@@ -310,6 +310,11 @@ fi

 CL_MSG_STATUS([mempool     ],[$have_mempool],[$enable_mempool])

 AC_MSG_NOTICE([Summary of engine detection features])

+if test "X$have_iconv" = "Xyes"; then

+    CL_MSG_STATUS([iconv       ],[yes, from $ICONV_HOME],[])

+else

+    CL_MSG_STATUS([iconv       ],[no],[])

+fi

 CL_MSG_STATUS([bzip2       ],[$bzip_check],[$want_bzip2])

 CL_MSG_STATUS([zlib        ],[$ZLIB_HOME],[yes])

 CL_MSG_STATUS([unrar       ],[$want_unrar],[$want_unrar])

@@ -581,7 +581,9 @@ libclamav_la_SOURCES = \

 	lzw/lzwdec.c \

 	lzw/lzwdec.h \

 	matcher-byte-comp.c \

-	matcher-byte-comp.h

+	matcher-byte-comp.h \

+	egg.c \

+	egg.h

 if ENABLE_YARA

 libclamav_la_SOURCES += yara_arena.c \

@@ -304,9 +304,9 @@ am__libclamav_la_SOURCES_DIST = matcher-ac.c matcher-ac.h matcher-bm.c \

 	msdoc.h matcher-pcre.c matcher-pcre.h regex_pcre.c \

 	regex_pcre.h msxml.c msxml.h msxml_parser.c msxml_parser.h \

 	tiff.c tiff.h hwp.c hwp.h lzw/lzwdec.c lzw/lzwdec.h \

-	matcher-byte-comp.c matcher-byte-comp.h yara_arena.c \

-	yara_arena.h yara_compiler.c yara_compiler.h yara_exec.c \

-	yara_exec.h yara_hash.c yara_hash.h yara_grammar.y \

+	matcher-byte-comp.c matcher-byte-comp.h egg.c egg.h \

+	yara_arena.c yara_arena.h yara_compiler.c yara_compiler.h \

+	yara_exec.c yara_exec.h yara_hash.c yara_hash.h yara_grammar.y \

 	yara_lexer.l yara_lexer.h yara_parser.c yara_parser.h \

 	yara_clam.h bignum.h bignum_fast.h \

 	tomsfastmath/addsub/fp_add.c tomsfastmath/addsub/fp_add_d.c \

@@ -449,14 +449,14 @@ am_libclamav_la_OBJECTS = libclamav_la-matcher-ac.lo \

 	libclamav_la-regex_pcre.lo libclamav_la-msxml.lo \

 	libclamav_la-msxml_parser.lo libclamav_la-tiff.lo \

 	libclamav_la-hwp.lo libclamav_la-lzwdec.lo \

-	libclamav_la-matcher-byte-comp.lo $(am__objects_1) \

-	libclamav_la-fp_add.lo libclamav_la-fp_add_d.lo \

-	libclamav_la-fp_addmod.lo libclamav_la-fp_cmp.lo \

-	libclamav_la-fp_cmp_d.lo libclamav_la-fp_cmp_mag.lo \

-	libclamav_la-fp_sub.lo libclamav_la-fp_sub_d.lo \

-	libclamav_la-fp_submod.lo libclamav_la-s_fp_add.lo \

-	libclamav_la-s_fp_sub.lo libclamav_la-fp_radix_size.lo \

-	libclamav_la-fp_read_radix.lo \

+	libclamav_la-matcher-byte-comp.lo libclamav_la-egg.lo \

+	$(am__objects_1) libclamav_la-fp_add.lo \

+	libclamav_la-fp_add_d.lo libclamav_la-fp_addmod.lo \

+	libclamav_la-fp_cmp.lo libclamav_la-fp_cmp_d.lo \

+	libclamav_la-fp_cmp_mag.lo libclamav_la-fp_sub.lo \

+	libclamav_la-fp_sub_d.lo libclamav_la-fp_submod.lo \

+	libclamav_la-s_fp_add.lo libclamav_la-s_fp_sub.lo \

+	libclamav_la-fp_radix_size.lo libclamav_la-fp_read_radix.lo \

 	libclamav_la-fp_read_signed_bin.lo \

 	libclamav_la-fp_read_unsigned_bin.lo \

 	libclamav_la-fp_reverse.lo libclamav_la-fp_s_rmap.lo \

@@ -1365,8 +1365,8 @@ libclamav_la_SOURCES = matcher-ac.c matcher-ac.h matcher-bm.c \

 	openioc.h msdoc.c msdoc.h matcher-pcre.c matcher-pcre.h \

 	regex_pcre.c regex_pcre.h msxml.c msxml.h msxml_parser.c \

 	msxml_parser.h tiff.c tiff.h hwp.c hwp.h lzw/lzwdec.c \

-	lzw/lzwdec.h matcher-byte-comp.c matcher-byte-comp.h \

-	$(am__append_9) bignum.h bignum_fast.h \

+	lzw/lzwdec.h matcher-byte-comp.c matcher-byte-comp.h egg.c \

+	egg.h $(am__append_9) bignum.h bignum_fast.h \

 	tomsfastmath/addsub/fp_add.c tomsfastmath/addsub/fp_add_d.c \

 	tomsfastmath/addsub/fp_addmod.c tomsfastmath/addsub/fp_cmp.c \

 	tomsfastmath/addsub/fp_cmp_d.c \

@@ -1618,6 +1618,7 @@ distclean-compile:

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-dlp.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-dmg.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-dsig.Plo@am__quote@

+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-egg.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-elf.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-entconv.Plo@am__quote@

 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libclamav_la-events.Plo@am__quote@

@@ -2923,6 +2924,13 @@ libclamav_la-matcher-byte-comp.lo: matcher-byte-comp.c

 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@

 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-matcher-byte-comp.lo `test -f 'matcher-byte-comp.c' || echo '$(srcdir)/'`matcher-byte-comp.c

+libclamav_la-egg.lo: egg.c

+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-egg.lo -MD -MP -MF $(DEPDIR)/libclamav_la-egg.Tpo -c -o libclamav_la-egg.lo `test -f 'egg.c' || echo '$(srcdir)/'`egg.c

+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_la-egg.Tpo $(DEPDIR)/libclamav_la-egg.Plo

+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='egg.c' object='libclamav_la-egg.lo' libtool=yes @AMDEPBACKSLASH@

+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@

+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -c -o libclamav_la-egg.lo `test -f 'egg.c' || echo '$(srcdir)/'`egg.c

+

 libclamav_la-yara_arena.lo: yara_arena.c

 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libclamav_la_CFLAGS) $(CFLAGS) -MT libclamav_la-yara_arena.lo -MD -MP -MF $(DEPDIR)/libclamav_la-yara_arena.Tpo -c -o libclamav_la-yara_arena.lo `test -f 'yara_arena.c' || echo '$(srcdir)/'`yara_arena.c

 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libclamav_la-yara_arena.Tpo $(DEPDIR)/libclamav_la-yara_arena.Plo

@@ -105,6 +105,7 @@ static struct dconf_module modules[] = {

     {"ARCHIVE", "MBR", ARCH_CONF_MBR, 1},

     {"ARCHIVE", "GPT", ARCH_CONF_GPT, 1},

     {"ARCHIVE", "APM", ARCH_CONF_APM, 1},

+    {"ARCHIVE", "EGG", ARCH_CONF_EGG, 1},

     {"DOCUMENT", "HTML", DOC_CONF_HTML, 1},

     {"DOCUMENT", "RTF", DOC_CONF_RTF, 1},

@@ -95,6 +95,7 @@ struct cli_dconf {

 #define ARCH_CONF_MBR     0x800000

 #define ARCH_CONF_GPT     0x1000000

 #define ARCH_CONF_APM     0x2000000

+#define ARCH_CONF_EGG     0x4000000

 /* Document flags */

 #define DOC_CONF_HTML         0x1

@@ -149,10 +150,12 @@ struct cli_dconf {

 #define BYTECODE_ENGINE_MASK (BYTECODE_INTERPRETER | BYTECODE_JIT_X86 | BYTECODE_JIT_PPC | BYTECODE_JIT_ARM)

 #ifdef USE_MPOOL

-struct cli_dconf *cli_dconf_init(mpool_t *);

+struct cli_dconf *

+cli_dconf_init(mpool_t *);

 #define cli_mpool_dconf_init(a) cli_dconf_init(a)

 #else

-struct cli_dconf *cli_dconf_init(void);

+struct cli_dconf *

+cli_dconf_init(void);

 #define cli_mpool_dconf_init(a) cli_dconf_init()

 #endif

 void cli_dconf_print(struct cli_dconf *dconf);

new file mode 100644

@@ -0,0 +1,2785 @@

+/*

+ *  Copyright (C) 2018 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

+ *

+ *  EGG is an archive format created by ESTsoft used by their ALZip

+ *  archiving software.

+ *

+ *  This software is written from scratch based solely from ESTsoft's

+ *  file format documentation and from testing with EGG format archives.

+ *  ESTsoft's "unEGG" module was not used in the creation of this capability

+ *  in order to avoid to licensing restrictions on the ESTsoft "unEGG" module.

+ *

+ *  EGG structure:

+ *

+ *     |-----------------------------------------------------|------|

+ *     | EGG Header                                          |  1   |

+ *     |-----------------------------------------------------|------|

+ *     | Extra Field 1:                                      |      |

+ *     |   Split Compression                                 |      |

+ *     |   Solid Compression                                 | 0~N  |

+ *     |   Global Encryption Header                          |      |

+ *     |---------------------------------------|------|------|------|

+ *     | File Header                           |  1   |      |      |

+ *     |---------------------------------------|------|      |      |

+ *     | Extra Field 2:                        |      |      |      |

+ *     |   Filename Header                     |      | 1~N  |      |

+ *     |   Comment Header                      | 0~N  |      |      |

+ *     |   Windows File Information            |      |      |      |

+ *     |   Posix File Information              |      |      | 0~N  |

+ *     |   Encrypt Header                      |      |      |      |

+ *     |---------------------------------------|------|------|      |

+ *     | Block Header                          |  1   |      |      |

+ *     |---------------------------------------|------|      |      |

+ *     | Extra Field 3:                        | 0~N  | 0~N  |      |

+ *     |---------------------------------------|------|      |      |

+ *     | Compressed Data                       |  1   |      |      |

+ *     |---------------------------------------|------|------|------|

+ *     | Extra Field 4:                                      |      |

+ *     |   Archive Comment Header                            | 0~N  |

+ *     |-----------------------------------------------------|------|

+ *

+ *  Authors: Micah Snyder

+ *

+ *  This program is free software; you can redistribute it and/or modify

+ *  it under the terms of the GNU General Public License version 2 as

+ *  published by the Free Software Foundation.

+ *

+ *  This program is distributed in the hope that it will be useful,

+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of

+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+ *  GNU General Public License for more details.

+ *

+ *  You should have received a copy of the GNU General Public License

+ *  along with this program; if not, write to the Free Software

+ *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

+ *  MA 02110-1301, USA.

+ */

+

+#if HAVE_CONFIG_H

+#include "clamav-config.h"

+#endif

+

+#include <stdint.h>

+#include <inttypes.h>

+#include <wchar.h>

+#include <locale.h>

+#include <zlib.h>

+

+#if HAVE_BZLIB_H

+#include <bzlib.h>

+#endif

+

+#ifdef HAVE_ICONV

+#include <iconv.h>

+#endif

+

+#include "lzma_iface.h"

+

+#include "egg.h"

+#include "msdoc.h"

+

+#ifndef WCHAR

+typedef uint16_t WCHAR;

+#endif

+

+/*

+ * All EGG struct variables are little-endian.

+ */

+

+#ifndef HAVE_ATTRIB_PACKED

+#define __attribute__(x)

+#endif

+

+#ifdef HAVE_PRAGMA_PACK

+#pragma pack(1)

+#endif

+

+#ifdef HAVE_PRAGMA_PACK_HPPA

+#pragma pack 1

+#endif

+

+/*

+ * general defines

+ */

+#define EOFARC 0x08E28222 /* Signals end of each header, or end of archive. */

+//#define EOFAR_ 0x2282E208

+/*

+ * egg_header

+ */

+#define EGG_HEADER_MAGIC 0x41474745

+#define EGG_HEADER_VERSION 0x0100

+

+typedef uint32_t magic32_t;

+

+typedef struct __attribute__((packed)) {

+    magic32_t magic;    /* 0x41474745 */

+    uint16_t version;   /* 0x0100 */

+    uint32_t header_id; /* Random number of the program (Cannot be 0) */

+    uint32_t reserved;  /* 0x00000000 */

+} egg_header;

+

+/*

+ * file_header

+ */

+#define FILE_HEADER_MAGIC 0x0A8590E3

+

+typedef struct __attribute__((packed)) {

+    magic32_t magic;      /* 0x0A8590E3 */

+    uint32_t file_id;     /* Unique value for each header (Includes 0) */

+    uint64_t file_length; /* Total size of the file */

+} file_header;

+

+/*

+ * block_header

+ * Note: split block of files exceeding 4G

+ */

+#define BLOCK_HEADER_MAGIC 0x02B50C13

+#define BLOCK_HEADER_COMPRESS_ALGORITHM_STORE 0

+#define BLOCK_HEADER_COMPRESS_ALGORITHM_DEFLATE 1

+#define BLOCK_HEADER_COMPRESS_ALGORITHM_BZIP2 2

+#define BLOCK_HEADER_COMPRESS_ALGORITHM_AZO 3

+#define BLOCK_HEADER_COMPRESS_ALGORITHM_LZMA 4

+

+typedef struct __attribute__((packed)) {

+    magic32_t magic;            /* 0x02B50C13 */

+    uint8_t compress_algorithm; /* compress method algorithm number */

+    uint8_t compress_hint;      /* compress method hint */

+    uint32_t uncompress_size;   /* size of the block before compressed */

+    uint32_t compress_size;     /* size of the block after compressed */

+    uint32_t crc32;             /* CRC value of the block */

+} block_header;

+

+/*

+ * extra_field

+ *

+ * The extra_field is followed by a uint16_t or uint32_t depending on the bit_flag.

+ * This describes the size of the following data.

+ * In this way, an unexpected header can still be parsed.

+ * Headers that make use of the extra_field:

+ *  - windows_file_information header

+ *  - posix_file_information header

+ *  - encrypt header

+ *  - filename header

+ *  - comment header

+ *  - split_compression header

+ *  - solid_compression header

+ */

+#define EXTRA_FIELD_FLAGS_SIZE_IS_2BYTES 0x00

+#define EXTRA_FIELD_FLAGS_SIZE_IS_4BYTES 0x01

+

+typedef struct __attribute__((packed)) {

+    magic32_t magic;

+    uint8_t bit_flag; /* the size field following bit_flag depends if bit_flag bit 1: */

+} extra_field;        /*    0 (uint16_t) */

+                      /*    1 (uint32_t) */

+

+/*

+ * Extra field: encrypt

+ *

+ * The encrypt_header is followed by:

+ *  1) dummy data (size bytes)

+ *

+ * Note: Inserted in Extra Field 2 (optional, depending on KeyBase, AES, or LEA)

+ */

+#define ENCRYPT_HEADER_MAGIC 0x08D1470F

+#define ENCRYPT_HEADER_ENCRYPT_METHOD_XOR 0x00

+#define ENCRYPT_HEADER_ENCRYPT_METHOD_AES128 0x01

+#define ENCRYPT_HEADER_ENCRYPT_METHOD_AES256 0x02

+#define ENCRYPT_HEADER_ENCRYPT_METHOD_LEA128 0x10

+#define ENCRYPT_HEADER_ENCRYPT_METHOD_LEA256 0x20

+

+typedef struct __attribute__((packed)) {

+    uint8_t aes_header[10]; /* AES/LEA Header */

+    uint8_t aes_footer[10]; /* AES/LEA Footer */

+} aes_lea_128;

+

+typedef struct __attribute__((packed)) {

+    uint8_t aes_header[18]; /* AES/LEA header */

+    uint8_t aes_footer[10]; /* AES/LEA footer */

+} aes_lea_256;

+

+typedef struct __attribute__((packed)) {

+    uint8_t verify_data[12]; /* KeyBase encryption verification data */

+    uint32_t crc32;          /* KeyBase partial block CRC */

+} zip2_xor_keybase;

+

+typedef struct __attribute__((packed)) {

+    uint8_t encrypt_method; /* See above encrypt method #defines */

+} encrypt_header;

+

+/*

+ * Extra field: windows_file_information

+ */

+#define WINDOWS_INFO_MAGIC 0x2C86950B

+#define WINDOWS_INFO_ATTRIBUTE_READONLY 0x01

+#define WINDOWS_INFO_ATTRIBUTE_HIDDEN 0x02

+#define WINDOWS_INFO_ATTRIBUTE_SYSTEM_FILE 0x04

+#define WINDOWS_INFO_ATTRIBUTE_LINK_FILE 0x10 /* junction file */

+#define WINDOWS_INFO_ATTRIBUTE_DIRECTORY 0x40

+

+typedef struct __attribute__((packed)) {

+    uint64_t last_modified_time; /* "100-Nanosecond Time" since the Windows Epoch (00:00:00 UTC, January 1, 1601) */

+    uint8_t attribute;           /* See above attribute #defines */

+} windows_file_information;

+

+/*

+ * Extra field: posix_file_information

+ */

+#define POSIX_INFO_MAGIC 0x1EE922E5

+#define POSIX_INFO_MODE_FILETYPE_BITMASK 0x0170000  /* bitmask for the file type bitfields */

+#define POSIX_INFO_MODE_SOCKET 0x0140000            /* socket */

+#define POSIX_INFO_MODE_SYM_LINK 0x0120000          /* symbolic link */

+#define POSIX_INFO_MODE_REG_FILE 0x0100000          /* regular file */

+#define POSIX_INFO_MODE_BLOCK_DEVICE 0x0060000      /* block device */

+#define POSIX_INFO_MODE_DIRECTORY 0x0040000         /* directory */

+#define POSIX_INFO_MODE_CHAR_DEVICE 0x0020000       /* character device */

+#define POSIX_INFO_MODE_FIFO 0x0010000              /* FIFO */

+#define POSIX_INFO_MODE_SET_UID_BIT 0x0004000       /* set UID bit */

+#define POSIX_INFO_MODE_SET_GROUPID_BIT 0x0002000   /* set-group-ID bit (see below) */

+#define POSIX_INFO_MODE_STICKY_BIT 0x0001000        /* sticky bit (see below) */

+#define POSIX_INFO_MODE_PERM_OWNER_MASK 0x00700     /* mask for file owner permissions */

+#define POSIX_INFO_MODE_PERM_OWNER_READ 0x00400     /* owner has read permission */

+#define POSIX_INFO_MODE_PERM_OWNER_WRITE 0x00200    /* owner has write permission */

+#define POSIX_INFO_MODE_PERM_OWNER_EXECUTE 0x00100  /* owner has execute permission */

+#define POSIX_INFO_MODE_PERM_GROUP_MASK 0x00070     /* mask for group permissions */

+#define POSIX_INFO_MODE_PERM_GROUP_READ 0x00040     /* group has read permission */

+#define POSIX_INFO_MODE_PERM_GROUP_WRITE 0x00020    /* group has write permission */

+#define POSIX_INFO_MODE_PERM_GROUP_EXECUTE 0x00010  /* group has execute permission */

+#define POSIX_INFO_MODE_PERM_OTHERS_MASK 0x00007    /* mask for permissions for others (not in group) */

+#define POSIX_INFO_MODE_PERM_OTHERS_READ 0x00004    /* others have read permission */

+#define POSIX_INFO_MODE_PERM_OTHERS_WRITE 0x00002   /* others have write permission */

+#define POSIX_INFO_MODE_PERM_OTHERS_EXECUTE 0x00001 /* others have execute permission*/

+

+typedef struct __attribute__((packed)) {

+    uint32_t mode;               /* see above mode #defines */

+    uint32_t uid;                /*  */

+    uint32_t gid;                /*  */

+    uint64_t last_modified_time; /* "Second Time" since the Unix Epoch (00:00:00 UTC, January 1, 1970) */

+} posix_file_information;

+

+/*

+ * Extra field: dummy_header

+ *

+ * The dummy header extra_info is followed by:

+ *  1) dummy data (size bytes)

+ *

+ * Note: No need to consider if the size is too small to fit the dummy header because it can be distinguished by size calculation.

+ */

+#define DUMMY_HEADER_MAGIC 0x07463307

+

+/*

+ * Extra field: filename

+ *

+ * The filename extra_field is followed by:

+ *  1) uint16_t locale IFF bit_flag is NOT unicode (UCS-2 LE)

+ *  1) uint32_t parent_path_id IFF bit_flag is relative.

+ *     parent_path_id will be the ID of a file possessing the parent path.

+ *  2) name buffer (size bytes minus above optional fields)

+ */

+#define FILENAME_HEADER_MAGIC 0x0A8591AC

+#define FILENAME_HEADER_FLAGS_ENCRYPT 0x04

+#define FILENAME_HEADER_FLAGS_MULTIBYTE_CODEPAGE_INSTEAD_OF_UTF8 0x08

+#define FILENAME_HEADER_FLAGS_RELATIVE_PATH_INSTEAD_OF_ABSOLUTE 0x10

+#define FILENAME_HEADER_LOCALE_USE_SYSTEM 0

+#define FILENAME_HEADER_LOCALE_JAPANESE 932 /* Shift-JIS */

+#define FILENAME_HEADER_LOCALE_KOREAN 949

+

+// typedef struct __attribute__((packed)) {

+//     (optional) uint16_t locale

+//     (optional) uint32_t parent_path_id

+//     uint8_t name_data [extra_field->size - sizeof(locale) - sizeof(parent_path_id)]

+// } filename_header;

+

+/*

+ * Extra field: comment

+ *

+ * The comment extra_field is followed by:

+ *  1) comment of size "N", exclude NULL character.

+ */

+#define COMMENT_HEADER_MAGIC 0x04C63672

+#define COMMENT_HEADER_FLAGS_ENCRYPT 0x04

+#define COMMENT_HEADER_FLAGS_MULTIBYTE_CODEPAGE_INSTEAD_OF_UTF8 0x08

+

+/*

+ * Extra field: split compression

+ */

+#define SPLIT_COMPRESSION_MAGIC 0x24F5A262

+

+typedef struct __attribute__((packed)) {

+    uint32_t prev_file_id; /* ID of previous file, 0 if first */

+    uint32_t next_file_id; /* ID of next file, 0 if last */

+} split_compression;

+

+/*

+ * Extra field: solid compression

+ */

+#define SOLID_COMPRESSION_MAGIC 0x24E5A060

+

+#ifdef HAVE_PRAGMA_PACK

+#pragma pack()

+#endif

+

+#ifdef HAVE_PRAGMA_PACK_HPPA

+#pragma pack

+#endif

+

+typedef struct {

+    char* name_utf8;

+    uint32_t parent_path_id;

+} egg_filename;

+

+typedef struct {

+    encrypt_header* header; /* Global Encryption Header */

+    union {

+        aes_lea_128* al128;

+        aes_lea_256* al256;

+        zip2_xor_keybase* xor ;

+    } encrypt_al;

+} egg_encrypt;

+

+typedef struct {

+    block_header* blockHeader;

+    char* compressedData;

+} egg_block;

+

+typedef struct {

+    file_header* file;

+    egg_filename filename;

+    windows_file_information* windowsFileInformation;

+    posix_file_information* posixFileInformation;

+    egg_encrypt* encrypt;

+    uint64_t nBlocks;

+    egg_block** blocks;

+    uint64_t nComments;

+    char** comments;

+} egg_file;

+

+typedef struct {

+    fmap_t* map;

+    size_t offset;

+    uint64_t fileExtractionIndex;

+    int bSolid; /* Solid == all files compressed together. */

+    int bSplit; /* Split == multiple files make up single archive. */

+    split_compression* splitInfo;

+    egg_encrypt* encrypt;

+    uint64_t nFiles;

+    egg_file** files;

+    uint64_t nBlocks;

+    egg_block** blocks;

+    uint64_t nComments;

+    char** comments;

+} egg_handle;

+

+#define EGG_VALIDATE_HANDLE(h) \

+    ((!handle || !handle->map || (handle->offset > handle->map->len)) ? EGG_ERR : EGG_OK)

+

+const char* getEncryptName(uint8_t method)

+{

+    const char* encryptName = NULL;

+

+    switch (method) {

+        case ENCRYPT_HEADER_ENCRYPT_METHOD_XOR:

+            encryptName = "XOR";

+            break;

+        case ENCRYPT_HEADER_ENCRYPT_METHOD_AES128:

+            encryptName = "AES 128";

+            break;

+        case ENCRYPT_HEADER_ENCRYPT_METHOD_LEA128:

+            encryptName = "LEA 128";

+            break;

+        case ENCRYPT_HEADER_ENCRYPT_METHOD_AES256:

+            encryptName = "AES 256";

+            break;

+        case ENCRYPT_HEADER_ENCRYPT_METHOD_LEA256:

+            encryptName = "LEA 256";

+            break;

+        default:

+            encryptName = "<unknown method>";

+    }

+

+    return encryptName;

+}

+

+const char* getMagicHeaderName(uint32_t magic)

+{

+    const char* magicName = NULL;

+

+    switch (magic) {

+        case EGG_HEADER_MAGIC:

+            magicName = "EGG_HEADER_MAGIC";

+            break;

+        case FILE_HEADER_MAGIC:

+            magicName = "FILE_HEADER_MAGIC";

+            break;

+        case BLOCK_HEADER_MAGIC:

+            magicName = "BLOCK_HEADER_MAGIC";

+            break;

+        case ENCRYPT_HEADER_MAGIC:

+            magicName = "ENCRYPT_HEADER_MAGIC";

+            break;

+        case WINDOWS_INFO_MAGIC:

+            magicName = "WINDOWS_INFO_MAGIC";

+            break;

+        case POSIX_INFO_MAGIC:

+            magicName = "POSIX_INFO_MAGIC";

+            break;

+        case DUMMY_HEADER_MAGIC:

+            magicName = "DUMMY_HEADER_MAGIC";

+            break;

+        case FILENAME_HEADER_MAGIC:

+            magicName = "FILENAME_HEADER_MAGIC";

+            break;

+        case COMMENT_HEADER_MAGIC:

+            magicName = "COMMENT_HEADER_MAGIC";

+            break;

+        case SPLIT_COMPRESSION_MAGIC:

+            magicName = "SPLIT_COMPRESSION_MAGIC";

+            break;

+        case SOLID_COMPRESSION_MAGIC:

+            magicName = "SOLID_COMPRESSION_MAGIC";

+            break;

+        default:

+            magicName = "<unknown header magic>";

+    }

+

+    return magicName;

+}

+

+/**

+ * @brief Convert string to UTF-8, given Windows codepage.

+ *

+ * @param in                string buffer

+ * @param in_size           length of string buffer in bytes

+ * @param codepage          Windows code page https://docs.microsoft.com/en-us/windows/desktop/Intl/code-page-identifiers)

+ * @param [out] out         pointer to receive malloc'ed utf-8 buffer.

+ * @param [out] out_size    pointer to receive size of utf-8 buffer, not including null terminating character.

+ * @return cl_egg_error_t   EGG_OK if success. EGG_BREAK if unable to because iconv is unavailable.  Other error code if outright failure.

+ */

+cl_egg_error_t cli_codepage_to_utf8(char* in, size_t in_size, uint16_t codepage, char** out, size_t* out_size)

+{

+    cl_egg_error_t status = EGG_BREAK;

+

+    char* out_utf8       = NULL;

+    size_t out_utf8_size = 0;

+

+#if defined(HAVE_ICONV)

+    iconv_t conv = NULL;

+#elif defined(WIN32)

+    LPWSTR lpWideCharStr = NULL;

+    int cchWideChar      = 0;

+#endif

+

+    if (NULL == in || in_size == 0 || NULL == out || NULL == out_size) {

+        cli_dbgmsg("egg_filename_to_utf8: Invalid args.\n");

+        status = EGG_ERR;

+        goto done;

+    }

+

+    *out      = NULL;

+    *out_size = 0;

+

+    switch (codepage) {

+        case 20127:   /* US-ASCII (7-bit) */

+        case 65001: { /* Unicode (UTF-8) */

+            char* track;

+            int byte_count, sigbit_count;

+

+            out_utf8_size = in_size;

+            out_utf8      = cli_calloc(1, out_utf8_size + 1);

+            if (NULL == out_utf8) {

+                cli_errmsg("egg_filename_to_utf8: Failure allocating buffer for utf8 filename.\n");

+                status = EGG_EMEM;

+                goto done;

+            }

+            memcpy(out_utf8, in, in_size);

+

+            track = out_utf8 + in_size - 1;

+            if ((codepage == 65001) && (*track & 0x80)) {

+                /*

+                 * UTF-8 with a most significant bit.

+                 */

+

+                /* locate the start of the last character */

+                for (byte_count = 1; (track != out_utf8); track--, byte_count++) {

+                    if (((uint8_t)*track & 0xC0) != 0x80)

+                        break;

+                }

+

+                /* count number of set (1) significant bits */

+                for (sigbit_count = 0; sigbit_count < (int)(sizeof(uint8_t) * 8); sigbit_count++) {

+                    if (((uint8_t)*track & (0x80 >> sigbit_count)) == 0)

+                        break;

+                }

+

+                if (byte_count != sigbit_count) {

+                    cli_dbgmsg("egg_filename_to_utf8: cleaning out %d bytes from incomplete "

+                               "utf-8 character length %d\n",

+                               byte_count, sigbit_count);

+                    for (; byte_count > 0; byte_count--, track++) {

+                        *track = '\0';

+                    }

+                }

+            }

+            break;

+        }

+        default: {

+

+#if defined(WIN32) && !defined(HAVE_ICONV)

+

+            /*

+             * Do conversion using native Win32 APIs.

+             */

+

+            if (1200 != codepage) { /* not already UTF16-LE (Windows Unicode) */

+                /*

+                 * First, Convert from codepage -> UCS-2 LE with MultiByteToWideChar(codepage)

+                 */

+                cchWideChar = MultiByteToWideChar(

+                    codepage,

+                    0,

+                    in,

+                    in_size,

+                    NULL,

+                    0);

+                if (0 == cchWideChar) {

+                    cli_dbgmsg("egg_filename_to_utf8: failed to determine string size needed for ansi to widechar conversion.\n");

+                    status = EGG_ERR;

+                    goto done;

+                }

+

+                lpWideCharStr = malloc((cchWideChar + 1) * sizeof(WCHAR));

+                if (NULL == lpWideCharStr) {

+                    cli_dbgmsg("egg_filename_to_utf8: failed to allocate memory for wide char string.\n");

+                    status = EGG_EMEM;

+                    goto done;

+                }

+

+                cchWideChar = MultiByteToWideChar(

+                    codepage,

+                    0,

+                    in,

+                    in_size,

+                    lpWideCharStr,

+                    cchWideChar + 1);

+                if (0 == cchWideChar) {

+                    cli_dbgmsg("egg_filename_to_utf8: failed to convert multibyte string to widechars.\n");

+                    status = EGG_ERR;

+                    goto done;

+                }

+

+                in      = (char*)lpWideCharStr;

+                in_size = cchWideChar;

+            }

+

+            /*

+             * Convert from UCS-2 LE -> UTF8 with WideCharToMultiByte(CP_UTF8)

+             */

+            out_utf8_size = WideCharToMultiByte(

+                CP_UTF8,

+                0,

+                (LPCWCH)in,

+                in_size / sizeof(WCHAR),

+                NULL,

+                0,

+                NULL,

+                NULL);

+            if (0 == out_utf8_size) {

+                cli_dbgmsg("egg_filename_to_utf8: failed to determine string size needed for widechar conversion.\n");

+                status = EGG_ERR;

+                goto done;

+            }

+

+            out_utf8 = malloc(out_utf8_size + 1);

+            if (NULL == lpWideCharStr) {

+                cli_dbgmsg("egg_filename_to_utf8: failed to allocate memory for wide char to utf-8 string.\n");

+                status = EGG_EMEM;

+                goto done;

+            }

+

+            out_utf8_size = WideCharToMultiByte(

+                CP_UTF8,

+                0,

+                (LPCWCH)in,

+                in_size / sizeof(WCHAR),

+                out_utf8,

+                out_utf8_size,

+                NULL,

+                NULL);

+            if (0 == out_utf8_size) {

+                cli_dbgmsg("egg_filename_to_utf8: failed to convert widechar string to utf-8.\n");

+                status = EGG_ERR;

+                goto done;

+            }

+

+#elif defined(HAVE_ICONV)

+

+            uint32_t attempt, i;

+            size_t inbytesleft, outbytesleft;

+            const char* encoding = NULL;

+

+            for (i = 0; i < NUMCODEPAGES; ++i) {

+                if (codepage == codepage_entries[i].codepage) {

+                    encoding = codepage_entries[i].encoding;

+                } else if (codepage < codepage_entries[i].codepage) {

+                    break; /* fail-out early, requires sorted array */

+                }

+            }

+

+            for (attempt = 1; attempt <= 3; attempt++) {

+                /* Charset to UTF-8 should never exceed in_size * 6;

+                 * We can shrink final buffer after the conversion, if needed. */

+                out_utf8_size = (in_size * 2) * attempt;

+

+                inbytesleft  = in_size;

+                outbytesleft = out_utf8_size;

+

+                out_utf8 = cli_calloc(1, out_utf8_size + 1);

+                if (NULL == out_utf8) {

+                    cli_errmsg("egg_filename_to_utf8: Failure allocating buffer for utf8 data.\n");

+                    status = EGG_EMEM;

+                }

+

+                conv = iconv_open("UTF-8//TRANSLIT", encoding);

+                if (conv == (iconv_t)-1) {

+                    cli_warnmsg("egg_filename_to_utf8: Failed to open iconv.\n");

+                    goto done;

+                }

+

+                if ((size_t)-1 == iconv(conv, &in, &inbytesleft, &out_utf8, &outbytesleft)) {

+                    switch (errno) {

+                        case E2BIG:

+                            cli_warnmsg("egg_filename_to_utf8: iconv error: There is not sufficient room at *outbuf.\n");

+                            free(out_utf8);

+                            out_utf8 = NULL;

+                            continue; /* Try again, with a larger buffer. */

+                        case EILSEQ:

+                            cli_warnmsg("egg_filename_to_utf8: iconv error: An invalid multibyte sequence has been encountered in the input.\n");

+                            break;

+                        case EINVAL:

+                            cli_warnmsg("egg_filename_to_utf8: iconv error: An incomplete multibyte sequence has been encountered in the input.\n");

+                            break;

+                        default:

+                            cli_warnmsg("egg_filename_to_utf8: iconv error: Unexpected error code %d.\n", errno);

+                    }

+                    status = EGG_ERR;

+                    goto done;

+                }

+

+                /* iconv succeeded, but probably didn't use the whole buffer. Free up the extra memory. */

+                out_utf8 = cli_realloc(out_utf8, out_utf8_size - outbytesleft + 1);

+                if (NULL == out_utf8) {

+                    cli_errmsg("egg_filename_to_utf8: failure cli_realloc'ing converted filename.\n");

+                    status = EGG_EMEM;

+                    goto done;

+                }

+                out_utf8_size = out_utf8_size - outbytesleft;

+            }

+

+#else

+

+            /*

+             * No way to do the conversion.

+             */

+            goto done;

+

+#endif

+        }

+    }

+

+    *out      = out_utf8;

+    *out_size = out_utf8_size;

+

+    status = EGG_OK;

+

+done:

+

+#if defined(WIN32) && !defined(HAVE_ICONV)

+    if (NULL != lpWideCharStr) {

+        free(lpWideCharStr);

+    }

+#endif

+

+    if (EGG_OK != status) {

+        if (NULL != out_utf8) {

+            free(out_utf8);

+        }

+    }

+

+    return status;

+}

+

+static void egg_free_encrypt(egg_encrypt* encryptInfo)

+{

+    free(encryptInfo);

+}

+

+static cl_egg_error_t egg_parse_encrypt_header(const uint8_t* index, size_t size, egg_encrypt** encryptInfo)

+{

+    /*

+     * The EGG specification (last updated 2016) for the encrypt header is not accurate.

+     * The following describes my findings of the actual format for the encrypt header.

+     *

+     * The significant discrepancy is that the Size includes the size of the header iself, not just the data following it.

+     * No other extra_field header's size field includes the size of itself.

+     * This must be accounted for by the caller of this function (see the "Fudge factor" comments where this function is used).

+     *

+     *     |---------------|---------|------------------------------------------------------------------------------------------------------------|

+     *     | Magic(ENCRYP) |    4    |    0x08D1470F                                                                                              |

+     *     |---------------|---------|------------------------------------------------------------------------------------------------------------|

+     *     | Bit flag      |    1    |    0                                                                                                       |

+     *     |---------------|---------|------------------------------------------------------------------------------------------------------------|

+     *     | Size          |    2    | sizeof( Magic ) + sizeof( Bit flag ) + sizeof( Size ) + sizeof( Encrypt Method ) + sizeof( Method Header ) |

+     *     |---------------|---------|---|--------------------------------------------------------------------------------------------------------|

+     *     | Encrypt       |    1    | 0 | KeyBase (XOR)                                                                                          |

+     *     | Method        |         |---|--------------------------------------------------------------------------------------------------------|

+     *     |               |         | 1 | AES128                                                                                                 |

+     *     |               |         |---|--------------------------------------------------------------------------------------------------------|

+     *     |               |         | 2 | AES256                                                                                                 |

+     *     |               |         |---|--------------------------------------------------------------------------------------------------------|

+     *     |               |         | 5 | LEA128                                                                                                 |

+     *     |               |         |---|--------------------------------------------------------------------------------------------------------|

+     *     |               |         | 6 | LEA256                                                                                                 |

+     *     |---------------|---------|---|--------------------------------------------------------------------------------------------------------|

+     *

+     * Depending on the Method (XOR / AES/LEA128 / AES/LEA256) The above will be be followed one of the following Method Headers:

+     *

+     *   XOR (KeyBase):

+     *     |---------------|---------|------------------------------------------------------------------------------------------------------------|

+     *     | verify Data   |   12    |   Encryption Verification Data                                                                             |

+     *     |---------------|---------|------------------------------------------------------------------------------------------------------------|