@@ -1,3 +1,15 @@

+Mon Aug 24 22:09:12 CEST 2009 (tk)

+----------------------------------

+ * libclamav: improve handling of PDF files (bb#1682)

+

+Fri Aug 21 15:53:35 CEST 2009 (tk)

+----------------------------------

+ * libclamav: handle relative offsets with cli_ac_data; fix offset logic

+

+Fri Aug 21 02:17:11 CEST 2009 (acab)

+------------------------------------

+ * libclamav/ishield.c: properly free() header

+

 Fri Aug 21 00:56:03 CEST 2009 (acab)

 ------------------------------------

  * build system: upgrade to autoconf 2.64 and automake 1.11 (bb#1528)

@@ -173,7 +173,7 @@ cli_file_t cli_filetype2(int desc, const struct cl_engine *engine)

 	if(!root)

 	    return ret;

-	if(cli_ac_initdata(&mdata, root->ac_partsigs, root->ac_lsigs, CLI_DEFAULT_AC_TRACKLEN))

+	if(cli_ac_initdata(&mdata, root->ac_partsigs, root->ac_lsigs, root->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))

 	    return ret;

 	sret = cli_ac_scanbuff(buff, bread, NULL, NULL, NULL, engine->root[0], &mdata, 0, ret, NULL, AC_SCAN_FT, NULL);

@@ -183,7 +183,7 @@ cli_file_t cli_filetype2(int desc, const struct cl_engine *engine)

 	if(sret >= CL_TYPENO) {

 	    ret = sret;

 	} else {

-	    if(cli_ac_initdata(&mdata, root->ac_partsigs, root->ac_lsigs, CLI_DEFAULT_AC_TRACKLEN))

+	    if(cli_ac_initdata(&mdata, root->ac_partsigs, root->ac_lsigs, root->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))

 		return ret;

 	    decoded = (unsigned char *) cli_utf16toascii((char *) buff, bread);

@@ -217,7 +217,7 @@ cli_file_t cli_filetype2(int desc, const struct cl_engine *engine)

 			     * However when detecting whether a file is HTML or not, we need exact conversion.

 			     * (just eliminating zeros and matching would introduce false positives */

 			    if(encoding_normalize_toascii(&in_area, encoding, &out_area) >= 0 && out_area.length > 0) {

-				    if(cli_ac_initdata(&mdata, root->ac_partsigs, root->ac_lsigs, CLI_DEFAULT_AC_TRACKLEN))

+				    if(cli_ac_initdata(&mdata, root->ac_partsigs, root->ac_lsigs, root->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))

 					    return ret;

 				    if(out_area.length > 0) {

@@ -769,7 +769,7 @@ inline static int ac_findmatch(const unsigned char *buffer, uint32_t offset, uin

     return 1;

 }

-int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint32_t lsigs, uint8_t tracklen)

+int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint32_t lsigs, uint32_t reloffsigs, uint8_t tracklen)

 {

 	unsigned int i;

@@ -779,12 +779,24 @@ int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint32_t lsigs,

 	return CL_ENULLARG;

     }

-    data->partsigs = partsigs;

+    data->reloffsigs = reloffsigs;

+    if(reloffsigs) {

+	data->offset = (uint32_t *) cli_malloc(reloffsigs * 2 * sizeof(uint32_t));

+	if(!data->offset) {

+	    cli_errmsg("cli_ac_init: Can't allocate memory for data->offset\n");

+	    return CL_EMEM;

+	}

+	for(i = 0; i < reloffsigs * 2; i += 2)

+	    data->offset[i] = CLI_OFF_NONE;

+    }

+    data->partsigs = partsigs;

     if(partsigs) {

 	data->offmatrix = (int32_t ***) cli_calloc(partsigs, sizeof(int32_t **));

 	if(!data->offmatrix) {

 	    cli_errmsg("cli_ac_init: Can't allocate memory for data->offmatrix\n");

+	    if(reloffsigs)

+		free(data->offset);

 	    return CL_EMEM;

 	}

     }

@@ -795,6 +807,8 @@ int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint32_t lsigs,

 	if(!data->lsigcnt) {

 	    if(partsigs)

 		free(data->offmatrix);

+	    if(reloffsigs)

+		free(data->offset);

 	    cli_errmsg("cli_ac_init: Can't allocate memory for data->lsigcnt\n");

 	    return CL_EMEM;

 	}

@@ -803,17 +817,19 @@ int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint32_t lsigs,

 	    free(data->lsigcnt);

 	    if(partsigs)

 		free(data->offmatrix);

+	    if(reloffsigs)

+		free(data->offset);

 	    cli_errmsg("cli_ac_init: Can't allocate memory for data->lsigcnt[0]\n");

 	    return CL_EMEM;

 	}

 	for(i = 1; i < lsigs; i++)

 	    data->lsigcnt[i] = data->lsigcnt[0] + 64 * i;

-     }

- 

+    }

+

     return CL_SUCCESS;

 }

-int cli_ac_caloff(struct cli_matcher *root, int fd)

+int cli_ac_caloff(const struct cli_matcher *root, struct cli_ac_data *data, int fd)

 {

 	int ret;

 	unsigned int i;

@@ -824,8 +840,8 @@ int cli_ac_caloff(struct cli_matcher *root, int fd)

     for(i = 0; i < root->ac_reloff_num; i++) {

 	patt = root->ac_reloff[i];

 	if(fd == -1) {

-	    patt->offset_min = CLI_OFF_NONE;

-	} else if((ret = cli_caloff(NULL, &info, fd, root->type, patt->offdata, &patt->offset_min, &patt->offset_max))) {

+	    data->offset[patt->offset_min] = CLI_OFF_NONE;

+	} else if((ret = cli_caloff(NULL, &info, fd, root->type, patt->offdata, &data->offset[patt->offset_min], &data->offset[patt->offset_max]))) {

 	    cli_errmsg("cli_ac_caloff: Can't calculate relative offset in signature for %s\n", patt->virname);

 	    if(info.exeinfo.section)

 		free(info.exeinfo.section);

@@ -859,6 +875,11 @@ void cli_ac_freedata(struct cli_ac_data *data)

 	free(data->lsigcnt);

 	data->lsigs = 0;

     }

+

+    if(data && data->reloffsigs) {

+	free(data->offset);

+	data->reloffsigs = 0;

+    }

 }

 inline static int ac_addtype(struct cli_matched_type **list, cli_file_t type, off_t offset, const cli_ctx *ctx)

@@ -926,7 +947,7 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v

 	    while(patt) {

 		bp = i + 1 - patt->depth;

 		pt = patt;

-		/*

+	 	/*

 		while(pt) {

 		    if((pt->type && !(mode & AC_SCAN_FT)) || (!pt->type && !(mode & AC_SCAN_VIR))) {

 			pt = pt->next_same;

@@ -958,9 +979,16 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v

 			}

 			realoff = offset + bp - pt->prefix_length;

 			if(pt->offset_min != CLI_OFF_ANY && (!pt->sigid || pt->partno == 1)) {

-			    if(pt->offset_max > realoff || pt->offset_min < realoff) {

-				pt = pt->next_same;

-				continue;

+			    if(pt->offdata[0] == CLI_OFF_ABSOLUTE) {

+				if(pt->offset_max < realoff || pt->offset_min > realoff) {

+				    pt = pt->next_same;

+				    continue;

+				}

+			    } else {

+				if(mdata->offset[pt->offset_min] == CLI_OFF_NONE || mdata->offset[pt->offset_max] < realoff || mdata->offset[pt->offset_min] > realoff) {

+				    pt = pt->next_same;

+				    continue;

+				}

 			    }

 			}

 			if(pt->sigid) { /* it's a partial signature */

@@ -1477,6 +1505,8 @@ int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hex

 	    return CL_EMEM;

 	}

 	root->ac_reloff[root->ac_reloff_num] = new;

+	new->offset_min = root->ac_reloff_num * 2;

+	new->offset_max = new->offset_min + 1;

 	root->ac_reloff_num++;

     }

@@ -33,8 +33,9 @@

 struct cli_ac_data {

     int32_t ***offmatrix;

-    uint32_t partsigs, lsigs;

+    uint32_t partsigs, lsigs, reloffsigs;

     uint32_t **lsigcnt;

+    uint32_t *offset;

 };

 struct cli_ac_alt {

@@ -79,13 +80,13 @@ struct cli_ac_result {

 #include "matcher.h"

 int cli_ac_addpatt(struct cli_matcher *root, struct cli_ac_patt *pattern);

-int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint32_t lsigs, uint8_t tracklen);

+int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint32_t lsigs, uint32_t reloffsigs, uint8_t tracklen);

 int cli_ac_chklsig(const char *expr, const char *end, uint32_t *lsigcnt, unsigned int *cnt, uint64_t *ids, unsigned int parse_only);

 void cli_ac_freedata(struct cli_ac_data *data);

 int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, void **customdata, struct cli_ac_result **res, const struct cli_matcher *root, struct cli_ac_data *mdata, uint32_t offset, cli_file_t ftype, struct cli_matched_type **ftoffset, unsigned int mode, const cli_ctx *ctx);

 int cli_ac_buildtrie(struct cli_matcher *root);

 int cli_ac_init(struct cli_matcher *root, uint8_t mindepth, uint8_t maxdepth);

-int cli_ac_caloff(struct cli_matcher *root, int fd);

+int cli_ac_caloff(const struct cli_matcher *root, struct cli_ac_data *data, int fd);

 void cli_ac_free(struct cli_matcher *root);

 int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hexsig, uint32_t sigid, uint16_t parts, uint16_t partno, uint16_t rtype, uint16_t type, uint32_t mindist, uint32_t maxdist, const char *offset, const uint32_t *lsigid, unsigned int options);

@@ -55,8 +55,12 @@ int cli_bm_addpatt(struct cli_matcher *root, struct cli_bm_patt *pattern, const

 	cli_errmsg("cli_bm_addpatt: Can't calculate offset for signature %s\n", pattern->virname);

 	return ret;

     }

-    if(pattern->offdata[0] != CLI_OFF_ANY && pattern->offdata[0] != CLI_OFF_ABSOLUTE)

-	root->bm_reloff_num++;

+    if(pattern->offdata[0] != CLI_OFF_ANY) {

+	if(pattern->offdata[0] == CLI_OFF_ABSOLUTE)

+	    root->bm_absoff_num++;

+	else

+	    root->bm_reloff_num++;

+    }

 #if BM_MIN_LENGTH == BM_BLOCK_SIZE

     /* try to load balance bm_suffix (at the cost of bm_shift) */

@@ -154,7 +158,7 @@ void cli_bm_free(struct cli_matcher *root)

 int cli_bm_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, const struct cli_matcher *root, uint32_t offset, int fd)

 {

-	uint32_t i, j, off;

+	uint32_t i, j, off, off_min, off_max;

 	uint8_t found, pchain, shift;

 	uint16_t idx, idxchk;

 	struct cli_bm_patt *p;

@@ -163,7 +167,6 @@ int cli_bm_scanbuff(const unsigned char *buffer, uint32_t length, const char **v

         struct cli_target_info info;

         int ret;

-

     if(!root || !root->bm_shift)

 	return CL_CLEAN;

@@ -226,16 +229,19 @@ int cli_bm_scanbuff(const unsigned char *buffer, uint32_t length, const char **v

 		if(found && p->length + p->prefix_length == j) {

 		    if(p->offset_min != CLI_OFF_ANY) {

 			if(p->offdata[0] != CLI_OFF_ABSOLUTE) {

-			    ret = cli_caloff(NULL, &info, fd, root->type, p->offdata, &p->offset_min, &p->offset_max);

+			    ret = cli_caloff(NULL, &info, fd, root->type, p->offdata, &off_min, &off_max);

 			    if(ret != CL_SUCCESS) {

 				cli_errmsg("cli_bm_scanbuff: Can't calculate relative offset in signature for %s\n", p->virname);

 				if(info.exeinfo.section)

 				    free(info.exeinfo.section);

 				return ret;

 			    }

+			} else {

+			    off_min = p->offset_min;

+			    off_max = p->offset_max;

 			}

 			off = offset + i - p->prefix_length - BM_MIN_LENGTH + BM_BLOCK_SIZE;

-			if(p->offset_max > off || p->offset_min < off) {

+			if(off_max < off || off_min > off) {

 			    p = p->next;

 			    continue;

 			}

@@ -73,7 +73,7 @@ int cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset,

     if(troot) {

-	if(!acdata && (ret = cli_ac_initdata(&mdata, troot->ac_partsigs, troot->ac_lsigs, CLI_DEFAULT_AC_TRACKLEN)))

+	if(!acdata && (ret = cli_ac_initdata(&mdata, troot->ac_partsigs, troot->ac_lsigs, troot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN)))

 	    return ret;

 	if(troot->ac_only || (ret = cli_bm_scanbuff(buffer, length, virname, troot, offset, -1)) != CL_VIRUS)

@@ -86,7 +86,7 @@ int cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset,

 	    return ret;

     }

-    if(!acdata && (ret = cli_ac_initdata(&mdata, groot->ac_partsigs, groot->ac_lsigs, CLI_DEFAULT_AC_TRACKLEN)))

+    if(!acdata && (ret = cli_ac_initdata(&mdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN)))

 	return ret;

     if(groot->ac_only || (ret = cli_bm_scanbuff(buffer, length, virname, groot, offset, -1)) != CL_VIRUS)

@@ -366,11 +366,11 @@ int cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struc

     }

     if(!ftonly)

-	if((ret = cli_ac_caloff(groot, desc)) || (ret = cli_ac_initdata(&gdata, groot->ac_partsigs, groot->ac_lsigs, CLI_DEFAULT_AC_TRACKLEN)))

+	if((ret = cli_ac_initdata(&gdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN)) || (ret = cli_ac_caloff(groot, &gdata, desc)))

 	    return ret;

     if(troot) {

-	if((ret = cli_ac_caloff(troot, desc)) || (ret = cli_ac_initdata(&tdata, troot->ac_partsigs, troot->ac_lsigs, CLI_DEFAULT_AC_TRACKLEN))) {

+	if((ret = cli_ac_initdata(&tdata, troot->ac_partsigs, troot->ac_lsigs, troot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN)) || (ret = cli_ac_caloff(troot, &tdata, desc))) {

 	    if(!ftonly)

 		cli_ac_freedata(&gdata);

 	    return ret;

@@ -76,7 +76,7 @@ struct cli_matcher {

     struct cli_bm_patt **bm_suffix;

     struct cli_hashset md5_sizes_hs;

     uint32_t *soff, soff_len; /* for PE section sigs */

-    uint32_t bm_patterns, bm_reloff_num;

+    uint32_t bm_patterns, bm_reloff_num, bm_absoff_num;

     /* Extended Aho-Corasick */

     uint32_t ac_partsigs, ac_nodes, ac_patterns, ac_lsigs;

@@ -84,7 +84,7 @@ struct cli_matcher {

     struct cli_ac_node *ac_root, **ac_nodetable;

     struct cli_ac_patt **ac_pattable;

     struct cli_ac_patt **ac_reloff;

-    uint32_t ac_reloff_num;

+    uint32_t ac_reloff_num, ac_absoff_num;

     uint8_t ac_mindepth, ac_maxdepth;

     uint16_t maxpatlen;

@@ -52,6 +52,7 @@ static	char	const	rcsid[] = "$Id: pdf.c,v 1.61 2007/02/12 20:46:09 njh Exp $";

 #include "pdf.h"

 #include "scanners.h"

 #include "fmap.h"

+#include "str.h"

 #ifndef	O_BINARY

 #define	O_BINARY	0

@@ -67,7 +68,6 @@ static	int	flatedecode(unsigned char *buf, off_t len, int fout, cli_ctx *ctx);

 static	int	ascii85decode(const char *buf, off_t len, unsigned char *output);

 static	const	char	*pdf_nextlinestart(const char *ptr, size_t len);

 static	const	char	*pdf_nextobject(const char *ptr, size_t len);

-static	const	char	*cli_pmemstr(const char *haystack, size_t hs, const char *needle, size_t ns);

 int

 cli_pdf(const char *dir, int desc, cli_ctx *ctx, off_t offset)

@@ -83,6 +83,7 @@ cli_pdf(const char *dir, int desc, cli_ctx *ctx, off_t offset)

 	unsigned int files;

 	struct stat statb;

 	struct F_MAP *map;

+	int opt_failed = 0;

 	cli_dbgmsg("in cli_pdf(%s)\n", dir);

@@ -146,7 +147,7 @@ cli_pdf(const char *dir, int desc, cli_ctx *ctx, off_t offset)

 	 * q points to the end of the trailer section

 	 */

 	trailerlength = (long)(q - trailerstart);

-	if(cli_pmemstr(trailerstart, trailerlength, "Encrypt", 7)) {

+	if(cli_memstr(trailerstart, trailerlength, "Encrypt", 7)) {

 		/*

 		 * This tends to mean that the file is, in effect, read-only

 		 * http://www.cs.cmu.edu/~dst/Adobe/Gallery/anon21jul01-pdf-encryption.txt

@@ -239,7 +240,7 @@ cli_pdf(const char *dir, int desc, cli_ctx *ctx, off_t offset)

 		bytesleft -= (off_t)((q - p) + 3);

 		objstart = p = &q[3];

-		objend = cli_pmemstr(p, bytesleft, "endobj", 6);

+		objend = cli_memstr(p, bytesleft, "endobj", 6);

 		if(objend == NULL) {

 			cli_dbgmsg("cli_pdf: No matching endobj\n");

 			break;

@@ -249,7 +250,7 @@ cli_pdf(const char *dir, int desc, cli_ctx *ctx, off_t offset)

 		objlen = (unsigned long)(objend - objstart);

 		/* Is this object a stream? */

-		streamstart = cli_pmemstr(objstart, objlen, "stream", 6);

+		streamstart = cli_memstr(objstart, objlen, "stream", 6);

 		if(streamstart == NULL)

 			continue;

@@ -275,7 +276,6 @@ cli_pdf(const char *dir, int desc, cli_ctx *ctx, off_t offset)

 					 */

 					if((bytesleft > 11) && strncmp(q, " 0 R", 4) == 0) {

 						const char *r, *nq;

-						int opt_failed = 0;

 						size_t len;

 						char b[14];

@@ -287,10 +287,15 @@ cli_pdf(const char *dir, int desc, cli_ctx *ctx, off_t offset)

 						length = (unsigned long)strlen(b);

 						/* optimization: assume objects

 						 * are sequential */

-						nq = q;

-						len = buf + size - q;

+						if(!opt_failed) {

+						    nq = q;

+						    len = buf + size - q;

+						} else {

+						    nq = buf;

+						    len = q - buf;

+						}

 						do {

-							r = cli_pmemstr(nq, len, b, length);

+							r = cli_memstr(nq, len, b, length);

 							if (r > nq) {

 								const char x = *(r-1);

 								if (x == '\n' || x=='\r') {

@@ -299,8 +304,8 @@ cli_pdf(const char *dir, int desc, cli_ctx *ctx, off_t offset)

 								}

 							}

 							if (r) {

-								len -= r+1-nq;

-								nq = r + 1;

+								len -= r + length - nq;

+								nq = r + length;

 							} else if (!opt_failed) {

 								/* we failed optimized match,

 								 * try matching from the beginning

@@ -382,9 +387,9 @@ cli_pdf(const char *dir, int desc, cli_ctx *ctx, off_t offset)

 			break;

 		len -= (int)(q - streamstart);

 		streamstart = q;

-		streamend = cli_pmemstr(streamstart, len, "endstream\n", 10);

+		streamend = cli_memstr(streamstart, len, "endstream\n", 10);

 		if(streamend == NULL) {

-			streamend = cli_pmemstr(streamstart, len, "endstream\r", 10);

+			streamend = cli_memstr(streamstart, len, "endstream\r", 10);

 			if(streamend == NULL) {

 				cli_dbgmsg("cli_pdf: No endstream\n");

 				break;

@@ -532,6 +537,10 @@ cli_pdf(const char *dir, int desc, cli_ctx *ctx, off_t offset)

 						rc = CL_EUNLINK;

 						break;

 					}

+					if(cli_updatelimits(ctx, real_streamlen) != CL_SUCCESS) {

+						rc = CL_CLEAN;

+						break;

+					}

 					continue;

 				} else

 					tableInsert(md5table, md5str, 1);

@@ -714,7 +723,7 @@ ascii85decode(const char *buf, off_t len, unsigned char *output)

 	int quintet = 0;

 	int ret = 0;

-	if(cli_pmemstr(buf, len, "~>", 2) == NULL)

+	if(cli_memstr(buf, len, "~>", 2) == NULL)

 		cli_dbgmsg("cli_pdf: ascii85decode: no EOF marker found\n");

 	ptr = buf;

@@ -842,43 +851,3 @@ pdf_nextobject(const char *ptr, size_t len)

 	}

 	return NULL;

 }

-

-/*

- * like cli_memstr - but returns the location of the match

- * FIXME: need a case insensitive version

- */

-static const char *

-cli_pmemstr(const char *haystack, size_t hs, const char *needle, size_t ns)

-{

-	const char *pt, *hay;

-	size_t n;

-

-	if(haystack == needle)

-		return haystack;

-

-	if(hs < ns)

-		return NULL;

-

-	if(memcmp(haystack, needle, ns) == 0)

-		return haystack;

-

-	pt = hay = haystack;

-	n = hs;

-

-	while((pt = memchr(hay, needle[0], n)) != NULL) {

-		n -= (size_t)(pt - hay);

-		if(n < ns)

-			break;

-

-		if(memcmp(pt, needle, ns) == 0)

-			return pt;

-

-		if(hay == pt) {

-			n--;

-			hay++;

-		} else

-			hay = pt;

-	}

-

-	return NULL;

-}

@@ -2152,7 +2152,7 @@ int cl_engine_compile(struct cl_engine *engine)

 	if((root = engine->root[i])) {

 	    if((ret = cli_ac_buildtrie(root)))

 		return ret;

-	    cli_dbgmsg("matcher[%u]: %s: AC sigs: %u (reloff: %u) BM sigs: %u (reloff: %u) %s\n", i, cli_mtargets[i].name, root->ac_patterns, root->ac_reloff_num, root->bm_patterns, root->bm_reloff_num, root->ac_only ? "(ac_only mode)" : "");

+	    cli_dbgmsg("matcher[%u]: %s: AC sigs: %u (reloff: %u, absoff: %u) BM sigs: %u (reloff: %u, absoff: %u) %s\n", i, cli_mtargets[i].name, root->ac_patterns, root->ac_reloff_num, root->ac_absoff_num, root->bm_patterns, root->bm_reloff_num, root->bm_absoff_num, root->ac_only ? "(ac_only mode)" : "");

 	}

     }

@@ -289,7 +289,7 @@ int regex_list_match(struct regex_matcher* matcher,char* real_url,const char* di

 		buffer[buffer_len]=0;

 		cli_dbgmsg("Looking up in regex_list: %s\n", buffer);

-		if((rc = cli_ac_initdata(&mdata, 0, 0, CLI_DEFAULT_AC_TRACKLEN)))

+		if((rc = cli_ac_initdata(&mdata, 0, 0, 0, CLI_DEFAULT_AC_TRACKLEN)))

 			return rc;

 		bufrev = cli_strdup(buffer);

@@ -1062,10 +1062,10 @@ static int cli_scanscript(int desc, cli_ctx *ctx)

 	text_normalize_init(&state, normalized, SCANBUFF + maxpatlen);

 	ret = CL_CLEAN;

-	if ((ret = cli_ac_initdata(&tmdata, troot->ac_partsigs, troot->ac_lsigs, CLI_DEFAULT_AC_TRACKLEN)))

+	if ((ret = cli_ac_initdata(&tmdata, troot->ac_partsigs, troot->ac_lsigs, troot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN)))

 	    return ret;

-	if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, CLI_DEFAULT_AC_TRACKLEN))) {

+	if ((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) {

 	    cli_ac_freedata(&tmdata);

 	    return ret;

 	}

@@ -369,37 +369,33 @@ char *cli_strtokbuf(const char *input, int fieldno, const char *delim, char *out

     return output;

 }

-const char *cli_memstr(const char *haystack, int hs, const char *needle, int ns)

+const char *cli_memstr(const char *haystack, unsigned int hs, const char *needle, unsigned int ns)

 {

-	const char *pt, *hay;

-	int n;

+	unsigned int i, s1, s2;

-

-    if(hs < ns)

+    if(!hs || !ns || hs < ns)

 	return NULL;

-    if(haystack == needle)

-	return haystack;

-

-    if(!memcmp(haystack, needle, ns))

+    if(needle == haystack)

 	return haystack;

-    pt = hay = haystack;

-    n = hs;

+    if(ns == 1)

+	return memchr(haystack, needle[0], hs);

-    while((pt = memchr(hay, needle[0], n)) != NULL) {

-	n -= (int) (pt - hay);

-	if(n < ns)

-	    break;

-

-	if(!memcmp(pt, needle, ns))

-	    return pt;

-

-	if(hay == pt) {

-	    n--;

-	    hay++;

+    if(needle[0] == needle[1]) {

+	s1 = 2;

+	s2 = 1;

+    } else {

+	s1 = 1;

+	s2 = 2;

+    }

+    for(i = 0; i <= hs - ns; ) {

+	if(needle[1] != haystack[i + 1]) {

+	    i += s1;

 	} else {

-	    hay = pt;

+	    if((needle[0] == haystack[i]) && !memcmp(needle + 2, haystack + i + 2, ns - 2))

+		return &haystack[i];

+	    i += s2;

 	}

     }

@@ -42,7 +42,7 @@ int cli_hex2num(const char *hex);

 char *cli_str2hex(const char *string, unsigned int len);

 char *cli_utf16toascii(const char *str, unsigned int length);

 char *cli_strtokbuf(const char *input, int fieldno, const char *delim, char *output);

-const char *cli_memstr(const char *haystack, int hs, const char *needle, int ns);

+const char *cli_memstr(const char *haystack, unsigned int hs, const char *needle, unsigned int ns);

 char *cli_strrcpy(char *dest, const char *source);

 size_t cli_strtokenize(char *buffer, const char delim, const size_t token_count, const char **tokens);

 int cli_isnumber(const char *str);

@@ -76,7 +76,7 @@ START_TEST (test_ac_scanbuff) {

     ret = cli_ac_buildtrie(root);

     fail_unless(ret == CL_SUCCESS, "cli_ac_buildtrie() failed");

-    ret = cli_ac_initdata(&mdata, root->ac_partsigs, 0, CLI_DEFAULT_AC_TRACKLEN);

+    ret = cli_ac_initdata(&mdata, root->ac_partsigs, 0, 0, CLI_DEFAULT_AC_TRACKLEN);

     fail_unless(ret == CL_SUCCESS, "cli_ac_initdata() failed");

     for(i = 0; ac_testdata[i].data; i++) {