1. clamav-devel
  2. Commit 93173872fe3940200bab152dd46854992300a3c2
Browse code

sigtool: basic sig decoding

Tomasz Kojm authored on 2009/11/20 01:58:57
Showing 1 changed files
sigtool/sigtool.c
History View file @ 9317387
... ... 
@@ -57,6 +57,7 @@
57 57 
 #include "shared/tar.h"
58 58
59 59 
 #include "libclamav/clamav.h"
60 
+#include "libclamav/matcher.h"
60 61 
 #include "libclamav/cvd.h"
61 62 
 #include "libclamav/others.h"
62 63 
 #include "libclamav/str.h"
... ... 
@@ -1627,6 +1628,189 @@ static int verifydiff(const char *diff, const char *cvd, const char *incdir)
1627 1627 
     return ret;
1628 1628 
 }
1629 1629
1630 
+static char *decodesubhex(const char *hex)
1631 
+{
1632 
+	uint16_t *str16;
1633 
+	char *decoded;
1634 
+	unsigned int i, p = 0, wildcard = 0, len = strlen(hex)/2;
1635 
+
1636 
+    str16 = cli_hex2ui(hex);
1637 
+    if(!str16)
1638 
+	return NULL;
1639 
+
1640 
+    for(i = 0; i < len; i++)
1641 
+	if(str16[i] & CLI_MATCH_WILDCARD)
1642 
+	    wildcard++;
1643 
+
1644 
+    decoded = calloc(len + wildcard * 32, sizeof(char));
1645 
+
1646 
+    for(i = 0; i < len; i++) {
1647 
+	if(str16[i] & CLI_MATCH_WILDCARD) {
1648 
+	    switch(str16[i] & CLI_MATCH_WILDCARD) {
1649 
+		case CLI_MATCH_IGNORE:
1650 
+		case CLI_MATCH_SPECIAL:
1651 
+		case CLI_MATCH_NIBBLE_HIGH:
1652 
+		case CLI_MATCH_NIBBLE_LOW:
1653 
+		    /* TODO */
1654 
+		    strcat(decoded, "<WILDCARD>");
1655 
+		    p += 10;
1656 
+		default:
1657 
+		    mprintf("!decodesubhex: Unknown wildcard\n");
1658 
+		    free(decoded);
1659 
+		    return NULL;
1660 
+	    }
1661 
+	} else {
1662 
+	    decoded[p] = str16[i];
1663 
+	}
1664 
+    }
1665 
+
1666 
+    return decoded;
1667 
+}
1668 
+
1669 
+static char *decodehex(const char *hexsig)
1670 
+{
1671 
+	char *pt, *hexcpy, *start, *n;
1672 
+	int ret, asterisk = 0;
1673 
+	unsigned int i, j, hexlen, parts = 0;
1674 
+	int mindist = 0, maxdist = 0, error = 0;
1675 
+	char *decoded = NULL;
1676 
+
1677 
+
1678 
+    hexlen = strlen(hexsig);
1679 
+    if(strchr(hexsig, '{')) {
1680 
+	if(!(hexcpy = cli_strdup(hexsig)))
1681 
+	    return NULL;
1682 
+
1683 
+	for(i = 0; i < hexlen; i++)
1684 
+	    if(hexsig[i] == '{' || hexsig[i] == '*')
1685 
+		parts++;
1686 
+
1687 
+	if(parts)
1688 
+	    parts++;
1689 
+
1690 
+	start = pt = hexcpy;
1691 
+	for(i = 1; i <= parts; i++) {
1692 
+	    if(i != parts) {
1693 
+		for(j = 0; j < strlen(start); j++) {
1694 
+		    if(start[j] == '{') {
1695 
+			asterisk = 0;
1696 
+			pt = start + j;
1697 
+			break;
1698 
+		    }
1699 
+		    if(start[j] == '*') {
1700 
+			asterisk = 1;
1701 
+			pt = start + j;
1702 
+			break;
1703 
+		    }
1704 
+		}
1705 
+		*pt++ = 0;
1706 
+	    }
1707 
+
1708 
+	    /* if(mindist) MINDIST if(maxdist) MAXDIST */
1709 
+	    mprintf("%s ", decodesubhex(start));
1710 
+	    /* if(asterisk) <ANY-BYTES> */
1711 
+
1712 
+	    if(i == parts)
1713 
+		break;
1714 
+
1715 
+	    mindist = maxdist = 0;
1716 
+
1717 
+	    if(asterisk) {
1718 
+		start = pt;
1719 
+		continue;
1720 
+	    }
1721 
+
1722 
+	    if(!(start = strchr(pt, '}'))) {
1723 
+		error = 1;
1724 
+		break;
1725 
+	    }
1726 
+	    *start++ = 0;
1727 
+
1728 
+	    if(!pt) {
1729 
+		error = 1;
1730 
+		break;
1731 
+	    }
1732 
+
1733 
+	    if(!strchr(pt, '-')) {
1734 
+		if(!cli_isnumber(pt) || (mindist = maxdist = atoi(pt)) < 0) {
1735 
+		    error = 1;
1736 
+		    break;
1737 
+		}
1738 
+	    } else {
1739 
+		if((n = cli_strtok(pt, 0, "-"))) {
1740 
+		    if(!cli_isnumber(n) || (mindist = atoi(n)) < 0) {
1741 
+			error = 1;
1742 
+			free(n);
1743 
+			break;
1744 
+		    }
1745 
+		    free(n);
1746 
+		}
1747 
+
1748 
+		if((n = cli_strtok(pt, 1, "-"))) {
1749 
+		    if(!cli_isnumber(n) || (maxdist = atoi(n)) < 0) {
1750 
+			error = 1;
1751 
+			free(n);
1752 
+			break;
1753 
+		    }
1754 
+		    free(n);
1755 
+		}
1756 
+
1757 
+		if((n = cli_strtok(pt, 2, "-"))) { /* strict check */
1758 
+		    error = 1;
1759 
+		    free(n);
1760 
+		    break;
1761 
+		}
1762 
+	    }
1763 
+	}
1764 
+
1765 
+	free(hexcpy);
1766 
+	if(error)
1767 
+	    return NULL;
1768 
+
1769 
+    } else if(strchr(hexsig, '*')) {
1770 
+	for(i = 0; i < hexlen; i++)
1771 
+	    if(hexsig[i] == '*')
1772 
+		parts++;
1773 
+
1774 
+	if(parts)
1775 
+	    parts++;
1776 
+
1777 
+	for(i = 1; i <= parts; i++) {
1778 
+	    if((pt = cli_strtok(hexsig, i - 1, "*")) == NULL) {
1779 
+		mprintf("!Can't extract part %u of partial signature\n", i);
1780 
+		return NULL;
1781 
+	    }
1782 
+
1783 
+	    mprintf("%s ", decodesubhex(pt));
1784 
+	    /* if(i < parts) printf("<MATCH-ANY-STRING>") */
1785 
+	    free(pt);
1786 
+	}
1787 
+
1788 
+    } else {
1789 
+	mprintf("%s ", decodesubhex(hexsig));
1790 
+    }
1791 
+
1792 
+    return decoded;
1793 
+}
1794 
+
1795 
+static int decodesig(const char *sig)
1796 
+{
1797 
+	const char *pt;
1798 
+
1799 
+    if(strchr(sig, ';')) { /* lsig */
1800 
+	mprintf("decodesig: Not supported signature format (yet)\n");
1801 
+	return -1;
1802 
+    } else if(strchr(sig, ':')) { /* ndb */
1803 
+	mprintf("decodesig: Not supported signature format (yet)\n");
1804 
+	return -1;
1805 
+    } else if((pt = strchr(sig, '='))) {
1806 
+	mprintf("%s\n", decodehex(pt + 1));
1807 
+    } else {
1808 
+	mprintf("decodesig: Not supported signature format\n");
1809 
+	return -1;
1810 
+    }
1811 
+}
1812 
+
1630 1813 
 static int diffdirs(const char *old, const char *new, const char *patch)
1631 1814 
 {
1632 1815 
 	FILE *diff;