@@ -232,6 +232,8 @@ libclamav_la_SOURCES = \

 	untar.h \

 	unzip.c \

 	unzip.h \

+	ooxml.c \

+	ooxml.h \

 	inflate64.c \

 	inflate64.h \

 	inffixed64.h \

@@ -207,15 +207,15 @@ am_libclamav_la_OBJECTS = libclamav_la-matcher-ac.lo \

 	libclamav_la-aspack.lo libclamav_la-packlibs.lo \

 	libclamav_la-fsg.lo libclamav_la-mew.lo libclamav_la-upack.lo \

 	libclamav_la-line.lo libclamav_la-untar.lo \

-	libclamav_la-unzip.lo libclamav_la-inflate64.lo \

-	libclamav_la-special.lo libclamav_la-binhex.lo \

-	libclamav_la-is_tar.lo libclamav_la-tnef.lo \

-	libclamav_la-autoit.lo libclamav_la-unarj.lo \

-	libclamav_la-bzlib.lo libclamav_la-nulsft.lo \

-	libclamav_la-infblock.lo libclamav_la-pdf.lo \

-	libclamav_la-spin.lo libclamav_la-yc.lo libclamav_la-elf.lo \

-	libclamav_la-sis.lo libclamav_la-uuencode.lo \

-	libclamav_la-phishcheck.lo \

+	libclamav_la-unzip.lo libclamav_la-ooxml.lo \

+	libclamav_la-inflate64.lo libclamav_la-special.lo \

+	libclamav_la-binhex.lo libclamav_la-is_tar.lo \

+	libclamav_la-tnef.lo libclamav_la-autoit.lo \

+	libclamav_la-unarj.lo libclamav_la-bzlib.lo \

+	libclamav_la-nulsft.lo libclamav_la-infblock.lo \

+	libclamav_la-pdf.lo libclamav_la-spin.lo libclamav_la-yc.lo \

+	libclamav_la-elf.lo libclamav_la-sis.lo \

+	libclamav_la-uuencode.lo libclamav_la-phishcheck.lo \

 	libclamav_la-phish_domaincheck_db.lo \

 	libclamav_la-phish_whitelist.lo libclamav_la-regex_list.lo \

 	libclamav_la-regex_suffix.lo libclamav_la-mspack.lo \

@@ -786,45 +786,45 @@ libclamav_la_SOURCES = matcher-ac.c matcher-ac.h matcher-bm.c \

 	rebuildpe.c rebuildpe.h petite.c petite.h wwunpack.c \

 	wwunpack.h unsp.c unsp.h aspack.c aspack.h packlibs.c \

 	packlibs.h fsg.c fsg.h mew.c mew.h upack.c upack.h line.c \

-	line.h untar.c untar.h unzip.c unzip.h inflate64.c inflate64.h \

-	inffixed64.h inflate64_priv.h special.c special.h binhex.c \

-	binhex.h is_tar.c is_tar.h tnef.c tnef.h autoit.c autoit.h \

-	unarj.c unarj.h nsis/bzlib.c nsis/bzlib_private.h \

-	nsis/nsis_bzlib.h nsis/nulsft.c nsis/nulsft.h nsis/infblock.c \

-	nsis/nsis_zconf.h nsis/nsis_zlib.h nsis/nsis_zutil.h pdf.c \

-	pdf.h spin.c spin.h yc.c yc.h elf.c elf.h execs.h sis.c sis.h \

-	uuencode.c uuencode.h phishcheck.c phishcheck.h \

-	phish_domaincheck_db.c phish_domaincheck_db.h \

-	phish_whitelist.c phish_whitelist.h iana_cctld.h iana_tld.h \

-	regex_list.c regex_list.h regex_suffix.c regex_suffix.h \

-	mspack.c mspack.h cab.c cab.h entconv.c entconv.h entitylist.h \

-	encoding_aliases.h hashtab.c hashtab.h dconf.c dconf.h \

-	lzma_iface.c lzma_iface.h 7z_iface.c 7z_iface.h 7z/7z.h \

-	7z/7zAlloc.c 7z/7zAlloc.h 7z/7zBuf.c 7z/7zBuf.h 7z/7zBuf2.c \

-	7z/7zCrc.c 7z/7zCrc.h 7z/7zDec.c 7z/7zFile.c 7z/7zFile.h \

-	7z/7zIn.c 7z/7zStream.c 7z/7zVersion.h 7z/Bcj2.c 7z/Bcj2.h \

-	7z/Bra.c 7z/Bra.h 7z/Bra86.c 7z/CpuArch.h 7z/Lzma2Dec.c \

-	7z/Lzma2Dec.h 7z/LzmaDec.c 7z/LzmaDec.h 7z/Ppmd.h 7z/Ppmd7.c \

-	7z/Ppmd7.h 7z/Ppmd7Dec.c 7z/Types.h 7z/Xz.c 7z/Xz.h \

-	7z/XzCrc64.c 7z/XzCrc64.h 7z/XzDec.c 7z/XzIn.c 7z/Delta.c \

-	7z/Delta.h 7z/Alloc.h 7z/BraIA64.c 7z/CpuArch.c 7z/CpuArch.h \

-	7z/7zCrcOpt.c 7z/RotateDefs.h explode.c explode.h textnorm.c \

-	textnorm.h dlp.c dlp.h jsparse/js-norm.c jsparse/js-norm.h \

-	jsparse/lexglobal.h jsparse/textbuf.h uniq.c uniq.h version.c \

-	version.h mpool.c mpool.h filtering.h filtering.c fmap.c \

-	fmap.h perflogging.c perflogging.h default.h bytecode.c \

-	bytecode.h bytecode_vm.c bytecode_priv.h clambc.h cpio.c \

-	cpio.h macho.c macho.h ishield.c ishield.h type_desc.h \

-	bcfeatures.h bytecode_api.c bytecode_api_decl.c bytecode_api.h \

-	bytecode_api_impl.h bytecode_hooks.h cache.c cache.h \

-	bytecode_detect.c bytecode_detect.h builtin_bytecodes.h \

-	events.c events.h adc.c adc.h dmg.c dmg.h xar.c xar.h mbr.c \

-	mbr.h gpt.c gpt.h apm.c apm.h prtn_intxn.c prtn_intxn.h \

-	json_api.c json_api.h xz_iface.c xz_iface.h sf_base64decode.c \

-	sf_base64decode.h hfsplus.c hfsplus.h swf.c swf.h jpeg.c \

-	jpeg.h png.c png.h iso9660.c iso9660.h arc4.c arc4.h \

-	rijndael.c rijndael.h crtmgr.c crtmgr.h asn1.c asn1.h fpu.c \

-	fpu.h stats.c stats.h www.c www.h json.c json.h hostid.c \

+	line.h untar.c untar.h unzip.c unzip.h ooxml.c ooxml.h \

+	inflate64.c inflate64.h inffixed64.h inflate64_priv.h \

+	special.c special.h binhex.c binhex.h is_tar.c is_tar.h tnef.c \

+	tnef.h autoit.c autoit.h unarj.c unarj.h nsis/bzlib.c \

+	nsis/bzlib_private.h nsis/nsis_bzlib.h nsis/nulsft.c \

+	nsis/nulsft.h nsis/infblock.c nsis/nsis_zconf.h \

+	nsis/nsis_zlib.h nsis/nsis_zutil.h pdf.c pdf.h spin.c spin.h \

+	yc.c yc.h elf.c elf.h execs.h sis.c sis.h uuencode.c \

+	uuencode.h phishcheck.c phishcheck.h phish_domaincheck_db.c \

+	phish_domaincheck_db.h phish_whitelist.c phish_whitelist.h \

+	iana_cctld.h iana_tld.h regex_list.c regex_list.h \

+	regex_suffix.c regex_suffix.h mspack.c mspack.h cab.c cab.h \

+	entconv.c entconv.h entitylist.h encoding_aliases.h hashtab.c \

+	hashtab.h dconf.c dconf.h lzma_iface.c lzma_iface.h 7z_iface.c \

+	7z_iface.h 7z/7z.h 7z/7zAlloc.c 7z/7zAlloc.h 7z/7zBuf.c \

+	7z/7zBuf.h 7z/7zBuf2.c 7z/7zCrc.c 7z/7zCrc.h 7z/7zDec.c \

+	7z/7zFile.c 7z/7zFile.h 7z/7zIn.c 7z/7zStream.c 7z/7zVersion.h \

+	7z/Bcj2.c 7z/Bcj2.h 7z/Bra.c 7z/Bra.h 7z/Bra86.c 7z/CpuArch.h \

+	7z/Lzma2Dec.c 7z/Lzma2Dec.h 7z/LzmaDec.c 7z/LzmaDec.h \

+	7z/Ppmd.h 7z/Ppmd7.c 7z/Ppmd7.h 7z/Ppmd7Dec.c 7z/Types.h \

+	7z/Xz.c 7z/Xz.h 7z/XzCrc64.c 7z/XzCrc64.h 7z/XzDec.c 7z/XzIn.c \

+	7z/Delta.c 7z/Delta.h 7z/Alloc.h 7z/BraIA64.c 7z/CpuArch.c \

+	7z/CpuArch.h 7z/7zCrcOpt.c 7z/RotateDefs.h explode.c explode.h \

+	textnorm.c textnorm.h dlp.c dlp.h jsparse/js-norm.c \

+	jsparse/js-norm.h jsparse/lexglobal.h jsparse/textbuf.h uniq.c \

+	uniq.h version.c version.h mpool.c mpool.h filtering.h \

+	filtering.c fmap.c fmap.h perflogging.c perflogging.h \

+	default.h bytecode.c bytecode.h bytecode_vm.c bytecode_priv.h \

+	clambc.h cpio.c cpio.h macho.c macho.h ishield.c ishield.h \

+	type_desc.h bcfeatures.h bytecode_api.c bytecode_api_decl.c \

+	bytecode_api.h bytecode_api_impl.h bytecode_hooks.h cache.c \

+	cache.h bytecode_detect.c bytecode_detect.h \

+	builtin_bytecodes.h events.c events.h adc.c adc.h dmg.c dmg.h \

+	xar.c xar.h mbr.c mbr.h gpt.c gpt.h apm.c apm.h prtn_intxn.c \

+	prtn_intxn.h json_api.c json_api.h xz_iface.c xz_iface.h \

+	sf_base64decode.c sf_base64decode.h hfsplus.c hfsplus.h swf.c \

+	swf.h jpeg.c jpeg.h png.c png.h iso9660.c iso9660.h arc4.c \

+	arc4.h rijndael.c rijndael.h crtmgr.c crtmgr.h asn1.c asn1.h \

+	fpu.c fpu.h stats.c stats.h www.c www.h json.c json.h hostid.c \

 	hostid.h openioc.c openioc.h bignum.h bignum_fast.h \

 	tomsfastmath/addsub/fp_add.c tomsfastmath/addsub/fp_add_d.c \

 	tomsfastmath/addsub/fp_addmod.c tomsfastmath/addsub/fp_cmp.c \

@@ -1179,6 +1179,7 @@ distclean-compile:

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-mspack.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-nulsft.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-ole2_extract.Plo@am__quote@

+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-ooxml.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-openioc.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-others.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-packlibs.Plo@am__quote@

@@ -1525,6 +1526,13 @@ libclamav_la-unzip.lo: unzip.c

 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@

 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-unzip.lo `test -f 'unzip.c' || echo '$(srcdir)/'`unzip.c

+libclamav_la-ooxml.lo: ooxml.c

+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-ooxml.lo -MD -MP -MF $(DEPDIR)/libclamav_la-ooxml.Tpo -c -o libclamav_la-ooxml.lo `test -f 'ooxml.c' || echo '$(srcdir)/'`ooxml.c

+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_la-ooxml.Tpo $(DEPDIR)/libclamav_la-ooxml.Plo

+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='ooxml.c' object='libclamav_la-ooxml.lo' libtool=yes @AMDEPBACKSLASH@

+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@

+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-ooxml.lo `test -f 'ooxml.c' || echo '$(srcdir)/'`ooxml.c

+

 libclamav_la-inflate64.lo: inflate64.c

 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-inflate64.lo -MD -MP -MF $(DEPDIR)/libclamav_la-inflate64.Tpo -c -o libclamav_la-inflate64.lo `test -f 'inflate64.c' || echo '$(srcdir)/'`inflate64.c

 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_la-inflate64.Tpo $(DEPDIR)/libclamav_la-inflate64.Plo

new file mode 100644

@@ -0,0 +1,313 @@

+/*

+ * OOXML JSON Internals

+ * 

+ * Copyright (C) 2014 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

+ * 

+ * Authors: Kevin Lin

+ * 

+ * This program is free software; you can redistribute it and/or modify it under

+ * the terms of the GNU General Public License version 2 as published by the

+ * Free Software Foundation.

+ * 

+ * This program is distributed in the hope that it will be useful, but WITHOUT

+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for

+ * more details.

+ * 

+ * You should have received a copy of the GNU General Public License along with

+ * this program; if not, write to the Free Software Foundation, Inc., 51

+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

+ */

+

+#if HAVE_CONFIG_H

+#include "clamav-config.h"

+#endif

+

+#include <openssl/ssl.h>

+#include <openssl/err.h>

+#include "libclamav/crypto.h"

+

+#include "cltypes.h"

+#include "others.h"

+#include "unzip.h"

+#include "json_api.h"

+

+#if HAVE_LIBXML2

+#ifdef _WIN32

+#ifndef LIBXML_WRITER_ENABLED

+#define LIBXML_WRITER_ENABLED 1

+#endif

+#endif

+#include <libxml/xmlreader.h>

+#endif

+

+#define OOXML_JSON_RECLEVEL 16

+#define OOXML_JSON_RECLEVEL_MAX 32

+

+static int ooxml_is_int(const char *value, size_t len, int32_t *val2)

+{

+    long val3;

+    char *endptr = NULL;

+

+    val3 = strtol(value, &endptr, 10);

+    if (endptr != value+len) {

+        return 0;

+    }

+

+    *val2 = (int32_t)(val3 & 0x0000ffff);

+

+    return 1;

+}

+

+static int ooxml_basic_json(int fd, cli_ctx *ctx, const char *key)

+{

+#if HAVE_LIBXML2

+#if HAVE_JSON

+    const xmlChar *stack[OOXML_JSON_RECLEVEL];

+    json_object *summary, *wrkptr;

+    int type, rlvl = 0, ret = CL_SUCCESS;

+    int32_t val2;

+    const xmlChar *name, *value;

+    xmlTextReaderPtr reader = NULL;

+

+    cli_dbgmsg("in ooxml_basic_json\n");

+

+    reader = xmlReaderForFd(fd, "properties.xml", NULL, 0);

+    if (reader == NULL) {

+        cli_dbgmsg("ooxml_basic_json: xmlReaderForFd error for %s\n", key);

+        return CL_SUCCESS; // libxml2 failed!

+    }

+

+    summary = json_object_new_object();

+    if (NULL == summary) {

+        cli_errmsg("ooxml_basic_json: no memory for json object.\n");

+        ret = CL_EFORMAT;

+        goto ooxml_basic_exit;

+    }

+

+    while (xmlTextReaderRead(reader) == 1) {

+        name = xmlTextReaderConstLocalName(reader);

+        value = xmlTextReaderConstValue(reader);

+        type = xmlTextReaderNodeType(reader);

+

+        cli_dbgmsg("%s [%i]: %s\n", name, type, value);

+

+        switch (type) {

+        case XML_READER_TYPE_ELEMENT:

+            stack[rlvl] = name;

+            rlvl++;

+            break;

+        case XML_READER_TYPE_TEXT:

+            {

+                wrkptr = summary;

+                if (rlvl > 2) { /* 0 is root xml object */

+                    int i;

+                    for (i = 1; i < rlvl-1; ++i) {

+                        json_object *newptr = json_object_object_get(wrkptr, stack[i]);

+                        if (!newptr) {

+                            newptr = json_object_new_object();

+                            if (NULL == newptr) {

+                                cli_errmsg("ooxml_basic_json: no memory for json object.\n");

+                                ret = CL_EMEM;

+                                goto ooxml_basic_exit;

+                            }

+                            json_object_object_add(wrkptr, stack[i], newptr);

+                        }

+                        else {

+                            /* object already exists */

+                            if (!json_object_is_type(newptr, json_type_object)) {

+                                cli_warnmsg("ooxml_content_cb: json object already exists as not an object\n");

+                                ret = CL_EFORMAT;

+                                goto ooxml_basic_exit;

+                            } 

+                        }

+                        wrkptr = newptr;

+                        cli_dbgmsg("stack %d: %s\n", i, stack[i]);

+                    }

+                }

+                

+                if (ooxml_is_int(value, xmlStrlen(value), &val2)) {

+                    ret = cli_jsonint(wrkptr, stack[rlvl-1], val2);

+                }

+                else if (!xmlStrcmp(value, "true")) {

+                    ret = cli_jsonbool(wrkptr, stack[rlvl-1], 1);

+                }

+                else if (!xmlStrcmp(value, "false")) {

+                    ret = cli_jsonbool(wrkptr, stack[rlvl-1], 0);

+                }

+                else {

+                    ret = cli_jsonstr(wrkptr, stack[rlvl-1], value);

+                }

+

+                if (ret != CL_SUCCESS)

+                    goto ooxml_basic_exit;

+            }

+            break;

+        case XML_READER_TYPE_END_ELEMENT:

+            rlvl--;

+            break;

+        default:

+            cli_dbgmsg("ooxml_content_cb: unhandled xml node %s [%i]: %s\n", name, type, value);

+            ret = CL_EFORMAT;

+            goto ooxml_basic_exit;

+        }

+    }

+

+    json_object_object_add(ctx->wrkproperty, key, summary);

+

+    if (rlvl != 0) {

+        cli_warnmsg("ooxml_basic_json: office property file has unbalanced tags\n");

+        /* FAIL */

+    }

+

+ ooxml_basic_exit:

+    xmlTextReaderClose(reader);

+    xmlFreeTextReader(reader);

+#else

+    cli_dbgmsg("ooxml_basic_json: libjson needs to enabled!\n");

+#endif

+#else

+    cli_dbgmsg("ooxml_basic_json: libxml2 needs to enabled!\n");

+#endif

+    return ret;

+}

+

+static int ooxml_core_cb(int fd, cli_ctx *ctx)

+{

+    cli_dbgmsg("in ooxml_core_cb\n");

+    return ooxml_basic_json(fd, ctx, "CoreProperties");

+}

+

+static int ooxml_extn_cb(int fd, cli_ctx *ctx)

+{

+    cli_dbgmsg("in ooxml_extn_cb\n");

+    return ooxml_basic_json(fd, ctx, "ExtendedProperties");

+}

+

+static int ooxml_content_cb(int fd, cli_ctx *ctx)

+{

+#if HAVE_LIBXML2

+    int ret = CL_SUCCESS;

+    int core=0, extn=0, cust=0;

+    const xmlChar *name, *value, *CT, *PN;

+    xmlTextReaderPtr reader = NULL;

+    uint32_t loff;

+

+    cli_dbgmsg("in ooxml_content_cb\n");

+

+    reader = xmlReaderForFd(fd, "[Content_Types].xml", NULL, 0);

+    if (reader == NULL) {

+        cli_dbgmsg("ooxml_content_cb: xmlReaderForFd error for ""[Content_Types].xml""\n");

+        return CL_SUCCESS; // libxml2 failed!

+    }

+

+    /* locate core-properties, extended-properties, and custom-properties (optional)  */

+    while (xmlTextReaderRead(reader) == 1) {

+        name = xmlTextReaderConstLocalName(reader);

+        if (name == NULL) continue;

+

+        if (strcmp(name, "Override")) continue;

+

+        if (!xmlTextReaderHasAttributes(reader)) continue;

+

+        CT = NULL; PN = NULL;

+        while (xmlTextReaderMoveToNextAttribute(reader) == 1) {

+            name = xmlTextReaderConstLocalName(reader);

+            value = xmlTextReaderConstValue(reader);

+            if (name == NULL || value == NULL) continue;

+

+            if (!xmlStrcmp(name, "ContentType")) {

+                CT = value;

+            }

+            else if (!xmlStrcmp(name, "PartName")) {

+                PN = value;

+            }

+

+            cli_dbgmsg("%s: %s\n", name, value);

+        }

+

+        if (!CT && !PN) continue;

+

+        if (!core && !xmlStrcmp(CT, "application/vnd.openxmlformats-package.core-properties+xml")) {

+            /* default: /docProps/core.xml*/

+            if (unzip_search(ctx, PN+1, xmlStrlen(PN)-1, &loff) != CL_VIRUS) {

+                cli_dbgmsg("cli_process_ooxml: failed to find core properties file \"%s\"!\n", PN);

+            }

+            else {

+                cli_dbgmsg("ooxml_content_cb: found core properties file \"%s\" @ %x\n", PN, loff);

+                ret = unzip_single_internal(ctx, loff, ooxml_core_cb);

+            }

+            core = 1;

+        }

+        else if (!extn && !xmlStrcmp(CT, "application/vnd.openxmlformats-officedocument.extended-properties+xml")) {

+            /* default: /docProps/app.xml */

+            if (unzip_search(ctx, PN+1, xmlStrlen(PN)-1, &loff) != CL_VIRUS) {

+                cli_dbgmsg("cli_process_ooxml: failed to find extended properties file \"%s\"!\n", PN);

+            }

+            else {

+                cli_dbgmsg("ooxml_content_cb: found extended properties file \"%s\" @ %x\n", PN, loff);

+                ret = unzip_single_internal(ctx, loff, ooxml_extn_cb);

+            }

+            extn = 1;

+        }

+        else if (!cust && !xmlStrcmp(CT, "application/vnd.openxmlformats-officedocument.custom-properties+xml")) {

+            /* default: /docProps/custom.xml */

+            if (unzip_search(ctx, PN+1, xmlStrlen(PN)-1, &loff) != CL_VIRUS) {

+                cli_dbgmsg("cli_process_ooxml: failed to find custom properties file \"%s\"!\n", PN);

+            }

+            else {

+                cli_dbgmsg("ooxml_content_cb: found custom properties file \"%s\" @ %x\n", PN, loff);

+                /* custom properties ignored for now */

+                //ret = unzip_single_internal(ctx, loff, ooxml_cust_cb);

+            }

+            cust = 1;

+        }

+

+        if (ret != CL_SUCCESS)

+            goto ooxml_content_exit;

+    }

+

+    if (!core) {

+        cli_dbgmsg("cli_process_ooxml: file does not contain core properties file\n");

+    }

+    if (!extn) {

+        cli_dbgmsg("cli_process_ooxml: file does not contain extended properties file\n");

+    }

+    if (!cust) {

+        cli_dbgmsg("cli_process_ooxml: file does not contain custom properties file\n");

+    }

+

+ ooxml_content_exit:

+    xmlTextReaderClose(reader);

+    xmlFreeTextReader(reader);

+    return ret;

+#else

+    cli_dbgmsg("ooxml_content_cb: libxml2 needs to enabled!");

+    return CL_SUCCESS;

+#endif

+}

+

+int cli_process_ooxml(cli_ctx *ctx)

+{

+#if HAVE_LIBXML2

+    uint32_t loff = 0;

+

+    cli_dbgmsg("in cli_processooxml\n");

+    if (!ctx) {

+        return CL_ENULLARG;

+    }

+

+    /* find "[Content Types].xml" */

+    if (unzip_search(ctx, "[Content_Types].xml", 18, &loff) != CL_VIRUS) {

+        cli_dbgmsg("cli_process_ooxml: failed to find ""[Content_Types].xml""!\n");

+        return CL_EFORMAT;

+    }

+    cli_dbgmsg("cli_process_ooxml: found ""[Content_Types].xml"" @ %x\n", loff);

+

+    return unzip_single_internal(ctx, loff, ooxml_content_cb);

+#else

+    cli_dbgmsg("in cli_processooxml\n");

+    cli_dbgmsg("cli_process_ooxml: libxml2 needs to enabled!");

+    return CL_SUCCESS;

+#endif

+}

new file mode 100644

@@ -0,0 +1,31 @@

+/*

+ *  Copyright (C) 2014 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

+ *

+ *  Authors: Kevin Lin

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License version 2 as

+ *  published by the Free Software Foundation.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program; if not, write to the Free Software

+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

+ *  MA 02110-1301, USA.

+ */

+

+#ifndef __OOXML_H__

+#define __OOXML_H__

+

+#if HAVE_CONFIG_H

+#include "clamav-config.h"

+#endif

+

+#include "others.h"

+int cli_process_ooxml(cli_ctx *);

+

+#endif

@@ -591,7 +591,6 @@ int cli_unzip_single(cli_ctx *ctx, off_t lhoffl) {

     return unzip_single_internal(ctx, lhoffl, zip_scan_cb);

 }

-/* re-factored zip processing */

 int unzip_search(cli_ctx *ctx, const char *name, size_t nlen, uint32_t *loff)

 {

     unsigned int fc = 0;

@@ -654,284 +653,3 @@ int unzip_search(cli_ctx *ctx, const char *name, size_t nlen, uint32_t *loff)

     return ret;

 }

-/* -------------------- */

-#if HAVE_LIBXML2

-#ifdef _WIN32

-#ifndef LIBXML_WRITER_ENABLED

-#define LIBXML_WRITER_ENABLED 1

-#endif

-#endif

-#include <libxml/xmlreader.h>

-#endif

-#include "json_api.h"

-

-#define OOXML_JSON_RECLEVEL 16

-#define OOXML_JSON_RECLEVEL_MAX 32

-

-static int ooxml_is_int(const char *value, size_t len, int32_t *val2)

-{

-    long val3;

-    char *endptr = NULL;

-

-    val3 = strtol(value, &endptr, 10);

-    if (endptr != value+len) {

-        return 0;

-    }

-

-    *val2 = (int32_t)(val3 & 0x0000ffff);

-

-    return 1;

-}

-

-static int ooxml_basic_json(int fd, cli_ctx *ctx, const char *key)

-{

-#if HAVE_LIBXML2

-#if HAVE_JSON

-    const xmlChar *stack[OOXML_JSON_RECLEVEL];

-    json_object *summary, *wrkptr;

-    int type, rlvl = 0, ret = CL_SUCCESS;

-    int32_t val2;

-    const xmlChar *name, *value;

-    xmlTextReaderPtr reader = NULL;

-

-    cli_dbgmsg("in ooxml_basic_json\n");

-

-    reader = xmlReaderForFd(fd, "properties.xml", NULL, 0);

-    if (reader == NULL) {

-        cli_dbgmsg("ooxml_basic_json: xmlReaderForFd error for %s\n", key);

-        return CL_SUCCESS; // libxml2 failed!

-    }

-

-    summary = json_object_new_object();

-    if (NULL == summary) {

-        cli_errmsg("ooxml_basic_json: no memory for json object.\n");

-        ret = CL_EFORMAT;

-        goto ooxml_basic_exit;

-    }

-

-    while (xmlTextReaderRead(reader) == 1) {

-        name = xmlTextReaderConstLocalName(reader);

-        value = xmlTextReaderConstValue(reader);

-        type = xmlTextReaderNodeType(reader);

-

-        cli_dbgmsg("%s [%i]: %s\n", name, type, value);

-

-        switch (type) {

-        case XML_READER_TYPE_ELEMENT:

-            stack[rlvl] = name;

-            rlvl++;

-            break;

-        case XML_READER_TYPE_TEXT:

-            {

-                wrkptr = summary;

-                if (rlvl > 2) { /* 0 is root xml object */

-                    int i;

-                    for (i = 1; i < rlvl-1; ++i) {

-                        json_object *newptr = json_object_object_get(wrkptr, stack[i]);

-                        if (!newptr) {

-                            newptr = json_object_new_object();

-                            if (NULL == newptr) {

-                                cli_errmsg("ooxml_basic_json: no memory for json object.\n");

-                                ret = CL_EMEM;

-                                goto ooxml_basic_exit;

-                            }

-                            json_object_object_add(wrkptr, stack[i], newptr);

-                        }

-                        else {

-                            /* object already exists */

-                            if (!json_object_is_type(newptr, json_type_object)) {

-                                cli_warnmsg("ooxml_content_cb: json object already exists as not an object\n");

-                                ret = CL_EFORMAT;

-                                goto ooxml_basic_exit;

-                            } 

-                        }

-                        wrkptr = newptr;

-                        cli_dbgmsg("stack %d: %s\n", i, stack[i]);

-                    }

-                }

-                

-                if (ooxml_is_int(value, xmlStrlen(value), &val2)) {

-                    ret = cli_jsonint(wrkptr, stack[rlvl-1], val2);

-                }

-                else if (!xmlStrcmp(value, "true")) {

-                    ret = cli_jsonbool(wrkptr, stack[rlvl-1], 1);

-                }

-                else if (!xmlStrcmp(value, "false")) {

-                    ret = cli_jsonbool(wrkptr, stack[rlvl-1], 0);

-                }

-                else {

-                    ret = cli_jsonstr(wrkptr, stack[rlvl-1], value);

-                }

-

-                if (ret != CL_SUCCESS)

-                    goto ooxml_basic_exit;

-            }

-            break;

-        case XML_READER_TYPE_END_ELEMENT:

-            rlvl--;

-            break;

-        default:

-            cli_dbgmsg("ooxml_content_cb: unhandled xml node %s [%i]: %s\n", name, type, value);

-            ret = CL_EFORMAT;

-            goto ooxml_basic_exit;

-        }

-    }

-

-    json_object_object_add(ctx->wrkproperty, key, summary);

-

-    if (rlvl != 0) {

-        cli_warnmsg("ooxml_basic_json: office property file has unbalanced tags\n");

-        /* FAIL */

-    }

-

- ooxml_basic_exit:

-    xmlTextReaderClose(reader);

-    xmlFreeTextReader(reader);

-#else

-    cli_dbgmsg("ooxml_basic_json: libjson needs to enabled!\n");

-#endif

-#else

-    cli_dbgmsg("ooxml_basic_json: libxml2 needs to enabled!\n");

-#endif

-    return ret;

-}

-

-static int ooxml_core_cb(int fd, cli_ctx *ctx)

-{

-    cli_dbgmsg("in ooxml_core_cb\n");

-    return ooxml_basic_json(fd, ctx, "CoreProperties");

-}

-

-static int ooxml_extn_cb(int fd, cli_ctx *ctx)

-{

-    cli_dbgmsg("in ooxml_extn_cb\n");

-    return ooxml_basic_json(fd, ctx, "ExtendedProperties");

-}

-

-static int ooxml_content_cb(int fd, cli_ctx *ctx)

-{

-#if HAVE_LIBXML2

-    int ret = CL_SUCCESS;

-    int core=0, extn=0, cust=0;

-    const xmlChar *name, *value, *CT, *PN;

-    xmlTextReaderPtr reader = NULL;

-    uint32_t loff;

-

-    cli_dbgmsg("in ooxml_content_cb\n");

-

-    reader = xmlReaderForFd(fd, "[Content_Types].xml", NULL, 0);

-    if (reader == NULL) {

-        cli_dbgmsg("ooxml_content_cb: xmlReaderForFd error for ""[Content_Types].xml""\n");

-        return CL_SUCCESS; // libxml2 failed!

-    }

-

-    /* locate core-properties, extended-properties, and custom-properties (optional)  */

-    while (xmlTextReaderRead(reader) == 1) {

-        name = xmlTextReaderConstLocalName(reader);

-        if (name == NULL) continue;

-

-        if (strcmp(name, "Override")) continue;

-

-        if (!xmlTextReaderHasAttributes(reader)) continue;

-

-        CT = NULL; PN = NULL;

-        while (xmlTextReaderMoveToNextAttribute(reader) == 1) {

-            name = xmlTextReaderConstLocalName(reader);

-            value = xmlTextReaderConstValue(reader);

-            if (name == NULL || value == NULL) continue;

-

-            if (!xmlStrcmp(name, "ContentType")) {

-                CT = value;

-            }

-            else if (!xmlStrcmp(name, "PartName")) {

-                PN = value;

-            }

-

-            cli_dbgmsg("%s: %s\n", name, value);

-        }

-

-        if (!CT && !PN) continue;

-

-        if (!core && !xmlStrcmp(CT, "application/vnd.openxmlformats-package.core-properties+xml")) {

-            /* default: /docProps/core.xml*/

-            if (unzip_search(ctx, PN+1, xmlStrlen(PN)-1, &loff) != CL_VIRUS) {

-                cli_dbgmsg("cli_process_ooxml: failed to find core properties file \"%s\"!\n", PN);

-            }

-            else {

-                cli_dbgmsg("ooxml_content_cb: found core properties file \"%s\" @ %x\n", PN, loff);

-                ret = unzip_single_internal(ctx, loff, ooxml_core_cb);

-            }

-            core = 1;

-        }

-        else if (!extn && !xmlStrcmp(CT, "application/vnd.openxmlformats-officedocument.extended-properties+xml")) {

-            /* default: /docProps/app.xml */

-            if (unzip_search(ctx, PN+1, xmlStrlen(PN)-1, &loff) != CL_VIRUS) {

-                cli_dbgmsg("cli_process_ooxml: failed to find extended properties file \"%s\"!\n", PN);

-            }

-            else {

-                cli_dbgmsg("ooxml_content_cb: found extended properties file \"%s\" @ %x\n", PN, loff);

-                ret = unzip_single_internal(ctx, loff, ooxml_extn_cb);

-            }

-            extn = 1;

-        }

-        else if (!cust && !xmlStrcmp(CT, "application/vnd.openxmlformats-officedocument.custom-properties+xml")) {

-            /* default: /docProps/custom.xml */

-            if (unzip_search(ctx, PN+1, xmlStrlen(PN)-1, &loff) != CL_VIRUS) {

-                cli_dbgmsg("cli_process_ooxml: failed to find custom properties file \"%s\"!\n", PN);

-            }

-            else {

-                cli_dbgmsg("ooxml_content_cb: found custom properties file \"%s\" @ %x\n", PN, loff);

-                /* custom properties ignored for now */

-                //ret = unzip_single_internal(ctx, loff, ooxml_cust_cb);

-            }

-            cust = 1;

-        }

-

-        if (ret != CL_SUCCESS)

-            goto ooxml_content_exit;

-    }

-

-    if (!core) {

-        cli_dbgmsg("cli_process_ooxml: file does not contain core properties file\n");

-    }

-    if (!extn) {

-        cli_dbgmsg("cli_process_ooxml: file does not contain extended properties file\n");

-    }

-    if (!cust) {

-        cli_dbgmsg("cli_process_ooxml: file does not contain custom properties file\n");

-    }

-

- ooxml_content_exit:

-    xmlTextReaderClose(reader);

-    xmlFreeTextReader(reader);

-    return ret;

-#else

-    cli_dbgmsg("ooxml_content_cb: libxml2 needs to enabled!");

-    return CL_SUCCESS;

-#endif

-}

-

-int cli_process_ooxml(cli_ctx *ctx)

-{

-#if HAVE_LIBXML2

-    uint32_t loff = 0;

-

-    cli_dbgmsg("in cli_processooxml\n");

-    if (!ctx) {

-        return CL_ENULLARG;

-    }

-

-    /* find "[Content Types].xml" */

-    if (unzip_search(ctx, "[Content_Types].xml", 18, &loff) != CL_VIRUS) {

-        cli_dbgmsg("cli_process_ooxml: failed to find ""[Content_Types].xml""!\n");

-        return CL_EFORMAT;

-    }

-    cli_dbgmsg("cli_process_ooxml: found ""[Content_Types].xml"" @ %x\n", loff);

-

-    return unzip_single_internal(ctx, loff, ooxml_content_cb);

-#else

-    cli_dbgmsg("in cli_processooxml\n");

-    cli_dbgmsg("cli_process_ooxml: libxml2 needs to enabled!");

-    return CL_SUCCESS;

-#endif

-}

@@ -33,7 +33,6 @@ int cli_unzip(cli_ctx *);

 int cli_unzip_single_internal(cli_ctx *, off_t, zip_cb);

 int cli_unzip_single(cli_ctx *, off_t);

 int unzip_search(cli_ctx *, const char *, size_t, uint32_t *);

-int cli_process_ooxml(cli_ctx *);

 #ifdef UNZIP_PRIVATE

 #define F_ENCR  (1<<0)

@@ -364,6 +364,7 @@

     <ClCompile Include="..\libclamav\nsis\infblock.c" />

     <ClCompile Include="..\libclamav\nsis\nulsft.c" />

     <ClCompile Include="..\libclamav\ole2_extract.c" />

+    <ClCompile Include="..\libclamav\ooxml.c" />

     <ClCompile Include="..\libclamav\others.c" />

     <ClCompile Include="..\libclamav\others_common.c" />

     <ClCompile Include="..\libclamav\packlibs.c" />

@@ -201,6 +201,9 @@

     <ClCompile Include="..\libclamav\ole2_extract.c">

       <Filter>Source Files</Filter>

     </ClCompile>

+    <ClCompile Include="..\libclamav\ooxml.c">

+      <Filter>Source Files</Filter>

+    </ClCompile>

     <ClCompile Include="..\libclamav\others.c">

       <Filter>Source Files</Filter>

     </ClCompile>