git-svn: trunk@429
Trog authored on 2004/03/22 18:17:31... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Mon Mar 22 09:28:04 GMT 2004 (trog) |
|
2 |
+----------------------------------- |
|
3 |
+ * libclamav/vba_extract.c: minor cleanup |
|
4 |
+ |
|
1 | 5 |
Sun Mar 21 17:30:22 GMT 2004 (njh) |
2 | 6 |
---------------------------------- |
3 | 7 |
* libclamav: Scan bounce messages with no headers for encoded viruses/worms |
... | ... |
@@ -47,40 +47,40 @@ typedef struct vba_version_tag { |
47 | 47 |
} vba_version_t; |
48 | 48 |
|
49 | 49 |
|
50 |
-uint16_t vba_endian_convert_16(uint16_t value, int is_mac) |
|
50 |
+static uint16_t vba_endian_convert_16(uint16_t value, int is_mac) |
|
51 | 51 |
{ |
52 |
- if (is_mac) { |
|
52 |
+ if (is_mac) { |
|
53 | 53 |
#if WORDS_BIGENDIAN == 0 |
54 |
- return ((value >> 8) + (value << 8));; |
|
54 |
+ return ((value >> 8) + (value << 8)); |
|
55 | 55 |
#else |
56 |
- return value; |
|
56 |
+ return value; |
|
57 | 57 |
#endif |
58 |
- } else { |
|
58 |
+ } else { |
|
59 | 59 |
#if WORDS_BIGENDIAN == 0 |
60 |
- return value; |
|
60 |
+ return value; |
|
61 | 61 |
#else |
62 |
- return ((value >> 8) + (value << 8)); |
|
62 |
+ return ((value >> 8) + (value << 8)); |
|
63 | 63 |
#endif |
64 |
- } |
|
64 |
+ } |
|
65 | 65 |
} |
66 | 66 |
|
67 |
-uint32_t vba_endian_convert_32(uint32_t value, int is_mac) |
|
67 |
+static uint32_t vba_endian_convert_32(uint32_t value, int is_mac) |
|
68 | 68 |
{ |
69 |
- if (is_mac) { |
|
69 |
+ if (is_mac) { |
|
70 | 70 |
#if WORDS_BIGENDIAN == 0 |
71 |
- return ((value >> 24) | ((value & 0x00FF0000) >> 8) | |
|
72 |
- ((value & 0x0000FF00) << 8) | (value << 24)); |
|
71 |
+ return ((value >> 24) | ((value & 0x00FF0000) >> 8) | |
|
72 |
+ ((value & 0x0000FF00) << 8) | (value << 24)); |
|
73 | 73 |
#else |
74 |
- return value; |
|
74 |
+ return value; |
|
75 | 75 |
#endif |
76 |
- } else { |
|
76 |
+ } else { |
|
77 | 77 |
#if WORDS_BIGENDIAN == 0 |
78 |
- return value; |
|
78 |
+ return value; |
|
79 | 79 |
#else |
80 |
- return ((value >> 24) | ((value & 0x00FF0000) >> 8) | |
|
81 |
- ((value & 0x0000FF00) << 8) | (value << 24)); |
|
80 |
+ return ((value >> 24) | ((value & 0x00FF0000) >> 8) | |
|
81 |
+ ((value & 0x0000FF00) << 8) | (value << 24)); |
|
82 | 82 |
#endif |
83 |
- } |
|
83 |
+ } |
|
84 | 84 |
} |
85 | 85 |
|
86 | 86 |
typedef struct byte_array_tag { |
... | ... |
@@ -97,7 +97,7 @@ vba_version_t vba_version[] = { |
97 | 97 |
{ { 0x6d, 0x00, 0x00, 0x01 }, "Office 2000", 6, FALSE }, |
98 | 98 |
{ { 0x70, 0x00, 0x00, 0x01 }, "Office XP beta 1/2", 6, FALSE }, |
99 | 99 |
{ { 0x73, 0x00, 0x00, 0x01 }, "Office XP", 6, FALSE }, |
100 |
- { { 0x79, 0x00, 0x00, 0x01 }, "Office 2003", 6, FALSE }, |
|
100 |
+ { { 0x79, 0x00, 0x00, 0x01 }, "Office 2003", 6, FALSE }, |
|
101 | 101 |
{ { 0x60, 0x00, 0x00, 0x0e }, "MacOffice 98", 5, TRUE }, |
102 | 102 |
{ { 0x62, 0x00, 0x00, 0x0e }, "MacOffice 2001", 5, TRUE }, |
103 | 103 |
{ { 0x63, 0x00, 0x00, 0x0e }, "MacOffice X", 6, TRUE }, |
... | ... |
@@ -114,7 +114,7 @@ vba_version_t vba_version[] = { |
114 | 114 |
/* Function: vba_readn |
115 | 115 |
Try hard to read the requested number of bytes |
116 | 116 |
*/ |
117 |
-int vba_readn(int fd, void *buff, unsigned int count) |
|
117 |
+static int vba_readn(int fd, void *buff, unsigned int count) |
|
118 | 118 |
{ |
119 | 119 |
int retval; |
120 | 120 |
unsigned int todo; |
... | ... |
@@ -138,31 +138,7 @@ int vba_readn(int fd, void *buff, unsigned int count) |
138 | 138 |
return count; |
139 | 139 |
} |
140 | 140 |
|
141 |
-/* Function: vba_writen |
|
142 |
- Try hard to write the specified number of bytes |
|
143 |
-*/ |
|
144 |
-int vba_writen(int fd, void *buff, unsigned int count) |
|
145 |
-{ |
|
146 |
- int retval; |
|
147 |
- unsigned int todo; |
|
148 |
- unsigned char *current; |
|
149 |
- |
|
150 |
- todo = count; |
|
151 |
- current = (unsigned char *) buff; |
|
152 |
- |
|
153 |
- do { |
|
154 |
- retval = write(fd, current, todo); |
|
155 |
- if (retval < 0) { |
|
156 |
- return -1; |
|
157 |
- } |
|
158 |
- todo -= retval; |
|
159 |
- current += retval; |
|
160 |
- } while (todo > 0); |
|
161 |
- |
|
162 |
- return count; |
|
163 |
-} |
|
164 |
- |
|
165 |
-char *get_unicode_name(char *name, int size, int is_mac) |
|
141 |
+static char *get_unicode_name(char *name, int size, int is_mac) |
|
166 | 142 |
{ |
167 | 143 |
int i, j; |
168 | 144 |
char *newname; |
... | ... |
@@ -212,27 +188,7 @@ static void vba56_test_middle(int fd) |
212 | 212 |
return; |
213 | 213 |
} |
214 | 214 |
|
215 |
-static void vba56_test_end(int fd) |
|
216 |
-{ |
|
217 |
- char test_end[20]; |
|
218 |
- static const uint8_t end_str[20] = |
|
219 |
- { |
|
220 |
- 0x00, 0x00, 0x2e, 0xc9, 0x27, 0x8e, 0x64, 0x12, |
|
221 |
- 0x1c, 0x10, 0x8a, 0x2f, 0x04, 0x02, 0x24, 0x00, |
|
222 |
- 0x9c, 0x02, 0x00, 0x00 |
|
223 |
- }; |
|
224 |
- |
|
225 |
- if (vba_readn(fd, &test_end, 20) != 20) { |
|
226 |
- return; |
|
227 |
- } |
|
228 |
- |
|
229 |
- if (memcmp(test_end, end_str, 20) != 0) { |
|
230 |
- lseek(fd, -20, SEEK_CUR); |
|
231 |
- } |
|
232 |
- return; |
|
233 |
-} |
|
234 |
- |
|
235 |
-int vba_read_project_strings(int fd, int is_mac) |
|
215 |
+static int vba_read_project_strings(int fd, int is_mac) |
|
236 | 216 |
{ |
237 | 217 |
uint16_t length; |
238 | 218 |
unsigned char *buff, *name; |
... | ... |
@@ -263,11 +219,11 @@ int vba_read_project_strings(int fd, int is_mac) |
263 | 263 |
cli_dbgmsg("name: %s\n", name); |
264 | 264 |
free(buff); |
265 | 265 |
|
266 |
- /* Ignore twelve bytes from entries of type 'G'. |
|
266 |
+ /* Ignore twelve bytes from entries of type 'G'. |
|
267 | 267 |
Type 'C' entries come in pairs, the second also |
268 | 268 |
having a 12 byte trailer */ |
269 | 269 |
/* TODO: Need to check if types H(same as G) and D(same as C) exist */ |
270 |
- if (!strncmp ("*\\G", name, 3) || !strncmp ("*\\H", name, 3) |
|
270 |
+ if (!strncmp ("*\\G", name, 3) || !strncmp ("*\\H", name, 3) |
|
271 | 271 |
|| !strncmp("*\\C", name, 3) || !strncmp("*\\D", name, 3)) { |
272 | 272 |
if (vba_readn(fd, &length, 2) != 2) { |
273 | 273 |
return FALSE; |
... | ... |
@@ -278,13 +234,13 @@ int vba_read_project_strings(int fd, int is_mac) |
278 | 278 |
continue; |
279 | 279 |
} |
280 | 280 |
buff = (unsigned char *) cli_malloc(10); |
281 |
- if (vba_readn(fd, buff, 10) != 10) { |
|
281 |
+ if (vba_readn(fd, buff, 10) != 10) { |
|
282 | 282 |
cli_errmsg("failed to read blob\n"); |
283 |
- free(buff); |
|
283 |
+ free(buff); |
|
284 | 284 |
free(name); |
285 | 285 |
close(fd); |
286 | 286 |
return FALSE; |
287 |
- } |
|
287 |
+ } |
|
288 | 288 |
free(buff); |
289 | 289 |
} else { |
290 | 290 |
/* Unknown type - probably ran out of strings - rewind */ |
... | ... |
@@ -304,7 +260,7 @@ vba_project_t *vba56_dir_read(const char *dir) |
304 | 304 |
{ |
305 | 305 |
unsigned char magic[2]; |
306 | 306 |
unsigned char version[4]; |
307 |
- unsigned char *buff, *name; |
|
307 |
+ unsigned char *buff; |
|
308 | 308 |
unsigned char vba56_signature[] = { 0xcc, 0x61 }; |
309 | 309 |
uint16_t record_count, length; |
310 | 310 |
uint16_t ooff; |
... | ... |
@@ -323,8 +279,6 @@ vba_project_t *vba56_dir_read(const char *dir) |
323 | 323 |
vba_project_t *vba_project; |
324 | 324 |
char *fullname; |
325 | 325 |
|
326 |
- unsigned char fixed_octet[8] = { 0x06, 0x02, 0x01, 0x00, 0x08, 0x02, 0x00, 0x00 }; |
|
327 |
- |
|
328 | 326 |
cli_dbgmsg("in vba56_dir_read()\n"); |
329 | 327 |
|
330 | 328 |
fullname = (char *) cli_malloc(strlen(dir) + 15); |
... | ... |
@@ -579,7 +533,7 @@ out_error: |
579 | 579 |
|
580 | 580 |
#define VBA_COMPRESSION_WINDOW 4096 |
581 | 581 |
|
582 |
-void byte_array_append(byte_array_t *array, unsigned char *src, unsigned int len) |
|
582 |
+static void byte_array_append(byte_array_t *array, unsigned char *src, unsigned int len) |
|
583 | 583 |
{ |
584 | 584 |
if (array->length == 0) { |
585 | 585 |
array->data = (unsigned char *) cli_malloc(len); |
... | ... |
@@ -680,61 +634,3 @@ unsigned char *vba_decompress(int fd, uint32_t offset, int *size) |
680 | 680 |
return result.data; |
681 | 681 |
|
682 | 682 |
} |
683 |
- |
|
684 |
-/* |
|
685 |
-int vba_dump(vba_project_t *vba_project) |
|
686 |
-{ |
|
687 |
- int i, fd; |
|
688 |
- unsigned char *data; |
|
689 |
- char *fullname; |
|
690 |
- |
|
691 |
- for (i=0 ; i<vba_project->count ; i++) { |
|
692 |
- |
|
693 |
- cli_dbgmsg("\n\n*****************************\n"); |
|
694 |
- cli_dbgmsg("Deocding file: %s\n", vba_project->name[i]); |
|
695 |
- cli_dbgmsg("*****************************\n"); |
|
696 |
- fullname = (char *) cli_malloc(strlen(vba_project->dir) + strlen(vba_project->name[i]) + 2); |
|
697 |
- sprintf(fullname, "%s/%s", vba_project->dir, vba_project->name[i]); |
|
698 |
- fd = open(fullname, O_RDONLY); |
|
699 |
- free(fullname); |
|
700 |
- if (fd == -1) { |
|
701 |
- cli_dbgmsg("Open failed\n"); |
|
702 |
- return FALSE; |
|
703 |
- } |
|
704 |
- |
|
705 |
- data = vba_decompress(fd, vba_project->offset[i], NULL); |
|
706 |
- cli_dbgmsg("%s\n", data); |
|
707 |
- close(fd); |
|
708 |
- |
|
709 |
- } |
|
710 |
- return TRUE; |
|
711 |
-} |
|
712 |
- |
|
713 |
-int main(int argc, char *argv[]) |
|
714 |
-{ |
|
715 |
- int retval; |
|
716 |
- char *dirname=NULL; |
|
717 |
- vba_project_t *vba_project; |
|
718 |
- |
|
719 |
- while ((retval = getopt(argc, argv, "d:w")) != -1) { |
|
720 |
- switch (retval) { |
|
721 |
- case 'd': |
|
722 |
- dirname = optarg; |
|
723 |
- break; |
|
724 |
- case ':': |
|
725 |
- cli_dbgmsg("missing option parameter\n"); |
|
726 |
- exit(-1); |
|
727 |
- case '?': |
|
728 |
- cli_dbgmsg("unknown option\n"); |
|
729 |
- break; |
|
730 |
- } |
|
731 |
- } |
|
732 |
- |
|
733 |
- vba_project = vba56_dir_read(dirname); |
|
734 |
- |
|
735 |
- if (vba_project != NULL) { |
|
736 |
- vba_dump(vba_project); |
|
737 |
- } |
|
738 |
- return TRUE; |
|
739 |
-} |
|
740 |
-*/ |