... | ... |
@@ -1,4 +1,4 @@ |
1 |
-# Makefile.in generated by automake 1.11.6 from Makefile.am. |
|
1 |
+# Makefile.in generated by automake 1.11.3 from Makefile.am. |
|
2 | 2 |
# @configure_input@ |
3 | 3 |
|
4 | 4 |
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, |
... | ... |
@@ -36,23 +36,6 @@ |
36 | 36 |
|
37 | 37 |
|
38 | 38 |
VPATH = @srcdir@ |
39 |
-am__make_dryrun = \ |
|
40 |
- { \ |
|
41 |
- am__dry=no; \ |
|
42 |
- case $$MAKEFLAGS in \ |
|
43 |
- *\\[\ \ ]*) \ |
|
44 |
- echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ |
|
45 |
- | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ |
|
46 |
- *) \ |
|
47 |
- for am__flg in $$MAKEFLAGS; do \ |
|
48 |
- case $$am__flg in \ |
|
49 |
- *=*|--*) ;; \ |
|
50 |
- *n*) am__dry=yes; break;; \ |
|
51 |
- esac; \ |
|
52 |
- done;; \ |
|
53 |
- esac; \ |
|
54 |
- test $$am__dry = yes; \ |
|
55 |
- } |
|
56 | 39 |
pkgdatadir = $(datadir)/@PACKAGE@ |
57 | 40 |
pkgincludedir = $(includedir)/@PACKAGE@ |
58 | 41 |
pkglibdir = $(libdir)/@PACKAGE@ |
... | ... |
@@ -251,13 +234,14 @@ am_libclamav_la_OBJECTS = libclamav_la-matcher-ac.lo \ |
251 | 251 |
libclamav_la-rijndael.lo libclamav_la-crtmgr.lo \ |
252 | 252 |
libclamav_la-asn1.lo libclamav_la-fpu.lo libclamav_la-stats.lo \ |
253 | 253 |
libclamav_la-www.lo libclamav_la-json.lo \ |
254 |
- libclamav_la-hostid.lo libclamav_la-fp_add.lo \ |
|
255 |
- libclamav_la-fp_add_d.lo libclamav_la-fp_addmod.lo \ |
|
256 |
- libclamav_la-fp_cmp.lo libclamav_la-fp_cmp_d.lo \ |
|
257 |
- libclamav_la-fp_cmp_mag.lo libclamav_la-fp_sub.lo \ |
|
258 |
- libclamav_la-fp_sub_d.lo libclamav_la-fp_submod.lo \ |
|
259 |
- libclamav_la-s_fp_add.lo libclamav_la-s_fp_sub.lo \ |
|
260 |
- libclamav_la-fp_radix_size.lo libclamav_la-fp_read_radix.lo \ |
|
254 |
+ libclamav_la-hostid.lo libclamav_la-openioc.lo \ |
|
255 |
+ libclamav_la-fp_add.lo libclamav_la-fp_add_d.lo \ |
|
256 |
+ libclamav_la-fp_addmod.lo libclamav_la-fp_cmp.lo \ |
|
257 |
+ libclamav_la-fp_cmp_d.lo libclamav_la-fp_cmp_mag.lo \ |
|
258 |
+ libclamav_la-fp_sub.lo libclamav_la-fp_sub_d.lo \ |
|
259 |
+ libclamav_la-fp_submod.lo libclamav_la-s_fp_add.lo \ |
|
260 |
+ libclamav_la-s_fp_sub.lo libclamav_la-fp_radix_size.lo \ |
|
261 |
+ libclamav_la-fp_read_radix.lo \ |
|
261 | 262 |
libclamav_la-fp_read_signed_bin.lo \ |
262 | 263 |
libclamav_la-fp_read_unsigned_bin.lo \ |
263 | 264 |
libclamav_la-fp_reverse.lo libclamav_la-fp_s_rmap.lo \ |
... | ... |
@@ -426,11 +410,6 @@ RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ |
426 | 426 |
install-pdf-recursive install-ps-recursive install-recursive \ |
427 | 427 |
installcheck-recursive installdirs-recursive pdf-recursive \ |
428 | 428 |
ps-recursive uninstall-recursive |
429 |
-am__can_run_installinfo = \ |
|
430 |
- case $$AM_UPDATE_INFO_DIR in \ |
|
431 |
- n|no|NO) false;; \ |
|
432 |
- *) (install-info --version) >/dev/null 2>&1;; \ |
|
433 |
- esac |
|
434 | 429 |
HEADERS = $(include_HEADERS) |
435 | 430 |
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ |
436 | 431 |
distclean-recursive maintainer-clean-recursive |
... | ... |
@@ -806,8 +785,8 @@ libclamav_la_SOURCES = matcher-ac.c matcher-ac.h matcher-bm.c \ |
806 | 806 |
hfsplus.c hfsplus.h swf.c swf.h jpeg.c jpeg.h png.c png.h \ |
807 | 807 |
iso9660.c iso9660.h arc4.c arc4.h rijndael.c rijndael.h \ |
808 | 808 |
crtmgr.c crtmgr.h asn1.c asn1.h fpu.c fpu.h stats.c stats.h \ |
809 |
- www.c www.h json.c json.h hostid.c hostid.h bignum.h \ |
|
810 |
- bignum_fast.h tomsfastmath/addsub/fp_add.c \ |
|
809 |
+ www.c www.h json.c json.h hostid.c hostid.h openioc.c \ |
|
810 |
+ openioc.h bignum.h bignum_fast.h tomsfastmath/addsub/fp_add.c \ |
|
811 | 811 |
tomsfastmath/addsub/fp_add_d.c tomsfastmath/addsub/fp_addmod.c \ |
812 | 812 |
tomsfastmath/addsub/fp_cmp.c tomsfastmath/addsub/fp_cmp_d.c \ |
813 | 813 |
tomsfastmath/addsub/fp_cmp_mag.c tomsfastmath/addsub/fp_sub.c \ |
... | ... |
@@ -913,6 +892,7 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) |
913 | 913 |
$(am__aclocal_m4_deps): |
914 | 914 |
install-libLTLIBRARIES: $(lib_LTLIBRARIES) |
915 | 915 |
@$(NORMAL_INSTALL) |
916 |
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" |
|
916 | 917 |
@list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ |
917 | 918 |
list2=; for p in $$list; do \ |
918 | 919 |
if test -f $$p; then \ |
... | ... |
@@ -920,8 +900,6 @@ install-libLTLIBRARIES: $(lib_LTLIBRARIES) |
920 | 920 |
else :; fi; \ |
921 | 921 |
done; \ |
922 | 922 |
test -z "$$list2" || { \ |
923 |
- echo " $(MKDIR_P) '$(DESTDIR)$(libdir)'"; \ |
|
924 |
- $(MKDIR_P) "$(DESTDIR)$(libdir)" || exit 1; \ |
|
925 | 923 |
echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ |
926 | 924 |
$(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ |
927 | 925 |
} |
... | ... |
@@ -1160,6 +1138,7 @@ distclean-compile: |
1160 | 1160 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-mspack.Plo@am__quote@ |
1161 | 1161 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-nulsft.Plo@am__quote@ |
1162 | 1162 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-ole2_extract.Plo@am__quote@ |
1163 |
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-openioc.Plo@am__quote@ |
|
1163 | 1164 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-others.Plo@am__quote@ |
1164 | 1165 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-packlibs.Plo@am__quote@ |
1165 | 1166 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-pdf.Plo@am__quote@ |
... | ... |
@@ -2162,6 +2141,13 @@ libclamav_la-hostid.lo: hostid.c |
2162 | 2162 |
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ |
2163 | 2163 |
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-hostid.lo `test -f 'hostid.c' || echo '$(srcdir)/'`hostid.c |
2164 | 2164 |
|
2165 |
+libclamav_la-openioc.lo: openioc.c |
|
2166 |
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-openioc.lo -MD -MP -MF $(DEPDIR)/libclamav_la-openioc.Tpo -c -o libclamav_la-openioc.lo `test -f 'openioc.c' || echo '$(srcdir)/'`openioc.c |
|
2167 |
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_la-openioc.Tpo $(DEPDIR)/libclamav_la-openioc.Plo |
|
2168 |
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='openioc.c' object='libclamav_la-openioc.lo' libtool=yes @AMDEPBACKSLASH@ |
|
2169 |
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ |
|
2170 |
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-openioc.lo `test -f 'openioc.c' || echo '$(srcdir)/'`openioc.c |
|
2171 |
+ |
|
2165 | 2172 |
libclamav_la-fp_add.lo: tomsfastmath/addsub/fp_add.c |
2166 | 2173 |
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-fp_add.lo -MD -MP -MF $(DEPDIR)/libclamav_la-fp_add.Tpo -c -o libclamav_la-fp_add.lo `test -f 'tomsfastmath/addsub/fp_add.c' || echo '$(srcdir)/'`tomsfastmath/addsub/fp_add.c |
2167 | 2174 |
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_la-fp_add.Tpo $(DEPDIR)/libclamav_la-fp_add.Plo |
... | ... |
@@ -2953,11 +2939,8 @@ clean-libtool: |
2953 | 2953 |
-rm -rf .libs _libs |
2954 | 2954 |
install-includeHEADERS: $(include_HEADERS) |
2955 | 2955 |
@$(NORMAL_INSTALL) |
2956 |
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" |
|
2956 | 2957 |
@list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ |
2957 |
- if test -n "$$list"; then \ |
|
2958 |
- echo " $(MKDIR_P) '$(DESTDIR)$(includedir)'"; \ |
|
2959 |
- $(MKDIR_P) "$(DESTDIR)$(includedir)" || exit 1; \ |
|
2960 |
- fi; \ |
|
2961 | 2958 |
for p in $$list; do \ |
2962 | 2959 |
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ |
2963 | 2960 |
echo "$$d$$p"; \ |
... | ... |
@@ -3140,10 +3123,13 @@ distdir: $(DISTFILES) |
3140 | 3140 |
done |
3141 | 3141 |
@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ |
3142 | 3142 |
if test "$$subdir" = .; then :; else \ |
3143 |
- $(am__make_dryrun) \ |
|
3144 |
- || test -d "$(distdir)/$$subdir" \ |
|
3145 |
- || $(MKDIR_P) "$(distdir)/$$subdir" \ |
|
3146 |
- || exit 1; \ |
|
3143 |
+ test -d "$(distdir)/$$subdir" \ |
|
3144 |
+ || $(MKDIR_P) "$(distdir)/$$subdir" \ |
|
3145 |
+ || exit 1; \ |
|
3146 |
+ fi; \ |
|
3147 |
+ done |
|
3148 |
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ |
|
3149 |
+ if test "$$subdir" = .; then :; else \ |
|
3147 | 3150 |
dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ |
3148 | 3151 |
$(am__relativize); \ |
3149 | 3152 |
new_distdir=$$reldir; \ |
3150 | 3153 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,288 @@ |
0 |
+/* |
|
1 |
+ * Copyright (C) 2014 Cisco Systems, Inc. |
|
2 |
+ * |
|
3 |
+ * Authors: Steven Morgan <smorgan@sourcefire.com> |
|
4 |
+ * |
|
5 |
+ * This program is free software; you can redistribute it and/or modify |
|
6 |
+ * it under the terms of the GNU General Public License version 2 as |
|
7 |
+ * published by the Free Software Foundation. |
|
8 |
+ * |
|
9 |
+ * This program is distributed in the hope that it will be useful, |
|
10 |
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
11 |
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
12 |
+ * GNU General Public License for more details. |
|
13 |
+ * |
|
14 |
+ * You should have received a copy of the GNU General Public License |
|
15 |
+ * along with this program; if not, write to the Free Software |
|
16 |
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, |
|
17 |
+ * MA 02110-1301, USA. |
|
18 |
+ */ |
|
19 |
+ |
|
20 |
+#if HAVE_CONFIG_H |
|
21 |
+#include "clamav-config.h" |
|
22 |
+#endif |
|
23 |
+#include <stdio.h> |
|
24 |
+#include <stdlib.h> |
|
25 |
+#include <dirent.h> |
|
26 |
+#include <errno.h> |
|
27 |
+#include <string.h> |
|
28 |
+ |
|
29 |
+#if HAVE_LIBXML2 |
|
30 |
+#ifdef _WIN32 |
|
31 |
+#ifndef LIBXML_WRITER_ENABLED |
|
32 |
+#define LIBXML_WRITER_ENABLED 1 |
|
33 |
+#endif |
|
34 |
+#endif |
|
35 |
+#include <libxml/xmlreader.h> |
|
36 |
+#endif |
|
37 |
+ |
|
38 |
+#include <openssl/ssl.h> |
|
39 |
+#include <openssl/err.h> |
|
40 |
+ |
|
41 |
+#include "libclamav/crypto.h" |
|
42 |
+#include "others.h" |
|
43 |
+#include "openioc.h" |
|
44 |
+ |
|
45 |
+struct openioc_hash { |
|
46 |
+ unsigned char * hash; |
|
47 |
+ void * next; |
|
48 |
+}; |
|
49 |
+ |
|
50 |
+static const xmlChar * openioc_read(xmlTextReaderPtr reader) |
|
51 |
+{ |
|
52 |
+ const xmlChar * name; |
|
53 |
+ if (xmlTextReaderRead(reader) != 1) |
|
54 |
+ return NULL; |
|
55 |
+ name = xmlTextReaderConstLocalName(reader); |
|
56 |
+ if (name != NULL) { |
|
57 |
+ cli_dbgmsg("cli_openioc: xmlTextReaderRead read %s%s\n", name, |
|
58 |
+ xmlTextReaderNodeType(reader) == XML_READER_TYPE_END_ELEMENT?" end tag":""); |
|
59 |
+ } |
|
60 |
+ return name; |
|
61 |
+} |
|
62 |
+ |
|
63 |
+static int openioc_parse_content(xmlTextReaderPtr reader, struct openioc_hash ** elems) |
|
64 |
+{ |
|
65 |
+ xmlChar * type = xmlTextReaderGetAttribute(reader, (const xmlChar *)"type"); |
|
66 |
+ const xmlChar * xmlval; |
|
67 |
+ struct openioc_hash * elem; |
|
68 |
+ int rc = CL_SUCCESS; |
|
69 |
+ |
|
70 |
+ if (type == NULL) { |
|
71 |
+ cli_dbgmsg("cli_openioc: xmlTextReaderGetAttribute no type attribute " |
|
72 |
+ "for <Content> element\n"); |
|
73 |
+ return rc; |
|
74 |
+ } else { |
|
75 |
+ if (xmlStrcasecmp(type, (const xmlChar *)"sha1") && |
|
76 |
+ xmlStrcasecmp(type, (const xmlChar *)"sha256") && |
|
77 |
+ xmlStrcasecmp(type, (const xmlChar *)"md5")) { |
|
78 |
+ xmlFree(type); |
|
79 |
+ return rc; |
|
80 |
+ } |
|
81 |
+ } |
|
82 |
+ xmlFree(type); |
|
83 |
+ |
|
84 |
+ if (xmlTextReaderRead(reader) == 1 && xmlTextReaderNodeType(reader) == XML_READER_TYPE_TEXT) { |
|
85 |
+ xmlval = xmlTextReaderConstValue(reader); |
|
86 |
+ if (xmlval) { |
|
87 |
+ elem = cli_calloc(1, sizeof(struct openioc_hash)); |
|
88 |
+ if (NULL == elem) { |
|
89 |
+ cli_dbgmsg("cli_openioc: calloc fails for openioc_hash.\n"); |
|
90 |
+ return CL_EMEM; |
|
91 |
+ } |
|
92 |
+ elem->hash = xmlStrdup(xmlval); |
|
93 |
+ elem->next = *elems; |
|
94 |
+ *elems = elem; |
|
95 |
+ } else { |
|
96 |
+ cli_dbgmsg("cli_openioc: xmlTextReaderConstValue() returns NULL for Content md5 value.\n"); |
|
97 |
+ } |
|
98 |
+ } |
|
99 |
+ else { |
|
100 |
+ cli_dbgmsg("cli_openioc: No text for XML Content element.\n"); |
|
101 |
+ } |
|
102 |
+ return rc; |
|
103 |
+} |
|
104 |
+ |
|
105 |
+static int openioc_parse_indicatoritem(xmlTextReaderPtr reader, struct openioc_hash ** elems) |
|
106 |
+{ |
|
107 |
+ const xmlChar * name; |
|
108 |
+ int rc = CL_SUCCESS; |
|
109 |
+ |
|
110 |
+ while (1) { |
|
111 |
+ name = openioc_read(reader); |
|
112 |
+ if (name == NULL) |
|
113 |
+ break; |
|
114 |
+ if (xmlStrEqual(name, (const xmlChar *)"Content") && |
|
115 |
+ xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { |
|
116 |
+ rc = openioc_parse_content(reader, elems); |
|
117 |
+ if (rc != CL_SUCCESS) { |
|
118 |
+ cli_dbgmsg("cli_openioc: openioc_parse_content error.\n"); |
|
119 |
+ break; |
|
120 |
+ } |
|
121 |
+ } else if (xmlStrEqual(name, (const xmlChar *)"IndicatorItem") && |
|
122 |
+ xmlTextReaderNodeType(reader) == XML_READER_TYPE_END_ELEMENT) { |
|
123 |
+ break; |
|
124 |
+ } |
|
125 |
+ } |
|
126 |
+ return rc; |
|
127 |
+} |
|
128 |
+ |
|
129 |
+static int openioc_parse_indicator(xmlTextReaderPtr reader, struct openioc_hash ** elems) |
|
130 |
+{ |
|
131 |
+ const xmlChar * name; |
|
132 |
+ int rc = CL_SUCCESS; |
|
133 |
+ |
|
134 |
+ while (1) { |
|
135 |
+ name = openioc_read(reader); |
|
136 |
+ if (name == NULL) |
|
137 |
+ return rc; |
|
138 |
+ if (xmlStrEqual(name, (const xmlChar *)"Indicator") && |
|
139 |
+ xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { |
|
140 |
+ rc = openioc_parse_indicator(reader, elems); |
|
141 |
+ if (rc != CL_SUCCESS) { |
|
142 |
+ cli_dbgmsg("cli_openioc: openioc_parse_indicator recursion error.\n"); |
|
143 |
+ break; |
|
144 |
+ } |
|
145 |
+ } else if (xmlStrEqual(name, (const xmlChar *)"IndicatorItem") && |
|
146 |
+ xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { |
|
147 |
+ rc = openioc_parse_indicatoritem(reader, elems); |
|
148 |
+ if (rc != CL_SUCCESS) { |
|
149 |
+ cli_dbgmsg("cli_openioc: openioc_parse_indicatoritem error.\n"); |
|
150 |
+ break; |
|
151 |
+ } |
|
152 |
+ } else if (xmlStrEqual(name, (const xmlChar *)"Indicator") && |
|
153 |
+ xmlTextReaderNodeType(reader) == XML_READER_TYPE_END_ELEMENT) { |
|
154 |
+ break; |
|
155 |
+ } |
|
156 |
+ } |
|
157 |
+ return rc; |
|
158 |
+} |
|
159 |
+ |
|
160 |
+int openioc_parse(const char * fname, int fd, struct cl_engine *engine) |
|
161 |
+{ |
|
162 |
+ int rc; |
|
163 |
+ xmlTextReaderPtr reader = NULL; |
|
164 |
+ const xmlChar * name; |
|
165 |
+ struct openioc_hash * elems = NULL, * elem = NULL; |
|
166 |
+ const char * iocp = NULL; |
|
167 |
+ char iocname[MAXPATHLEN] = {0}; |
|
168 |
+ uint16_t ioclen; |
|
169 |
+ char * virusname; |
|
170 |
+ |
|
171 |
+ if (fname == NULL) |
|
172 |
+ return CL_ENULLARG; |
|
173 |
+ |
|
174 |
+ if (fd < 0) |
|
175 |
+ return CL_EARG; |
|
176 |
+ |
|
177 |
+ cli_dbgmsg("cli_openioc: XML parsing file %s\n", fname); |
|
178 |
+ |
|
179 |
+ reader = xmlReaderForFd(fd, NULL, NULL, 0); |
|
180 |
+ if (reader == NULL) { |
|
181 |
+ cli_dbgmsg("cli_openioc: xmlReaderForFd error\n"); |
|
182 |
+ return CL_EOPEN; |
|
183 |
+ } |
|
184 |
+ rc = xmlTextReaderRead(reader); |
|
185 |
+ while (rc == 1) { |
|
186 |
+ name = xmlTextReaderConstLocalName(reader); |
|
187 |
+ cli_dbgmsg("cli_openioc: xmlTextReaderRead read %s\n", name); |
|
188 |
+ if (xmlStrEqual(name, (const xmlChar *)"Indicator") && |
|
189 |
+ xmlTextReaderNodeType(reader) == XML_READER_TYPE_ELEMENT) { |
|
190 |
+ rc = openioc_parse_indicator(reader, &elems); |
|
191 |
+ if (rc != CL_SUCCESS) { |
|
192 |
+ cli_dbgmsg("cli_openioc: openioc_parse_indicator error.\n"); |
|
193 |
+ return rc; |
|
194 |
+ } |
|
195 |
+ } |
|
196 |
+ if (xmlStrEqual(name, (const xmlChar *)"ioc") && |
|
197 |
+ xmlTextReaderNodeType(reader) == XML_READER_TYPE_END_ELEMENT) { |
|
198 |
+ break; |
|
199 |
+ } |
|
200 |
+ rc = xmlTextReaderRead(reader); |
|
201 |
+ } |
|
202 |
+ |
|
203 |
+ iocp = strrchr(fname, *PATHSEP); |
|
204 |
+ |
|
205 |
+ if (NULL == iocp) |
|
206 |
+ iocp = fname; |
|
207 |
+ else |
|
208 |
+ iocp++; |
|
209 |
+ |
|
210 |
+ strncpy(iocname, iocp, MAXPATHLEN-1); |
|
211 |
+ ioclen = strlen(iocname); |
|
212 |
+ |
|
213 |
+ if (elems != NULL) { |
|
214 |
+ if (NULL == engine->hm_hdb) { |
|
215 |
+ engine->hm_hdb = mpool_calloc(engine->mempool, 1, sizeof(struct cli_matcher)); |
|
216 |
+ if (NULL == engine->hm_hdb) |
|
217 |
+ return CL_EMEM; |
|
218 |
+#ifdef USE_MPOOL |
|
219 |
+ engine->hm_hdb->mempool = engine->mempool; |
|
220 |
+#endif |
|
221 |
+ } |
|
222 |
+ } |
|
223 |
+ |
|
224 |
+ while (elems != NULL) { |
|
225 |
+ char * hash, * sp, * vp; |
|
226 |
+ int i, hashlen; |
|
227 |
+ |
|
228 |
+ elem = elems; |
|
229 |
+ elems = elems->next; |
|
230 |
+ hash = elem->hash; |
|
231 |
+ while (isspace(*hash)) |
|
232 |
+ hash++; |
|
233 |
+ hashlen = strlen(hash); |
|
234 |
+ if (hashlen == 0) { |
|
235 |
+ xmlFree(elem->hash); |
|
236 |
+ free(elem); |
|
237 |
+ continue; |
|
238 |
+ } |
|
239 |
+ sp = hash+hashlen-1; |
|
240 |
+ while (isspace(*sp) && sp > hash) { |
|
241 |
+ *sp-- = '\0'; |
|
242 |
+ hashlen--; |
|
243 |
+ } |
|
244 |
+ virusname = cli_malloc(ioclen+hashlen+2); |
|
245 |
+ if (NULL == virusname) { |
|
246 |
+ cli_dbgmsg("cli_openioc: malloc virname failed.\n"); |
|
247 |
+ return CL_EMEM; |
|
248 |
+ } |
|
249 |
+ vp = virusname; |
|
250 |
+ sp = iocname; |
|
251 |
+ for (i=0; i<ioclen; i++, sp++, vp++) { |
|
252 |
+ switch (*sp) { |
|
253 |
+ case '\\': |
|
254 |
+ case '/': |
|
255 |
+ case '?': |
|
256 |
+ case '%': |
|
257 |
+ case '*': |
|
258 |
+ case ':': |
|
259 |
+ case '|': |
|
260 |
+ case '"': |
|
261 |
+ case '<': |
|
262 |
+ case '>': |
|
263 |
+ *vp = '_'; |
|
264 |
+ default: |
|
265 |
+ if (isspace(*sp)) |
|
266 |
+ *vp = '_'; |
|
267 |
+ else |
|
268 |
+ *vp = *sp; |
|
269 |
+ } |
|
270 |
+ } |
|
271 |
+ *vp++ = '.'; |
|
272 |
+ sp = hash; |
|
273 |
+ for (i=0; i<hashlen; i++, sp++) { |
|
274 |
+ if (isxdigit(*sp)) { |
|
275 |
+ *vp++ = *sp; |
|
276 |
+ } |
|
277 |
+ } |
|
278 |
+ *vp = '\0'; |
|
279 |
+ rc = hm_addhash_str(engine->hm_hdb, hash, 0, virusname); |
|
280 |
+ if (rc != CL_SUCCESS) { |
|
281 |
+ cli_dbgmsg("cli_openioc: hm_addhash_str failed with %i hash len %i for %s.\n", |
|
282 |
+ rc, hashlen, virusname); |
|
283 |
+ } |
|
284 |
+ xmlFree(elem->hash); |
|
285 |
+ free(elem); |
|
286 |
+ } |
|
287 |
+} |
0 | 288 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,26 @@ |
0 |
+/* |
|
1 |
+ * Copyright (C) 2014 Cisco Systems, Inc. |
|
2 |
+ * |
|
3 |
+ * Authors: Steven Morgan <smorgan@sourcefire.com> |
|
4 |
+ * |
|
5 |
+ * This program is free software; you can redistribute it and/or modify |
|
6 |
+ * it under the terms of the GNU General Public License version 2 as |
|
7 |
+ * published by the Free Software Foundation. |
|
8 |
+ * |
|
9 |
+ * This program is distributed in the hope that it will be useful, |
|
10 |
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
11 |
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
12 |
+ * GNU General Public License for more details. |
|
13 |
+ * |
|
14 |
+ * You should have received a copy of the GNU General Public License |
|
15 |
+ * along with this program; if not, write to the Free Software |
|
16 |
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, |
|
17 |
+ * MA 02110-1301, USA. |
|
18 |
+ */ |
|
19 |
+ |
|
20 |
+#ifndef _OPENIOC_H_ |
|
21 |
+#define _OPENIOC_H_ |
|
22 |
+ |
|
23 |
+int openioc_parse(const char * fname, int fd, struct cl_engine *engine); |
|
24 |
+ |
|
25 |
+#endif |
... | ... |
@@ -1,5 +1,5 @@ |
1 | 1 |
/* |
2 |
- * Copyright (C) 2007-2012 Sourcefire, Inc. |
|
2 |
+ * Copyright (C) 2007-2014 Cisco Systems, Inc. |
|
3 | 3 |
* |
4 | 4 |
* Authors: Tomasz Kojm |
5 | 5 |
* |
... | ... |
@@ -79,6 +79,7 @@ |
79 | 79 |
#include "bytecode_api.h" |
80 | 80 |
#include "bytecode_priv.h" |
81 | 81 |
#include "cache.h" |
82 |
+#include "openioc.h" |
|
82 | 83 |
#ifdef CL_THREAD_SAFE |
83 | 84 |
# include <pthread.h> |
84 | 85 |
static pthread_mutex_t cli_ref_mutex = PTHREAD_MUTEX_INITIALIZER; |
... | ... |
@@ -2601,6 +2602,14 @@ static int cli_loadmscat(FILE *fs, const char *dbname, struct cl_engine *engine, |
2601 | 2601 |
return 0; |
2602 | 2602 |
} |
2603 | 2603 |
|
2604 |
+static int cli_loadopenioc(FILE *fs, const char *dbname, struct cl_engine *engine) |
|
2605 |
+{ |
|
2606 |
+ int rc; |
|
2607 |
+ rc = openioc_parse(dbname, fileno(fs), engine); |
|
2608 |
+ if (rc != CL_SUCCESS) |
|
2609 |
+ return CL_EMALFDB; |
|
2610 |
+} |
|
2611 |
+ |
|
2604 | 2612 |
static int cli_loaddbdir(const char *dirname, struct cl_engine *engine, unsigned int *signo, unsigned int options); |
2605 | 2613 |
|
2606 | 2614 |
int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo, unsigned int options, struct cli_dbio *dbio) |
... | ... |
@@ -2729,6 +2738,8 @@ int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo |
2729 | 2729 |
ret = cli_loadcdb(fs, engine, signo, options, dbio); |
2730 | 2730 |
} else if(cli_strbcasestr(dbname, ".cat")) { |
2731 | 2731 |
ret = cli_loadmscat(fs, dbname, engine, options, dbio); |
2732 |
+ } else if(cli_strbcasestr(dbname, ".ioc")) { |
|
2733 |
+ ret = cli_loadopenioc(fs, dbname, engine); |
|
2732 | 2734 |
} else { |
2733 | 2735 |
cli_dbgmsg("cli_load: unknown extension - assuming old database format\n"); |
2734 | 2736 |
ret = cli_loaddb(fs, engine, signo, options, dbio, dbname); |
... | ... |
@@ -2935,7 +2946,7 @@ static int cli_loaddbdir(const char *dirname, struct cl_engine *engine, unsigned |
2935 | 2935 |
} |
2936 | 2936 |
closedir(dd); |
2937 | 2937 |
if(ret == CL_EOPEN) |
2938 |
- cli_errmsg("cli_loaddb(): No supported database files found in %s\n", dirname); |
|
2938 |
+ cli_errmsg("cli_loaddbdir(): No supported database files found in %s\n", dirname); |
|
2939 | 2939 |
|
2940 | 2940 |
return ret; |
2941 | 2941 |
} |
... | ... |
@@ -1,5 +1,5 @@ |
1 | 1 |
/* |
2 |
- * Copyright (C) 2007-2009 Sourcefire, Inc. |
|
2 |
+ * Copyright (C) 2007-2014 Cisco Systems, Inc. |
|
3 | 3 |
* |
4 | 4 |
* Authors: Tomasz Kojm |
5 | 5 |
* |
... | ... |
@@ -61,7 +61,8 @@ |
61 | 61 |
cli_strbcasestr(ext, ".cdb") || \ |
62 | 62 |
cli_strbcasestr(ext, ".cat") || \ |
63 | 63 |
cli_strbcasestr(ext, ".crb") || \ |
64 |
- cli_strbcasestr(ext, ".idb") \ |
|
64 |
+ cli_strbcasestr(ext, ".idb") || \ |
|
65 |
+ cli_strbcasestr(ext, ".ioc") \ |
|
65 | 66 |
) |
66 | 67 |
|
67 | 68 |
char *cli_virname(char *virname, unsigned int official); |