Browse code
Simplify the code, and make it work all relevant sample documents I have.
git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@411 77e5149b-7576-45b1-b177-96237e5ba77b
Trog authored on 2004/03/18 18:49:41Showing 2 changed files
| ... | ... |
@@ -1,3 +1,8 @@ |
| 1 |
+Thu Mar 18 09:56:24 GMT 2004 (trog) |
|
| 2 |
+----------------------------------- |
|
| 3 |
+ * libclamav/vba_extract.c: Simplify the code, and make it work all relevant |
|
| 4 |
+ sample documents I have. |
|
| 5 |
+ |
|
| 1 | 6 |
Wed Mar 17 19:48:56 GMT 2004 (njh) |
| 2 | 7 |
---------------------------------- |
| 3 | 8 |
* clamav-milter: upissued history to 0.70 |
| ... | ... |
@@ -195,9 +195,8 @@ static void vba56_test_middle(int fd) |
| 195 | 195 |
{
|
| 196 | 196 |
char test_middle[20]; |
| 197 | 197 |
static const uint8_t middle_str[20] = {
|
| 198 |
- 0x00, 0x00, 0xe1, 0x2e, 0x45, 0x0d, 0x8f, 0xe0, |
|
| 199 |
- 0x1a, 0x10, 0x85, 0x2e, 0x02, 0x60, 0x8c, 0x4d, |
|
| 200 |
- 0x0b, 0xb4, 0x00, 0x00 |
|
| 198 |
+ 0x00, 0x01, 0x0d, 0x45, 0x2e, 0xe1, 0xe0, 0x8f, 0x10, 0x1a, |
|
| 199 |
+ 0x85, 0x2e, 0x02, 0x60, 0x8c, 0x4d, 0x0b, 0xb4, 0x00, 0x00 |
|
| 201 | 200 |
}; |
| 202 | 201 |
|
| 203 | 202 |
if (vba_readn(fd, &test_middle, 20) != 20) {
|
| ... | ... |
@@ -205,7 +204,10 @@ static void vba56_test_middle(int fd) |
| 205 | 205 |
} |
| 206 | 206 |
|
| 207 | 207 |
if (memcmp(test_middle, middle_str, 20) != 0) {
|
| 208 |
+ cli_dbgmsg("middle not found\n");
|
|
| 208 | 209 |
lseek(fd, -20, SEEK_CUR); |
| 210 |
+ } else {
|
|
| 211 |
+ cli_dbgmsg("middle found\n");
|
|
| 209 | 212 |
} |
| 210 | 213 |
return; |
| 211 | 214 |
} |
| ... | ... |
@@ -230,6 +232,73 @@ static void vba56_test_end(int fd) |
| 230 | 230 |
return; |
| 231 | 231 |
} |
| 232 | 232 |
|
| 233 |
+int vba_read_project_strings(int fd, int is_mac) |
|
| 234 |
+{
|
|
| 235 |
+ uint16_t length; |
|
| 236 |
+ unsigned char *buff, *name; |
|
| 237 |
+ uint32_t offset; |
|
| 238 |
+ |
|
| 239 |
+ for (;;) {
|
|
| 240 |
+ if (vba_readn(fd, &length, 2) != 2) {
|
|
| 241 |
+ return FALSE; |
|
| 242 |
+ } |
|
| 243 |
+ length = vba_endian_convert_16(length, is_mac); |
|
| 244 |
+ if (length < 6) {
|
|
| 245 |
+ lseek(fd, -2, SEEK_CUR); |
|
| 246 |
+ break; |
|
| 247 |
+ } |
|
| 248 |
+ cli_dbgmsg ("length: %d, ", length);
|
|
| 249 |
+ buff = (unsigned char *) cli_malloc(length); |
|
| 250 |
+ if (!buff) {
|
|
| 251 |
+ cli_errmsg("cli_malloc failed\n");
|
|
| 252 |
+ return FALSE; |
|
| 253 |
+ } |
|
| 254 |
+ offset = lseek(fd, 0, SEEK_CUR); |
|
| 255 |
+ if (vba_readn(fd, buff, length) != length) {
|
|
| 256 |
+ cli_dbgmsg("read name failed - rewinding\n");
|
|
| 257 |
+ lseek(fd, offset, SEEK_SET); |
|
| 258 |
+ break; |
|
| 259 |
+ } |
|
| 260 |
+ name = get_unicode_name(buff, length, is_mac); |
|
| 261 |
+ cli_dbgmsg("name: %s\n", name);
|
|
| 262 |
+ free(buff); |
|
| 263 |
+ |
|
| 264 |
+ /* Ignore twelve bytes from entries of type 'G'. |
|
| 265 |
+ Type 'C' entries come in pairs, the second also |
|
| 266 |
+ having a 12 byte trailer */ |
|
| 267 |
+ /* TODO: Need to check if types H(same as G) and D(same as C) exist */ |
|
| 268 |
+ if (!strncmp ("*\\G", name, 3) || !strncmp ("*\\H", name, 3)
|
|
| 269 |
+ || !strncmp("*\\C", name, 3) || !strncmp("*\\D", name, 3)) {
|
|
| 270 |
+ if (vba_readn(fd, &length, 2) != 2) {
|
|
| 271 |
+ return FALSE; |
|
| 272 |
+ } |
|
| 273 |
+ length = vba_endian_convert_16(length, is_mac); |
|
| 274 |
+ if (length != 0) {
|
|
| 275 |
+ lseek(fd, -2, SEEK_CUR); |
|
| 276 |
+ continue; |
|
| 277 |
+ } |
|
| 278 |
+ buff = (unsigned char *) cli_malloc(10); |
|
| 279 |
+ if (vba_readn(fd, buff, 10) != 10) {
|
|
| 280 |
+ cli_errmsg("failed to read blob\n");
|
|
| 281 |
+ free(buff); |
|
| 282 |
+ free(name); |
|
| 283 |
+ close(fd); |
|
| 284 |
+ return FALSE; |
|
| 285 |
+ } |
|
| 286 |
+ free(buff); |
|
| 287 |
+ } else {
|
|
| 288 |
+ /* Unknown type - probably ran out of strings - rewind */ |
|
| 289 |
+ lseek(fd, -(length+2), SEEK_CUR); |
|
| 290 |
+ free(name); |
|
| 291 |
+ break; |
|
| 292 |
+ } |
|
| 293 |
+ free(name); |
|
| 294 |
+ offset = lseek(fd, 0, SEEK_CUR); |
|
| 295 |
+ cli_dbgmsg("offset: %d\n", offset);
|
|
| 296 |
+ vba56_test_middle(fd); |
|
| 297 |
+ } |
|
| 298 |
+ return TRUE; |
|
| 299 |
+} |
|
| 233 | 300 |
|
| 234 | 301 |
vba_project_t *vba56_dir_read(const char *dir) |
| 235 | 302 |
{
|
| ... | ... |
@@ -362,130 +431,12 @@ vba_project_t *vba56_dir_read(const char *dir) |
| 362 | 362 |
cli_dbgmsg(" LenB: %d\n LenC: %d\n LenD: %d\n", LenB, LenC, LenD);
|
| 363 | 363 |
|
| 364 | 364 |
record_count = LenC; |
| 365 |
- /*******************************************/ |
|
| 366 |
- |
|
| 367 |
- /* REPLACED THIS CODE WITH THE CODE ABOVE */ |
|
| 368 |
- /* read the rest of the header. most of this is unknown */ |
|
| 369 |
-/* buff = (char *) cli_malloc(24); |
|
| 370 |
- if (!buff || vba_readn(fd, buff, 24) != 24) {
|
|
| 371 |
- close(fd); |
|
| 372 |
- return NULL; |
|
| 373 |
- } |
|
| 374 |
- free(buff); |
|
| 375 | 365 |
|
| 376 |
- if (vba_readn(fd, &record_count, 2) != 2) {
|
|
| 366 |
+ if (!vba_read_project_strings(fd, is_mac)) {
|
|
| 377 | 367 |
close(fd); |
| 378 | 368 |
return NULL; |
| 379 | 369 |
} |
| 380 |
- cli_dbgmsg("Record count: %d\n", record_count); */
|
|
| 381 |
- /* read two bytes and throw them away */ |
|
| 382 |
-/* if (vba_readn(fd, &length, 2) != 2) {
|
|
| 383 |
- close(fd); |
|
| 384 |
- return NULL; |
|
| 385 |
- }*/ |
|
| 386 |
- |
|
| 387 |
- for (;;) {
|
|
| 388 |
- |
|
| 389 |
- if (vba_readn(fd, &length, 2) != 2) {
|
|
| 390 |
- return NULL; |
|
| 391 |
- } |
|
| 392 |
- length = vba_endian_convert_16(length, is_mac); |
|
| 393 |
- if (length < 6) {
|
|
| 394 |
- lseek(fd, -2, SEEK_CUR); |
|
| 395 |
- break; |
|
| 396 |
- } |
|
| 397 |
- cli_dbgmsg ("record: %d.%d, length: %d, ", record_count, i, length);
|
|
| 398 |
- buff = (unsigned char *) cli_malloc(length); |
|
| 399 |
- if (!buff) {
|
|
| 400 |
- cli_errmsg("cli_malloc failed\n");
|
|
| 401 |
- close(fd); |
|
| 402 |
- return NULL; |
|
| 403 |
- } |
|
| 404 |
- if (vba_readn(fd, buff, length) != length) {
|
|
| 405 |
- cli_errmsg("read name failed\n");
|
|
| 406 |
- close(fd); |
|
| 407 |
- return NULL; |
|
| 408 |
- } |
|
| 409 |
- name = get_unicode_name(buff, length, is_mac); |
|
| 410 |
- cli_dbgmsg("name: %s\n", name);
|
|
| 411 |
- free(buff); |
|
| 412 |
- |
|
| 413 |
- /* Ignore twelve bytes from entries of type 'G'. |
|
| 414 |
- Type 'C' entries come in pairs, the second also |
|
| 415 |
- having a 12 byte trailer */ |
|
| 416 |
- /* TODO: Need to check if types H(same as G) and D(same as C) exist */ |
|
| 417 |
- if (!strncmp ("*\\G", name, 3) || !strncmp ("*\\H", name, 3)) {
|
|
| 418 |
- buff = (unsigned char *) cli_malloc(12); |
|
| 419 |
- if (vba_readn(fd, buff, 12) != 12) {
|
|
| 420 |
- cli_errmsg("failed to read blob\n");
|
|
| 421 |
- free(buff); |
|
| 422 |
- free(name); |
|
| 423 |
- close(fd); |
|
| 424 |
- return NULL; |
|
| 425 |
- } |
|
| 426 |
- free(buff); |
|
| 427 |
- } else if (!strncmp("*\\C", name, 3) || !strncmp("*\\D", name, 3)) {
|
|
| 428 |
- if (i == 1) {
|
|
| 429 |
- buff = (unsigned char *) cli_malloc(12); |
|
| 430 |
- if (vba_readn(fd, buff, 12) != 12) {
|
|
| 431 |
- cli_errmsg("failed to read blob\n");
|
|
| 432 |
- free(buff); |
|
| 433 |
- free(name); |
|
| 434 |
- close(fd); |
|
| 435 |
- return NULL; |
|
| 436 |
- } |
|
| 437 |
- free(buff); |
|
| 438 |
- i = 0; |
|
| 439 |
- } else {
|
|
| 440 |
- i = 1; |
|
| 441 |
- record_count++; |
|
| 442 |
- } |
|
| 443 |
- } else {
|
|
| 444 |
- /* Unknown type - probably ran out of strings - rewind */ |
|
| 445 |
- lseek(fd, -(length+2), SEEK_CUR); |
|
| 446 |
- free(name); |
|
| 447 |
- break; |
|
| 448 |
- } |
|
| 449 |
- free(name); |
|
| 450 |
- vba56_test_middle(fd); |
|
| 451 |
- } |
|
| 452 |
- |
|
| 453 |
- /* may need to seek forward 20 bytes here. Bleh! */ |
|
| 454 |
- vba56_test_end(fd); |
|
| 455 |
- |
|
| 456 |
- if (vba_readn(fd, &record_count, 2) != 2) {
|
|
| 457 |
- close(fd); |
|
| 458 |
- return NULL; |
|
| 459 |
- } |
|
| 460 |
- record_count = vba_endian_convert_16(record_count, is_mac); |
|
| 461 |
- cli_dbgmsg("\nVBA Record count: %d\n", record_count);
|
|
| 462 |
- /*if (record_count <= 0) {
|
|
| 463 |
- close(fd); |
|
| 464 |
- return TRUE; |
|
| 465 |
- }*/ |
|
| 466 |
- |
|
| 467 |
- lseek(fd, 2*record_count, SEEK_CUR); |
|
| 468 |
- lseek(fd, 4, SEEK_CUR); |
|
| 469 |
- |
|
| 470 |
- /* Read fixed octet */ |
|
| 471 |
- buff = (unsigned char *) cli_malloc(8); |
|
| 472 |
- if (!buff) {
|
|
| 473 |
- close(fd); |
|
| 474 |
- return NULL; |
|
| 475 |
- } |
|
| 476 |
- if (vba_readn(fd, buff, 8) != 8) {
|
|
| 477 |
- free(buff); |
|
| 478 |
- close(fd); |
|
| 479 |
- return NULL; |
|
| 480 |
- } |
|
| 481 |
- if (!memcmp(buff, fixed_octet, 8)) {
|
|
| 482 |
- free(buff); |
|
| 483 |
- close(fd); |
|
| 484 |
- return NULL; |
|
| 485 |
- } |
|
| 486 |
- free(buff); |
|
| 487 |
- cli_dbgmsg("Read fixed octet ok\n");
|
|
| 488 |
- |
|
| 370 |
+ |
|
| 489 | 371 |
/* junk some more stuff */ |
| 490 | 372 |
do {
|
| 491 | 373 |
if (vba_readn(fd, &ooff, 2) != 2) {
|