@@ -1,3 +1,8 @@

+Tue Jul 29 10:47:23 CEST 2008 (tk)

+----------------------------------

+  * libclamav/matcher-ac.c: add support for returning multiple matches in

+			    cli_ac_scanbuff()

+

 Tue Jul 29 10:29:54 EEST 2008 (edwin)

 -------------------------------------

   * configure.in: check for <sys/select.h> before <sys/types.h> (bb #452)

@@ -166,7 +166,7 @@ cli_file_t cli_filetype2(int desc, const struct cl_engine *engine)

 	if(cli_ac_initdata(&mdata, root->ac_partsigs, root->ac_lsigs, AC_DEFAULT_TRACKLEN))

 	    return ret;

-	sret = cli_ac_scanbuff(buff, bread, NULL, NULL, engine->root[0], &mdata, 0, ret, desc, NULL, AC_SCAN_FT, NULL);

+	sret = cli_ac_scanbuff(buff, bread, NULL, NULL, NULL, engine->root[0], &mdata, 0, ret, desc, NULL, AC_SCAN_FT, NULL);

 	cli_ac_freedata(&mdata);

@@ -178,7 +178,7 @@ cli_file_t cli_filetype2(int desc, const struct cl_engine *engine)

 	    decoded = (unsigned char *) cli_utf16toascii((char *) buff, bread);

 	    if(decoded) {

-		sret = cli_ac_scanbuff(decoded, strlen((char *) decoded), NULL, NULL,  engine->root[0], &mdata, 0, CL_TYPE_TEXT_ASCII, desc, NULL, AC_SCAN_FT, NULL);

+		sret = cli_ac_scanbuff(decoded, strlen((char *) decoded), NULL, NULL, NULL,  engine->root[0], &mdata, 0, CL_TYPE_TEXT_ASCII, desc, NULL, AC_SCAN_FT, NULL);

 		free(decoded);

 		if(sret == CL_TYPE_HTML)

 		    ret = CL_TYPE_HTML_UTF16;

@@ -212,7 +212,7 @@ cli_file_t cli_filetype2(int desc, const struct cl_engine *engine)

 					    return ret;

 				    if(out_area.length > 0) {

-					    sret = cli_ac_scanbuff(decodedbuff, out_area.length, NULL, NULL, engine->root[0], &mdata, 0, 0, desc, NULL, AC_SCAN_FT, NULL); /* FIXME: can we use CL_TYPE_TEXT_ASCII instead of 0? */

+					    sret = cli_ac_scanbuff(decodedbuff, out_area.length, NULL, NULL, NULL, engine->root[0], &mdata, 0, 0, desc, NULL, AC_SCAN_FT, NULL); /* FIXME: can we use CL_TYPE_TEXT_ASCII instead of 0? */

 					    if(sret == CL_TYPE_HTML) {

 						    cli_dbgmsg("cli_filetype2: detected HTML signature in Unicode file\n");

 						    /* htmlnorm is able to handle any unicode now, since it skips null chars */

@@ -832,7 +832,7 @@ inline static int ac_addtype(struct cli_matched_type **list, cli_file_t type, of

     return CL_SUCCESS;

 }

-int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, void **customdata, const struct cli_matcher *root, struct cli_ac_data *mdata, uint32_t offset, cli_file_t ftype, int fd, struct cli_matched_type **ftoffset, unsigned int mode, const cli_ctx *ctx)

+int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, void **customdata, struct cli_ac_result **res, const struct cli_matcher *root, struct cli_ac_data *mdata, uint32_t offset, cli_file_t ftype, int fd, struct cli_matched_type **ftoffset, unsigned int mode, const cli_ctx *ctx)

 {

 	struct cli_ac_node *current;

 	struct cli_ac_patt *patt, *pt;

@@ -842,6 +842,7 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v

 	uint8_t found;

 	struct cli_target_info info;

 	int type = CL_CLEAN;

+	struct cli_ac_result *newres;

     if(!root->ac_root)

@@ -895,6 +896,8 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v

 				mdata->offmatrix[pt->sigid - 1] = cli_malloc(pt->parts * sizeof(int32_t *));

 				if(!mdata->offmatrix[pt->sigid - 1]) {

 				    cli_errmsg("cli_ac_scanbuff: Can't allocate memory for mdata->offmatrix[%u]\n", pt->sigid - 1);

+				    if(info.exeinfo.section)

+					free(info.exeinfo.section);

 				    return CL_EMEM;

 				}

@@ -903,6 +906,8 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v

 				    cli_errmsg("cli_ac_scanbuff: Can't allocate memory for mdata->offmatrix[%u][0]\n", pt->sigid - 1);

 				    free(mdata->offmatrix[pt->sigid - 1]);

 				    mdata->offmatrix[pt->sigid - 1] = NULL;

+				    if(info.exeinfo.section)

+					free(info.exeinfo.section);

 				    return CL_EMEM;

 				}

 				memset(mdata->offmatrix[pt->sigid - 1][0], -1, pt->parts * (AC_DEFAULT_TRACKLEN + 1) * sizeof(int32_t));

@@ -974,15 +979,31 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v

 					continue;

 				    }

-				    if(virname)

-					*virname = pt->virname;

-				    if(customdata)

-					*customdata = pt->customdata;

+				    if(res) {

+					newres = (struct cli_ac_result *) malloc(sizeof(struct cli_ac_result));

+					if(!newres) {

+					    if(info.exeinfo.section)

+						free(info.exeinfo.section);

+					    return CL_EMEM;

+					}

+					newres->virname = pt->virname;

+					newres->customdata = pt->customdata;

+					newres->next = *res;

+					*res = newres;

-				    if(info.exeinfo.section)

-					free(info.exeinfo.section);

+					pt = pt->next;

+					continue;

+				    } else {

+					if(virname)

+					    *virname = pt->virname;

+					if(customdata)

+					    *customdata = pt->customdata;

-				    return CL_VIRUS;

+					if(info.exeinfo.section)

+					    free(info.exeinfo.section);

+

+					return CL_VIRUS;

+				    }

 				}

 			    }

@@ -1013,14 +1034,31 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v

 				    continue;

 				}

-				if(virname)

-				    *virname = pt->virname;

-				if(customdata)

-				    *customdata = pt->customdata;

+				if(res) {

+				    newres = (struct cli_ac_result *) malloc(sizeof(struct cli_ac_result));

+				    if(!newres) {

+					if(info.exeinfo.section)

+					    free(info.exeinfo.section);

+					return CL_EMEM;

+				    }

+				    newres->virname = pt->virname;

+				    newres->customdata = pt->customdata;

+				    newres->next = *res;

+				    *res = newres;

+

+				    pt = pt->next;

+				    continue;

+				} else {

+				    if(virname)

+					*virname = pt->virname;

+				    if(customdata)

+					*customdata = pt->customdata;

+

+				    if(info.exeinfo.section)

+					free(info.exeinfo.section);

-				if(info.exeinfo.section)

-				    free(info.exeinfo.section);

-				return CL_VIRUS;

+				    return CL_VIRUS;

+				}

 			    }

 			}

 			pt = pt->next_same;

@@ -72,13 +72,19 @@ struct cli_ac_node {

     uint8_t leaf, final;

 };

+struct cli_ac_result {

+    const char *virname;

+    void *customdata;

+    struct cli_ac_result *next;

+};

+

 #include "matcher.h"

 int cli_ac_addpatt(struct cli_matcher *root, struct cli_ac_patt *pattern);

 int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint32_t lsigs, uint8_t tracklen);

 int cli_ac_chklsig(const char *expr, const char *end, uint32_t *lsigcnt, unsigned int *cnt, uint64_t *ids, unsigned int parse_only);

 void cli_ac_freedata(struct cli_ac_data *data);

-int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, void **customdata, const struct cli_matcher *root, struct cli_ac_data *mdata, uint32_t offset, cli_file_t ftype, int fd, struct cli_matched_type **ftoffset, unsigned int mode, const cli_ctx *ctx);

+int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, void **customdata, struct cli_ac_result **res, const struct cli_matcher *root, struct cli_ac_data *mdata, uint32_t offset, cli_file_t ftype, int fd, struct cli_matched_type **ftoffset, unsigned int mode, const cli_ctx *ctx);

 int cli_ac_buildtrie(struct cli_matcher *root);

 int cli_ac_init(struct cli_matcher *root, uint8_t mindepth, uint8_t maxdepth);

 void cli_ac_free(struct cli_matcher *root);

@@ -76,7 +76,7 @@ int cli_scanbuff(const unsigned char *buffer, uint32_t length, cli_ctx *ctx, cli

 	    return ret;

 	if(troot->ac_only || (ret = cli_bm_scanbuff(buffer, length, virname, troot, 0, ftype, -1)) != CL_VIRUS)

-	    ret = cli_ac_scanbuff(buffer, length, virname, NULL, troot, &mdata, 0, ftype, -1, NULL, AC_SCAN_VIR, NULL);

+	    ret = cli_ac_scanbuff(buffer, length, virname, NULL, NULL, troot, &mdata, 0, ftype, -1, NULL, AC_SCAN_VIR, NULL);

 	cli_ac_freedata(&mdata);

@@ -88,7 +88,7 @@ int cli_scanbuff(const unsigned char *buffer, uint32_t length, cli_ctx *ctx, cli

 	return ret;

     if(groot->ac_only || (ret = cli_bm_scanbuff(buffer, length, virname, groot, 0, ftype, -1)) != CL_VIRUS)

-	ret = cli_ac_scanbuff(buffer, length, virname, NULL, groot, &mdata, 0, ftype, -1, NULL, AC_SCAN_VIR, NULL);

+	ret = cli_ac_scanbuff(buffer, length, virname, NULL, NULL, groot, &mdata, 0, ftype, -1, NULL, AC_SCAN_VIR, NULL);

     cli_ac_freedata(&mdata);

@@ -326,7 +326,7 @@ int cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struc

 	if(troot) {

 	    if(troot->ac_only || (ret = cli_bm_scanbuff(upt, length, ctx->virname, troot, offset, ftype, desc)) != CL_VIRUS)

-		ret = cli_ac_scanbuff(upt, length, ctx->virname, NULL, troot, &tdata, offset, ftype, desc, ftoffset, acmode, NULL);

+		ret = cli_ac_scanbuff(upt, length, ctx->virname, NULL, NULL, troot, &tdata, offset, ftype, desc, ftoffset, acmode, NULL);

 	    if(ret == CL_VIRUS) {

 		free(buffer);

@@ -344,7 +344,7 @@ int cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struc

 	if(!ftonly) {

 	    if(groot->ac_only || (ret = cli_bm_scanbuff(upt, length, ctx->virname, groot, offset, ftype, desc)) != CL_VIRUS)

-		ret = cli_ac_scanbuff(upt, length, ctx->virname, NULL, groot, &gdata, offset, ftype, desc, ftoffset, acmode, NULL);

+		ret = cli_ac_scanbuff(upt, length, ctx->virname, NULL, NULL, groot, &gdata, offset, ftype, desc, ftoffset, acmode, NULL);

 	    if(ret == CL_VIRUS) {

 		free(buffer);

@@ -287,7 +287,7 @@ int regex_list_match(struct regex_matcher* matcher,char* real_url,const char* di

 			return 0;

 		}

-		rc = cli_ac_scanbuff((const unsigned char*)bufrev,buffer_len, NULL, &regex, &matcher->suffixes,&mdata,0,0,-1,NULL,AC_SCAN_VIR,NULL);

+		rc = cli_ac_scanbuff((const unsigned char*)bufrev,buffer_len, NULL, &regex, NULL, &matcher->suffixes,&mdata,0,0,-1,NULL,AC_SCAN_VIR,NULL);

 		free(bufrev);

 		cli_ac_freedata(&mdata);