... | ... |
@@ -360,7 +360,7 @@ int cli_pcre_build(struct cli_matcher *root, long long unsigned match_limit, lon |
360 | 360 |
struct cli_pcre_meta *pm = NULL; |
361 | 361 |
int disable_all = 0; |
362 | 362 |
|
363 |
- if (dconf && (dconf->pcre & PCRE_CONF_SUPPORT)) |
|
363 |
+ if (dconf && !(dconf->pcre & PCRE_CONF_SUPPORT)) |
|
364 | 364 |
disable_all = 1; |
365 | 365 |
|
366 | 366 |
for (i = 0; i < root->pcre_metas; ++i) { |
... | ... |
@@ -178,7 +178,7 @@ static inline int matcher_run(const struct cli_matcher *root, |
178 | 178 |
if (rc != CL_SUCCESS) |
179 | 179 |
return rc; |
180 | 180 |
if (maxfilesize && (map->len > maxfilesize)) { |
181 |
- cli_dbgmsg("cli_pcre_scanbuf: pcre max filesize (map) exceeded (limit: %llu, needed: %llu)\n", maxfilesize, (long long unsigned)map->len); |
|
181 |
+ cli_dbgmsg("matcher_run: pcre max filesize (map) exceeded (limit: %llu, needed: %llu)\n", maxfilesize, (long long unsigned)map->len); |
|
182 | 182 |
return CL_EMAXSIZE; |
183 | 183 |
} |
184 | 184 |
|
... | ... |
@@ -201,7 +201,7 @@ static inline int matcher_run(const struct cli_matcher *root, |
201 | 201 |
if (rc != CL_SUCCESS) |
202 | 202 |
return rc; |
203 | 203 |
if (maxfilesize && (length > maxfilesize)) { |
204 |
- cli_dbgmsg("cli_pcre_scanbuf: pcre max filesize (buf) exceeded (limit: %llu, needed: %u)\n", maxfilesize, length); |
|
204 |
+ cli_dbgmsg("matcher_run: pcre max filesize (buf) exceeded (limit: %llu, needed: %u)\n", maxfilesize, length); |
|
205 | 205 |
return CL_EMAXSIZE; |
206 | 206 |
} |
207 | 207 |
|
... | ... |
@@ -846,8 +846,7 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli |
846 | 846 |
cli_targetinfo(&info, i, map); |
847 | 847 |
|
848 | 848 |
if(!ftonly) { |
849 |
- if((ret = cli_ac_initdata(&gdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN)) || (ret = cli_ac_caloff(groot, &gdata, &info)) || |
|
850 |
- (ret = cli_pcre_recaloff(groot, &gpoff, &info, ctx))) { |
|
849 |
+ if((ret = cli_ac_initdata(&gdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN)) || (ret = cli_ac_caloff(groot, &gdata, &info))) { |
|
851 | 850 |
if(info.exeinfo.section) |
852 | 851 |
free(info.exeinfo.section); |
853 | 852 |
|
... | ... |
@@ -857,11 +856,22 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli |
857 | 857 |
cl_hash_destroy(sha256ctx); |
858 | 858 |
return ret; |
859 | 859 |
} |
860 |
+ if((ret = cli_pcre_recaloff(groot, &gpoff, &info, ctx))) { |
|
861 |
+ cli_ac_freedata(&gdata); |
|
862 |
+ if(info.exeinfo.section) |
|
863 |
+ free(info.exeinfo.section); |
|
864 |
+ |
|
865 |
+ cli_hashset_destroy(&info.exeinfo.vinfo); |
|
866 |
+ cl_hash_destroy(md5ctx); |
|
867 |
+ cl_hash_destroy(sha1ctx); |
|
868 |
+ cl_hash_destroy(sha256ctx); |
|
869 |
+ return ret; |
|
870 |
+ |
|
871 |
+ } |
|
860 | 872 |
} |
861 | 873 |
|
862 | 874 |
if(troot) { |
863 |
- if((ret = cli_ac_initdata(&tdata, troot->ac_partsigs, troot->ac_lsigs, troot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN)) || (ret = cli_ac_caloff(troot, &tdata, &info)) || |
|
864 |
- (ret = cli_pcre_recaloff(troot, &tpoff, &info, ctx))) { |
|
875 |
+ if((ret = cli_ac_initdata(&tdata, troot->ac_partsigs, troot->ac_lsigs, troot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN)) || (ret = cli_ac_caloff(troot, &tdata, &info))) { |
|
865 | 876 |
if(!ftonly) { |
866 | 877 |
cli_ac_freedata(&gdata); |
867 | 878 |
cli_pcre_freeoff(&gpoff); |
... | ... |
@@ -884,7 +894,6 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli |
884 | 884 |
} |
885 | 885 |
|
886 | 886 |
cli_ac_freedata(&tdata); |
887 |
- cli_pcre_freeoff(&tpoff); |
|
888 | 887 |
if(info.exeinfo.section) |
889 | 888 |
free(info.exeinfo.section); |
890 | 889 |
|
... | ... |
@@ -898,6 +907,24 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli |
898 | 898 |
bm_offmode = 1; |
899 | 899 |
} |
900 | 900 |
} |
901 |
+ if ((ret = cli_pcre_recaloff(troot, &tpoff, &info, ctx))) { |
|
902 |
+ if(!ftonly) { |
|
903 |
+ cli_ac_freedata(&gdata); |
|
904 |
+ cli_pcre_freeoff(&gpoff); |
|
905 |
+ } |
|
906 |
+ |
|
907 |
+ cli_ac_freedata(&tdata); |
|
908 |
+ if(bm_offmode) |
|
909 |
+ cli_bm_freeoff(&toff); |
|
910 |
+ if(info.exeinfo.section) |
|
911 |
+ free(info.exeinfo.section); |
|
912 |
+ |
|
913 |
+ cli_hashset_destroy(&info.exeinfo.vinfo); |
|
914 |
+ cl_hash_destroy(md5ctx); |
|
915 |
+ cl_hash_destroy(sha1ctx); |
|
916 |
+ cl_hash_destroy(sha256ctx); |
|
917 |
+ return ret; |
|
918 |
+ } |
|
901 | 919 |
} |
902 | 920 |
|
903 | 921 |
hdb = ctx->engine->hm_hdb; |
... | ... |
@@ -953,9 +980,9 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli |
953 | 953 |
} |
954 | 954 |
|
955 | 955 |
cli_ac_freedata(&tdata); |
956 |
- cli_pcre_freeoff(&tpoff); |
|
957 | 956 |
if(bm_offmode) |
958 | 957 |
cli_bm_freeoff(&toff); |
958 |
+ cli_pcre_freeoff(&tpoff); |
|
959 | 959 |
|
960 | 960 |
if(info.exeinfo.section) |
961 | 961 |
free(info.exeinfo.section); |
... | ... |
@@ -982,9 +1009,9 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli |
982 | 982 |
cli_pcre_freeoff(&gpoff); |
983 | 983 |
if(troot) { |
984 | 984 |
cli_ac_freedata(&tdata); |
985 |
- cli_pcre_freeoff(&tpoff); |
|
986 | 985 |
if(bm_offmode) |
987 | 986 |
cli_bm_freeoff(&toff); |
987 |
+ cli_pcre_freeoff(&tpoff); |
|
988 | 988 |
} |
989 | 989 |
|
990 | 990 |
if(info.exeinfo.section) |
... | ... |
@@ -1108,9 +1135,9 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli |
1108 | 1108 |
viruses_found++; |
1109 | 1109 |
|
1110 | 1110 |
cli_ac_freedata(&tdata); |
1111 |
- cli_pcre_freeoff(&tpoff); |
|
1112 | 1111 |
if(bm_offmode) |
1113 | 1112 |
cli_bm_freeoff(&toff); |
1113 |
+ cli_pcre_freeoff(&tpoff); |
|
1114 | 1114 |
} |
1115 | 1115 |
|
1116 | 1116 |
if(groot) { |