/*
* Copyright (C) 2013-2019 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
* Copyright (C) 2007-2013 Sourcefire, Inc.
*
* Authors: Alberto Wu, Michal 'GiM' Spadlinski
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*/
#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif
#include "clamav.h"
#include "others.h"
#include "execs.h"
#include "pe.h"
#include "packlibs.h"
static int doubledl(const char **scur, uint8_t *mydlptr, const char *buffer, uint32_t buffersize)
{
unsigned char mydl = *mydlptr;
unsigned char olddl = mydl;
mydl *= 2;
if (!(olddl & 0x7f)) {
if (*scur < buffer || *scur >= buffer + buffersize - 1)
return -1;
olddl = **scur;
mydl = olddl * 2 + 1;
*scur = *scur + 1;
}
*mydlptr = mydl;
return (olddl >> 7) & 1;
}
int cli_unfsg(const char *source, char *dest, int ssize, int dsize, const char **endsrc, char **enddst)
{
uint8_t mydl = 0x80;
uint32_t backbytes, backsize, oldback = 0;
const char *csrc = source;
char *cdst = dest;
int oob, lostbit = 1;
if (ssize <= 0 || dsize <= 0) return -1;
*cdst++ = *csrc++;
while (1) {
if ((oob = doubledl(&csrc, &mydl, source, ssize))) {
if (oob == -1)
return -1;
/* 164 */
backsize = 0;
if ((oob = doubledl(&csrc, &mydl, source, ssize))) {
if (oob == -1)
return -1;
/* 16a */
backbytes = 0;
if ((oob = doubledl(&csrc, &mydl, source, ssize))) {
if (oob == -1)
return -1;
/* 170 */
lostbit = 1;
backsize++;
backbytes = 0x10;
while (backbytes < 0x100) {
if ((oob = doubledl(&csrc, &mydl, source, ssize)) == -1)
return -1;
backbytes = backbytes * 2 + oob;
}
backbytes &= 0xff;
if (!backbytes) {
if (cdst >= dest + dsize)
return -1;
*cdst++ = 0x00;
continue;
}
} else {
/* 18f */
if (csrc >= source + ssize)
return -1;
backbytes = *(unsigned char *)csrc;
backsize = backsize * 2 + (backbytes & 1);
backbytes = (backbytes & 0xff) >> 1;
csrc++;
if (!backbytes)
break;
backsize += 2;
oldback = backbytes;
lostbit = 0;
}
} else {
/* 180 */
backsize = 1;
do {
if ((oob = doubledl(&csrc, &mydl, source, ssize)) == -1)
return -1;
backsize = backsize * 2 + oob;
if ((oob = doubledl(&csrc, &mydl, source, ssize)) == -1)
return -1;
} while (oob);
backsize = backsize - 1 - lostbit;
if (!backsize) {
/* 18a */
backsize = 1;
do {
if ((oob = doubledl(&csrc, &mydl, source, ssize)) == -1)
return -1;
backsize = backsize * 2 + oob;
if ((oob = doubledl(&csrc, &mydl, source, ssize)) == -1)
return -1;
} while (oob);
backbytes = oldback;
} else {
/* 198 */
if (csrc >= source + ssize)
return -1;
backbytes = *(unsigned char *)csrc;
backbytes += (backsize - 1) << 8;
backsize = 1;
csrc++;
do {
if ((oob = doubledl(&csrc, &mydl, source, ssize)) == -1)
return -1;
backsize = backsize * 2 + oob;
if ((oob = doubledl(&csrc, &mydl, source, ssize)) == -1)
return -1;
} while (oob);
if (backbytes >= 0x7d00)
backsize++;
if (backbytes >= 0x500)
backsize++;
if (backbytes <= 0x7f)
backsize += 2;
oldback = backbytes;
}
lostbit = 0;
}
if (!CLI_ISCONTAINED(dest, dsize, cdst, backsize) || !CLI_ISCONTAINED(dest, dsize, cdst - backbytes, backsize))
return -1;
while (backsize--) {
*cdst = *(cdst - backbytes);
cdst++;
}
} else {
/* 15d */
if (cdst < dest || cdst >= dest + dsize || csrc < source || csrc >= source + ssize)
return -1;
*cdst++ = *csrc++;
lostbit = 1;
}
}
if (endsrc) *endsrc = csrc;
if (enddst) *enddst = cdst;
return 0;
}
int unmew(const char *source, char *dest, int ssize, int dsize, const char **endsrc, char **enddst)
{
uint8_t mydl = 0x80;
uint32_t myeax_backbytes, myecx_backsize, oldback = 0;
const char *csrc = source;
char *cdst = dest;
int oob, lostbit = 1;
*cdst++ = *csrc++;
while (1) {
if ((oob = doubledl(&csrc, &mydl, source, ssize))) {
if (oob == -1)
return -1;
/* 164 */
myecx_backsize = 0;
if ((oob = doubledl(&csrc, &mydl, source, ssize))) {
if (oob == -1)
return -1;
/* 16a */
myeax_backbytes = 0;
if ((oob = doubledl(&csrc, &mydl, source, ssize))) {
if (oob == -1)
return -1;
/* 170 */
lostbit = 1;
myecx_backsize++;
myeax_backbytes = 0x10;
while (myeax_backbytes < 0x100) {
if ((oob = doubledl(&csrc, &mydl, source, ssize)) == -1)
return -1;
myeax_backbytes = myeax_backbytes * 2 + oob;
}
myeax_backbytes &= 0xff;
if (!myeax_backbytes) {
if (cdst >= dest + dsize)
return -1;
*cdst++ = 0x00;
/*cli_dbgmsg("X%02x ", *(cdst-1)&0xff);*/
continue;
}
} else {
/* 18f */
if (csrc >= source + ssize)
return -1;
myeax_backbytes = *(unsigned char *)csrc;
myecx_backsize = myecx_backsize * 2 + (myeax_backbytes & 1);
myeax_backbytes = (myeax_backbytes & 0xff) >> 1;
csrc++;
if (!myeax_backbytes) {
/* cli_dbgmsg("\nBREAK \n"); */
break;
}
myecx_backsize += 2;
oldback = myeax_backbytes;
lostbit = 0;
}
} else {
/* 180 */
myecx_backsize = 1;
do {
if ((oob = doubledl(&csrc, &mydl, source, ssize)) == -1)
return -1;
myecx_backsize = myecx_backsize * 2 + oob;
if ((oob = doubledl(&csrc, &mydl, source, ssize)) == -1)
return -1;
} while (oob);
myecx_backsize = myecx_backsize - 1 - lostbit;
if (!myecx_backsize) {
/* 18a */
myecx_backsize = 1;
do {
if ((oob = doubledl(&csrc, &mydl, source, ssize)) == -1)
return -1;
myecx_backsize = myecx_backsize * 2 + oob;
if ((oob = doubledl(&csrc, &mydl, source, ssize)) == -1)
return -1;
} while (oob);
myeax_backbytes = oldback;
} else {
/* 198 */
if (csrc >= source + ssize)
return -1;
myeax_backbytes = *(unsigned char *)csrc;
myeax_backbytes += (myecx_backsize - 1) << 8;
myecx_backsize = 1;
csrc++;
do {
if ((oob = doubledl(&csrc, &mydl, source, ssize)) == -1)
return -1;
myecx_backsize = myecx_backsize * 2 + oob;
if ((oob = doubledl(&csrc, &mydl, source, ssize)) == -1)
return -1;
} while (oob);
if (myeax_backbytes >= 0x7d00)
myecx_backsize++;
if (myeax_backbytes >= 0x500)
myecx_backsize++;
if (myeax_backbytes <= 0x7f)
myecx_backsize += 2;
oldback = myeax_backbytes;
}
lostbit = 0;
}
if (!CLI_ISCONTAINED(dest, dsize, cdst, myecx_backsize) || !CLI_ISCONTAINED(dest, dsize, cdst - myeax_backbytes, myecx_backsize)) {
cli_dbgmsg("MEW: rete: %p %d %p %d %d || %p %d %p %d %d\n", dest, dsize, cdst, myecx_backsize,
CLI_ISCONTAINED(dest, dsize, cdst, myecx_backsize),
dest, dsize, cdst - myeax_backbytes, myecx_backsize,
CLI_ISCONTAINED(dest, dsize, cdst - myeax_backbytes, myecx_backsize));
return -1;
}
while (myecx_backsize--) {
*cdst = *(cdst - myeax_backbytes);
cdst++;
}
} else {
/* 15d */
if (cdst < dest || cdst >= dest + dsize || csrc < source || csrc >= source + ssize) {
cli_dbgmsg("MEW: retf %p %p+%08x=%p, %p %p+%08x=%p\n",
cdst, dest, dsize, dest + dsize, csrc, source, ssize, source + ssize);
return -1;
}
*cdst++ = *csrc++;
/* cli_dbgmsg("Z%02x ", *(cdst-1)&0xff); */
lostbit = 1;
}
}
*endsrc = csrc;
*enddst = cdst;
return 0;
}