... | ... |
@@ -57,16 +57,13 @@ |
57 | 57 |
* @param options additional options for pattern matching, stored as a bitmask |
58 | 58 |
* |
59 | 59 |
*/ |
60 |
-int cli_bcomp_addpatt(struct cli_matcher *root, const char *virname, const char *hexsig, const char *offset, const uint32_t *lsigid, unsigned int options) { |
|
61 |
- |
|
62 |
- if (!hexsig || !(*hexsig) || !root) |
|
63 |
- return CL_ENULLARG; |
|
60 |
+cl_error_t cli_bcomp_addpatt(struct cli_matcher *root, const char *virname, const char *hexsig, const uint32_t *lsigid, unsigned int options) { |
|
64 | 61 |
|
65 | 62 |
size_t len = 0; |
66 | 63 |
const char *buf_start = NULL; |
67 | 64 |
const char *buf_end = NULL; |
68 | 65 |
char *buf = NULL; |
69 |
- const char *tokens[3]; |
|
66 |
+ const char *tokens[4]; |
|
70 | 67 |
size_t toks = 0; |
71 | 68 |
int16_t ref_subsigid = -1; |
72 | 69 |
int64_t offset_param = 0; |
... | ... |
@@ -74,6 +71,10 @@ int cli_bcomp_addpatt(struct cli_matcher *root, const char *virname, const char |
74 | 74 |
uint32_t comp_val = 0; |
75 | 75 |
char *hexcpy = NULL; |
76 | 76 |
|
77 |
+ if (!hexsig || !(*hexsig) || !root || !virname) { |
|
78 |
+ return CL_ENULLARG; |
|
79 |
+ } |
|
80 |
+ |
|
77 | 81 |
/* we'll be using these to help the root matcher struct keep track of each loaded byte compare pattern */ |
78 | 82 |
struct cli_bcomp_meta **newmetatable; |
79 | 83 |
uint32_t bcomp_count = 0; |
... | ... |
@@ -149,6 +150,7 @@ int cli_bcomp_addpatt(struct cli_matcher *root, const char *virname, const char |
149 | 149 |
cli_bcomp_freemeta(root, bcomp); |
150 | 150 |
return CL_EMALFDB; |
151 | 151 |
} |
152 |
+ tokens[3] = NULL; |
|
152 | 153 |
|
153 | 154 |
/* since null termination is super guaranteed thanks to strndup and cli_strokenize, we can use strtol to grab the |
154 | 155 |
* offset params. this has the added benefit of letting us parse hex values too */ |
... | ... |
@@ -315,7 +317,7 @@ int cli_bcomp_addpatt(struct cli_matcher *root, const char *virname, const char |
315 | 315 |
* @param ctx the clamav context struct |
316 | 316 |
* |
317 | 317 |
*/ |
318 |
-int cli_bcomp_scanbuf(fmap_t *map, const char **virname, struct cli_ac_result **res, const struct cli_matcher *root, struct cli_ac_data *mdata, cli_ctx *ctx) { |
|
318 |
+cl_error_t cli_bcomp_scanbuf(fmap_t *map, const char **virname, struct cli_ac_result **res, const struct cli_matcher *root, struct cli_ac_data *mdata, cli_ctx *ctx) { |
|
319 | 319 |
|
320 | 320 |
int64_t i = 0, rc = 0, ret = CL_SUCCESS; |
321 | 321 |
uint32_t lsigid, ref_subsigid; |
... | ... |
@@ -370,7 +372,7 @@ int cli_bcomp_scanbuf(fmap_t *map, const char **virname, struct cli_ac_result ** |
370 | 370 |
} |
371 | 371 |
|
372 | 372 |
/* now we have all the pieces of the puzzle, so lets do our byte compare check */ |
373 |
- ret = cli_bcmp_compare_check(map, offset, bcomp); |
|
373 |
+ ret = cli_bcomp_compare_check(map, offset, bcomp); |
|
374 | 374 |
|
375 | 375 |
/* set and append our lsig's virus name if the comparison came back positive */ |
376 | 376 |
if (CL_VIRUS == ret) { |
... | ... |
@@ -402,21 +404,25 @@ int cli_bcomp_scanbuf(fmap_t *map, const char **virname, struct cli_ac_result ** |
402 | 402 |
* @param bm the byte comparison meta data struct, contains all the other info needed to do the comparison |
403 | 403 |
* |
404 | 404 |
*/ |
405 |
-int cli_bcmp_compare_check(fmap_t *map, int offset, struct cli_bcomp_meta *bm) |
|
405 |
+cl_error_t cli_bcomp_compare_check(fmap_t *map, int offset, struct cli_bcomp_meta *bm) |
|
406 | 406 |
{ |
407 |
- if (!map || !bm) { |
|
408 |
- bcm_dbgmsg("bcmp_compare_check: a param is null\n"); |
|
409 |
- return CL_ENULLARG; |
|
410 |
- } |
|
411 | 407 |
|
412 |
- const uint32_t byte_len = bm->byte_len; |
|
413 |
- uint32_t length = map->len; |
|
408 |
+ uint32_t byte_len = 0; |
|
409 |
+ uint32_t length = 0; |
|
414 | 410 |
const unsigned char *buffer = NULL; |
415 | 411 |
unsigned char *conversion_buf = NULL; |
416 | 412 |
char opt = (char) bm->options; |
417 | 413 |
uint32_t value = 0; |
418 | 414 |
const unsigned char* end_buf = NULL; |
419 | 415 |
|
416 |
+ if (!map || !bm) { |
|
417 |
+ bcm_dbgmsg("bcmp_compare_check: a param is null\n"); |
|
418 |
+ return CL_ENULLARG; |
|
419 |
+ } |
|
420 |
+ |
|
421 |
+ byte_len = bm->byte_len; |
|
422 |
+ length = map->len; |
|
423 |
+ |
|
420 | 424 |
/* ensure we won't run off the end of the file buffer */ |
421 | 425 |
if (bm->offset > 0) { |
422 | 426 |
if (!((offset + bm->offset + byte_len <= length))) { |
... | ... |
@@ -443,7 +449,7 @@ int cli_bcmp_compare_check(fmap_t *map, int offset, struct cli_bcomp_meta *bm) |
443 | 443 |
switch(opt) { |
444 | 444 |
/*hl*/ |
445 | 445 |
case CLI_BCOMP_HEX | CLI_BCOMP_LE: |
446 |
- value = cli_strntoul(buffer, byte_len, (char**) &end_buf, 16); |
|
446 |
+ value = cli_strntoul((char*) buffer, byte_len, (char**) &end_buf, 16); |
|
447 | 447 |
if (value < 0 || NULL == end_buf || buffer+byte_len != end_buf) { |
448 | 448 |
bcm_dbgmsg("bcmp_compare_check: little endian hex conversion unsuccessful\n"); |
449 | 449 |
return CL_CLEAN; |
... | ... |
@@ -454,7 +460,7 @@ int cli_bcmp_compare_check(fmap_t *map, int offset, struct cli_bcomp_meta *bm) |
454 | 454 |
|
455 | 455 |
/*hb*/ |
456 | 456 |
case CLI_BCOMP_HEX | CLI_BCOMP_BE: |
457 |
- value = cli_strntoul(buffer, byte_len, (char**) &end_buf, 16); |
|
457 |
+ value = cli_strntoul((char*) buffer, byte_len, (char**) &end_buf, 16); |
|
458 | 458 |
if (value < 0 || NULL == end_buf || buffer+byte_len != end_buf) { |
459 | 459 |
|
460 | 460 |
bcm_dbgmsg("bcmp_compare_check: big endian hex conversion unsuccessful\n"); |
... | ... |
@@ -466,7 +472,7 @@ int cli_bcmp_compare_check(fmap_t *map, int offset, struct cli_bcomp_meta *bm) |
466 | 466 |
|
467 | 467 |
/*dl*/ |
468 | 468 |
case CLI_BCOMP_DEC | CLI_BCOMP_LE: |
469 |
- value = cli_strntoul(buffer, byte_len, (char**) &end_buf, 10); |
|
469 |
+ value = cli_strntoul((char*) buffer, byte_len, (char**) &end_buf, 10); |
|
470 | 470 |
if (value < 0 || NULL == end_buf || buffer+byte_len != end_buf) { |
471 | 471 |
|
472 | 472 |
bcm_dbgmsg("bcmp_compare_check: little endian decimal conversion unsuccessful\n"); |
... | ... |
@@ -478,7 +484,7 @@ int cli_bcmp_compare_check(fmap_t *map, int offset, struct cli_bcomp_meta *bm) |
478 | 478 |
|
479 | 479 |
/*db*/ |
480 | 480 |
case CLI_BCOMP_DEC | CLI_BCOMP_BE: |
481 |
- value = cli_strntoul(buffer, byte_len, (char**) &end_buf, 10); |
|
481 |
+ value = cli_strntoul((char*) buffer, byte_len, (char**) &end_buf, 10); |
|
482 | 482 |
if (value < 0 || NULL == end_buf || buffer+byte_len != end_buf) { |
483 | 483 |
|
484 | 484 |
bcm_dbgmsg("bcmp_compare_check: big endian decimal conversion unsuccessful\n"); |
... | ... |
@@ -535,7 +541,7 @@ int cli_bcmp_compare_check(fmap_t *map, int offset, struct cli_bcomp_meta *bm) |
535 | 535 |
*/ |
536 | 536 |
void cli_bcomp_freemeta(struct cli_matcher *root, struct cli_bcomp_meta *bm) { |
537 | 537 |
|
538 |
- if(!bm) { |
|
538 |
+ if(!root || !bm) { |
|
539 | 539 |
return; |
540 | 540 |
} |
541 | 541 |
|
... | ... |
@@ -50,9 +50,9 @@ struct cli_bcomp_meta { |
50 | 50 |
uint32_t comp_value; |
51 | 51 |
}; |
52 | 52 |
|
53 |
-int cli_bcomp_addpatt(struct cli_matcher *root, const char *virname, const char* hexsig, const char *offset, const uint32_t *lsigid, unsigned int options); |
|
54 |
-int cli_pcre_bcmp_compare_check(fmap_t *map, int offset, struct cli_bcomp_meta *bm); |
|
53 |
+cl_error_t cli_bcomp_addpatt(struct cli_matcher *root, const char *virname, const char* hexsig, const uint32_t *lsigid, unsigned int options); |
|
54 |
+cl_error_t cli_bcomp_scanbuf(fmap_t *map, const char **virname, struct cli_ac_result **res, const struct cli_matcher *root, struct cli_ac_data *mdata, cli_ctx *ctx); |
|
55 |
+cl_error_t cli_bcomp_compare_check(fmap_t *map, int offset, struct cli_bcomp_meta *bm); |
|
55 | 56 |
void cli_bcomp_freemeta(struct cli_matcher *root, struct cli_bcomp_meta *bm); |
56 |
-int cli_bcomp_scanbuf(fmap_t *map, const char **virname, struct cli_ac_result **res, const struct cli_matcher *root, struct cli_ac_data *mdata, cli_ctx *ctx); |
|
57 | 57 |
|
58 | 58 |
#endif |
... | ... |
@@ -599,7 +599,7 @@ int cli_parse_add(struct cli_matcher *root, const char *virname, const char *hex |
599 | 599 |
} else if((start = strchr(hexsig, '(')) && (mid = strchr(hexsig, '#')) && (end = strrchr(hexsig, '#')) && mid != end) { |
600 | 600 |
|
601 | 601 |
/* format seems to match byte_compare */ |
602 |
- if ( ret = cli_bcomp_addpatt(root, virname, hexsig, offset, lsigid, options) ) { |
|
602 |
+ if ( ret = cli_bcomp_addpatt(root, virname, hexsig, lsigid, options) ) { |
|
603 | 603 |
cli_errmsg("cli_parse_add(): Problem adding signature (2b).\n"); |
604 | 604 |
return ret; |
605 | 605 |
} |