... | ... |
@@ -186,8 +186,8 @@ am_libclamav_la_OBJECTS = libclamav_la-matcher-ac.lo \ |
186 | 186 |
libclamav_la-bytecode_api_decl.lo libclamav_la-cache.lo \ |
187 | 187 |
libclamav_la-bytecode_detect.lo libclamav_la-events.lo \ |
188 | 188 |
libclamav_la-dmg.lo libclamav_la-xar.lo \ |
189 |
- libclamav_la-sf_base64decode.lo libclamav_la-swf.lo \ |
|
190 |
- libclamav_la-jpeg.lo libclamav_la-png.lo \ |
|
189 |
+ libclamav_la-sf_base64decode.lo libclamav_la-hfsplus.lo \ |
|
190 |
+ libclamav_la-swf.lo libclamav_la-jpeg.lo libclamav_la-png.lo \ |
|
191 | 191 |
libclamav_la-iso9660.lo libclamav_la-arc4.lo \ |
192 | 192 |
libclamav_la-rijndael.lo libclamav_la-crtmgr.lo \ |
193 | 193 |
libclamav_la-asn1.lo libclamav_la-fp_add.lo \ |
... | ... |
@@ -713,12 +713,12 @@ libclamav_la_SOURCES = clamav.h matcher-ac.c matcher-ac.h matcher-bm.c \ |
713 | 713 |
bytecode_api_impl.h bytecode_hooks.h cache.c cache.h \ |
714 | 714 |
bytecode_detect.c bytecode_detect.h builtin_bytecodes.h \ |
715 | 715 |
events.c events.h dmg.c dmg.h xar.c xar.h sf_base64decode.c \ |
716 |
- sf_base64decode.h swf.c swf.h jpeg.c jpeg.h png.c png.h \ |
|
717 |
- iso9660.c iso9660.h arc4.c arc4.h rijndael.c rijndael.h \ |
|
718 |
- crtmgr.c crtmgr.h asn1.c asn1.h bignum.h bignum_fast.h \ |
|
719 |
- tomsfastmath/addsub/fp_add.c tomsfastmath/addsub/fp_add_d.c \ |
|
720 |
- tomsfastmath/addsub/fp_addmod.c tomsfastmath/addsub/fp_cmp.c \ |
|
721 |
- tomsfastmath/addsub/fp_cmp_d.c \ |
|
716 |
+ sf_base64decode.h hfsplus.c hfsplus.h swf.c swf.h jpeg.c \ |
|
717 |
+ jpeg.h png.c png.h iso9660.c iso9660.h arc4.c arc4.h \ |
|
718 |
+ rijndael.c rijndael.h crtmgr.c crtmgr.h asn1.c asn1.h bignum.h \ |
|
719 |
+ bignum_fast.h tomsfastmath/addsub/fp_add.c \ |
|
720 |
+ tomsfastmath/addsub/fp_add_d.c tomsfastmath/addsub/fp_addmod.c \ |
|
721 |
+ tomsfastmath/addsub/fp_cmp.c tomsfastmath/addsub/fp_cmp_d.c \ |
|
722 | 722 |
tomsfastmath/addsub/fp_cmp_mag.c tomsfastmath/addsub/fp_sub.c \ |
723 | 723 |
tomsfastmath/addsub/fp_sub_d.c tomsfastmath/addsub/fp_submod.c \ |
724 | 724 |
tomsfastmath/addsub/s_fp_add.c tomsfastmath/addsub/s_fp_sub.c \ |
... | ... |
@@ -1028,6 +1028,7 @@ distclean-compile: |
1028 | 1028 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-fp_unsigned_bin_size.Plo@am__quote@ |
1029 | 1029 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-fsg.Plo@am__quote@ |
1030 | 1030 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-hashtab.Plo@am__quote@ |
1031 |
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-hfsplus.Plo@am__quote@ |
|
1031 | 1032 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-htmlnorm.Plo@am__quote@ |
1032 | 1033 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-infblock.Plo@am__quote@ |
1033 | 1034 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-inflate64.Plo@am__quote@ |
... | ... |
@@ -1869,6 +1870,13 @@ libclamav_la-sf_base64decode.lo: sf_base64decode.c |
1869 | 1869 |
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ |
1870 | 1870 |
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-sf_base64decode.lo `test -f 'sf_base64decode.c' || echo '$(srcdir)/'`sf_base64decode.c |
1871 | 1871 |
|
1872 |
+libclamav_la-hfsplus.lo: hfsplus.c |
|
1873 |
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-hfsplus.lo -MD -MP -MF $(DEPDIR)/libclamav_la-hfsplus.Tpo -c -o libclamav_la-hfsplus.lo `test -f 'hfsplus.c' || echo '$(srcdir)/'`hfsplus.c |
|
1874 |
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_la-hfsplus.Tpo $(DEPDIR)/libclamav_la-hfsplus.Plo |
|
1875 |
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='hfsplus.c' object='libclamav_la-hfsplus.lo' libtool=yes @AMDEPBACKSLASH@ |
|
1876 |
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ |
|
1877 |
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-hfsplus.lo `test -f 'hfsplus.c' || echo '$(srcdir)/'`hfsplus.c |
|
1878 |
+ |
|
1872 | 1879 |
libclamav_la-swf.lo: swf.c |
1873 | 1880 |
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-swf.lo -MD -MP -MF $(DEPDIR)/libclamav_la-swf.Tpo -c -o libclamav_la-swf.lo `test -f 'swf.c' || echo '$(srcdir)/'`swf.c |
1874 | 1881 |
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_la-swf.Tpo $(DEPDIR)/libclamav_la-swf.Plo |
... | ... |
@@ -98,6 +98,7 @@ static struct dconf_module modules[] = { |
98 | 98 |
{ "ARCHIVE", "ISO9660", ARCH_CONF_ISO9660, 1 }, |
99 | 99 |
{ "ARCHIVE", "DMG", ARCH_CONF_DMG, 1 }, |
100 | 100 |
{ "ARCHIVE", "XAR", ARCH_CONF_XAR, 1 }, |
101 |
+ { "ARCHIVE", "HFSPLUS", ARCH_CONF_HFSPLUS, 1 }, |
|
101 | 102 |
|
102 | 103 |
{ "DOCUMENT", "HTML", DOC_CONF_HTML, 1 }, |
103 | 104 |
{ "DOCUMENT", "RTF", DOC_CONF_RTF, 1 }, |
... | ... |
@@ -1007,7 +1007,7 @@ static int dmg_handle_mish(cli_ctx *ctx, unsigned int mishblocknum, char *dir, |
1007 | 1007 |
|
1008 | 1008 |
/* If okay so far, scan rebuilt partition */ |
1009 | 1009 |
if (ret == CL_CLEAN) { |
1010 |
- ; // ret = cli_magic_scandesc(ofd, ctx); |
|
1010 |
+ ret = cli_partition_scandesc(ofd, ctx); |
|
1011 | 1011 |
} |
1012 | 1012 |
|
1013 | 1013 |
close(ofd); |
... | ... |
@@ -103,6 +103,8 @@ static const struct ftmap_s { |
103 | 103 |
{ "CL_TYPE_JAVA", CL_TYPE_JAVA }, |
104 | 104 |
{ "CL_TYPE_DMG", CL_TYPE_DMG }, |
105 | 105 |
{ "CL_TYPE_XAR", CL_TYPE_XAR }, |
106 |
+ { "CL_TYPE_PART_ANY", CL_TYPE_PART_ANY }, |
|
107 |
+ { "CL_TYPE_PART_HFSPLUS", CL_TYPE_PART_HFSPLUS }, |
|
106 | 108 |
{ NULL, CL_TYPE_IGNORED } |
107 | 109 |
}; |
108 | 110 |
|
... | ... |
@@ -139,6 +141,32 @@ void cli_ftfree(const struct cl_engine *engine) |
139 | 139 |
mpool_free(engine->mempool, pt->tname); |
140 | 140 |
mpool_free(engine->mempool, pt); |
141 | 141 |
} |
142 |
+ |
|
143 |
+ ftypes = engine->ptypes; |
|
144 |
+ while(ftypes) { |
|
145 |
+ pt = ftypes; |
|
146 |
+ ftypes = ftypes->next; |
|
147 |
+ mpool_free(engine->mempool, pt->magic); |
|
148 |
+ mpool_free(engine->mempool, pt->tname); |
|
149 |
+ mpool_free(engine->mempool, pt); |
|
150 |
+ } |
|
151 |
+} |
|
152 |
+ |
|
153 |
+cli_file_t cli_partitiontype(const unsigned char *buf, size_t buflen, const struct cl_engine *engine) |
|
154 |
+{ |
|
155 |
+ struct cli_ftype *ptype = engine->ptypes; |
|
156 |
+ |
|
157 |
+ while(ptype) { |
|
158 |
+ if(ptype->offset + ptype->length <= buflen) { |
|
159 |
+ if(!memcmp(buf + ptype->offset, ptype->magic, ptype->length)) { |
|
160 |
+ cli_dbgmsg("Recognized %s partition\n", ptype->tname); |
|
161 |
+ return ptype->type; |
|
162 |
+ } |
|
163 |
+ } |
|
164 |
+ ptype = ptype->next; |
|
165 |
+ } |
|
166 |
+ |
|
167 |
+ return CL_TYPE_PART_ANY; |
|
142 | 168 |
} |
143 | 169 |
|
144 | 170 |
cli_file_t cli_filetype(const unsigned char *buf, size_t buflen, const struct cl_engine *engine) |
... | ... |
@@ -161,12 +189,12 @@ cli_file_t cli_filetype(const unsigned char *buf, size_t buflen, const struct cl |
161 | 161 |
|
162 | 162 |
int is_tar(const unsigned char *buf, unsigned int nbytes); |
163 | 163 |
|
164 |
-cli_file_t cli_filetype2(fmap_t *map, const struct cl_engine *engine) |
|
164 |
+cli_file_t cli_filetype2(fmap_t *map, const struct cl_engine *engine, cli_file_t basetype) |
|
165 | 165 |
{ |
166 | 166 |
unsigned char buffer[MAGIC_BUFFER_SIZE]; |
167 | 167 |
const unsigned char *buff; |
168 | 168 |
unsigned char *decoded; |
169 |
- int bread = MIN(map->len, MAGIC_BUFFER_SIZE), sret; |
|
169 |
+ int bread, sret; |
|
170 | 170 |
cli_file_t ret = CL_TYPE_BINARY_DATA; |
171 | 171 |
struct cli_matcher *root; |
172 | 172 |
struct cli_ac_data mdata; |
... | ... |
@@ -177,6 +205,17 @@ cli_file_t cli_filetype2(fmap_t *map, const struct cl_engine *engine) |
177 | 177 |
return CL_TYPE_ERROR; |
178 | 178 |
} |
179 | 179 |
|
180 |
+ if(basetype == CL_TYPE_PART_ANY) { |
|
181 |
+ bread = MIN(map->len, CL_PART_MBUFF_SIZE); |
|
182 |
+ } |
|
183 |
+ else { |
|
184 |
+ bread = MIN(map->len, CL_FILE_MBUFF_SIZE); |
|
185 |
+ } |
|
186 |
+ if(bread > MAGIC_BUFFER_SIZE) { |
|
187 |
+ /* Save anyone who tampered with the header */ |
|
188 |
+ bread = MAGIC_BUFFER_SIZE; |
|
189 |
+ } |
|
190 |
+ |
|
180 | 191 |
buff = fmap_need_off_once(map, 0, bread); |
181 | 192 |
if(buff) { |
182 | 193 |
sret = cli_memcpy(buffer, buff, bread); |
... | ... |
@@ -188,16 +227,22 @@ cli_file_t cli_filetype2(fmap_t *map, const struct cl_engine *engine) |
188 | 188 |
} else { |
189 | 189 |
return CL_TYPE_ERROR; |
190 | 190 |
} |
191 |
- ret = cli_filetype(buff, bread, engine); |
|
192 |
- |
|
193 |
- if(ret == CL_TYPE_BINARY_DATA) { |
|
194 |
- switch(is_tar(buff, bread)) { |
|
195 |
- case 1: |
|
196 |
- cli_dbgmsg("Recognized old fashioned tar file\n"); |
|
197 |
- return CL_TYPE_OLD_TAR; |
|
198 |
- case 2: |
|
199 |
- cli_dbgmsg("Recognized POSIX tar file\n"); |
|
200 |
- return CL_TYPE_POSIX_TAR; |
|
191 |
+ |
|
192 |
+ if(basetype == CL_TYPE_PART_ANY) { /* typing a partition */ |
|
193 |
+ ret = cli_partitiontype(buff, bread, engine); |
|
194 |
+ } |
|
195 |
+ else { /* typing a file */ |
|
196 |
+ ret = cli_filetype(buff, bread, engine); |
|
197 |
+ |
|
198 |
+ if(ret == CL_TYPE_BINARY_DATA) { |
|
199 |
+ switch(is_tar(buff, bread)) { |
|
200 |
+ case 1: |
|
201 |
+ cli_dbgmsg("Recognized old fashioned tar file\n"); |
|
202 |
+ return CL_TYPE_OLD_TAR; |
|
203 |
+ case 2: |
|
204 |
+ cli_dbgmsg("Recognized POSIX tar file\n"); |
|
205 |
+ return CL_TYPE_POSIX_TAR; |
|
206 |
+ } |
|
201 | 207 |
} |
202 | 208 |
} |
203 | 209 |
|
... | ... |
@@ -27,7 +27,11 @@ |
27 | 27 |
#include "cltypes.h" |
28 | 28 |
#include "fmap.h" |
29 | 29 |
|
30 |
-#define MAGIC_BUFFER_SIZE 1024 |
|
30 |
+#define CL_FILE_MBUFF_SIZE 1024 |
|
31 |
+#define CL_PART_MBUFF_SIZE 1026 |
|
32 |
+/* MAGIC_BUFFER_SIZE must be the bigger of the two sizes above */ |
|
33 |
+#define MAGIC_BUFFER_SIZE 1026 |
|
34 |
+ |
|
31 | 35 |
#define CL_TYPENO 500 |
32 | 36 |
#define MAX_EMBEDDED_OBJ 10 |
33 | 37 |
|
... | ... |
@@ -76,6 +80,10 @@ typedef enum { |
76 | 76 |
CL_TYPE_JAVA, |
77 | 77 |
CL_TYPE_XAR, |
78 | 78 |
|
79 |
+ /* Section for partition types */ |
|
80 |
+ CL_TYPE_PART_ANY, /* unknown partition type */ |
|
81 |
+ CL_TYPE_PART_HFSPLUS, |
|
82 |
+ |
|
79 | 83 |
/* bigger numbers have higher priority (in o-t-f detection) */ |
80 | 84 |
CL_TYPE_HTML, /* on the fly */ |
81 | 85 |
CL_TYPE_MAIL, /* magic + on the fly */ |
... | ... |
@@ -113,7 +121,7 @@ cli_file_t cli_ftcode(const char *name); |
113 | 113 |
const char *cli_ftname(cli_file_t code); |
114 | 114 |
void cli_ftfree(const struct cl_engine *engine); |
115 | 115 |
cli_file_t cli_filetype(const unsigned char *buf, size_t buflen, const struct cl_engine *engine); |
116 |
-cli_file_t cli_filetype2(fmap_t *map, const struct cl_engine *engine); |
|
116 |
+cli_file_t cli_filetype2(fmap_t *map, const struct cl_engine *engine, cli_file_t basetype); |
|
117 | 117 |
int cli_addtypesigs(struct cl_engine *engine); |
118 | 118 |
|
119 | 119 |
#endif |
... | ... |
@@ -172,8 +172,9 @@ static const char *ftypes_int[] = { |
172 | 172 |
"1:0:cafebabe0000001?:Universal Binary:CL_TYPE_ANY:CL_TYPE_MACHO_UNIBIN:73", |
173 | 173 |
"1:0:cafebabe0000002?:Java class file:CL_TYPE_ANY:CL_TYPE_JAVA:73", |
174 | 174 |
"1:0:cafebabe0000003?:Java class file:CL_TYPE_ANY:CL_TYPE_JAVA:73", |
175 |
- "1:EOF-512:6b6f6c79:DMG container file:CL_TYPE_ANY:CL_TYPE_DMG:73", |
|
176 |
- "0:0:78617221:XAR container file:CL_TYPE_ANY:CL_TYPE_XAR:73", |
|
175 |
+ "1:EOF-512:6b6f6c79:DMG container file:CL_TYPE_ANY:CL_TYPE_DMG:75", |
|
176 |
+ "0:0:78617221:XAR container file:CL_TYPE_ANY:CL_TYPE_XAR:75", |
|
177 |
+ "4:1024:482B:HFS+ partition:CL_TYPE_PART_ANY:CL_TYPE_PART_HFSPLUS:75", |
|
177 | 178 |
NULL |
178 | 179 |
}; |
179 | 180 |
|
180 | 181 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,42 @@ |
0 |
+/* |
|
1 |
+ * Copyright (C) 2013 Sourcefire, Inc. |
|
2 |
+ * |
|
3 |
+ * Authors: David Raynor <draynor@sourcefire.com> |
|
4 |
+ * |
|
5 |
+ * This program is free software; you can redistribute it and/or modify |
|
6 |
+ * it under the terms of the GNU General Public License version 2 as |
|
7 |
+ * published by the Free Software Foundation. |
|
8 |
+ * |
|
9 |
+ * This program is distributed in the hope that it will be useful, |
|
10 |
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
11 |
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
12 |
+ * GNU General Public License for more details. |
|
13 |
+ * |
|
14 |
+ * You should have received a copy of the GNU General Public License |
|
15 |
+ * along with this program; if not, write to the Free Software |
|
16 |
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, |
|
17 |
+ * MA 02110-1301, USA. |
|
18 |
+ */ |
|
19 |
+ |
|
20 |
+#if HAVE_CONFIG_H |
|
21 |
+#include "clamav-config.h" |
|
22 |
+#endif |
|
23 |
+ |
|
24 |
+#include "cltypes.h" |
|
25 |
+#include "others.h" |
|
26 |
+#include "hfsplus.h" |
|
27 |
+#include "scanners.h" |
|
28 |
+ |
|
29 |
+int cli_scanhfsplus(cli_ctx *ctx) |
|
30 |
+{ |
|
31 |
+ int ret = CL_CLEAN; |
|
32 |
+ |
|
33 |
+ if (!ctx || !ctx->fmap) { |
|
34 |
+ cli_errmsg("cli_scanhfsplus: Invalid context\n"); |
|
35 |
+ return CL_ENULLARG; |
|
36 |
+ } |
|
37 |
+ |
|
38 |
+ cli_dbgmsg("cli_scanhfsplus: starting scan\n"); |
|
39 |
+ |
|
40 |
+ return ret; |
|
41 |
+} |
0 | 42 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,32 @@ |
0 |
+/* |
|
1 |
+ * Copyright (C) 2013 Sourcefire, Inc. |
|
2 |
+ * |
|
3 |
+ * Authors: David Raynor <draynor@sourcefire.com> |
|
4 |
+ * |
|
5 |
+ * This program is free software; you can redistribute it and/or modify |
|
6 |
+ * it under the terms of the GNU General Public License version 2 as |
|
7 |
+ * published by the Free Software Foundation. |
|
8 |
+ * |
|
9 |
+ * This program is distributed in the hope that it will be useful, |
|
10 |
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
11 |
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
12 |
+ * GNU General Public License for more details. |
|
13 |
+ * |
|
14 |
+ * You should have received a copy of the GNU General Public License |
|
15 |
+ * along with this program; if not, write to the Free Software |
|
16 |
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, |
|
17 |
+ * MA 02110-1301, USA. |
|
18 |
+ */ |
|
19 |
+ |
|
20 |
+#ifndef __HFSPLUS_H |
|
21 |
+#define __HFSPLUS_H |
|
22 |
+ |
|
23 |
+#if HAVE_CONFIG_H |
|
24 |
+#include "clamav-config.h" |
|
25 |
+#endif |
|
26 |
+ |
|
27 |
+#include "cltypes.h" |
|
28 |
+ |
|
29 |
+int cli_scanhfsplus(cli_ctx *ctx); |
|
30 |
+ |
|
31 |
+#endif |
... | ... |
@@ -55,7 +55,7 @@ |
55 | 55 |
* in re-enabling affected modules. |
56 | 56 |
*/ |
57 | 57 |
|
58 |
-#define CL_FLEVEL 73 |
|
58 |
+#define CL_FLEVEL 75 |
|
59 | 59 |
#define CL_FLEVEL_DCONF CL_FLEVEL |
60 | 60 |
#define CL_FLEVEL_SIGTOOL CL_FLEVEL |
61 | 61 |
|
... | ... |
@@ -235,6 +235,7 @@ struct cl_engine { |
235 | 235 |
|
236 | 236 |
/* Filetype definitions */ |
237 | 237 |
struct cli_ftype *ftypes; |
238 |
+ struct cli_ftype *ptypes; |
|
238 | 239 |
|
239 | 240 |
/* Ignored signatures */ |
240 | 241 |
struct cli_matcher *ignored; |
... | ... |
@@ -1589,7 +1589,7 @@ static int cli_loadftm(FILE *fs, struct cl_engine *engine, unsigned int options, |
1589 | 1589 |
struct cli_ftype *new; |
1590 | 1590 |
cli_file_t rtype, type; |
1591 | 1591 |
int ret; |
1592 |
- |
|
1592 |
+ int magictype; |
|
1593 | 1593 |
|
1594 | 1594 |
if((ret = cli_initroots(engine, options))) |
1595 | 1595 |
return ret; |
... | ... |
@@ -1650,11 +1650,12 @@ static int cli_loadftm(FILE *fs, struct cl_engine *engine, unsigned int options, |
1650 | 1650 |
break; |
1651 | 1651 |
} |
1652 | 1652 |
|
1653 |
- if(atoi(tokens[0]) == 1) { /* A-C */ |
|
1653 |
+ magictype = atoi(tokens[0]); |
|
1654 |
+ if(magictype == 1) { /* A-C */ |
|
1654 | 1655 |
if((ret = cli_parse_add(engine->root[0], tokens[3], tokens[2], rtype, type, tokens[1], 0, NULL, options))) |
1655 | 1656 |
break; |
1656 | 1657 |
|
1657 |
- } else if(atoi(tokens[0]) == 0) { /* memcmp() */ |
|
1658 |
+ } else if ((magictype == 0) || (magictype == 4)) { /* memcmp() */ |
|
1658 | 1659 |
if(!cli_isnumber(tokens[1])) { |
1659 | 1660 |
cli_errmsg("cli_loadftm: Invalid offset\n"); |
1660 | 1661 |
ret = CL_EMALFDB; |
... | ... |
@@ -1682,9 +1683,15 @@ static int cli_loadftm(FILE *fs, struct cl_engine *engine, unsigned int options, |
1682 | 1682 |
ret = CL_EMEM; |
1683 | 1683 |
break; |
1684 | 1684 |
} |
1685 |
- new->next = engine->ftypes; |
|
1686 |
- engine->ftypes = new; |
|
1687 |
- |
|
1685 |
+ /* files => ftypes, partitions => ptypes */ |
|
1686 |
+ if(magictype == 4) { |
|
1687 |
+ new->next = engine->ptypes; |
|
1688 |
+ engine->ptypes = new; |
|
1689 |
+ } |
|
1690 |
+ else { |
|
1691 |
+ new->next = engine->ftypes; |
|
1692 |
+ engine->ftypes = new; |
|
1693 |
+ } |
|
1688 | 1694 |
} else { |
1689 | 1695 |
cli_dbgmsg("cli_loadftm: Unsupported mode %u\n", atoi(tokens[0])); |
1690 | 1696 |
continue; |
... | ... |
@@ -2327,10 +2327,13 @@ static int magic_scandesc(cli_ctx *ctx, cli_file_t type) |
2327 | 2327 |
early_ret_from_magicscan(CL_CLEAN); |
2328 | 2328 |
} |
2329 | 2329 |
old_hook_lsig_matches = ctx->hook_lsig_matches; |
2330 |
+ if(type == CL_TYPE_PART_ANY) { |
|
2331 |
+ typercg = 0; |
|
2332 |
+ } |
|
2330 | 2333 |
|
2331 | 2334 |
perf_start(ctx, PERFT_FT); |
2332 |
- if(type == CL_TYPE_ANY) |
|
2333 |
- type = cli_filetype2(*ctx->fmap, ctx->engine); |
|
2335 |
+ if((type == CL_TYPE_ANY) || type == CL_TYPE_PART_ANY) |
|
2336 |
+ type = cli_filetype2(*ctx->fmap, ctx->engine, type); |
|
2334 | 2337 |
perf_stop(ctx, PERFT_FT); |
2335 | 2338 |
if(type == CL_TYPE_ERROR) { |
2336 | 2339 |
cli_dbgmsg("cli_magic_scandesc: cli_filetype2 returned CL_TYPE_ERROR\n"); |
... | ... |
@@ -2651,6 +2654,12 @@ static int magic_scandesc(cli_ctx *ctx, cli_file_t type) |
2651 | 2651 |
ret = cli_scanxar(ctx); |
2652 | 2652 |
break; |
2653 | 2653 |
|
2654 |
+ case CL_TYPE_PART_HFSPLUS: |
|
2655 |
+ ctx->container_type = CL_TYPE_PART_HFSPLUS; |
|
2656 |
+ if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_HFSPLUS)) |
|
2657 |
+ ret = cli_scanhfsplus(ctx); |
|
2658 |
+ break; |
|
2659 |
+ |
|
2654 | 2660 |
case CL_TYPE_BINARY_DATA: |
2655 | 2661 |
case CL_TYPE_TEXT_UTF16BE: |
2656 | 2662 |
if(SCAN_ALGO && (DCONF_OTHER & OTHER_CONF_MYDOOMLOG)) |
... | ... |
@@ -2793,7 +2802,7 @@ static int magic_scandesc(cli_ctx *ctx, cli_file_t type) |
2793 | 2793 |
} |
2794 | 2794 |
} |
2795 | 2795 |
|
2796 |
-int cli_magic_scandesc(int desc, cli_ctx *ctx) |
|
2796 |
+static int cli_base_scandesc(int desc, cli_ctx *ctx, cli_file_t type) |
|
2797 | 2797 |
{ |
2798 | 2798 |
STATBUF sb; |
2799 | 2799 |
int ret; |
... | ... |
@@ -2821,13 +2830,24 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx) |
2821 | 2821 |
} |
2822 | 2822 |
perf_stop(ctx, PERFT_MAP); |
2823 | 2823 |
|
2824 |
- ret = magic_scandesc(ctx, CL_TYPE_ANY); |
|
2824 |
+ ret = magic_scandesc(ctx, type); |
|
2825 | 2825 |
|
2826 | 2826 |
funmap(*ctx->fmap); |
2827 | 2827 |
ctx->fmap--; |
2828 | 2828 |
return ret; |
2829 | 2829 |
} |
2830 | 2830 |
|
2831 |
+int cli_magic_scandesc(int desc, cli_ctx *ctx) |
|
2832 |
+{ |
|
2833 |
+ return cli_base_scandesc(desc, ctx, CL_TYPE_ANY); |
|
2834 |
+} |
|
2835 |
+ |
|
2836 |
+/* Have to keep partition typing separate */ |
|
2837 |
+int cli_partition_scandesc(int desc, cli_ctx *ctx) |
|
2838 |
+{ |
|
2839 |
+ return cli_base_scandesc(desc, ctx, CL_TYPE_PART_ANY); |
|
2840 |
+} |
|
2841 |
+ |
|
2831 | 2842 |
int cli_magic_scandesc_type(cli_ctx *ctx, cli_file_t type) |
2832 | 2843 |
{ |
2833 | 2844 |
return magic_scandesc(ctx, type); |
... | ... |
@@ -26,6 +26,7 @@ |
26 | 26 |
#include "filetypes.h" |
27 | 27 |
|
28 | 28 |
int cli_magic_scandesc(int desc, cli_ctx *ctx); |
29 |
+int cli_partition_scandesc(int desc, cli_ctx *ctx); |
|
29 | 30 |
int cli_magic_scandesc_type(cli_ctx *ctx, cli_file_t type); |
30 | 31 |
int cli_map_scandesc(cl_fmap_t *map, off_t offset, size_t length, cli_ctx *ctx); |
31 | 32 |
int cli_mem_scandesc(const void *buffer, size_t length, cli_ctx *ctx); |