Browse code
multipart signatures: give higher priority to new sub-matches
| ... | ... |
@@ -1,3 +1,8 @@ |
| 1 |
+Sat Nov 18 21:46:10 CET 2006 (tk) |
|
| 2 |
+--------------------------------- |
|
| 3 |
+ * libclamav/matcher-ac.c: multipart signatures: give higher priority to new |
|
| 4 |
+ sub-matches |
|
| 5 |
+ |
|
| 1 | 6 |
Sat Nov 18 00:51:08 CET 2006 (tk) |
| 2 | 7 |
--------------------------------- |
| 3 | 8 |
* libclamav/matcher.c: fix debug message (closes bb#144) |
| ... | ... |
@@ -39,6 +39,7 @@ |
| 39 | 39 |
#include "matcher-ac.h" |
| 40 | 40 |
#include "defaults.h" |
| 41 | 41 |
#include "filetypes.h" |
| 42 |
+#include "cltypes.h" |
|
| 42 | 43 |
|
| 43 | 44 |
struct nodelist {
|
| 44 | 45 |
struct cli_ac_node *node; |
| ... | ... |
@@ -320,20 +321,30 @@ int cli_ac_initdata(struct cli_ac_data *data, unsigned int partsigs, unsigned in |
| 320 | 320 |
return CL_EMEM; |
| 321 | 321 |
} |
| 322 | 322 |
|
| 323 |
- data->offcnt = (unsigned int *) cli_calloc(partsigs, sizeof(unsigned int)); |
|
| 323 |
+ data->offcnt = (uint8_t *) cli_calloc(partsigs, sizeof(uint8_t)); |
|
| 324 | 324 |
|
| 325 | 325 |
if(!data->offcnt) {
|
| 326 |
- cli_errmsg("cli_ac_init(): unable to cli_calloc(%u, %u)\n", partsigs, sizeof(unsigned int));
|
|
| 326 |
+ cli_errmsg("cli_ac_init(): unable to cli_calloc(%u, %u)\n", partsigs, sizeof(uint8_t));
|
|
| 327 | 327 |
free(data->partcnt); |
| 328 | 328 |
return CL_EMEM; |
| 329 | 329 |
} |
| 330 | 330 |
|
| 331 |
+ data->offidx = (uint8_t *) cli_calloc(partsigs, sizeof(uint8_t)); |
|
| 332 |
+ |
|
| 333 |
+ if(!data->offidx) {
|
|
| 334 |
+ cli_errmsg("cli_ac_init(): unable to cli_calloc(%u, %u)\n", partsigs, sizeof(uint8_t));
|
|
| 335 |
+ free(data->partcnt); |
|
| 336 |
+ free(data->offcnt); |
|
| 337 |
+ return CL_EMEM; |
|
| 338 |
+ } |
|
| 339 |
+ |
|
| 331 | 340 |
data->maxshift = (int *) cli_malloc(partsigs * sizeof(int)); |
| 332 | 341 |
|
| 333 | 342 |
if(!data->maxshift) {
|
| 334 | 343 |
cli_errmsg("cli_ac_init(): unable to cli_malloc(%u)\n", partsigs * sizeof(int));
|
| 335 | 344 |
free(data->partcnt); |
| 336 | 345 |
free(data->offcnt); |
| 346 |
+ free(data->offidx); |
|
| 337 | 347 |
return CL_EMEM; |
| 338 | 348 |
} |
| 339 | 349 |
|
| ... | ... |
@@ -345,6 +356,7 @@ int cli_ac_initdata(struct cli_ac_data *data, unsigned int partsigs, unsigned in |
| 345 | 345 |
cli_errmsg("cli_ac_init(): unable to cli_calloc(%u, %u)\n", partsigs, sizeof(unsigned int));
|
| 346 | 346 |
free(data->partcnt); |
| 347 | 347 |
free(data->offcnt); |
| 348 |
+ free(data->offidx); |
|
| 348 | 349 |
free(data->maxshift); |
| 349 | 350 |
return CL_EMEM; |
| 350 | 351 |
} |
| ... | ... |
@@ -364,6 +376,7 @@ int cli_ac_initdata(struct cli_ac_data *data, unsigned int partsigs, unsigned in |
| 364 | 364 |
free(data->partoff); |
| 365 | 365 |
free(data->partcnt); |
| 366 | 366 |
free(data->offcnt); |
| 367 |
+ free(data->offidx); |
|
| 367 | 368 |
free(data->maxshift); |
| 368 | 369 |
cli_errmsg("cli_ac_init(): unable to cli_calloc(%u, %u)\n", tracklen, sizeof(unsigned int));
|
| 369 | 370 |
return CL_EMEM; |
| ... | ... |
@@ -381,6 +394,7 @@ void cli_ac_freedata(struct cli_ac_data *data) |
| 381 | 381 |
if(data && data->partsigs) {
|
| 382 | 382 |
free(data->partcnt); |
| 383 | 383 |
free(data->offcnt); |
| 384 |
+ free(data->offidx); |
|
| 384 | 385 |
free(data->maxshift); |
| 385 | 386 |
|
| 386 | 387 |
for(i = 0; i < data->partsigs; i++) |
| ... | ... |
@@ -395,7 +409,8 @@ int cli_ac_scanbuff(const unsigned char *buffer, unsigned int length, const char |
| 395 | 395 |
struct cli_ac_node *current; |
| 396 | 396 |
struct cli_ac_patt *pt; |
| 397 | 397 |
int type = CL_CLEAN, t, j; |
| 398 |
- unsigned int i, position, idx, found, curroff; |
|
| 398 |
+ unsigned int i, position, curroff; |
|
| 399 |
+ uint8_t offnum, found; |
|
| 399 | 400 |
struct cli_matched_type *tnode; |
| 400 | 401 |
|
| 401 | 402 |
|
| ... | ... |
@@ -435,12 +450,20 @@ int cli_ac_scanbuff(const unsigned char *buffer, unsigned int length, const char |
| 435 | 435 |
if(pt->sigid) { /* it's a partial signature */
|
| 436 | 436 |
|
| 437 | 437 |
if(mdata->partcnt[pt->sigid - 1] + 1 == pt->partno) {
|
| 438 |
- idx = mdata->offcnt[pt->sigid - 1]; |
|
| 439 |
- if(idx < AC_DEFAULT_TRACKLEN) {
|
|
| 440 |
- mdata->partoff[pt->sigid - 1][idx] = curroff + pt->length; |
|
| 438 |
+ offnum = mdata->offcnt[pt->sigid - 1]; |
|
| 439 |
+ if(offnum < AC_DEFAULT_TRACKLEN) {
|
|
| 440 |
+ mdata->partoff[pt->sigid - 1][offnum] = curroff + pt->length; |
|
| 441 | 441 |
|
| 442 |
- if(mdata->maxshift[pt->sigid - 1] == -1 || ((int) (mdata->partoff[pt->sigid - 1][idx] - mdata->partoff[pt->sigid - 1][0]) <= mdata->maxshift[pt->sigid - 1])) |
|
| 442 |
+ if(mdata->maxshift[pt->sigid - 1] == -1 || ((int) (mdata->partoff[pt->sigid - 1][offnum] - mdata->partoff[pt->sigid - 1][0]) <= mdata->maxshift[pt->sigid - 1])) |
|
| 443 | 443 |
mdata->offcnt[pt->sigid - 1]++; |
| 444 |
+ } else {
|
|
| 445 |
+ if(mdata->maxshift[pt->sigid - 1] == -1 || ((int) (curroff + pt->length - mdata->partoff[pt->sigid - 1][0]) <= mdata->maxshift[pt->sigid - 1])) {
|
|
| 446 |
+ if(!(mdata->offidx[pt->sigid - 1] %= AC_DEFAULT_TRACKLEN)) |
|
| 447 |
+ mdata->offidx[pt->sigid - 1]++; |
|
| 448 |
+ |
|
| 449 |
+ mdata->partoff[pt->sigid - 1][mdata->offidx[pt->sigid - 1]] = curroff + pt->length; |
|
| 450 |
+ mdata->offidx[pt->sigid - 1]++; |
|
| 451 |
+ } |
|
| 444 | 452 |
} |
| 445 | 453 |
|
| 446 | 454 |
} else if(mdata->partcnt[pt->sigid - 1] + 2 == pt->partno) {
|
| ... | ... |
@@ -23,6 +23,7 @@ |
| 23 | 23 |
#include "clamav.h" |
| 24 | 24 |
#include "matcher.h" |
| 25 | 25 |
#include "filetypes.h" |
| 26 |
+#include "cltypes.h" |
|
| 26 | 27 |
|
| 27 | 28 |
#define AC_DEFAULT_DEPTH 2 |
| 28 | 29 |
#define AC_DEFAULT_TRACKLEN 8 |
| ... | ... |
@@ -31,7 +32,8 @@ struct cli_ac_data {
|
| 31 | 31 |
unsigned int partsigs; |
| 32 | 32 |
unsigned int *partcnt; |
| 33 | 33 |
unsigned int **partoff; |
| 34 |
- unsigned int *offcnt; |
|
| 34 |
+ uint8_t *offcnt; |
|
| 35 |
+ uint8_t *offidx; |
|
| 35 | 36 |
int *maxshift; |
| 36 | 37 |
}; |
| 37 | 38 |
|