Browse code
minor cleanup
| ... | ... |
@@ -1,3 +1,7 @@ |
| 1 |
+Mon Mar 22 09:28:04 GMT 2004 (trog) |
|
| 2 |
+----------------------------------- |
|
| 3 |
+ * libclamav/vba_extract.c: minor cleanup |
|
| 4 |
+ |
|
| 1 | 5 |
Sun Mar 21 17:30:22 GMT 2004 (njh) |
| 2 | 6 |
---------------------------------- |
| 3 | 7 |
* libclamav: Scan bounce messages with no headers for encoded viruses/worms |
| ... | ... |
@@ -47,40 +47,40 @@ typedef struct vba_version_tag {
|
| 47 | 47 |
} vba_version_t; |
| 48 | 48 |
|
| 49 | 49 |
|
| 50 |
-uint16_t vba_endian_convert_16(uint16_t value, int is_mac) |
|
| 50 |
+static uint16_t vba_endian_convert_16(uint16_t value, int is_mac) |
|
| 51 | 51 |
{
|
| 52 |
- if (is_mac) {
|
|
| 52 |
+ if (is_mac) {
|
|
| 53 | 53 |
#if WORDS_BIGENDIAN == 0 |
| 54 |
- return ((value >> 8) + (value << 8));; |
|
| 54 |
+ return ((value >> 8) + (value << 8)); |
|
| 55 | 55 |
#else |
| 56 |
- return value; |
|
| 56 |
+ return value; |
|
| 57 | 57 |
#endif |
| 58 |
- } else {
|
|
| 58 |
+ } else {
|
|
| 59 | 59 |
#if WORDS_BIGENDIAN == 0 |
| 60 |
- return value; |
|
| 60 |
+ return value; |
|
| 61 | 61 |
#else |
| 62 |
- return ((value >> 8) + (value << 8)); |
|
| 62 |
+ return ((value >> 8) + (value << 8)); |
|
| 63 | 63 |
#endif |
| 64 |
- } |
|
| 64 |
+ } |
|
| 65 | 65 |
} |
| 66 | 66 |
|
| 67 |
-uint32_t vba_endian_convert_32(uint32_t value, int is_mac) |
|
| 67 |
+static uint32_t vba_endian_convert_32(uint32_t value, int is_mac) |
|
| 68 | 68 |
{
|
| 69 |
- if (is_mac) {
|
|
| 69 |
+ if (is_mac) {
|
|
| 70 | 70 |
#if WORDS_BIGENDIAN == 0 |
| 71 |
- return ((value >> 24) | ((value & 0x00FF0000) >> 8) | |
|
| 72 |
- ((value & 0x0000FF00) << 8) | (value << 24)); |
|
| 71 |
+ return ((value >> 24) | ((value & 0x00FF0000) >> 8) | |
|
| 72 |
+ ((value & 0x0000FF00) << 8) | (value << 24)); |
|
| 73 | 73 |
#else |
| 74 |
- return value; |
|
| 74 |
+ return value; |
|
| 75 | 75 |
#endif |
| 76 |
- } else {
|
|
| 76 |
+ } else {
|
|
| 77 | 77 |
#if WORDS_BIGENDIAN == 0 |
| 78 |
- return value; |
|
| 78 |
+ return value; |
|
| 79 | 79 |
#else |
| 80 |
- return ((value >> 24) | ((value & 0x00FF0000) >> 8) | |
|
| 81 |
- ((value & 0x0000FF00) << 8) | (value << 24)); |
|
| 80 |
+ return ((value >> 24) | ((value & 0x00FF0000) >> 8) | |
|
| 81 |
+ ((value & 0x0000FF00) << 8) | (value << 24)); |
|
| 82 | 82 |
#endif |
| 83 |
- } |
|
| 83 |
+ } |
|
| 84 | 84 |
} |
| 85 | 85 |
|
| 86 | 86 |
typedef struct byte_array_tag {
|
| ... | ... |
@@ -97,7 +97,7 @@ vba_version_t vba_version[] = {
|
| 97 | 97 |
{ { 0x6d, 0x00, 0x00, 0x01 }, "Office 2000", 6, FALSE },
|
| 98 | 98 |
{ { 0x70, 0x00, 0x00, 0x01 }, "Office XP beta 1/2", 6, FALSE },
|
| 99 | 99 |
{ { 0x73, 0x00, 0x00, 0x01 }, "Office XP", 6, FALSE },
|
| 100 |
- { { 0x79, 0x00, 0x00, 0x01 }, "Office 2003", 6, FALSE },
|
|
| 100 |
+ { { 0x79, 0x00, 0x00, 0x01 }, "Office 2003", 6, FALSE },
|
|
| 101 | 101 |
{ { 0x60, 0x00, 0x00, 0x0e }, "MacOffice 98", 5, TRUE },
|
| 102 | 102 |
{ { 0x62, 0x00, 0x00, 0x0e }, "MacOffice 2001", 5, TRUE },
|
| 103 | 103 |
{ { 0x63, 0x00, 0x00, 0x0e }, "MacOffice X", 6, TRUE },
|
| ... | ... |
@@ -114,7 +114,7 @@ vba_version_t vba_version[] = {
|
| 114 | 114 |
/* Function: vba_readn |
| 115 | 115 |
Try hard to read the requested number of bytes |
| 116 | 116 |
*/ |
| 117 |
-int vba_readn(int fd, void *buff, unsigned int count) |
|
| 117 |
+static int vba_readn(int fd, void *buff, unsigned int count) |
|
| 118 | 118 |
{
|
| 119 | 119 |
int retval; |
| 120 | 120 |
unsigned int todo; |
| ... | ... |
@@ -138,31 +138,7 @@ int vba_readn(int fd, void *buff, unsigned int count) |
| 138 | 138 |
return count; |
| 139 | 139 |
} |
| 140 | 140 |
|
| 141 |
-/* Function: vba_writen |
|
| 142 |
- Try hard to write the specified number of bytes |
|
| 143 |
-*/ |
|
| 144 |
-int vba_writen(int fd, void *buff, unsigned int count) |
|
| 145 |
-{
|
|
| 146 |
- int retval; |
|
| 147 |
- unsigned int todo; |
|
| 148 |
- unsigned char *current; |
|
| 149 |
- |
|
| 150 |
- todo = count; |
|
| 151 |
- current = (unsigned char *) buff; |
|
| 152 |
- |
|
| 153 |
- do {
|
|
| 154 |
- retval = write(fd, current, todo); |
|
| 155 |
- if (retval < 0) {
|
|
| 156 |
- return -1; |
|
| 157 |
- } |
|
| 158 |
- todo -= retval; |
|
| 159 |
- current += retval; |
|
| 160 |
- } while (todo > 0); |
|
| 161 |
- |
|
| 162 |
- return count; |
|
| 163 |
-} |
|
| 164 |
- |
|
| 165 |
-char *get_unicode_name(char *name, int size, int is_mac) |
|
| 141 |
+static char *get_unicode_name(char *name, int size, int is_mac) |
|
| 166 | 142 |
{
|
| 167 | 143 |
int i, j; |
| 168 | 144 |
char *newname; |
| ... | ... |
@@ -212,27 +188,7 @@ static void vba56_test_middle(int fd) |
| 212 | 212 |
return; |
| 213 | 213 |
} |
| 214 | 214 |
|
| 215 |
-static void vba56_test_end(int fd) |
|
| 216 |
-{
|
|
| 217 |
- char test_end[20]; |
|
| 218 |
- static const uint8_t end_str[20] = |
|
| 219 |
- {
|
|
| 220 |
- 0x00, 0x00, 0x2e, 0xc9, 0x27, 0x8e, 0x64, 0x12, |
|
| 221 |
- 0x1c, 0x10, 0x8a, 0x2f, 0x04, 0x02, 0x24, 0x00, |
|
| 222 |
- 0x9c, 0x02, 0x00, 0x00 |
|
| 223 |
- }; |
|
| 224 |
- |
|
| 225 |
- if (vba_readn(fd, &test_end, 20) != 20) {
|
|
| 226 |
- return; |
|
| 227 |
- } |
|
| 228 |
- |
|
| 229 |
- if (memcmp(test_end, end_str, 20) != 0) {
|
|
| 230 |
- lseek(fd, -20, SEEK_CUR); |
|
| 231 |
- } |
|
| 232 |
- return; |
|
| 233 |
-} |
|
| 234 |
- |
|
| 235 |
-int vba_read_project_strings(int fd, int is_mac) |
|
| 215 |
+static int vba_read_project_strings(int fd, int is_mac) |
|
| 236 | 216 |
{
|
| 237 | 217 |
uint16_t length; |
| 238 | 218 |
unsigned char *buff, *name; |
| ... | ... |
@@ -263,11 +219,11 @@ int vba_read_project_strings(int fd, int is_mac) |
| 263 | 263 |
cli_dbgmsg("name: %s\n", name);
|
| 264 | 264 |
free(buff); |
| 265 | 265 |
|
| 266 |
- /* Ignore twelve bytes from entries of type 'G'. |
|
| 266 |
+ /* Ignore twelve bytes from entries of type 'G'. |
|
| 267 | 267 |
Type 'C' entries come in pairs, the second also |
| 268 | 268 |
having a 12 byte trailer */ |
| 269 | 269 |
/* TODO: Need to check if types H(same as G) and D(same as C) exist */ |
| 270 |
- if (!strncmp ("*\\G", name, 3) || !strncmp ("*\\H", name, 3)
|
|
| 270 |
+ if (!strncmp ("*\\G", name, 3) || !strncmp ("*\\H", name, 3)
|
|
| 271 | 271 |
|| !strncmp("*\\C", name, 3) || !strncmp("*\\D", name, 3)) {
|
| 272 | 272 |
if (vba_readn(fd, &length, 2) != 2) {
|
| 273 | 273 |
return FALSE; |
| ... | ... |
@@ -278,13 +234,13 @@ int vba_read_project_strings(int fd, int is_mac) |
| 278 | 278 |
continue; |
| 279 | 279 |
} |
| 280 | 280 |
buff = (unsigned char *) cli_malloc(10); |
| 281 |
- if (vba_readn(fd, buff, 10) != 10) {
|
|
| 281 |
+ if (vba_readn(fd, buff, 10) != 10) {
|
|
| 282 | 282 |
cli_errmsg("failed to read blob\n");
|
| 283 |
- free(buff); |
|
| 283 |
+ free(buff); |
|
| 284 | 284 |
free(name); |
| 285 | 285 |
close(fd); |
| 286 | 286 |
return FALSE; |
| 287 |
- } |
|
| 287 |
+ } |
|
| 288 | 288 |
free(buff); |
| 289 | 289 |
} else {
|
| 290 | 290 |
/* Unknown type - probably ran out of strings - rewind */ |
| ... | ... |
@@ -304,7 +260,7 @@ vba_project_t *vba56_dir_read(const char *dir) |
| 304 | 304 |
{
|
| 305 | 305 |
unsigned char magic[2]; |
| 306 | 306 |
unsigned char version[4]; |
| 307 |
- unsigned char *buff, *name; |
|
| 307 |
+ unsigned char *buff; |
|
| 308 | 308 |
unsigned char vba56_signature[] = { 0xcc, 0x61 };
|
| 309 | 309 |
uint16_t record_count, length; |
| 310 | 310 |
uint16_t ooff; |
| ... | ... |
@@ -323,8 +279,6 @@ vba_project_t *vba56_dir_read(const char *dir) |
| 323 | 323 |
vba_project_t *vba_project; |
| 324 | 324 |
char *fullname; |
| 325 | 325 |
|
| 326 |
- unsigned char fixed_octet[8] = { 0x06, 0x02, 0x01, 0x00, 0x08, 0x02, 0x00, 0x00 };
|
|
| 327 |
- |
|
| 328 | 326 |
cli_dbgmsg("in vba56_dir_read()\n");
|
| 329 | 327 |
|
| 330 | 328 |
fullname = (char *) cli_malloc(strlen(dir) + 15); |
| ... | ... |
@@ -579,7 +533,7 @@ out_error: |
| 579 | 579 |
|
| 580 | 580 |
#define VBA_COMPRESSION_WINDOW 4096 |
| 581 | 581 |
|
| 582 |
-void byte_array_append(byte_array_t *array, unsigned char *src, unsigned int len) |
|
| 582 |
+static void byte_array_append(byte_array_t *array, unsigned char *src, unsigned int len) |
|
| 583 | 583 |
{
|
| 584 | 584 |
if (array->length == 0) {
|
| 585 | 585 |
array->data = (unsigned char *) cli_malloc(len); |
| ... | ... |
@@ -680,61 +634,3 @@ unsigned char *vba_decompress(int fd, uint32_t offset, int *size) |
| 680 | 680 |
return result.data; |
| 681 | 681 |
|
| 682 | 682 |
} |
| 683 |
- |
|
| 684 |
-/* |
|
| 685 |
-int vba_dump(vba_project_t *vba_project) |
|
| 686 |
-{
|
|
| 687 |
- int i, fd; |
|
| 688 |
- unsigned char *data; |
|
| 689 |
- char *fullname; |
|
| 690 |
- |
|
| 691 |
- for (i=0 ; i<vba_project->count ; i++) {
|
|
| 692 |
- |
|
| 693 |
- cli_dbgmsg("\n\n*****************************\n");
|
|
| 694 |
- cli_dbgmsg("Deocding file: %s\n", vba_project->name[i]);
|
|
| 695 |
- cli_dbgmsg("*****************************\n");
|
|
| 696 |
- fullname = (char *) cli_malloc(strlen(vba_project->dir) + strlen(vba_project->name[i]) + 2); |
|
| 697 |
- sprintf(fullname, "%s/%s", vba_project->dir, vba_project->name[i]); |
|
| 698 |
- fd = open(fullname, O_RDONLY); |
|
| 699 |
- free(fullname); |
|
| 700 |
- if (fd == -1) {
|
|
| 701 |
- cli_dbgmsg("Open failed\n");
|
|
| 702 |
- return FALSE; |
|
| 703 |
- } |
|
| 704 |
- |
|
| 705 |
- data = vba_decompress(fd, vba_project->offset[i], NULL); |
|
| 706 |
- cli_dbgmsg("%s\n", data);
|
|
| 707 |
- close(fd); |
|
| 708 |
- |
|
| 709 |
- } |
|
| 710 |
- return TRUE; |
|
| 711 |
-} |
|
| 712 |
- |
|
| 713 |
-int main(int argc, char *argv[]) |
|
| 714 |
-{
|
|
| 715 |
- int retval; |
|
| 716 |
- char *dirname=NULL; |
|
| 717 |
- vba_project_t *vba_project; |
|
| 718 |
- |
|
| 719 |
- while ((retval = getopt(argc, argv, "d:w")) != -1) {
|
|
| 720 |
- switch (retval) {
|
|
| 721 |
- case 'd': |
|
| 722 |
- dirname = optarg; |
|
| 723 |
- break; |
|
| 724 |
- case ':': |
|
| 725 |
- cli_dbgmsg("missing option parameter\n");
|
|
| 726 |
- exit(-1); |
|
| 727 |
- case '?': |
|
| 728 |
- cli_dbgmsg("unknown option\n");
|
|
| 729 |
- break; |
|
| 730 |
- } |
|
| 731 |
- } |
|
| 732 |
- |
|
| 733 |
- vba_project = vba56_dir_read(dirname); |
|
| 734 |
- |
|
| 735 |
- if (vba_project != NULL) {
|
|
| 736 |
- vba_dump(vba_project); |
|
| 737 |
- } |
|
| 738 |
- return TRUE; |
|
| 739 |
-} |
|
| 740 |
-*/ |