... | ... |
@@ -760,76 +760,73 @@ char *cli_dbgets(char *buff, unsigned int size, FILE *fs, struct cli_dbio *dbio) |
760 | 760 |
} |
761 | 761 |
} |
762 | 762 |
|
763 |
-static char *cli_signorm(const char *signame, size_t sz, size_t *new_sz) { |
|
763 |
+static char *cli_signorm(const char *signame) |
|
764 |
+{ |
|
765 |
+ char *new_signame = NULL; |
|
766 |
+ size_t pad = 0; |
|
767 |
+ size_t nsz; |
|
764 | 768 |
|
765 |
- char *idx = NULL; |
|
766 |
- char *new_signame = NULL; |
|
767 |
- size_t nsz = 0; |
|
769 |
+ if (!signame) |
|
770 |
+ return NULL; |
|
768 | 771 |
|
769 |
- if (!signame) { |
|
770 |
- *new_sz = sz; |
|
771 |
- return NULL; |
|
772 |
- } |
|
773 |
- sz = strlen(signame); |
|
772 |
+ nsz = strlen(signame); |
|
774 | 773 |
|
775 |
- if (sz <= 11) { |
|
776 |
- *new_sz = sz; |
|
777 |
- return NULL; |
|
778 |
- } |
|
779 |
- nsz = sz - 11; |
|
780 |
- |
|
781 |
- idx = signame + nsz; |
|
782 |
- if (strncmp(idx, ".UNOFFICIAL", 11)) { |
|
783 |
- *new_sz = sz; |
|
784 |
- return NULL; |
|
785 |
- } |
|
774 |
+ if (nsz > 11) { |
|
775 |
+ if (!strncmp(signame+nsz-11, ".UNOFFICIAL", 11)) |
|
776 |
+ nsz -= 11; |
|
777 |
+ else |
|
778 |
+ return NULL; |
|
779 |
+ } else if (nsz > 2) |
|
780 |
+ return NULL; |
|
781 |
+ |
|
782 |
+ if (nsz < 3) { |
|
783 |
+ pad = 3 - nsz; |
|
784 |
+ nsz = 3; |
|
785 |
+ } |
|
786 | 786 |
|
787 |
- new_signame = malloc(nsz + 1); |
|
788 |
- if (!new_signame) { |
|
789 |
- *new_sz = sz; |
|
790 |
- return NULL; |
|
791 |
- } |
|
787 |
+ new_signame = malloc(nsz + 1); |
|
788 |
+ if (!new_signame) |
|
789 |
+ return NULL; |
|
792 | 790 |
|
793 |
- memcpy(new_signame, signame, nsz); |
|
794 |
- new_signame[nsz] = '\0'; |
|
791 |
+ memcpy(new_signame, signame, nsz-pad); |
|
792 |
+ new_signame[nsz] = '\0'; |
|
795 | 793 |
|
796 |
- *new_sz = nsz; |
|
797 |
- return new_signame; |
|
794 |
+ while (pad > 0) |
|
795 |
+ new_signame[nsz-pad--] = '\x20'; |
|
796 |
+ |
|
797 |
+ return new_signame; |
|
798 | 798 |
} |
799 | 799 |
|
800 | 800 |
static int cli_chkign(const struct cli_matcher *ignored, const char *signame, const char *entry) |
801 | 801 |
{ |
802 | 802 |
|
803 | 803 |
const char *md5_expected = NULL; |
804 |
- char *norm_signame = NULL; |
|
804 |
+ char *norm_signame; |
|
805 | 805 |
unsigned char digest[16]; |
806 |
- size_t sz = 0; |
|
806 |
+ int ret = 0; |
|
807 | 807 |
|
808 | 808 |
if(!ignored || !signame || !entry) |
809 | 809 |
return 0; |
810 | 810 |
|
811 |
- if(!(norm_signame = cli_signorm(signame, strlen(signame), &sz))) |
|
812 |
- norm_signame = signame; |
|
813 |
- |
|
814 |
- if(cli_bm_scanbuff((const unsigned char *) norm_signame, sz, &md5_expected, NULL, ignored, 0, NULL, NULL,NULL) == CL_VIRUS) { |
|
815 |
- if(md5_expected) { |
|
816 |
- cl_hash_data("md5", entry, strlen(entry), digest, NULL); |
|
817 |
- if(memcmp(digest, (const unsigned char *) md5_expected, 16)) { |
|
818 |
- if (signame != norm_signame) |
|
819 |
- free(norm_signame); |
|
820 |
- return 0; |
|
821 |
- } |
|
822 |
- } |
|
811 |
+ norm_signame = cli_signorm(signame); |
|
812 |
+ if (norm_signame != NULL) |
|
813 |
+ signame = norm_signame; |
|
823 | 814 |
|
824 |
- cli_dbgmsg("Ignoring signature %s\n", norm_signame); |
|
825 |
- if (signame != norm_signame) |
|
826 |
- free(norm_signame); |
|
827 |
- return 1; |
|
828 |
- } |
|
815 |
+ if(cli_bm_scanbuff((const unsigned char *) signame, strlen(signame), &md5_expected, NULL, ignored, 0, NULL, NULL,NULL) == CL_VIRUS) |
|
816 |
+ do { |
|
817 |
+ if(md5_expected) { |
|
818 |
+ cl_hash_data("md5", entry, strlen(entry), digest, NULL); |
|
819 |
+ if(memcmp(digest, (const unsigned char *) md5_expected, 16)) |
|
820 |
+ break; |
|
821 |
+ } |
|
822 |
+ |
|
823 |
+ cli_dbgmsg("Ignoring signature %s\n", signame); |
|
824 |
+ ret = 1; |
|
825 |
+ } while (0); |
|
829 | 826 |
|
830 |
- if (signame != norm_signame) |
|
827 |
+ if (norm_signame) |
|
831 | 828 |
free(norm_signame); |
832 |
- return 0; |
|
829 |
+ return ret; |
|
833 | 830 |
} |
834 | 831 |
|
835 | 832 |
static int cli_chkpua(const char *signame, const char *pua_cats, unsigned int options) |
... | ... |
@@ -2323,6 +2320,18 @@ static int cli_loadign(FILE *fs, struct cl_engine *engine, unsigned int options, |
2323 | 2323 |
ret = CL_EMALFDB; |
2324 | 2324 |
break; |
2325 | 2325 |
} |
2326 |
+ if (len < 3) { |
|
2327 |
+ int pad = 3 - len; |
|
2328 |
+ /* patch-up for Boyer-Moore minimum length of 3: pad with spaces */ |
|
2329 |
+ if (signame != buffer) { |
|
2330 |
+ strncpy (buffer, signame, len); |
|
2331 |
+ signame = buffer; |
|
2332 |
+ } |
|
2333 |
+ buffer[3] = '\0'; |
|
2334 |
+ while (pad > 0) |
|
2335 |
+ buffer[3-pad--] = '\x20'; |
|
2336 |
+ len = 3; |
|
2337 |
+ } |
|
2326 | 2338 |
|
2327 | 2339 |
new = (struct cli_bm_patt *) mpool_calloc(engine->mempool, 1, sizeof(struct cli_bm_patt)); |
2328 | 2340 |
if(!new) { |