... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Mon Mar 28 20:24:40 CEST 2011 (tk) |
|
2 |
+---------------------------------- |
|
3 |
+ * libclamav: add skeleton code for SWF parser |
|
4 |
+ * libclamav/others.h: bump f-level |
|
5 |
+ |
|
1 | 6 |
Thu Mar 17 17:46:09 CET 2011 (tk) |
2 | 7 |
--------------------------------- |
3 | 8 |
* sigtool, freshclam: put .info on top of container to speed up loading |
... | ... |
@@ -157,8 +157,8 @@ am__libclamav_la_SOURCES_DIST = clamav.h matcher-ac.c matcher-ac.h \ |
157 | 157 |
ishield.c ishield.h type_desc.h bcfeatures.h bytecode_api.c \ |
158 | 158 |
bytecode_api_decl.c bytecode_api.h bytecode_api_impl.h \ |
159 | 159 |
bytecode_hooks.h cache.c cache.h bytecode_detect.c \ |
160 |
- bytecode_detect.h builtin_bytecodes.h events.c events.h \ |
|
161 |
- bignum.c bignum_class.h |
|
160 |
+ bytecode_detect.h builtin_bytecodes.h events.c events.h swf.c \ |
|
161 |
+ swf.h bignum.c bignum_class.h |
|
162 | 162 |
@LINK_TOMMATH_FALSE@am__objects_1 = libclamav_la-bignum.lo |
163 | 163 |
am_libclamav_la_OBJECTS = libclamav_la-matcher-ac.lo \ |
164 | 164 |
libclamav_la-matcher-bm.lo libclamav_la-matcher-hash.lo \ |
... | ... |
@@ -210,7 +210,7 @@ am_libclamav_la_OBJECTS = libclamav_la-matcher-ac.lo \ |
210 | 210 |
libclamav_la-ishield.lo libclamav_la-bytecode_api.lo \ |
211 | 211 |
libclamav_la-bytecode_api_decl.lo libclamav_la-cache.lo \ |
212 | 212 |
libclamav_la-bytecode_detect.lo libclamav_la-events.lo \ |
213 |
- $(am__objects_1) |
|
213 |
+ libclamav_la-swf.lo $(am__objects_1) |
|
214 | 214 |
libclamav_la_OBJECTS = $(am_libclamav_la_OBJECTS) |
215 | 215 |
AM_V_lt = $(am__v_lt_$(V)) |
216 | 216 |
am__v_lt_ = $(am__v_lt_$(AM_DEFAULT_VERBOSITY)) |
... | ... |
@@ -663,8 +663,8 @@ libclamav_la_SOURCES = clamav.h matcher-ac.c matcher-ac.h matcher-bm.c \ |
663 | 663 |
ishield.c ishield.h type_desc.h bcfeatures.h bytecode_api.c \ |
664 | 664 |
bytecode_api_decl.c bytecode_api.h bytecode_api_impl.h \ |
665 | 665 |
bytecode_hooks.h cache.c cache.h bytecode_detect.c \ |
666 |
- bytecode_detect.h builtin_bytecodes.h events.c events.h \ |
|
667 |
- $(am__append_7) |
|
666 |
+ bytecode_detect.h builtin_bytecodes.h events.c events.h swf.c \ |
|
667 |
+ swf.h $(am__append_7) |
|
668 | 668 |
noinst_LTLIBRARIES = libclamav_internal_utils.la libclamav_internal_utils_nothreads.la libclamav_nocxx.la |
669 | 669 |
COMMON_CLEANFILES = version.h version.h.tmp *.gcda *.gcno |
670 | 670 |
@MAINTAINER_MODE_TRUE@BUILT_SOURCES = jsparse/generated/operators.h jsparse/generated/keywords.h jsparse-keywords.gperf |
... | ... |
@@ -869,6 +869,7 @@ distclean-compile: |
869 | 869 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-sis.Plo@am__quote@ |
870 | 870 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-special.Plo@am__quote@ |
871 | 871 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-spin.Plo@am__quote@ |
872 |
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-swf.Plo@am__quote@ |
|
872 | 873 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-table.Plo@am__quote@ |
873 | 874 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-text.Plo@am__quote@ |
874 | 875 |
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-textdet.Plo@am__quote@ |
... | ... |
@@ -1728,6 +1729,14 @@ libclamav_la-events.lo: events.c |
1728 | 1728 |
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ |
1729 | 1729 |
@am__fastdepCC_FALSE@ $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-events.lo `test -f 'events.c' || echo '$(srcdir)/'`events.c |
1730 | 1730 |
|
1731 |
+libclamav_la-swf.lo: swf.c |
|
1732 |
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-swf.lo -MD -MP -MF $(DEPDIR)/libclamav_la-swf.Tpo -c -o libclamav_la-swf.lo `test -f 'swf.c' || echo '$(srcdir)/'`swf.c |
|
1733 |
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_la-swf.Tpo $(DEPDIR)/libclamav_la-swf.Plo |
|
1734 |
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@ |
|
1735 |
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='swf.c' object='libclamav_la-swf.lo' libtool=yes @AMDEPBACKSLASH@ |
|
1736 |
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ |
|
1737 |
+@am__fastdepCC_FALSE@ $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-swf.lo `test -f 'swf.c' || echo '$(srcdir)/'`swf.c |
|
1738 |
+ |
|
1731 | 1739 |
libclamav_la-bignum.lo: bignum.c |
1732 | 1740 |
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-bignum.lo -MD -MP -MF $(DEPDIR)/libclamav_la-bignum.Tpo -c -o libclamav_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c |
1733 | 1741 |
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_la-bignum.Tpo $(DEPDIR)/libclamav_la-bignum.Plo |
... | ... |
@@ -152,6 +152,8 @@ static const char *ftypes_int[] = { |
152 | 152 |
"0:0:303730373037:CPIO ODC:CL_TYPE_ANY:CL_TYPE_CPIO_ODC:45", |
153 | 153 |
"0:0:71c7:CPIO OLD BINARY BE:CL_TYPE_ANY:CL_TYPE_CPIO_OLD:45", |
154 | 154 |
"0:0:c771:CPIO OLD BINARY LE:CL_TYPE_ANY:CL_TYPE_CPIO_OLD:45", |
155 |
+ "0:0:435753:SWF (compressed):CL_TYPE_ANY:CL_TYPE_SWF:61", |
|
156 |
+ "0:0:465753:SWF (uncompressed):CL_TYPE_ANY:CL_TYPE_SWF:61", |
|
155 | 157 |
NULL |
156 | 158 |
}; |
157 | 159 |
|
... | ... |
@@ -2326,6 +2326,11 @@ static int magic_scandesc(int desc, cli_ctx *ctx, cli_file_t type) |
2326 | 2326 |
ret = cli_scanscript(ctx); |
2327 | 2327 |
break; |
2328 | 2328 |
|
2329 |
+ case CL_TYPE_SWF: |
|
2330 |
+ /* FIXME: add dconf&co. */ |
|
2331 |
+ ret = cli_scanswf(ctx); |
|
2332 |
+ break; |
|
2333 |
+ |
|
2329 | 2334 |
case CL_TYPE_RTF: |
2330 | 2335 |
ctx->container_type = CL_TYPE_RTF; |
2331 | 2336 |
ctx->container_size = sb.st_size; |
2332 | 2337 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,340 @@ |
0 |
+/* |
|
1 |
+ * Copyright (C) 2011 Sourcefire, Inc. |
|
2 |
+ * Authors: Tomasz Kojm <tkojm@clamav.net> |
|
3 |
+ * |
|
4 |
+ * The code is based on Flasm, command line assembler & disassembler of Flash |
|
5 |
+ * ActionScript bytecode Copyright (c) 2001 Opaque Industries, (c) 2002-2007 |
|
6 |
+ * Igor Kogan, (c) 2005 Wang Zhen. All rights reserved. |
|
7 |
+ * |
|
8 |
+ * Redistribution and use in source and binary forms, with or without modification, |
|
9 |
+ * are permitted provided that the following conditions are met: |
|
10 |
+ * |
|
11 |
+ * - Redistributions of source code must retain the above copyright notice, this list |
|
12 |
+ * of conditions and the following disclaimer. |
|
13 |
+ * - Redistributions in binary form must reproduce the above copyright notice, this |
|
14 |
+ * list of conditions and the following disclaimer in the documentation and/or other |
|
15 |
+ * materials provided with the distribution. |
|
16 |
+ * - Neither the name of the Opaque Industries nor the names of its contributors may |
|
17 |
+ * be used to endorse or promote products derived from this software without specific |
|
18 |
+ * prior written permission. |
|
19 |
+ * |
|
20 |
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY |
|
21 |
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
|
22 |
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT |
|
23 |
+ * SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
|
24 |
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED |
|
25 |
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR |
|
26 |
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
|
27 |
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY |
|
28 |
+ * WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
29 |
+ */ |
|
30 |
+ |
|
31 |
+#if HAVE_CONFIG_H |
|
32 |
+#include "clamav-config.h" |
|
33 |
+#endif |
|
34 |
+ |
|
35 |
+#include <stdio.h> |
|
36 |
+#include <string.h> |
|
37 |
+#include <sys/types.h> |
|
38 |
+#include <sys/stat.h> |
|
39 |
+#include <fcntl.h> |
|
40 |
+#include <sys/stat.h> |
|
41 |
+#ifdef HAVE_UNISTD_H |
|
42 |
+#include <unistd.h> |
|
43 |
+#endif |
|
44 |
+#include <time.h> |
|
45 |
+#include <zlib.h> |
|
46 |
+ |
|
47 |
+#include "cltypes.h" |
|
48 |
+#include "swf.h" |
|
49 |
+#include "clamav.h" |
|
50 |
+ |
|
51 |
+#define EC16(v) le16_to_host(v) |
|
52 |
+#define EC32(v) le32_to_host(v) |
|
53 |
+ |
|
54 |
+#define INITBITS \ |
|
55 |
+{ \ |
|
56 |
+ if(fmap_readn(map, &get_c, offset, sizeof(get_c)) == sizeof(get_c)) { \ |
|
57 |
+ bitpos = 8; \ |
|
58 |
+ bitbuf = (unsigned int) get_c; \ |
|
59 |
+ offset += sizeof(get_c); \ |
|
60 |
+ } \ |
|
61 |
+} |
|
62 |
+ |
|
63 |
+#define GETBITS(v, n) \ |
|
64 |
+{ \ |
|
65 |
+ getbits_n = n; \ |
|
66 |
+ bits = 0; \ |
|
67 |
+ while(getbits_n > bitpos) { \ |
|
68 |
+ getbits_n -= bitpos; \ |
|
69 |
+ bits |= bitbuf << getbits_n; \ |
|
70 |
+ if(fmap_readn(map, &get_c, offset, sizeof(get_c)) == sizeof(get_c)) { \ |
|
71 |
+ bitbuf = (unsigned int) get_c; \ |
|
72 |
+ bitpos = 8; \ |
|
73 |
+ offset += sizeof(get_c); \ |
|
74 |
+ } \ |
|
75 |
+ } \ |
|
76 |
+ bitpos -= getbits_n; \ |
|
77 |
+ bits |= bitbuf >> bitpos; \ |
|
78 |
+ bitbuf &= 0xff >> (8 - bitpos); \ |
|
79 |
+ v = bits & 0xffff; \ |
|
80 |
+} |
|
81 |
+ |
|
82 |
+#define GETWORD(v) \ |
|
83 |
+{ \ |
|
84 |
+ if(fmap_readn(map, &get_c, offset, sizeof(get_c)) == sizeof(get_c)) { \ |
|
85 |
+ getword_1 = (unsigned int) get_c; \ |
|
86 |
+ offset += sizeof(get_c); \ |
|
87 |
+ } \ |
|
88 |
+ if(fmap_readn(map, &get_c, offset, sizeof(get_c)) == sizeof(get_c)) { \ |
|
89 |
+ getword_2 = (unsigned int) get_c; \ |
|
90 |
+ offset += sizeof(get_c); \ |
|
91 |
+ } \ |
|
92 |
+ v = (uint16_t)(getword_1 & 0xff) | ((getword_2 & 0xff) << 8); \ |
|
93 |
+} |
|
94 |
+ |
|
95 |
+#define GETDWORD(v) \ |
|
96 |
+{ \ |
|
97 |
+ GETWORD(getdword_1); \ |
|
98 |
+ GETWORD(getdword_2); \ |
|
99 |
+ v = (uint32_t)(getdword_1 | (getdword_2 << 16)); \ |
|
100 |
+} |
|
101 |
+ |
|
102 |
+struct swf_file_hdr { |
|
103 |
+ char signature[3]; |
|
104 |
+ uint8_t version; |
|
105 |
+ uint32_t filesize; |
|
106 |
+}; |
|
107 |
+ |
|
108 |
+static int scancws(cli_ctx *ctx, struct swf_file_hdr *hdr) |
|
109 |
+{ |
|
110 |
+ z_stream stream; |
|
111 |
+ char inbuff[FILEBUFF], outbuff[FILEBUFF]; |
|
112 |
+ fmap_t *map = *ctx->fmap; |
|
113 |
+ int offset = 8, ret, zret, outsize = 8, count; |
|
114 |
+ char *tmpname; |
|
115 |
+ int fd; |
|
116 |
+ |
|
117 |
+ if((ret = cli_gentempfd(ctx->engine->tmpdir, &tmpname, &fd)) != CL_SUCCESS) { |
|
118 |
+ cli_errmsg("scancws: Can't generate temporary file\n"); |
|
119 |
+ return ret; |
|
120 |
+ } |
|
121 |
+ |
|
122 |
+ hdr->signature[0] = 'F'; |
|
123 |
+ if(cli_writen(fd, hdr, sizeof(struct swf_file_hdr)) != sizeof(struct swf_file_hdr)) { |
|
124 |
+ cli_errmsg("scancws: Can't write to file %s\n", tmpname); |
|
125 |
+ return CL_EWRITE; |
|
126 |
+ } |
|
127 |
+ |
|
128 |
+ stream.avail_in = 0; |
|
129 |
+ stream.next_in = inbuff; |
|
130 |
+ stream.next_out = outbuff; |
|
131 |
+ stream.zalloc = (alloc_func) NULL; |
|
132 |
+ stream.zfree = (free_func) NULL; |
|
133 |
+ stream.opaque = (voidpf) 0; |
|
134 |
+ stream.avail_out = FILEBUFF; |
|
135 |
+ |
|
136 |
+ zret = inflateInit(&stream); |
|
137 |
+ if(zret != Z_OK) { |
|
138 |
+ cli_errmsg("scancws: inflateInit() failed\n"); |
|
139 |
+ close(fd); |
|
140 |
+ if(cli_unlink(tmpname)) { |
|
141 |
+ free(tmpname); |
|
142 |
+ return CL_EUNLINK; |
|
143 |
+ } |
|
144 |
+ free(tmpname); |
|
145 |
+ return CL_EUNPACK; |
|
146 |
+ } |
|
147 |
+ |
|
148 |
+ do { |
|
149 |
+ if(stream.avail_in == 0) { |
|
150 |
+ stream.next_in = inbuff; |
|
151 |
+ ret = fmap_readn(map, inbuff, offset, FILEBUFF); |
|
152 |
+ if(ret < 0) { |
|
153 |
+ cli_errmsg("scancws: Error reading SWF file\n"); |
|
154 |
+ close(fd); |
|
155 |
+ if(cli_unlink(tmpname)) { |
|
156 |
+ free(tmpname); |
|
157 |
+ return CL_EUNLINK; |
|
158 |
+ } |
|
159 |
+ free(tmpname); |
|
160 |
+ return CL_EUNPACK; |
|
161 |
+ } |
|
162 |
+ if(!ret) |
|
163 |
+ break; |
|
164 |
+ stream.avail_in = ret; |
|
165 |
+ offset += ret; |
|
166 |
+ } |
|
167 |
+ zret = inflate(&stream, Z_SYNC_FLUSH); |
|
168 |
+ count = FILEBUFF - stream.avail_out; |
|
169 |
+ if(count) { |
|
170 |
+ if(cli_checklimits("SWF", ctx, outsize + count, 0, 0) != CL_SUCCESS) |
|
171 |
+ break; |
|
172 |
+ if(cli_writen(fd, outbuff, count) != count) { |
|
173 |
+ cli_errmsg("scancws: Can't write to file %s\n", tmpname); |
|
174 |
+ close(fd); |
|
175 |
+ if(cli_unlink(tmpname)) { |
|
176 |
+ free(tmpname); |
|
177 |
+ return CL_EUNLINK; |
|
178 |
+ } |
|
179 |
+ free(tmpname); |
|
180 |
+ return CL_EWRITE; |
|
181 |
+ } |
|
182 |
+ outsize += count; |
|
183 |
+ } |
|
184 |
+ stream.next_out = outbuff; |
|
185 |
+ stream.avail_out = FILEBUFF; |
|
186 |
+ } while(zret == Z_OK); |
|
187 |
+ |
|
188 |
+ if((zret != Z_STREAM_END && zret != Z_OK) || (zret = inflateEnd(&stream)) != Z_OK) { |
|
189 |
+ cli_errmsg("scancws: Error decompressing SWF file\n"); |
|
190 |
+ close(fd); |
|
191 |
+ if(cli_unlink(tmpname)) { |
|
192 |
+ free(tmpname); |
|
193 |
+ return CL_EUNLINK; |
|
194 |
+ } |
|
195 |
+ free(tmpname); |
|
196 |
+ return CL_EUNPACK; |
|
197 |
+ } |
|
198 |
+ cli_dbgmsg("SWF: Decompressed to %s, size %d\n", tmpname, outsize); |
|
199 |
+ |
|
200 |
+ ret = cli_magic_scandesc(fd, ctx); |
|
201 |
+ |
|
202 |
+ close(fd); |
|
203 |
+ if(!ctx->engine->keeptmp) { |
|
204 |
+ if(cli_unlink(tmpname)) { |
|
205 |
+ free(tmpname); |
|
206 |
+ return CL_EUNLINK; |
|
207 |
+ } |
|
208 |
+ } |
|
209 |
+ free(tmpname); |
|
210 |
+ return ret; |
|
211 |
+} |
|
212 |
+ |
|
213 |
+static const char *tagname(tag_id id) |
|
214 |
+{ |
|
215 |
+ unsigned int i; |
|
216 |
+ |
|
217 |
+ for(i = 0; tag_names[i].name; i++) |
|
218 |
+ if(tag_names[i].id == id) |
|
219 |
+ return tag_names[i].name; |
|
220 |
+ return NULL; |
|
221 |
+} |
|
222 |
+ |
|
223 |
+int cli_scanswf(cli_ctx *ctx) |
|
224 |
+{ |
|
225 |
+ struct swf_file_hdr file_hdr; |
|
226 |
+ int compressed = 0; |
|
227 |
+ fmap_t *map = *ctx->fmap; |
|
228 |
+ unsigned int bitpos, bitbuf, getbits_n, nbits, getword_1, getword_2, getdword_1, getdword_2; |
|
229 |
+ char get_c; |
|
230 |
+ unsigned int fr, fps, foo, offset = 0, tag_hdr, tag_type, tag_len; |
|
231 |
+ unsigned long int bits; |
|
232 |
+ |
|
233 |
+ |
|
234 |
+ cli_dbgmsg("in cli_scanswf()\n"); |
|
235 |
+ |
|
236 |
+ if(fmap_readn(map, &file_hdr, offset, sizeof(file_hdr)) != sizeof(file_hdr)) { |
|
237 |
+ cli_dbgmsg("SWF: Can't read file header\n"); |
|
238 |
+ return CL_CLEAN; |
|
239 |
+ } |
|
240 |
+ offset += sizeof(file_hdr); |
|
241 |
+ |
|
242 |
+ if(!strncmp(file_hdr.signature, "CWS", 3)) { |
|
243 |
+ cli_dbgmsg("SWF: Compressed file\n"); |
|
244 |
+ return scancws(ctx, &file_hdr); |
|
245 |
+ } else if(!strncmp(file_hdr.signature, "FWS", 3)) { |
|
246 |
+ cli_dbgmsg("SWF: Uncompressed file\n"); |
|
247 |
+ } else { |
|
248 |
+ cli_dbgmsg("SWF: Not a SWF file\n"); |
|
249 |
+ return CL_CLEAN; |
|
250 |
+ } |
|
251 |
+ |
|
252 |
+ cli_dbgmsg("SWF: Version: %u\n", file_hdr.version); |
|
253 |
+ cli_dbgmsg("SWF: File size: %u\n", EC32(file_hdr.filesize)); |
|
254 |
+ |
|
255 |
+ INITBITS; |
|
256 |
+ |
|
257 |
+ GETBITS(nbits, 5); |
|
258 |
+ GETBITS(foo, nbits); /* xMin */ |
|
259 |
+ GETBITS(foo, nbits); /* xMax */ |
|
260 |
+ GETBITS(foo, nbits); /* yMin */ |
|
261 |
+ GETBITS(foo, nbits); /* yMax */ |
|
262 |
+ |
|
263 |
+ GETWORD(foo); |
|
264 |
+ GETWORD(fr); |
|
265 |
+ cli_dbgmsg("SWF: Frames total: %d\n", fr); |
|
266 |
+ |
|
267 |
+ while(offset < map->len) { |
|
268 |
+ GETWORD(tag_hdr); |
|
269 |
+ tag_type = tag_hdr >> 6; |
|
270 |
+ if(tag_type == 0) |
|
271 |
+ break; |
|
272 |
+ tag_len = tag_hdr & 0x3f; |
|
273 |
+ if(tag_len == 0x3f) |
|
274 |
+ GETDWORD(tag_len); |
|
275 |
+ |
|
276 |
+ cli_dbgmsg("SWF: %s\n", tagname(tag_type) ? tagname(tag_type) : "UNKNOWN TAG"); |
|
277 |
+ cli_dbgmsg("SWF: Tag length: %u\n", tag_len); |
|
278 |
+ offset += tag_len; |
|
279 |
+ continue; |
|
280 |
+ |
|
281 |
+ switch(tag_type) { |
|
282 |
+ case TAG_DOACTION: |
|
283 |
+ break; |
|
284 |
+ |
|
285 |
+ case TAG_INITMOVIECLIP: |
|
286 |
+ break; |
|
287 |
+ |
|
288 |
+ case TAG_PLACEOBJECT2: |
|
289 |
+ break; |
|
290 |
+ |
|
291 |
+ case TAG_PLACEOBJECT3: |
|
292 |
+ break; |
|
293 |
+ |
|
294 |
+ case TAG_DEFINEBUTTON2: |
|
295 |
+ break; |
|
296 |
+ |
|
297 |
+ case TAG_SHOWFRAME: |
|
298 |
+ break; |
|
299 |
+ |
|
300 |
+ case TAG_SCRIPTLIMITS: { |
|
301 |
+ unsigned int recursion, timeout; |
|
302 |
+ GETWORD(recursion); |
|
303 |
+ GETWORD(timeout); |
|
304 |
+ cli_dbgmsg("SWF: scriptLimits recursion %u timeout %u\n", recursion, timeout); |
|
305 |
+ break; |
|
306 |
+ } |
|
307 |
+ |
|
308 |
+ case TAG_PROTECT: |
|
309 |
+ break; |
|
310 |
+ |
|
311 |
+ case TAG_ENABLEDEBUGGER: |
|
312 |
+ break; |
|
313 |
+ |
|
314 |
+ case TAG_ENABLEDEBUGGER2: |
|
315 |
+ break; |
|
316 |
+ |
|
317 |
+ case TAG_DEFINEMOVIECLIP: |
|
318 |
+ break; |
|
319 |
+ |
|
320 |
+ case TAG_EXPORTASSETS: |
|
321 |
+ break; |
|
322 |
+ |
|
323 |
+ case TAG_IMPORTASSETS: |
|
324 |
+ case TAG_IMPORTASSETS2: |
|
325 |
+ break; |
|
326 |
+ |
|
327 |
+ case TAG_METADATA: |
|
328 |
+ break; |
|
329 |
+ |
|
330 |
+ case TAG_FILEATTRIBUTES: |
|
331 |
+ break; |
|
332 |
+ |
|
333 |
+ default: |
|
334 |
+ break; |
|
335 |
+ } |
|
336 |
+ } |
|
337 |
+ |
|
338 |
+ return CL_CLEAN; |
|
339 |
+} |
0 | 340 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,201 @@ |
0 |
+/* |
|
1 |
+ * Copyright (C) 2011 Sourcefire, Inc. |
|
2 |
+ * Authors: Tomasz Kojm <tkojm@clamav.net> |
|
3 |
+ * |
|
4 |
+ * The code is based on Flasm, command line assembler & disassembler of Flash |
|
5 |
+ * ActionScript bytecode Copyright (c) 2001 Opaque Industries, (c) 2002-2007 |
|
6 |
+ * Igor Kogan, (c) 2005 Wang Zhen. All rights reserved. |
|
7 |
+ * |
|
8 |
+ * Redistribution and use in source and binary forms, with or without modification, |
|
9 |
+ * are permitted provided that the following conditions are met: |
|
10 |
+ * |
|
11 |
+ * - Redistributions of source code must retain the above copyright notice, this list |
|
12 |
+ * of conditions and the following disclaimer. |
|
13 |
+ * - Redistributions in binary form must reproduce the above copyright notice, this |
|
14 |
+ * list of conditions and the following disclaimer in the documentation and/or other |
|
15 |
+ * materials provided with the distribution. |
|
16 |
+ * - Neither the name of the Opaque Industries nor the names of its contributors may |
|
17 |
+ * be used to endorse or promote products derived from this software without specific |
|
18 |
+ * prior written permission. |
|
19 |
+ * |
|
20 |
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY |
|
21 |
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
|
22 |
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT |
|
23 |
+ * SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
|
24 |
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED |
|
25 |
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR |
|
26 |
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
|
27 |
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY |
|
28 |
+ * WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
29 |
+ */ |
|
30 |
+ |
|
31 |
+#ifndef __SWF_H |
|
32 |
+#define __SWF_H |
|
33 |
+ |
|
34 |
+#include "others.h" |
|
35 |
+ |
|
36 |
+int cli_scanswf(cli_ctx *ctx); |
|
37 |
+ |
|
38 |
+typedef enum |
|
39 |
+{ |
|
40 |
+ TAG_END = 0, |
|
41 |
+ TAG_SHOWFRAME = 1, |
|
42 |
+ TAG_DEFINESHAPE = 2, |
|
43 |
+ TAG_FREECHARACTER = 3, |
|
44 |
+ TAG_PLACEOBJECT = 4, |
|
45 |
+ TAG_REMOVEOBJECT = 5, |
|
46 |
+ TAG_DEFINEBITS = 6, |
|
47 |
+ TAG_DEFINEBUTTON = 7, |
|
48 |
+ TAG_JPEGTABLES = 8, |
|
49 |
+ TAG_SETBACKGROUNDCOLOR = 9, |
|
50 |
+ TAG_DEFINEFONT = 10, |
|
51 |
+ TAG_DEFINETEXT = 11, |
|
52 |
+ TAG_DOACTION = 12, |
|
53 |
+ TAG_DEFINEFONTINFO = 13, |
|
54 |
+ TAG_DEFINESOUND = 14, |
|
55 |
+ TAG_STARTSOUND = 15, |
|
56 |
+ TAG_STOPSOUND = 16, |
|
57 |
+ TAG_DEFINEBUTTONSOUND = 17, |
|
58 |
+ TAG_SOUNDSTREAMHEAD = 18, |
|
59 |
+ TAG_SOUNDSTREAMBLOCK = 19, |
|
60 |
+ TAG_DEFINEBITSLOSSLESS = 20, |
|
61 |
+ TAG_DEFINEBITSJPEG2 = 21, |
|
62 |
+ TAG_DEFINESHAPE2 = 22, |
|
63 |
+ TAG_DEFINEBUTTONCXFORM = 23, |
|
64 |
+ TAG_PROTECT = 24, |
|
65 |
+ TAG_PATHSAREPOSTSCRIPT = 25, |
|
66 |
+ TAG_PLACEOBJECT2 = 26, |
|
67 |
+ TAG_REMOVEOBJECT2 = 28, |
|
68 |
+ TAG_SYNCFRAME = 29, |
|
69 |
+ TAG_FREEALL = 31, |
|
70 |
+ TAG_DEFINESHAPE3 = 32, |
|
71 |
+ TAG_DEFINETEXT2 = 33, |
|
72 |
+ TAG_DEFINEBUTTON2 = 34, |
|
73 |
+ TAG_DEFINEBITSJPEG3 = 35, |
|
74 |
+ TAG_DEFINEBITSLOSSLESS2 = 36, |
|
75 |
+ TAG_DEFINEEDITTEXT = 37, |
|
76 |
+ TAG_DEFINEVIDEO = 38, |
|
77 |
+ TAG_DEFINEMOVIECLIP = 39, |
|
78 |
+ TAG_NAMECHARACTER = 40, |
|
79 |
+ TAG_SERIALNUMBER = 41, |
|
80 |
+ TAG_DEFINETEXTFORMAT = 42, |
|
81 |
+ TAG_FRAMELABEL = 43, |
|
82 |
+ TAG_SOUNDSTREAMHEAD2 = 45, |
|
83 |
+ TAG_DEFINEMORPHSHAPE = 46, |
|
84 |
+ TAG_GENFRAME = 47, |
|
85 |
+ TAG_DEFINEFONT2 = 48, |
|
86 |
+ TAG_GENCOMMAND = 49, |
|
87 |
+ TAG_DEFINECOMMANDOBJ = 50, |
|
88 |
+ TAG_CHARACTERSET = 51, |
|
89 |
+ TAG_FONTREF = 52, |
|
90 |
+ TAG_EXPORTASSETS = 56, |
|
91 |
+ TAG_IMPORTASSETS = 57, |
|
92 |
+ TAG_ENABLEDEBUGGER = 58, |
|
93 |
+ TAG_INITMOVIECLIP = 59, |
|
94 |
+ TAG_DEFINEVIDEOSTREAM = 60, |
|
95 |
+ TAG_VIDEOFRAME = 61, |
|
96 |
+ TAG_DEFINEFONTINFO2 = 62, |
|
97 |
+ TAG_DEBUGID = 63, |
|
98 |
+ TAG_ENABLEDEBUGGER2 = 64, |
|
99 |
+ TAG_SCRIPTLIMITS = 65, |
|
100 |
+ TAG_SETTABINDEX = 66, |
|
101 |
+ TAG_DEFINESHAPE4 = 67, |
|
102 |
+ TAG_FILEATTRIBUTES = 69, |
|
103 |
+ TAG_PLACEOBJECT3 = 70, |
|
104 |
+ TAG_IMPORTASSETS2 = 71, |
|
105 |
+ TAG_DEFINEFONTINFO3 = 73, |
|
106 |
+ TAG_DEFINETEXTINFO = 74, |
|
107 |
+ TAG_DEFINEFONT3 = 75, |
|
108 |
+ TAG_AVM2DECL = 76, |
|
109 |
+ TAG_METADATA = 77, |
|
110 |
+ TAG_SLICE9 = 78, |
|
111 |
+ TAG_AVM2ACTION = 82, |
|
112 |
+ TAG_DEFINESHAPE5 = 83, |
|
113 |
+ TAG_DEFINEMORPHSHAPE2 = 84, |
|
114 |
+ TAG_DEFINEBITSPTR = 1023, |
|
115 |
+ TAG_UNKNOWN = 9999 |
|
116 |
+} tag_id; |
|
117 |
+ |
|
118 |
+static const struct tag_names_s { |
|
119 |
+ const char *name; |
|
120 |
+ tag_id id; |
|
121 |
+} tag_names[] = { |
|
122 |
+ { "TAG_END", TAG_END }, |
|
123 |
+ { "TAG_SHOWFRAME", TAG_SHOWFRAME }, |
|
124 |
+ { "TAG_DEFINESHAPE", TAG_DEFINESHAPE }, |
|
125 |
+ { "TAG_FREECHARACTER", TAG_FREECHARACTER }, |
|
126 |
+ { "TAG_PLACEOBJECT", TAG_PLACEOBJECT }, |
|
127 |
+ { "TAG_REMOVEOBJECT", TAG_REMOVEOBJECT }, |
|
128 |
+ { "TAG_DEFINEBITS", TAG_DEFINEBITS }, |
|
129 |
+ { "TAG_DEFINEBUTTON", TAG_DEFINEBUTTON }, |
|
130 |
+ { "TAG_JPEGTABLES", TAG_JPEGTABLES }, |
|
131 |
+ { "TAG_SETBACKGROUNDCOLOR", TAG_SETBACKGROUNDCOLOR }, |
|
132 |
+ { "TAG_DEFINEFONT", TAG_DEFINEFONT }, |
|
133 |
+ { "TAG_DEFINETEXT", TAG_DEFINETEXT }, |
|
134 |
+ { "TAG_DOACTION", TAG_DOACTION }, |
|
135 |
+ { "TAG_DEFINEFONTINFO", TAG_DEFINEFONTINFO }, |
|
136 |
+ { "TAG_DEFINESOUND", TAG_DEFINESOUND }, |
|
137 |
+ { "TAG_STARTSOUND", TAG_STARTSOUND }, |
|
138 |
+ { "TAG_STOPSOUND", TAG_STOPSOUND }, |
|
139 |
+ { "TAG_DEFINEBUTTONSOUND", TAG_DEFINEBUTTONSOUND }, |
|
140 |
+ { "TAG_SOUNDSTREAMHEAD", TAG_SOUNDSTREAMHEAD }, |
|
141 |
+ { "TAG_SOUNDSTREAMBLOCK", TAG_SOUNDSTREAMBLOCK }, |
|
142 |
+ { "TAG_DEFINEBITSLOSSLESS", TAG_DEFINEBITSLOSSLESS }, |
|
143 |
+ { "TAG_DEFINEBITSJPEG2", TAG_DEFINEBITSJPEG2 }, |
|
144 |
+ { "TAG_DEFINESHAPE2", TAG_DEFINESHAPE2 }, |
|
145 |
+ { "TAG_DEFINEBUTTONCXFORM", TAG_DEFINEBUTTONCXFORM }, |
|
146 |
+ { "TAG_PROTECT", TAG_PROTECT }, |
|
147 |
+ { "TAG_PATHSAREPOSTSCRIPT", TAG_PATHSAREPOSTSCRIPT }, |
|
148 |
+ { "TAG_PLACEOBJECT2", TAG_PLACEOBJECT2 }, |
|
149 |
+ { "TAG_REMOVEOBJECT2", TAG_REMOVEOBJECT2 }, |
|
150 |
+ { "TAG_SYNCFRAME", TAG_SYNCFRAME }, |
|
151 |
+ { "TAG_FREEALL", TAG_FREEALL }, |
|
152 |
+ { "TAG_DEFINESHAPE3", TAG_DEFINESHAPE3 }, |
|
153 |
+ { "TAG_DEFINETEXT2", TAG_DEFINETEXT2 }, |
|
154 |
+ { "TAG_DEFINEBUTTON2", TAG_DEFINEBUTTON2 }, |
|
155 |
+ { "TAG_DEFINEBITSJPEG3", TAG_DEFINEBITSJPEG3 }, |
|
156 |
+ { "TAG_DEFINEBITSLOSSLESS2", TAG_DEFINEBITSLOSSLESS2 }, |
|
157 |
+ { "TAG_DEFINEEDITTEXT", TAG_DEFINEEDITTEXT }, |
|
158 |
+ { "TAG_DEFINEVIDEO", TAG_DEFINEVIDEO }, |
|
159 |
+ { "TAG_DEFINEMOVIECLIP", TAG_DEFINEMOVIECLIP }, |
|
160 |
+ { "TAG_NAMECHARACTER", TAG_NAMECHARACTER }, |
|
161 |
+ { "TAG_SERIALNUMBER", TAG_SERIALNUMBER }, |
|
162 |
+ { "TAG_DEFINETEXTFORMAT", TAG_DEFINETEXTFORMAT }, |
|
163 |
+ { "TAG_FRAMELABEL", TAG_FRAMELABEL }, |
|
164 |
+ { "TAG_SOUNDSTREAMHEAD2", TAG_SOUNDSTREAMHEAD2 }, |
|
165 |
+ { "TAG_DEFINEMORPHSHAPE", TAG_DEFINEMORPHSHAPE }, |
|
166 |
+ { "TAG_GENFRAME", TAG_GENFRAME }, |
|
167 |
+ { "TAG_DEFINEFONT2", TAG_DEFINEFONT2 }, |
|
168 |
+ { "TAG_GENCOMMAND", TAG_GENCOMMAND }, |
|
169 |
+ { "TAG_DEFINECOMMANDOBJ", TAG_DEFINECOMMANDOBJ }, |
|
170 |
+ { "TAG_CHARACTERSET", TAG_CHARACTERSET }, |
|
171 |
+ { "TAG_FONTREF", TAG_FONTREF }, |
|
172 |
+ { "TAG_EXPORTASSETS", TAG_EXPORTASSETS }, |
|
173 |
+ { "TAG_IMPORTASSETS", TAG_IMPORTASSETS }, |
|
174 |
+ { "TAG_ENABLEDEBUGGER", TAG_ENABLEDEBUGGER }, |
|
175 |
+ { "TAG_INITMOVIECLIP", TAG_INITMOVIECLIP }, |
|
176 |
+ { "TAG_DEFINEVIDEOSTREAM", TAG_DEFINEVIDEOSTREAM }, |
|
177 |
+ { "TAG_VIDEOFRAME", TAG_VIDEOFRAME }, |
|
178 |
+ { "TAG_DEFINEFONTINFO2", TAG_DEFINEFONTINFO2 }, |
|
179 |
+ { "TAG_DEBUGID", TAG_DEBUGID }, |
|
180 |
+ { "TAG_ENABLEDEBUGGER2", TAG_ENABLEDEBUGGER2 }, |
|
181 |
+ { "TAG_SCRIPTLIMITS", TAG_SCRIPTLIMITS }, |
|
182 |
+ { "TAG_SETTABINDEX", TAG_SETTABINDEX }, |
|
183 |
+ { "TAG_DEFINESHAPE4", TAG_DEFINESHAPE4 }, |
|
184 |
+ { "TAG_FILEATTRIBUTES", TAG_FILEATTRIBUTES }, |
|
185 |
+ { "TAG_PLACEOBJECT3", TAG_PLACEOBJECT3 }, |
|
186 |
+ { "TAG_IMPORTASSETS2", TAG_IMPORTASSETS2 }, |
|
187 |
+ { "TAG_DEFINEFONTINFO3", TAG_DEFINEFONTINFO3 }, |
|
188 |
+ { "TAG_DEFINETEXTINFO", TAG_DEFINETEXTINFO }, |
|
189 |
+ { "TAG_DEFINEFONT3", TAG_DEFINEFONT3 }, |
|
190 |
+ { "TAG_AVM2DECL", TAG_AVM2DECL }, |
|
191 |
+ { "TAG_METADATA", TAG_METADATA }, |
|
192 |
+ { "TAG_SLICE9", TAG_SLICE9 }, |
|
193 |
+ { "TAG_AVM2ACTION", TAG_AVM2ACTION }, |
|
194 |
+ { "TAG_DEFINESHAPE5", TAG_DEFINESHAPE5 }, |
|
195 |
+ { "TAG_DEFINEMORPHSHAPE2", TAG_DEFINEMORPHSHAPE2 }, |
|
196 |
+ { "TAG_DEFINEBITSPTR", TAG_DEFINEBITSPTR }, |
|
197 |
+ { NULL, TAG_UNKNOWN }, |
|
198 |
+}; |
|
199 |
+ |
|
200 |
+#endif |