9fe789f8 |
word_skip_macro_intnames(int fd) |
7b9aed8c |
{ |
faa0d267 |
uint16_t count; |
fa53d800 |
|
9fe789f8 |
if(!read_uint16(fd, &count, FALSE)) { |
bf79f6c3 |
cli_dbgmsg("read macro_intnames failed\n"); |
d9a9e1fc |
return FALSE; |
7b9aed8c |
} |
16975455 |
cli_dbgmsg("intnames count: %u\n", (unsigned int)count); |
fa53d800 |
|
faa0d267 |
while(count-- > 0) { |
d9a9e1fc |
uint8_t length;
/* id */ |
9fe789f8 |
if(!seekandread(fd, sizeof(uint16_t), SEEK_CUR, &length, sizeof(uint8_t))) { |
d9a9e1fc |
cli_dbgmsg("skip_macro_intnames failed\n");
return FALSE;
} |
fa53d800 |
|
d9a9e1fc |
/* Internal name, plus one byte of unknown data */
if(lseek(fd, length + 1, SEEK_CUR) == -1) {
cli_dbgmsg("skip_macro_intnames failed\n");
return FALSE;
} |
7b9aed8c |
} |
d9a9e1fc |
return TRUE; |
7b9aed8c |
}
|
faa0d267 |
vba_project_t * |
72ce4b70 |
cli_wm_readdir(int fd) |
7b9aed8c |
{ |
72ce4b70 |
int done; |
7b9aed8c |
off_t end_offset; |
ac8154d9 |
unsigned char info_id; |
9fe789f8 |
macro_info_t macro_info; |
a27be3c7 |
vba_project_t *vba_project;
mso_fib_t fib; |
faa0d267 |
|
72ce4b70 |
if (!word_read_fib(fd, &fib)) |
7b9aed8c |
return NULL; |
fa53d800 |
|
ac8154d9 |
if(fib.macro_len == 0) { |
72ce4b70 |
cli_dbgmsg("wm_readdir: No macros detected\n"); |
ac8154d9 |
/* Must be clean */
return NULL;
} |
72ce4b70 |
cli_dbgmsg("wm_readdir: macro offset: 0x%.4x\n", (int)fib.macro_offset);
cli_dbgmsg("wm_readdir: macro len: 0x%.4x\n\n", (int)fib.macro_len); |
fa53d800 |
|
ac8154d9 |
/* Go one past the start to ignore start_id */
if (lseek(fd, fib.macro_offset + 1, SEEK_SET) != (off_t)(fib.macro_offset + 1)) { |
72ce4b70 |
cli_dbgmsg("wm_readdir: lseek macro_offset failed\n"); |
7b9aed8c |
return NULL;
} |
fa53d800 |
|
7b9aed8c |
end_offset = fib.macro_offset + fib.macro_len; |
a27be3c7 |
done = FALSE; |
9fe789f8 |
memset(¯o_info, '\0', sizeof(macro_info)); |
fa53d800 |
|
16975455 |
while((lseek(fd, 0, SEEK_CUR) < end_offset) && !done) { |
7b9aed8c |
if (cli_readn(fd, &info_id, 1) != 1) { |
72ce4b70 |
cli_dbgmsg("wm_readdir: read macro_info failed\n"); |
9fe789f8 |
break; |
7b9aed8c |
}
switch (info_id) {
case 0x01: |
9fe789f8 |
if(macro_info.count)
free(macro_info.entries);
word_read_macro_info(fd, ¯o_info);
done = TRUE; |
7b9aed8c |
break;
case 0x03: |
9fe789f8 |
if(!word_skip_oxo3(fd)) |
7b9aed8c |
done = TRUE;
break;
case 0x05: |
9fe789f8 |
if(!word_skip_menu_info(fd)) |
7b9aed8c |
done = TRUE;
break;
case 0x10: |
9fe789f8 |
if(!word_skip_macro_extnames(fd)) |
7b9aed8c |
done = TRUE;
break;
case 0x11: |
9fe789f8 |
if(!word_skip_macro_intnames(fd)) |
7b9aed8c |
done = TRUE;
break; |
16975455 |
case 0x40: /* end marker */
case 0x12: /* ??? */ |
ac8154d9 |
done = TRUE; |
7b9aed8c |
break;
default: |
72ce4b70 |
cli_dbgmsg("wm_readdir: unknown type: 0x%x\n", info_id); |
ac8154d9 |
done = TRUE; |
7b9aed8c |
}
} |
fa53d800 |
|
a27be3c7 |
|
9fe789f8 |
if(macro_info.count == 0)
return NULL;
|
72ce4b70 |
vba_project = create_vba_project(macro_info.count, "", NULL); |
9fe789f8 |
if(vba_project) {
vba_project->length = (uint32_t *)cli_malloc(sizeof(uint32_t) *
macro_info.count);
vba_project->key = (unsigned char *)cli_malloc(sizeof(unsigned char) *
macro_info.count);
if((vba_project->length != NULL) &&
(vba_project->key != NULL)) {
int i;
const macro_entry_t *m = macro_info.entries;
for(i = 0; i < macro_info.count; i++) {
vba_project->offset[i] = m->offset;
vba_project->length[i] = m->len;
vba_project->key[i] = m->key;
m++;
}
} else { |
7b9aed8c |
free(vba_project->name); |
72ce4b70 |
free(vba_project->colls); |
7b9aed8c |
free(vba_project->dir);
free(vba_project->offset); |
9fe789f8 |
if(vba_project->length)
free(vba_project->length);
if(vba_project->key)
free(vba_project->key); |
7b9aed8c |
free(vba_project);
vba_project = NULL;
} |
9fe789f8 |
}
free(macro_info.entries); |
a27be3c7 |
|
7b9aed8c |
return vba_project;
}
|
9fe789f8 |
unsigned char * |
11d24f8a |
cli_wm_decrypt_macro(int fd, off_t offset, uint32_t len, unsigned char key) |
7b9aed8c |
{
unsigned char *buff; |
fa53d800 |
|
faa0d267 |
if(len == 0)
return NULL;
if(fd < 0) |
2b459819 |
return NULL;
|
9fe789f8 |
buff = (unsigned char *)cli_malloc(len);
if(buff == NULL) |
7b9aed8c |
return NULL;
|
9fe789f8 |
if(!seekandread(fd, offset, SEEK_SET, buff, len)) { |
7b9aed8c |
free(buff);
return NULL;
} |
9fe789f8 |
if(key) {
unsigned char *p; |
faa0d267 |
|
9fe789f8 |
for(p = buff; p < &buff[len]; p++)
*p ^= key;
} |
7b9aed8c |
return buff;
} |
9fe789f8 |
/*
* Keep reading bytes until we reach a NUL. Returns 0 if none is found
*/
static int
skip_past_nul(int fd)
{ |
f6f2869f |
char *end;
char smallbuf[128];
do {
int nread = cli_readn(fd, smallbuf, sizeof(smallbuf));
if (nread <= 0)
return FALSE;
end = memchr(smallbuf, '\0', nread);
if (end) {
if (lseek(fd, 1 + (end-smallbuf) - nread, SEEK_CUR) < 0)
return FALSE;
return TRUE;
}
} while (1); |
9fe789f8 |
}
/*
* Read 2 bytes as a 16-bit number, host byte order. Return success or fail
*/
static int |
16975455 |
read_uint16(int fd, uint16_t *u, int big_endian) |
9fe789f8 |
{
if(cli_readn(fd, u, sizeof(uint16_t)) != sizeof(uint16_t))
return FALSE;
|
16975455 |
*u = vba_endian_convert_16(*u, big_endian); |
9fe789f8 |
return TRUE;
}
/*
* Read 4 bytes as a 32-bit number, host byte order. Return success or fail
*/
static int |
16975455 |
read_uint32(int fd, uint32_t *u, int big_endian) |
9fe789f8 |
{
if(cli_readn(fd, u, sizeof(uint32_t)) != sizeof(uint32_t))
return FALSE;
|
16975455 |
*u = vba_endian_convert_32(*u, big_endian); |
9fe789f8 |
return TRUE;
}
/*
* Miss some bytes then read a bit
*/
static int
seekandread(int fd, off_t offset, int whence, void *data, size_t len)
{
if(lseek(fd, offset, whence) == (off_t)-1) {
cli_dbgmsg("lseek failed\n");
return FALSE;
}
return cli_readn(fd, data, (unsigned int)len) == (int)len;
}
/*
* Create and initialise a vba_project structure
*/
static vba_project_t * |
72ce4b70 |
create_vba_project(int record_count, const char *dir, struct uniq *U) |
9fe789f8 |
{
vba_project_t *ret;
ret = (vba_project_t *) cli_malloc(sizeof(struct vba_project_tag));
if(ret == NULL)
return NULL;
|
937ade08 |
ret->name = (char **)cli_malloc(sizeof(char *) * record_count); |
72ce4b70 |
ret->colls = (uint32_t *)cli_malloc(sizeof(uint32_t) * record_count); |
9fe789f8 |
ret->dir = cli_strdup(dir);
ret->offset = (uint32_t *)cli_malloc (sizeof(uint32_t) * record_count);
if((ret->name == NULL) || (ret->dir == NULL) || (ret->offset == NULL)) {
if(ret->dir)
free(ret->dir); |
72ce4b70 |
if(ret->colls)
free(ret->colls); |
9fe789f8 |
if(ret->name)
free(ret->name);
if(ret->offset)
free(ret->offset);
free(ret);
return NULL;
}
ret->count = record_count; |
72ce4b70 |
ret->U = U; |
9fe789f8 |
return ret;
} |