... | ... |
@@ -386,18 +386,7 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli |
386 | 386 |
cli_md5_init(&md5ctx); |
387 | 387 |
|
388 | 388 |
while(offset < map->len) { |
389 |
- /* TO TOMASZ: |
|
390 |
- by swapping comments on the following 2 lines and in the other 2 lines below you |
|
391 |
- can mimic the bahaviour of master in terms of which offsets we break the blocks at |
|
392 |
- Offsets in master are: 0, 130680, 261752, 392824, 523896, 654968, 786040, 917112 |
|
393 |
- Offsets in the fmap are: 0, 130680, 261360, 392040, 522720, 653400, 784080, 914760 |
|
394 |
- |
|
395 |
- I think maxpatlen is a bit too short. In practice, due to the SCANBUFF/maxpatlen ratio |
|
396 |
- this is not a huge problem: during the regression it only affected 3 samples out of 3.5M |
|
397 |
- */ |
|
398 |
- /* UNCOMMENT ME */ //bytes = MIN(map->len - offset, SCANBUFF + maxpatlen * (offset != 0)); |
|
399 |
- /* COMMENT ME */ bytes = MIN(map->len - offset, SCANBUFF); |
|
400 |
- cli_errmsg("off: %u\n", offset); |
|
389 |
+ bytes = MIN(map->len - offset, SCANBUFF); |
|
401 | 390 |
if(!(buff = fmap_need_off_once(map, offset, bytes))) |
402 | 391 |
break; |
403 | 392 |
if(ctx->scanned) |
... | ... |
@@ -444,18 +433,8 @@ int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli |
444 | 444 |
cli_md5_update(&md5ctx, buff + maxpatlen * (offset!=0), bytes - maxpatlen * (offset!=0)); |
445 | 445 |
} |
446 | 446 |
|
447 |
- /* TO TOMASZ: |
|
448 |
- That's the second block you need to swap in order to to match the swap above |
|
449 |
- */ |
|
450 |
- /* UNCOMMENT ME */ //if(bytes < SCANBUFF + maxpatlen * (offset != 0)) break; |
|
451 |
- /* COMMENT ME */ if(bytes < SCANBUFF) break; |
|
447 |
+ if(bytes < SCANBUFF) break; |
|
452 | 448 |
offset += bytes - maxpatlen; |
453 |
- /* TO TOMASZ: |
|
454 |
- as an additional check you can leave the above code untouched and replace the previous line with: |
|
455 |
- offset += bytes - (maxpatlen + 63); |
|
456 |
- |
|
457 |
- Note that I'm not sure maxpatlen is only 63 bytes short, but with *this* specific sample case it's enough. |
|
458 |
- */ |
|
459 | 449 |
} |
460 | 450 |
|
461 | 451 |
if(troot) { |
... | ... |
@@ -325,7 +325,7 @@ static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int |
325 | 325 |
|
326 | 326 |
if(zsize<=LH_flen) { |
327 | 327 |
cli_dbgmsg("cli_unzip: lh - fname out of file\n"); |
328 |
- fmap_need_off(map, loff, SIZEOF_LH); |
|
328 |
+ fmap_unneed_off(map, loff, SIZEOF_LH); |
|
329 | 329 |
return 0; |
330 | 330 |
} |
331 | 331 |
if(meta || cli_debug_flag) { |
... | ... |
@@ -362,14 +362,14 @@ static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int |
362 | 362 |
} else |
363 | 363 |
*ret = CL_CLEAN; |
364 | 364 |
|
365 |
- fmap_need_off(map, loff, SIZEOF_LH); |
|
365 |
+ fmap_unneed_off(map, loff, SIZEOF_LH); |
|
366 | 366 |
return 0; |
367 | 367 |
} |
368 | 368 |
|
369 | 369 |
if(LH_flags & F_MSKED) { |
370 | 370 |
cli_dbgmsg("cli_unzip: lh - header has got unusable masked data\n"); |
371 | 371 |
/* FIXME: need to find/craft a sample */ |
372 |
- fmap_need_off(map, loff, SIZEOF_LH); |
|
372 |
+ fmap_unneed_off(map, loff, SIZEOF_LH); |
|
373 | 373 |
return 0; |
374 | 374 |
} |
375 | 375 |
|
... | ... |
@@ -377,14 +377,14 @@ static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int |
377 | 377 |
cli_dbgmsg("cli_unzip: Encrypted files found in archive.\n"); |
378 | 378 |
*ctx->virname = "Encrypted.Zip"; |
379 | 379 |
*ret = CL_VIRUS; |
380 |
- fmap_need_off(map, loff, SIZEOF_LH); |
|
380 |
+ fmap_unneed_off(map, loff, SIZEOF_LH); |
|
381 | 381 |
return 0; |
382 | 382 |
} |
383 | 383 |
|
384 | 384 |
if(LH_flags & F_USEDD) { |
385 | 385 |
cli_dbgmsg("cli_unzip: lh - has data desc\n"); |
386 | 386 |
if(!ch) { |
387 |
- fmap_need_off(map, loff, SIZEOF_LH); |
|
387 |
+ fmap_unneed_off(map, loff, SIZEOF_LH); |
|
388 | 388 |
return 0; |
389 | 389 |
} |
390 | 390 |
else { usize = CH_usize; csize = CH_csize; } |
... | ... |
@@ -392,7 +392,7 @@ static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int |
392 | 392 |
|
393 | 393 |
if(zsize<=LH_elen) { |
394 | 394 |
cli_dbgmsg("cli_unzip: lh - extra out of file\n"); |
395 |
- fmap_need_off(map, loff, SIZEOF_LH); |
|
395 |
+ fmap_unneed_off(map, loff, SIZEOF_LH); |
|
396 | 396 |
return 0; |
397 | 397 |
} |
398 | 398 |
zip+=LH_elen; |
... | ... |
@@ -403,7 +403,7 @@ static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int |
403 | 403 |
} else { |
404 | 404 |
if(zsize<csize) { |
405 | 405 |
cli_dbgmsg("cli_unzip: lh - stream out of file\n"); |
406 |
- fmap_need_off(map, loff, SIZEOF_LH); |
|
406 |
+ fmap_unneed_off(map, loff, SIZEOF_LH); |
|
407 | 407 |
return 0; |
408 | 408 |
} |
409 | 409 |
if(LH_flags & F_ENCR) { |
... | ... |
@@ -416,7 +416,7 @@ static unsigned int lhdr(fmap_t *map, uint32_t loff,uint32_t zsize, unsigned int |
416 | 416 |
zsize-=csize; |
417 | 417 |
} |
418 | 418 |
|
419 |
- fmap_need_off(map, loff, SIZEOF_LH); /* unneed now. block is guaranteed to exists till the next need */ |
|
419 |
+ fmap_unneed_off(map, loff, SIZEOF_LH); /* unneed now. block is guaranteed to exists till the next need */ |
|
420 | 420 |
if(LH_flags & F_USEDD) { |
421 | 421 |
if(zsize<12) { |
422 | 422 |
cli_dbgmsg("cli_unzip: lh - data desc out of file\n"); |