... | ... |
@@ -57,6 +57,7 @@ |
57 | 57 |
#include "shared/tar.h" |
58 | 58 |
|
59 | 59 |
#include "libclamav/clamav.h" |
60 |
+#include "libclamav/matcher.h" |
|
60 | 61 |
#include "libclamav/cvd.h" |
61 | 62 |
#include "libclamav/others.h" |
62 | 63 |
#include "libclamav/str.h" |
... | ... |
@@ -1627,6 +1628,189 @@ static int verifydiff(const char *diff, const char *cvd, const char *incdir) |
1627 | 1627 |
return ret; |
1628 | 1628 |
} |
1629 | 1629 |
|
1630 |
+static char *decodesubhex(const char *hex) |
|
1631 |
+{ |
|
1632 |
+ uint16_t *str16; |
|
1633 |
+ char *decoded; |
|
1634 |
+ unsigned int i, p = 0, wildcard = 0, len = strlen(hex)/2; |
|
1635 |
+ |
|
1636 |
+ str16 = cli_hex2ui(hex); |
|
1637 |
+ if(!str16) |
|
1638 |
+ return NULL; |
|
1639 |
+ |
|
1640 |
+ for(i = 0; i < len; i++) |
|
1641 |
+ if(str16[i] & CLI_MATCH_WILDCARD) |
|
1642 |
+ wildcard++; |
|
1643 |
+ |
|
1644 |
+ decoded = calloc(len + wildcard * 32, sizeof(char)); |
|
1645 |
+ |
|
1646 |
+ for(i = 0; i < len; i++) { |
|
1647 |
+ if(str16[i] & CLI_MATCH_WILDCARD) { |
|
1648 |
+ switch(str16[i] & CLI_MATCH_WILDCARD) { |
|
1649 |
+ case CLI_MATCH_IGNORE: |
|
1650 |
+ case CLI_MATCH_SPECIAL: |
|
1651 |
+ case CLI_MATCH_NIBBLE_HIGH: |
|
1652 |
+ case CLI_MATCH_NIBBLE_LOW: |
|
1653 |
+ /* TODO */ |
|
1654 |
+ strcat(decoded, "<WILDCARD>"); |
|
1655 |
+ p += 10; |
|
1656 |
+ default: |
|
1657 |
+ mprintf("!decodesubhex: Unknown wildcard\n"); |
|
1658 |
+ free(decoded); |
|
1659 |
+ return NULL; |
|
1660 |
+ } |
|
1661 |
+ } else { |
|
1662 |
+ decoded[p] = str16[i]; |
|
1663 |
+ } |
|
1664 |
+ } |
|
1665 |
+ |
|
1666 |
+ return decoded; |
|
1667 |
+} |
|
1668 |
+ |
|
1669 |
+static char *decodehex(const char *hexsig) |
|
1670 |
+{ |
|
1671 |
+ char *pt, *hexcpy, *start, *n; |
|
1672 |
+ int ret, asterisk = 0; |
|
1673 |
+ unsigned int i, j, hexlen, parts = 0; |
|
1674 |
+ int mindist = 0, maxdist = 0, error = 0; |
|
1675 |
+ char *decoded = NULL; |
|
1676 |
+ |
|
1677 |
+ |
|
1678 |
+ hexlen = strlen(hexsig); |
|
1679 |
+ if(strchr(hexsig, '{')) { |
|
1680 |
+ if(!(hexcpy = cli_strdup(hexsig))) |
|
1681 |
+ return NULL; |
|
1682 |
+ |
|
1683 |
+ for(i = 0; i < hexlen; i++) |
|
1684 |
+ if(hexsig[i] == '{' || hexsig[i] == '*') |
|
1685 |
+ parts++; |
|
1686 |
+ |
|
1687 |
+ if(parts) |
|
1688 |
+ parts++; |
|
1689 |
+ |
|
1690 |
+ start = pt = hexcpy; |
|
1691 |
+ for(i = 1; i <= parts; i++) { |
|
1692 |
+ if(i != parts) { |
|
1693 |
+ for(j = 0; j < strlen(start); j++) { |
|
1694 |
+ if(start[j] == '{') { |
|
1695 |
+ asterisk = 0; |
|
1696 |
+ pt = start + j; |
|
1697 |
+ break; |
|
1698 |
+ } |
|
1699 |
+ if(start[j] == '*') { |
|
1700 |
+ asterisk = 1; |
|
1701 |
+ pt = start + j; |
|
1702 |
+ break; |
|
1703 |
+ } |
|
1704 |
+ } |
|
1705 |
+ *pt++ = 0; |
|
1706 |
+ } |
|
1707 |
+ |
|
1708 |
+ /* if(mindist) MINDIST if(maxdist) MAXDIST */ |
|
1709 |
+ mprintf("%s ", decodesubhex(start)); |
|
1710 |
+ /* if(asterisk) <ANY-BYTES> */ |
|
1711 |
+ |
|
1712 |
+ if(i == parts) |
|
1713 |
+ break; |
|
1714 |
+ |
|
1715 |
+ mindist = maxdist = 0; |
|
1716 |
+ |
|
1717 |
+ if(asterisk) { |
|
1718 |
+ start = pt; |
|
1719 |
+ continue; |
|
1720 |
+ } |
|
1721 |
+ |
|
1722 |
+ if(!(start = strchr(pt, '}'))) { |
|
1723 |
+ error = 1; |
|
1724 |
+ break; |
|
1725 |
+ } |
|
1726 |
+ *start++ = 0; |
|
1727 |
+ |
|
1728 |
+ if(!pt) { |
|
1729 |
+ error = 1; |
|
1730 |
+ break; |
|
1731 |
+ } |
|
1732 |
+ |
|
1733 |
+ if(!strchr(pt, '-')) { |
|
1734 |
+ if(!cli_isnumber(pt) || (mindist = maxdist = atoi(pt)) < 0) { |
|
1735 |
+ error = 1; |
|
1736 |
+ break; |
|
1737 |
+ } |
|
1738 |
+ } else { |
|
1739 |
+ if((n = cli_strtok(pt, 0, "-"))) { |
|
1740 |
+ if(!cli_isnumber(n) || (mindist = atoi(n)) < 0) { |
|
1741 |
+ error = 1; |
|
1742 |
+ free(n); |
|
1743 |
+ break; |
|
1744 |
+ } |
|
1745 |
+ free(n); |
|
1746 |
+ } |
|
1747 |
+ |
|
1748 |
+ if((n = cli_strtok(pt, 1, "-"))) { |
|
1749 |
+ if(!cli_isnumber(n) || (maxdist = atoi(n)) < 0) { |
|
1750 |
+ error = 1; |
|
1751 |
+ free(n); |
|
1752 |
+ break; |
|
1753 |
+ } |
|
1754 |
+ free(n); |
|
1755 |
+ } |
|
1756 |
+ |
|
1757 |
+ if((n = cli_strtok(pt, 2, "-"))) { /* strict check */ |
|
1758 |
+ error = 1; |
|
1759 |
+ free(n); |
|
1760 |
+ break; |
|
1761 |
+ } |
|
1762 |
+ } |
|
1763 |
+ } |
|
1764 |
+ |
|
1765 |
+ free(hexcpy); |
|
1766 |
+ if(error) |
|
1767 |
+ return NULL; |
|
1768 |
+ |
|
1769 |
+ } else if(strchr(hexsig, '*')) { |
|
1770 |
+ for(i = 0; i < hexlen; i++) |
|
1771 |
+ if(hexsig[i] == '*') |
|
1772 |
+ parts++; |
|
1773 |
+ |
|
1774 |
+ if(parts) |
|
1775 |
+ parts++; |
|
1776 |
+ |
|
1777 |
+ for(i = 1; i <= parts; i++) { |
|
1778 |
+ if((pt = cli_strtok(hexsig, i - 1, "*")) == NULL) { |
|
1779 |
+ mprintf("!Can't extract part %u of partial signature\n", i); |
|
1780 |
+ return NULL; |
|
1781 |
+ } |
|
1782 |
+ |
|
1783 |
+ mprintf("%s ", decodesubhex(pt)); |
|
1784 |
+ /* if(i < parts) printf("<MATCH-ANY-STRING>") */ |
|
1785 |
+ free(pt); |
|
1786 |
+ } |
|
1787 |
+ |
|
1788 |
+ } else { |
|
1789 |
+ mprintf("%s ", decodesubhex(hexsig)); |
|
1790 |
+ } |
|
1791 |
+ |
|
1792 |
+ return decoded; |
|
1793 |
+} |
|
1794 |
+ |
|
1795 |
+static int decodesig(const char *sig) |
|
1796 |
+{ |
|
1797 |
+ const char *pt; |
|
1798 |
+ |
|
1799 |
+ if(strchr(sig, ';')) { /* lsig */ |
|
1800 |
+ mprintf("decodesig: Not supported signature format (yet)\n"); |
|
1801 |
+ return -1; |
|
1802 |
+ } else if(strchr(sig, ':')) { /* ndb */ |
|
1803 |
+ mprintf("decodesig: Not supported signature format (yet)\n"); |
|
1804 |
+ return -1; |
|
1805 |
+ } else if((pt = strchr(sig, '='))) { |
|
1806 |
+ mprintf("%s\n", decodehex(pt + 1)); |
|
1807 |
+ } else { |
|
1808 |
+ mprintf("decodesig: Not supported signature format\n"); |
|
1809 |
+ return -1; |
|
1810 |
+ } |
|
1811 |
+} |
|
1812 |
+ |
|
1630 | 1813 |
static int diffdirs(const char *old, const char *new, const char *patch) |
1631 | 1814 |
{ |
1632 | 1815 |
FILE *diff; |