@@ -1,3 +1,7 @@

+Fri Jul 25 20:41:21 CEST 2008 (tk)

+----------------------------------

+  * libclamav: add initial support for logical signatures (bb#896)

+

 Fri Jul 25 02:24:53 CEST 2008 (acab)

 ------------------------------------

   * libclamav/scanners.c: warn if no bzip2 support - bb#1060

@@ -163,7 +163,7 @@ cli_file_t cli_filetype2(int desc, const struct cl_engine *engine)

 	if(!root)

 	    return ret;

-	if(cli_ac_initdata(&mdata, root->ac_partsigs, AC_DEFAULT_TRACKLEN))

+	if(cli_ac_initdata(&mdata, root->ac_partsigs, root->ac_lsigs, AC_DEFAULT_TRACKLEN))

 	    return ret;

 	sret = cli_ac_scanbuff(buff, bread, NULL, engine->root[0], &mdata, 0, ret, desc, NULL, AC_SCAN_FT, NULL);

@@ -173,7 +173,7 @@ cli_file_t cli_filetype2(int desc, const struct cl_engine *engine)

 	if(sret >= CL_TYPENO) {

 	    ret = sret;

 	} else {

-	    if(cli_ac_initdata(&mdata, root->ac_partsigs, AC_DEFAULT_TRACKLEN))

+	    if(cli_ac_initdata(&mdata, root->ac_partsigs, root->ac_lsigs, AC_DEFAULT_TRACKLEN))

 		return ret;

 	    decoded = (unsigned char *) cli_utf16toascii((char *) buff, bread);

@@ -208,7 +208,7 @@ cli_file_t cli_filetype2(int desc, const struct cl_engine *engine)

 			     * (just eliminating zeros and matching would introduce false positives */

 			    if(encoding_normalize_toascii(&in_area, encoding, &out_area) >= 0 && out_area.length > 0) {

 				    out_area.buffer[out_area.length] = '\0';

-				    if(cli_ac_initdata(&mdata, root->ac_partsigs, AC_DEFAULT_TRACKLEN))

+				    if(cli_ac_initdata(&mdata, root->ac_partsigs, root->ac_lsigs, AC_DEFAULT_TRACKLEN))

 					    return ret;

 				    if(out_area.length > 0) {

@@ -25,6 +25,7 @@

 #include <stdio.h>

 #include <string.h>

 #include <stdlib.h>

+#include <ctype.h>

 #ifdef	HAVE_UNISTD_H

 #include <unistd.h>

 #endif

@@ -373,6 +374,228 @@ void cli_ac_free(struct cli_matcher *root)

     }

 }

+/*

+ * In parse_only mode this function returns -1 on error or the max subsig id

+ */

+int cli_ac_chklsig(const char *expr, const char *end, uint32_t *lsigcnt, unsigned int *cnt, unsigned int parse_only)

+{

+	unsigned int i, len = end - expr, pth = 0, opoff = 0, op1off = 0, val;

+	unsigned int blkend = 0, id, modval, lcnt = 0, rcnt = 0, tcnt, modoff = 0;

+	int ret, lval, rval;

+	char op = 0, op1 = 0, mod = 0, blkmod = 0;

+	const char *lstart = expr, *lend = NULL, *rstart = NULL, *rend = end, *pt;

+

+

+    for(i = 0; i < len; i++) {

+	switch(expr[i]) {

+	    case '(':

+		pth++;

+		break;

+

+	    case ')':

+		if(!pth) {

+		    cli_errmsg("cli_ac_chklsig: Syntax error: Missing opening parenthesis\n");

+		    return -1;

+		}

+		pth--;

+

+	    case '>':

+	    case '<':

+	    case '=':

+		mod = expr[i];

+		modoff = i;

+		break;

+

+	    default:

+		if(strchr("&|", expr[i])) {

+		    if(!pth) {

+			op = expr[i];

+			opoff = i;

+		    } else if(pth == 1) {

+			op1 = expr[i];

+			op1off = i;

+		    }

+		}

+	}

+

+	if(op)

+	    break;

+

+	if(op1 && !pth) {

+	    blkend = i;

+	    if(expr[i + 1] == '>' || expr[i + 1] == '<' || expr[i + 1] == '=') {

+		blkmod = expr[i + 1];

+		ret = sscanf(&expr[i + 2], "%u", &modval);

+		if(!ret || ret == EOF) {

+		    cli_errmsg("chklexpr: Syntax error: Missing number after '%c'\n", expr[i + 1]);

+		    return -1;

+		}

+		for(i += 2; i + 1 < len && isdigit(expr[i + 1]); i++);

+	    }

+

+	    if(&expr[i + 1] == rend)

+		break;

+	    else

+		blkmod = 0;

+	}

+    }

+

+    if(pth) {

+	cli_errmsg("cli_ac_chklsig: Syntax error: Missing closing parenthesis\n");

+	return -1;

+    }

+

+    if(!op && !op1) {

+	if(expr[0] == '(')

+	    return cli_ac_chklsig(++expr, --end, lsigcnt, cnt, parse_only);

+

+	ret = sscanf(expr, "%u", &id);

+	if(!ret || ret == EOF) {

+	    cli_errmsg("cli_ac_chklsig: Can't parse %s\n", expr);

+	    return -1;

+	}

+

+	if(parse_only)

+	    val = id;

+	else

+	    val = lsigcnt[id];

+

+	if(mod) {

+	    pt = strchr(expr, mod) + modoff;

+	    ret = sscanf(pt, "%u", &modval);

+	    if(!ret || ret == EOF) {

+		cli_errmsg("chklexpr: Syntax error: Missing number after '%c'\n", mod);

+		return -1;

+	    }

+	    if(!parse_only) switch(mod) {

+		case '=':

+		    if(val == modval) {

+			*cnt += val;

+			return 1;

+		    } else {

+			return 0;

+		    }

+		    break;

+		case '<':

+		    if(val < modval) {

+			*cnt += val;

+			return 1;

+		    } else {

+			return 0;

+		    }

+		    break;

+		case '>':

+		    if(val > modval) {

+			*cnt += val;

+			return 1;

+		    } else {

+			return 0;

+		    }

+	    }

+	}

+

+	if(parse_only) {

+	    return val;

+	} else {

+	    *cnt += val;

+	    return val ? 1 : 0;

+	}

+    }

+

+    if(!op) {

+	op = op1;

+	opoff = op1off;

+	lstart++;

+	rend = &expr[blkend];

+    }

+

+    if(!opoff) {

+	cli_errmsg("cli_ac_chklsig: Syntax error: Missing left argument\n");

+	return -1;

+    }

+    lend = &expr[opoff];

+    if(opoff + 1 == len) {

+	cli_errmsg("cli_ac_chklsig: Syntax error: Missing right argument\n");

+	return -1;

+    }

+    rstart = &expr[opoff + 1];

+

+    lval = cli_ac_chklsig(lstart, lend, lsigcnt, &lcnt, parse_only);

+    if(lval == -1) {

+	cli_errmsg("cli_ac_chklsig: Calculation of lval failed\n");

+	return -1;

+    }

+

+    rval = cli_ac_chklsig(rstart, rend, lsigcnt, &rcnt, parse_only);

+    if(rval == -1) {

+	cli_errmsg("cli_ac_chklsig: Calculation of rval failed\n");

+	return -1;

+    }

+

+    if(parse_only) {

+	switch(op) {

+	    case '&':

+	    case '|':

+		return MAX(lval, rval);

+	    default:

+		cli_errmsg("cli_ac_chklsig: Incorrect operator type\n");

+		return -1;

+	}

+    } else {

+	switch(op) {

+	    case '&':

+		ret = lval && rval;

+		break;

+	    case '|':

+		ret = lval || rval;

+		break;

+	    default:

+		cli_errmsg("cli_ac_chklsig: Incorrect operator type\n");

+		return -1;

+	}

+

+	if(!blkmod) {

+	    if(ret)

+		*cnt += lcnt + rcnt;

+

+	    return ret;

+	} else {

+	    if(ret)

+		tcnt = lcnt + rcnt;

+	    else

+		tcnt = 0;

+

+	    switch(blkmod) {

+		case '=':

+		    if(tcnt == modval) {

+			*cnt += tcnt;

+			return 1;

+		    } else {

+			return 0;

+		    }

+		    break;

+		case '<':

+		    if(tcnt < modval) {

+			*cnt += tcnt;

+			return 1;

+		    } else {

+			return 0;

+		    }

+		    break;

+		case '>':

+		    if(tcnt > modval) {

+			*cnt += tcnt;

+			return 1;

+		    } else {

+			return 0;

+		    }

+		default:

+		    return 0;

+	    }

+	}

+    }

+}

+

 /* 

  * FIXME: the current support for string alternatives uses a brute-force

  *        approach and doesn't perform any kind of verification and

@@ -501,8 +724,10 @@ inline static int ac_findmatch(const unsigned char *buffer, uint32_t offset, uin

     return 1;

 }

-int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint8_t tracklen)

+int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint32_t lsigs, uint8_t tracklen)

 {

+	unsigned int i;

+

     if(!data) {

 	cli_errmsg("cli_ac_init: data == NULL\n");

@@ -511,15 +736,35 @@ int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint8_t trackle

     data->partsigs = partsigs;

-    if(!partsigs)

-	return CL_SUCCESS;

-

-    data->offmatrix = (int32_t ***) cli_calloc(partsigs, sizeof(int32_t **));

-    if(!data->offmatrix) {

-	cli_errmsg("cli_ac_init: Can't allocate memory for data->offmatrix\n");

-	return CL_EMEM;

+    if(partsigs) {

+	data->offmatrix = (int32_t ***) cli_calloc(partsigs, sizeof(int32_t **));

+	if(!data->offmatrix) {

+	    cli_errmsg("cli_ac_init: Can't allocate memory for data->offmatrix\n");

+	    return CL_EMEM;

+	}

     }

-

+ 

+    data->lsigs = lsigs;

+    if(lsigs) {

+	data->lsigcnt = (uint32_t **) cli_malloc(lsigs * sizeof(uint32_t *));

+	if(!data->lsigcnt) {

+	    if(partsigs)

+		free(data->offmatrix);

+	    cli_errmsg("cli_ac_init: Can't allocate memory for data->lsigcnt\n");

+	    return CL_EMEM;

+	}

+	data->lsigcnt[0] = (uint32_t *) cli_calloc(lsigs * 64, sizeof(uint32_t));

+	if(!data->lsigcnt[0]) {

+	    free(data->lsigcnt);

+	    if(partsigs)

+		free(data->offmatrix);

+	    cli_errmsg("cli_ac_init: Can't allocate memory for data->lsigcnt[0]\n");

+	    return CL_EMEM;

+	}

+	for(i = 1; i < lsigs; i++)

+	    data->lsigcnt[i] = data->lsigcnt[0] + 64 * i;

+     }

+ 

     return CL_SUCCESS;

 }

@@ -536,6 +781,13 @@ void cli_ac_freedata(struct cli_ac_data *data)

 	    }

 	}

 	free(data->offmatrix);

+	data->partsigs = 0;

+    }

+

+    if(data && data->lsigs) {

+	free(data->lsigcnt[0]);

+	free(data->lsigcnt);

+	data->lsigs = 0;

     }

 }

@@ -581,6 +833,7 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v

 	uint8_t found;

 	struct cli_target_info info;

 	int type = CL_CLEAN;

+	unsigned int evalcnt;

     if(!root->ac_root)

@@ -707,6 +960,12 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v

 				    }

 				} else { /* !pt->type */

+				    if(pt->lsigid[0]) {

+					mdata->lsigcnt[pt->lsigid[1]][pt->lsigid[2]]++;

+					pt = pt->next;

+					continue;

+				    }

+

 				    if(virname)

 					*virname = pt->virname;

@@ -738,6 +997,12 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v

 				    }

 				}

 			    } else {

+				if(pt->lsigid[0]) {

+				    mdata->lsigcnt[pt->lsigid[1]][pt->lsigid[2]]++;

+				    pt = pt->next;

+				    continue;

+				}

+

 				if(virname)

 				    *virname = pt->virname;

@@ -757,11 +1022,20 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v

     if(info.exeinfo.section)

 	free(info.exeinfo.section);

+    for(i = 0; i < root->ac_lsigs; i++) {

+	evalcnt = 0;

+	if(cli_ac_chklsig(root->ac_lsigtable[i]->logic, root->ac_lsigtable[i]->logic + strlen(root->ac_lsigtable[i]->logic), mdata->lsigcnt[i], &evalcnt, 0) == 1) {

+	    if(virname)

+		*virname = root->ac_lsigtable[i]->virname;

+	    return CL_VIRUS;

+	}

+    }

+

     return (mode & AC_SCAN_FT) ? type : CL_CLEAN;

 }

 /* FIXME: clean up the code */

-int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hexsig, uint32_t sigid, uint16_t parts, uint16_t partno, uint16_t rtype, uint16_t type, uint32_t mindist, uint32_t maxdist, const char *offset, uint8_t target, unsigned int options)

+int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hexsig, uint32_t sigid, uint16_t parts, uint16_t partno, uint16_t rtype, uint16_t type, uint32_t mindist, uint32_t maxdist, const char *offset, uint8_t target, const uint32_t *lsigid, unsigned int options)

 {

 	struct cli_ac_patt *new;

 	char *pt, *pt2, *hex = NULL, *hexcpy = NULL;

@@ -771,6 +1045,11 @@ int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hex

 	int ret, error = CL_SUCCESS;

+    if(!root) {

+	cli_errmsg("cli_ac_addsig: root == NULL\n");

+	return CL_ENULLARG;

+    }

+

     if(strlen(hexsig) / 2 < root->ac_mindepth)

 	return CL_EPATSHORT;

@@ -787,6 +1066,10 @@ int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hex

     new->target = target;

     new->ch[0] |= CLI_MATCH_IGNORE;

     new->ch[1] |= CLI_MATCH_IGNORE;

+    if(lsigid) {

+	new->lsigid[0] = 1;

+	memcpy(&new->lsigid[1], lsigid, 2 * sizeof(uint32_t));

+    }

     if(strchr(hexsig, '[')) {

 	if(!(hexcpy = cli_strdup(hexsig))) {

@@ -1068,6 +1351,9 @@ int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hex

 	return CL_EMEM;

     }

+    if(new->lsigid[0])

+	root->ac_lsigtable[new->lsigid[1]]->virname = new->virname;

+

     if(offset) {

 	new->offset = cli_strdup(offset);

 	if(!new->offset) {

@@ -37,7 +37,8 @@ extern uint8_t cli_ac_mindepth, cli_ac_maxdepth;

 struct cli_ac_data {

     int32_t ***offmatrix;

-    uint32_t partsigs;

+    uint32_t partsigs, lsigs;

+    uint32_t **lsigcnt;

 };

 struct cli_ac_alt {

@@ -51,6 +52,7 @@ struct cli_ac_patt {

     uint16_t *pattern, *prefix, length, prefix_length;

     uint32_t mindist, maxdist;

     uint32_t sigid;

+    uint32_t lsigid[3];

     char *virname, *offset;

     uint16_t ch[2];

     uint16_t ch_mindist[2];

@@ -72,13 +74,14 @@ struct cli_ac_node {

 #include "matcher.h"

 int cli_ac_addpatt(struct cli_matcher *root, struct cli_ac_patt *pattern);

-int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint8_t tracklen);

+int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint32_t lsigs, uint8_t tracklen);

+int cli_ac_chklsig(const char *expr, const char *end, uint32_t *lsigcnt, unsigned int *cnt, unsigned int parse_only);

 void cli_ac_freedata(struct cli_ac_data *data);

 int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, const struct cli_matcher *root, struct cli_ac_data *mdata, uint32_t offset, cli_file_t ftype, int fd, struct cli_matched_type **ftoffset, unsigned int mode, const cli_ctx *ctx);

 int cli_ac_buildtrie(struct cli_matcher *root);

 int cli_ac_init(struct cli_matcher *root, uint8_t mindepth, uint8_t maxdepth);

 void cli_ac_free(struct cli_matcher *root);

-int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hexsig, uint32_t sigid, uint16_t parts, uint16_t partno, uint16_t rtype, uint16_t type, uint32_t mindist, uint32_t maxdist, const char *offset, uint8_t target, unsigned int options);

+int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hexsig, uint32_t sigid, uint16_t parts, uint16_t partno, uint16_t rtype, uint16_t type, uint32_t mindist, uint32_t maxdist, const char *offset, uint8_t target, const uint32_t *lsigid, unsigned int options);

 void cli_ac_setdepth(uint8_t mindepth, uint8_t maxdepth);

 #endif

@@ -72,7 +72,7 @@ int cli_scanbuff(const unsigned char *buffer, uint32_t length, cli_ctx *ctx, cli

     if(troot) {

-	if((ret = cli_ac_initdata(&mdata, troot->ac_partsigs, AC_DEFAULT_TRACKLEN)))

+	if((ret = cli_ac_initdata(&mdata, troot->ac_partsigs, troot->ac_lsigs, AC_DEFAULT_TRACKLEN)))

 	    return ret;

 	if(troot->ac_only || (ret = cli_bm_scanbuff(buffer, length, virname, troot, 0, ftype, -1)) != CL_VIRUS)

@@ -84,7 +84,7 @@ int cli_scanbuff(const unsigned char *buffer, uint32_t length, cli_ctx *ctx, cli

 	    return ret;

     }

-    if((ret = cli_ac_initdata(&mdata, groot->ac_partsigs, AC_DEFAULT_TRACKLEN)))

+    if((ret = cli_ac_initdata(&mdata, groot->ac_partsigs, groot->ac_lsigs, AC_DEFAULT_TRACKLEN)))

 	return ret;

     if(groot->ac_only || (ret = cli_bm_scanbuff(buffer, length, virname, groot, 0, ftype, -1)) != CL_VIRUS)

@@ -295,11 +295,11 @@ int cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struc

 	return CL_EMEM;

     }

-    if(!ftonly && (ret = cli_ac_initdata(&gdata, groot->ac_partsigs, AC_DEFAULT_TRACKLEN)))

+    if(!ftonly && (ret = cli_ac_initdata(&gdata, groot->ac_partsigs, groot->ac_lsigs, AC_DEFAULT_TRACKLEN)))

 	return ret;

     if(troot) {

-	if((ret = cli_ac_initdata(&tdata, troot->ac_partsigs, AC_DEFAULT_TRACKLEN)))

+	if((ret = cli_ac_initdata(&tdata, troot->ac_partsigs, groot->ac_lsigs, AC_DEFAULT_TRACKLEN)))

 	    return ret;

     }

@@ -41,6 +41,28 @@

 #define CLI_MATCH_NIBBLE_HIGH	0x0300

 #define CLI_MATCH_NIBBLE_LOW	0x0400

+struct cli_lsig_tdb {

+#define CLI_TDB_UINT	0

+#define CLI_TDB_RANGE	1

+#define CLI_TDB_STR	2

+#define CLI_TDB_RANGE2	3

+    uint32_t *val, *range;

+    char *str;

+    uint32_t cnt[3];

+

+    const uint32_t *target;

+    const uint32_t *engine, *nos, *ep;

+    const uint32_t *sectoff, *sectrva, *sectvsz, *sectraw, *sectrsz,

+		   *secturva, *sectuvsz, *secturaw, *sectursz;

+};

+

+struct cli_ac_lsig {

+    uint32_t id;

+    char *logic;

+    const char *virname;

+    struct cli_lsig_tdb tdb;

+};

+

 struct cli_matcher {

     /* Extended Boyer-Moore */

     uint8_t *bm_shift;

@@ -50,7 +72,8 @@ struct cli_matcher {

     uint32_t bm_patterns;

     /* Extended Aho-Corasick */

-    uint32_t ac_partsigs, ac_nodes, ac_patterns;

+    uint32_t ac_partsigs, ac_nodes, ac_patterns, ac_lsigs;

+    struct cli_ac_lsig **ac_lsigtable;

     struct cli_ac_node *ac_root, **ac_nodetable;

     struct cli_ac_patt **ac_pattable;

     uint8_t ac_mindepth, ac_maxdepth;

@@ -18,10 +18,6 @@

  *  MA 02110-1301, USA.

  */

-#ifdef _MSC_VER

-#include <winsock.h> /* for Sleep() */

-#endif

-

 #if HAVE_CONFIG_H

 #include "clamav-config.h"

 #endif

@@ -58,6 +54,7 @@

 #include "filetypes.h"

 #include "filetypes_int.h"

 #include "readdb.h"

+#include "cltypes.h"

 #include "phishcheck.h"

 #include "phish_whitelist.h"

@@ -143,7 +140,7 @@ char *cli_virname(char *virname, unsigned int official, unsigned int allocated)

     return virname;

 }

-static int cli_parse_add(struct cli_matcher *root, const char *virname, const char *hexsig, uint16_t rtype, uint16_t type, const char *offset, uint8_t target, unsigned int options)

+static int cli_parse_add(struct cli_matcher *root, const char *virname, const char *hexsig, uint16_t rtype, uint16_t type, const char *offset, uint8_t target, const uint32_t *lsigid, unsigned int options)

 {

 	struct cli_bm_patt *bm_new;

 	char *pt, *hexcpy, *start, *n;

@@ -186,7 +183,7 @@ static int cli_parse_add(struct cli_matcher *root, const char *virname, const ch

 		*pt++ = 0;

 	    }

-	    if((ret = cli_ac_addsig(root, virname, start, root->ac_partsigs, parts, i, rtype, type, mindist, maxdist, offset, target, options))) {

+	    if((ret = cli_ac_addsig(root, virname, start, root->ac_partsigs, parts, i, rtype, type, mindist, maxdist, offset, target, lsigid, options))) {

 		cli_errmsg("cli_parse_add(): Problem adding signature (1).\n");

 		error = 1;

 		break;

@@ -266,7 +263,7 @@ static int cli_parse_add(struct cli_matcher *root, const char *virname, const ch

 		return CL_EMALFDB;

 	    }

-	    if((ret = cli_ac_addsig(root, virname, pt, root->ac_partsigs, parts, i, rtype, type, 0, 0, offset, target, options))) {

+	    if((ret = cli_ac_addsig(root, virname, pt, root->ac_partsigs, parts, i, rtype, type, 0, 0, offset, target, lsigid, options))) {

 		cli_errmsg("cli_parse_add(): Problem adding signature (2).\n");

 		free(pt);

 		return ret;

@@ -275,8 +272,8 @@ static int cli_parse_add(struct cli_matcher *root, const char *virname, const ch

 	    free(pt);

 	}

-    } else if(root->ac_only || strpbrk(hexsig, "?(") || type) {

-	if((ret = cli_ac_addsig(root, virname, hexsig, 0, 0, 0, rtype, type, 0, 0, offset, target, options))) {

+    } else if(root->ac_only || strpbrk(hexsig, "?(") || type || lsigid) {

+	if((ret = cli_ac_addsig(root, virname, hexsig, 0, 0, 0, rtype, type, 0, 0, offset, target, lsigid, options))) {

 	    cli_errmsg("cli_parse_add(): Problem adding signature (3).\n");

 	    return ret;

 	}

@@ -490,7 +487,7 @@ static int cli_loaddb(FILE *fs, struct cl_engine **engine, unsigned int *signo,

 	if(*pt == '=') continue;

-	if((ret = cli_parse_add(root, start, pt, 0, 0, NULL, 0, options))) {

+	if((ret = cli_parse_add(root, start, pt, 0, 0, NULL, 0, NULL, options))) {

 	    ret = CL_EMALFDB;

 	    break;

 	}

@@ -669,7 +666,7 @@ static int cli_loadndb(FILE *fs, struct cl_engine **engine, unsigned int *signo,

 	    break;

 	}

-	if((ret = cli_parse_add(root, virname, sig, 0, 0, offset, target, options))) {

+	if((ret = cli_parse_add(root, virname, sig, 0, 0, offset, target, NULL, options))) {

 	    ret = CL_EMALFDB;

 	    break;

 	}

@@ -699,6 +696,335 @@ static int cli_loadndb(FILE *fs, struct cl_engine **engine, unsigned int *signo,

     return CL_SUCCESS;

 }

+struct lsig_attrib {

+    const char *name;

+    unsigned int type;

+    void **pt;

+};

+

+/* TODO: rework this */

+static int lsigattribs(char *attribs, struct cli_lsig_tdb *tdb)

+{

+	struct lsig_attrib attrtab[] = {

+#define ATTRIB_TOKENS	2

+	    { "Target",	    CLI_TDB_UINT,	(void **) &tdb->target	    },

+	    { "Engine",	    CLI_TDB_RANGE,	(void **) &tdb->engine	    },

+/*

+	    { "NoS",	    CLI_TDB_RANGE,	(void **) &tdb->nos	    },

+	    { "EP",	    CLI_TDB_RANGE,	(void **) &tdb->ep	    },

+	    { "SectOff",    CLI_TDB_RANGE2,	(void **) &tdb->sectoff	    },

+	    { "SectRVA",    CLI_TDB_RANGE2,	(void **) &tdb->sectrva	    },

+	    { "SectVSZ",    CLI_TDB_RANGE2,	(void **) &tdb->sectvsz	    },

+	    { "SectRAW",    CLI_TDB_RANGE2,	(void **) &tdb->sectraw	    },

+	    { "SectRSZ",    CLI_TDB_RANGE2,	(void **) &tdb->sectrsz	    },

+	    { "SectURVA",   CLI_TDB_RANGE2,	(void **) &tdb->secturva    },

+	    { "SectUVSZ",   CLI_TDB_RANGE2,	(void **) &tdb->sectuvsz    },

+	    { "SectURAW",   CLI_TDB_RANGE2,	(void **) &tdb->secturaw    },

+	    { "SectURSZ",   CLI_TDB_RANGE2,	(void **) &tdb->sectursz    },

+*/

+	    { NULL,	    0,			NULL,			    }

+	};

+	struct lsig_attrib *apt;

+	char *tokens[ATTRIB_TOKENS], *pt, *pt2;

+	unsigned int v1, v2, v3, i, j;

+	uint32_t cnt, off[ATTRIB_TOKENS];

+

+

+    cli_strtokenize(attribs, ',', ATTRIB_TOKENS, (const char **) tokens);

+

+    for(i = 0; tokens[i]; i++) {

+	if(!(pt = strchr(tokens[i], ':'))) {

+	    cli_errmsg("lsigattribs: Incorrect format of attribute '%s'\n", tokens[i]);

+	    return -1;

+	}

+	*pt++ = 0;

+

+	apt = NULL;

+	for(j = 0; attrtab[j].name; j++) {

+	    if(!strcmp(attrtab[j].name, tokens[i])) {

+		apt = &attrtab[j];

+		break;

+	    }

+	}

+

+	if(!apt) {

+	    cli_dbgmsg("lsigattribs: Unknown attribute name '%s'\n", tokens[i]);

+	    continue;

+	}

+

+	switch(apt->type) {

+	    case CLI_TDB_UINT:

+		off[i] = cnt = tdb->cnt[CLI_TDB_UINT]++;

+		tdb->val = (uint32_t *) cli_realloc2(tdb->val, tdb->cnt[CLI_TDB_UINT] * sizeof(uint32_t));

+		if(!tdb->val) {

+		    tdb->cnt[CLI_TDB_UINT] = 0;

+		    return -1;

+		}

+		tdb->val[cnt] = atoi(pt);

+		break;

+

+	    case CLI_TDB_RANGE:

+		if(!(pt2 = strchr(pt, '-'))) {

+		    cli_errmsg("lsigattribs: Incorrect parameters in '%s'\n", tokens[i]);

+		    return -1;

+		}

+		*pt2++ = 0;

+		off[i] = cnt = tdb->cnt[CLI_TDB_RANGE];

+		tdb->cnt[CLI_TDB_RANGE] += 2;

+		tdb->range = (uint32_t *) cli_realloc2(tdb->range, tdb->cnt[CLI_TDB_RANGE] * sizeof(uint32_t));

+		if(!tdb->range) {

+		    tdb->cnt[CLI_TDB_RANGE] = 0;

+		    return -1;

+		}

+		tdb->range[cnt] = atoi(pt);

+		tdb->range[cnt + 1] = atoi(pt2);

+		break;

+

+	    case CLI_TDB_RANGE2:

+		if(!strchr(pt, '-') || !strchr(pt, '.')) {

+		    cli_errmsg("lsigattribs: Incorrect parameters in '%s'\n", tokens[i]);

+		    return -1;

+		}

+		off[i] = cnt = tdb->cnt[CLI_TDB_RANGE];

+		tdb->cnt[CLI_TDB_RANGE] += 3;

+		tdb->range = (uint32_t *) cli_realloc2(tdb->range, tdb->cnt[CLI_TDB_RANGE] * sizeof(uint32_t));

+		if(!tdb->range) {

+		    tdb->cnt[CLI_TDB_RANGE] = 0;

+		    return -1;

+		}

+		if(sscanf(pt, "%u.%u-%u", &v1, &v2, &v3) != 3) {

+		    cli_errmsg("lsigattribs: Can't parse parameters in '%s'\n", tokens[i]);

+		    return -1;

+		}

+		tdb->range[cnt] = (uint32_t) v1;

+		tdb->range[cnt + 1] = (uint32_t) v2;

+		tdb->range[cnt + 2] = (uint32_t) v3;

+		break;

+

+	    case CLI_TDB_STR:

+		off[i] = cnt = tdb->cnt[CLI_TDB_STR];

+		tdb->cnt[CLI_TDB_STR] += strlen(pt) + 1;

+		tdb->str = (char *) cli_realloc2(tdb->str, tdb->cnt[CLI_TDB_STR] * sizeof(char));

+		if(!tdb->str) {

+		    cli_errmsg("lsigattribs: Can't allocate memory for tdb->str\n");

+		    return -1;

+		}

+		memcpy(&tdb->str[cnt], pt, strlen(pt));

+		tdb->str[tdb->cnt[CLI_TDB_STR] - 1] = 0;

+		break;

+	}

+    }

+

+    if(!i) {

+	cli_errmsg("lsigattribs: Empty TDB\n");

+	return -1;

+    }

+

+    for(i = 0; tokens[i]; i++) {

+	for(j = 0; attrtab[j].name; j++) {

+	    if(!strcmp(attrtab[j].name, tokens[i])) {

+		apt = &attrtab[j];

+		break;

+	    }

+	}

+	switch(apt->type) {

+	    case CLI_TDB_UINT:

+		*apt->pt = (uint32_t *) &tdb->val[off[i]];

+		break;

+

+	    case CLI_TDB_RANGE:

+	    case CLI_TDB_RANGE2:

+		*apt->pt = (uint32_t *) &tdb->range[off[i]];

+		break;

+

+	    case CLI_TDB_STR:

+		*apt->pt = (char *) &tdb->str[off[i]];

+		break;

+	}

+    }

+

+    return 0;

+}

+

+#define FREE_TDB(x)		\

+    if(x.cnt[CLI_TDB_UINT])	\

+	free(x.val);		\

+    if(x.cnt[CLI_TDB_RANGE])    \

+	free(x.range);		\

+    if(x.cnt[CLI_TDB_STR])	\

+	free(x.str);

+

+#define LDB_TOKENS 67

+static int cli_loadldb(FILE *fs, struct cl_engine **engine, unsigned int *signo, unsigned int options, struct cli_dbio *dbio, const char *dbname)

+{

+	char *tokens[LDB_TOKENS];

+	char buffer[32768], *pt;

+	const char *sig, *virname, *offset, *logic;

+	struct cli_matcher *root;

+	unsigned int line = 0, sigs = 0;

+	unsigned short target = 0;

+	struct cli_ac_lsig **newtable, *lsig;

+	uint32_t lsigid[2];

+	int ret = CL_SUCCESS, i, subsigs;

+	struct cli_lsig_tdb tdb;

+

+

+    if((ret = cli_initengine(engine, options))) {

+	cl_free(*engine);

+	return ret;

+    }

+

+    if((ret = cli_initroots(*engine, options))) {

+	cl_free(*engine);

+	return ret;

+    }

+

+    while(cli_dbgets(buffer, FILEBUFF, fs, dbio)) {

+	line++;

+	sigs++;

+	cli_chomp(buffer);

+

+	cli_strtokenize(buffer, ';', LDB_TOKENS, (const char **) tokens);

+

+	if(!(virname = tokens[0])) {

+	    ret = CL_EMALFDB;

+	    break;

+	}

+

+	if((*engine)->ignored && cli_chkign((*engine)->ignored, dbname, line, virname))

+	    continue;

+

+	if(!(logic = tokens[2])) {

+	    ret = CL_EMALFDB;

+	    break;

+	}

+

+	subsigs = cli_ac_chklsig(logic, logic + strlen(logic), NULL, NULL, 1);

+	if(subsigs == -1) {

+	    ret = CL_EMALFDB;

+	    break;

+	}

+	subsigs++;

+

+	if(subsigs > 64) {

+	    cli_errmsg("cli_loadldb: Broken logical expression or too many subsignatures\n");

+	    ret = CL_EMALFDB;

+	    break;

+	}

+

+	/* TDB */

+	memset(&tdb, 0, sizeof(tdb));

+

+	if(lsigattribs(tokens[1], &tdb) == -1) {

+	    FREE_TDB(tdb);

+	    ret = CL_EMALFDB;

+	    break;

+	}

+

+	if(tdb.engine) {

+	    if(tdb.engine[0] > cl_retflevel()) {

+		cli_dbgmsg("cli_loadldb: Signature for %s not loaded (required f-level: %u)\n", virname, tdb.engine[0]);

+		FREE_TDB(tdb);

+		sigs--;

+		continue;

+	    } else if(tdb.engine[1] < cl_retflevel()) {

+		FREE_TDB(tdb);

+		sigs--;

+		continue;

+	    }

+	}

+

+	if(!tdb.target) {

+	    cli_errmsg("cli_loadldb: No target specified in TDB\n");

+	    FREE_TDB(tdb);

+	    ret = CL_EMALFDB;

+	    break;

+	} else if(tdb.target[0] >= CLI_MTARGETS) {

+	    cli_dbgmsg("cli_loadldb: Not supported target type in logical signature for %s\n", virname);

+	    FREE_TDB(tdb);

+	    sigs--;

+	    continue;

+	}

+

+	root = (*engine)->root[tdb.target[0]];

+

+	lsig = (struct cli_ac_lsig *) cli_calloc(1, sizeof(struct cli_ac_lsig));

+	if(!lsig) {

+	    cli_errmsg("cli_loadldb: Can't allocate memory for lsig\n");

+	    FREE_TDB(tdb);

+	    ret = CL_EMEM;

+	    break;

+	}

+	lsig->logic = cli_strdup(logic);

+	if(!lsig->logic) {

+	    cli_errmsg("cli_loadldb: Can't allocate memory for lsig->logic\n");

+	    FREE_TDB(tdb);

+	    ret = CL_EMEM;

+	    free(lsig);

+	    break;

+	}

+

+	lsigid[0] = lsig->id = root->ac_lsigs;