@@ -110,20 +110,15 @@ static	char	const	rcsid[] = "$Id: binhex.c,v 1.23 2007/02/12 20:46:08 njh Exp $"

 #include "fmap.h"

 int

-cli_binhex(const char *dir, int desc)

+cli_binhex(const char *dir, struct F_MAP *map)

 {

-	struct stat statb;

 	char *buf, *start, *line;

 	size_t size;

 	long bytesleft;

 	message *m;

 	fileblob *fb;

-	struct F_MAP *map;

-	if(fstat(desc, &statb) < 0)

-		return CL_EOPEN;

-

-	size = (size_t)statb.st_size;

+	size = (size_t)map->len;

 	if(size == 0)

 		return CL_CLEAN;

@@ -131,10 +126,6 @@ cli_binhex(const char *dir, int desc)

 	m = messageCreate();

 	if(m == NULL)

 		return CL_EMEM;

-	if(!(map = fmap(desc, 0, size))) {

-		messageDestroy(m);

-		return CL_EMAP;

-	}

 	start = buf = fmap_need_off_once(map, 0, size);

 	if(!buf) {

@@ -181,7 +172,6 @@ cli_binhex(const char *dir, int desc)

 		buf = ++ptr;

 		bytesleft--;

 	}

-	fmunmap(map);

 	if(line)

 		free(line);

@@ -33,6 +33,6 @@

 #ifndef __BINHEX_H

 #define __BINHEX_H

-int	cli_binhex(const char *dir, int desc);

+int cli_binhex(const char *dir, struct F_MAP *map);

 #endif

@@ -600,7 +600,7 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli

 	    }

 	    if(ctx->engine->md5_hdb)

-		cli_md5_update(&md5ctx, buff + maxpatlen * (offset!=0), bytes);

+		cli_md5_update(&md5ctx, buff + maxpatlen * (offset!=0), bytes - maxpatlen * (offset!=0));

 	}

 	if(bytes < SCANBUFF) break;

@@ -70,7 +70,7 @@ static	const	char	*pdf_nextlinestart(const char *ptr, size_t len);

 static	const	char	*pdf_nextobject(const char *ptr, size_t len);

 int

-cli_pdf(const char *dir, int desc, cli_ctx *ctx, off_t offset)

+cli_pdf(const char *dir, cli_ctx *ctx, off_t offset)

 {

 	off_t size;	/* total number of bytes in the file */

 	off_t bytesleft, trailerlength;

@@ -81,27 +81,16 @@ cli_pdf(const char *dir, int desc, cli_ctx *ctx, off_t offset)

 	table_t *md5table;

 	int printed_predictor_message, printed_embedded_font_message, rc;

 	unsigned int files;

-	struct stat statb;

-	struct F_MAP *map;

+	struct F_MAP *map = *ctx->fmap;

 	int opt_failed = 0;

 	cli_dbgmsg("in cli_pdf(%s)\n", dir);

-	if(fstat(desc, &statb) < 0) {

-		cli_errmsg("cli_pdf: fstat() failed\n");

-		return CL_EOPEN;

-	}

-

-	size = statb.st_size - offset;

+	size = map->len - offset;

 	if(size <= 7)	/* doesn't even include the file header */

 		return CL_CLEAN;

-	if(!(map = fmap(desc, offset, size))) {

-	    cli_errmsg("cli_pdf: mmap() failed\n");

-	    return CL_EMAP;

-	}

-	

 	p = buf = fmap_need_off(map, 0, size); /* FIXME: really port to fmap */

 	if(!buf) {

 		cli_errmsg("cli_pdf: mmap() failed\n");

@@ -123,7 +112,6 @@ cli_pdf(const char *dir, int desc, cli_ctx *ctx, off_t offset)

 	}

 	if(!bytesleft) {

-	    fmunmap(map);

 	    cli_dbgmsg("cli_pdf: file header not found\n");

 	    return CL_CLEAN;

 	}

@@ -134,7 +122,6 @@ cli_pdf(const char *dir, int desc, cli_ctx *ctx, off_t offset)

 			break;

 	if(q <= p) {

-		fmunmap(map);

 		cli_dbgmsg("cli_pdf: trailer not found\n");

 		return CL_CLEAN;

 	}

@@ -153,7 +140,6 @@ cli_pdf(const char *dir, int desc, cli_ctx *ctx, off_t offset)

 		 * http://www.cs.cmu.edu/~dst/Adobe/Gallery/anon21jul01-pdf-encryption.txt

 		 * http://www.adobe.com/devnet/pdf/

 		 */

-		fmunmap(map);

 		cli_dbgmsg("cli_pdf: Encrypted PDF files not yet supported\n");

 		return CL_CLEAN;

 	}

@@ -176,7 +162,6 @@ cli_pdf(const char *dir, int desc, cli_ctx *ctx, off_t offset)

 				break;

 	if(xrefstart == p) {

-		fmunmap(map);

 		cli_dbgmsg("cli_pdf: xref not found\n");

 		return CL_CLEAN;

 	}

@@ -555,7 +540,6 @@ cli_pdf(const char *dir, int desc, cli_ctx *ctx, off_t offset)

 		if(rc != CL_CLEAN) break;

 	}

-	fmunmap(map);

 	tableDestroy(md5table);

@@ -22,6 +22,6 @@

 #include "others.h"

-int cli_pdf(const char *dir, int desc, cli_ctx *ctx, off_t offset);

+int cli_pdf(const char *dir, cli_ctx *ctx, off_t offset);

 #endif

@@ -1205,7 +1205,7 @@ static int cli_scantar(int desc, cli_ctx *ctx, unsigned int posix)

     return ret;

 }

-static int cli_scanbinhex(int desc, cli_ctx *ctx)

+static int cli_scanbinhex(cli_ctx *ctx)

 {

 	char *dir;

 	int ret = CL_CLEAN;

@@ -1223,7 +1223,7 @@ static int cli_scanbinhex(int desc, cli_ctx *ctx)

 	return CL_ETMPDIR;

     }

-    if((ret = cli_binhex(dir, desc)))

+    if((ret = cli_binhex(dir, *ctx->fmap)))

 	cli_dbgmsg("Binhex: %s\n", cl_strerror(ret));

     else

 	ret = cli_scandir(dir, ctx);

@@ -1434,7 +1434,7 @@ static int cli_scancryptff(int desc, cli_ctx *ctx)

     return ret;

 }

-static int cli_scanpdf(int desc, cli_ctx *ctx, off_t offset)

+static int cli_scanpdf(cli_ctx *ctx, off_t offset)

 {

 	int ret;

 	char *dir = cli_gentemp(ctx->engine->tmpdir);

@@ -1448,7 +1448,7 @@ static int cli_scanpdf(int desc, cli_ctx *ctx, off_t offset)

 	return CL_ETMPDIR;

     }

-    ret = cli_pdf(dir, desc, ctx, offset);

+    ret = cli_pdf(dir, ctx, offset);

     if(!ctx->engine->keeptmp)

 	cli_rmdirs(dir);

@@ -1683,14 +1683,14 @@ static int cli_scanembpe(int desc, cli_ctx *ctx)

     return CL_CLEAN;

 }

-static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_file_t *dettype)

+static int cli_scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_file_t *dettype)

 {

 	int ret = CL_CLEAN, nret = CL_CLEAN;

 	struct cli_matched_type *ftoffset = NULL, *fpt;

 	uint32_t lastzip, lastrar;

 	struct cli_exe_info peinfo;

 	unsigned int acmode = AC_SCAN_VIR, break_loop = 0;

-	struct stat sb;

+	struct F_MAP *map = *ctx->fmap;

     if(ctx->engine->maxreclevel && ctx->recursion >= ctx->engine->maxreclevel)

@@ -1699,12 +1699,7 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type, uint8_t typercg,

     if(typercg)

 	acmode |= AC_SCAN_FT;

-    if(lseek(desc, 0, SEEK_SET) < 0) {

-	cli_errmsg("cli_scanraw: lseek() failed\n");

-	return CL_ESEEK;

-    }

-

-    ret = cli_scandesc(desc, ctx, type == CL_TYPE_TEXT_ASCII ? 0 : type, 0, &ftoffset, acmode);

+    ret = cli_fmap_scandesc(ctx, type == CL_TYPE_TEXT_ASCII ? 0 : type, 0, &ftoffset, acmode);

     if(ret >= CL_TYPENO) {

 	ctx->recursion++;

@@ -1728,73 +1723,72 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type, uint8_t typercg,

 			    cli_dbgmsg("RAR/RAR-SFX signature found at %u\n", (unsigned int) fpt->offset);

 			if(type != CL_TYPE_RAR && have_rar && SCAN_ARCHIVE && fpt->offset < 102400 && (DCONF_ARCH & ARCH_CONF_RAR)) {

 			    cli_dbgmsg("RAR/RAR-SFX signature found at %u\n", (unsigned int) fpt->offset);

-			    nret = cli_scanrar(desc, ctx, fpt->offset, &lastrar);

+			    nret = cli_scanrar(map->fd, ctx, fpt->offset, &lastrar);

 			}

 			break;

 		    case CL_TYPE_ZIPSFX:

 			if(type != CL_TYPE_ZIP && SCAN_ARCHIVE && fpt->offset < 102400 && (DCONF_ARCH & ARCH_CONF_ZIP)) {

 			    cli_dbgmsg("ZIP/ZIP-SFX signature found at %u\n", (unsigned int) fpt->offset);

-			    nret = cli_unzip_single(desc, ctx, fpt->offset);

+			    nret = cli_unzip_single(ctx, fpt->offset);

 			}

 			break;

 		    case CL_TYPE_CABSFX:

 			if(type != CL_TYPE_MSCAB && SCAN_ARCHIVE && fpt->offset < 102400 && (DCONF_ARCH & ARCH_CONF_CAB)) {

 			    cli_dbgmsg("CAB/CAB-SFX signature found at %u\n", (unsigned int) fpt->offset);

-			    nret = cli_scanmscab(desc, ctx, fpt->offset);

+			    nret = cli_scanmscab(map->fd, ctx, fpt->offset);

 			}

 			break;

 		    case CL_TYPE_ARJSFX:

 			if(type != CL_TYPE_ARJ && SCAN_ARCHIVE && fpt->offset < 102400 && (DCONF_ARCH & ARCH_CONF_ARJ)) {

 			    cli_dbgmsg("ARJ-SFX signature found at %u\n", (unsigned int) fpt->offset);

-			    nret = cli_scanarj(desc, ctx, fpt->offset, &lastrar);

+			    nret = cli_scanarj(map->fd, ctx, fpt->offset, &lastrar);

 			}

 			break;

 		    case CL_TYPE_NULSFT:

 		        if(SCAN_ARCHIVE && type == CL_TYPE_MSEXE && (DCONF_ARCH & ARCH_CONF_NSIS) && fpt->offset > 4) {

 			    cli_dbgmsg("NSIS signature found at %u\n", (unsigned int) fpt->offset-4);

-			    nret = cli_scannulsft(desc, ctx, fpt->offset - 4);

+			    nret = cli_scannulsft(map->fd, ctx, fpt->offset - 4);

 			}

 			break;

 		    case CL_TYPE_AUTOIT:

 		        if(SCAN_ARCHIVE && type == CL_TYPE_MSEXE && (DCONF_ARCH & ARCH_CONF_AUTOIT)) {

 			    cli_dbgmsg("AUTOIT signature found at %u\n", (unsigned int) fpt->offset);

-			    nret = cli_scanautoit(desc, ctx, fpt->offset + 23);

+			    nret = cli_scanautoit(map->fd, ctx, fpt->offset + 23);

 			}

 			break;

 		    case CL_TYPE_ISHIELD_MSI:

 		        if(SCAN_ARCHIVE && type == CL_TYPE_MSEXE && (DCONF_ARCH & ARCH_CONF_ISHIELD)) {

 			    cli_dbgmsg("ISHIELD-MSI signature found at %u\n", (unsigned int) fpt->offset);

-			    nret = cli_scanishield_msi(desc, ctx, fpt->offset + 14);

+			    nret = cli_scanishield_msi(map->fd, ctx, fpt->offset + 14);

 			}

 			break;

 		    case CL_TYPE_PDF:

 			if(type != CL_TYPE_PDF && SCAN_PDF && (DCONF_DOC & DOC_CONF_PDF)) {

 			    cli_dbgmsg("PDF signature found at %u\n", (unsigned int) fpt->offset);

-			    nret = cli_scanpdf(desc, ctx, fpt->offset);

+			    nret = cli_scanpdf(ctx, fpt->offset);

 			}

 			break;

 		    case CL_TYPE_MSEXE:

  			if(SCAN_PE && (type == CL_TYPE_MSEXE || type == CL_TYPE_ZIP || type == CL_TYPE_MSOLE2) && ctx->dconf->pe) {

-			    fstat(desc, &sb);

-			    if(sb.st_size > 10485760)

+			    if(map->len > 10485760)

 				break;

 			    memset(&peinfo, 0, sizeof(struct cli_exe_info));

 			    peinfo.offset = fpt->offset;

-			    lseek(desc, fpt->offset, SEEK_SET);

-			    if(cli_peheader(desc, &peinfo) == 0) {

+			    lseek(map->fd, fpt->offset, SEEK_SET);

+			    if(cli_peheader(map->fd, &peinfo) == 0) {

 				cli_dbgmsg("*** Detected embedded PE file at %u ***\n", (unsigned int) fpt->offset);

 				if(peinfo.section)

 				    free(peinfo.section);

-				lseek(desc, fpt->offset, SEEK_SET);

-				nret = cli_scanembpe(desc, ctx);

+				lseek(map->fd, fpt->offset, SEEK_SET);

+				nret = cli_scanembpe(map->fd, ctx);

 				break_loop = 1; /* we can stop here and other

 						 * embedded executables will

 						 * be found recursively

@@ -1819,13 +1813,13 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type, uint8_t typercg,

 	    case CL_TYPE_HTML:

 		if(SCAN_HTML && type == CL_TYPE_TEXT_ASCII && (DCONF_DOC & DOC_CONF_HTML)) {

 		    *dettype = CL_TYPE_HTML;

-		    nret = cli_scanhtml(desc, ctx);

+		    nret = cli_scanhtml(map->fd, ctx);

 		}

 		break;

 	    case CL_TYPE_MAIL:

 		if(SCAN_MAIL && type == CL_TYPE_TEXT_ASCII && (DCONF_MAIL & MAIL_CONF_MBOX))

-		    nret = cli_scanmail(desc, ctx);

+		    nret = cli_scanmail(map->fd, ctx);

 		break;

 	    default:

@@ -1842,7 +1836,7 @@ static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type, uint8_t typercg,

     }

     if(ret == CL_VIRUS)

-	cli_dbgmsg("%s found in descriptor %d\n", *ctx->virname, desc);

+	cli_dbgmsg("%s found in descriptor %d\n", *ctx->virname, map->fd);

     return ret;

 }

@@ -1912,7 +1906,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)

     lseek(desc, 0, SEEK_SET); /* FIXMEFMAP: remove ? */

     if(type != CL_TYPE_IGNORED && ctx->engine->sdb) {

-	if((ret = cli_scanraw(desc, ctx, type, 0, &dettype)) == CL_VIRUS) {

+	if((ret = cli_scanraw(ctx, type, 0, &dettype)) == CL_VIRUS) {

 	    fmunmap(*ctx->fmap);

 	    ctx->fmap--; 

 	    return CL_VIRUS;

@@ -2052,7 +2046,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)

 	case CL_TYPE_BINHEX:

 	    if(SCAN_ARCHIVE && (DCONF_ARCH & ARCH_CONF_BINHEX))

-		ret = cli_scanbinhex(desc, ctx);

+		ret = cli_scanbinhex(ctx);

 	    break;

 	case CL_TYPE_SCRENC:

@@ -2072,7 +2066,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)

         case CL_TYPE_PDF: /* FIXMELIMITS: pdf should be an archive! */

 	    if(SCAN_PDF && (DCONF_DOC & DOC_CONF_PDF))

-		ret = cli_scanpdf(desc, ctx, 0);

+		ret = cli_scanpdf(ctx, 0);

 	    break;

 	case CL_TYPE_CRYPTFF:

@@ -2134,7 +2128,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)

     /* CL_TYPE_HTML: raw HTML files are not scanned, unless safety measure activated via DCONF */

     if(type != CL_TYPE_IGNORED && (type != CL_TYPE_HTML || !(DCONF_DOC & DOC_CONF_HTML_SKIPRAW)) && !ctx->engine->sdb) {

-	if(cli_scanraw(desc, ctx, type, typercg, &dettype) == CL_VIRUS) {

+	if(cli_scanraw(ctx, type, typercg, &dettype) == CL_VIRUS) {

 	    fmunmap(*ctx->fmap);

 	    ctx->fmap--; 

 	    return CL_VIRUS;

@@ -552,20 +552,15 @@ int cli_unzip(cli_ctx *ctx) {

   return ret;

 }

-int cli_unzip_single(int f, cli_ctx *ctx, off_t lhoffl) {

+int cli_unzip_single(cli_ctx *ctx, off_t lhoffl) {

   int ret=CL_CLEAN;

   unsigned int fu=0;

-  struct stat st;

   uint32_t fsize;

-  struct F_MAP *map;

+  struct F_MAP *map = *ctx->fmap;

   cli_dbgmsg("in cli_unzip_single\n");

-  if (fstat(f, &st)==-1) {

-    cli_warnmsg("cli_unzip: fstat() failed\n");

-    return CL_ESTAT;

-  }

-  fsize = (uint32_t)(st.st_size - lhoffl);

-  if (lhoffl<0 || lhoffl>st.st_size || (sizeof(off_t)!=sizeof(uint32_t) && (off_t)fsize!=st.st_size - lhoffl)) {

+  fsize = (uint32_t)(map->len - lhoffl);

+  if (lhoffl<0 || lhoffl>map->len || (sizeof(off_t)!=sizeof(uint32_t) && (off_t)fsize!=map->len - lhoffl)) {

     cli_dbgmsg("cli_unzip: bad offset\n");

     return CL_CLEAN;

   }

@@ -574,13 +569,7 @@ int cli_unzip_single(int f, cli_ctx *ctx, off_t lhoffl) {

     return CL_CLEAN;

   }

-  if (!(map = fmap(f, 0, st.st_size))) {

-      cli_dbgmsg("cli_unzip: mmap failed\n");

-      return CL_EMAP;

-  }

-

   lhdr(map, lhoffl, fsize, &fu, 0, NULL, &ret, ctx, NULL);

-  fmunmap(map);

   return ret;

 }

@@ -27,7 +27,7 @@

 #include "others.h"

 int cli_unzip(cli_ctx *);

-int cli_unzip_single(int, cli_ctx *, off_t);

+int cli_unzip_single(cli_ctx *, off_t);

 #ifdef UNZIP_PRIVATE

 #define F_ENCR  (1<<0)