@@ -1,3 +1,7 @@

+Wed Mar 28 21:45:12 CEST 2007 (tk)

+----------------------------------

+  * libclamav: make some cleanups and add support for nibble matching

+

 Tue Mar 27 22:05:28 BST 2007 (njh)

 ----------------------------------

   * clamav-milter.c:	Added IPv6 support, based on a patch by

@@ -50,7 +50,6 @@

 #include <sys/stat.h>

 #include <errno.h>

-#include "defaults.h"

 #include "manager.h"

 #include "notify.h"

 #include "dns.h"

@@ -47,7 +47,6 @@ libclamav_la_SOURCES = \

 	dsig.h \

         str.c \

 	str.h \

-	defaults.h \

 	scanners.c \

 	scanners.h \

 	filetypes.c \

@@ -260,7 +260,6 @@ libclamav_la_SOURCES = \

 	dsig.h \

         str.c \

 	str.h \

-	defaults.h \

 	scanners.c \

 	scanners.h \

 	filetypes.c \

@@ -109,32 +109,6 @@ extern "C"

 #define cl_perror	cl_strerror

 /* internal structures */

-struct cli_bm_patt {

-    unsigned char *pattern;

-    char *virname, *offset;

-    const char *viralias;

-    unsigned int length;

-    unsigned short target;

-    struct cli_bm_patt *next;

-};

-

-struct cli_ac_patt {

-    short int *pattern, *prefix;

-    unsigned int length, mindist, maxdist, prefix_length;

-    char *virname, *offset;

-    const char *viralias;

-    unsigned short int sigid, parts, partno, alt, *altn, alt_pattern;

-    unsigned short type, target;

-    unsigned char **altc;

-    struct cli_ac_patt *next;

-};

-

-struct cli_ac_node {

-    unsigned char islast;

-    struct cli_ac_patt *list;

-    struct cli_ac_node *trans[256], *fail;

-};

-

 struct cli_md5_node {

     char *virname, *viralias;

     unsigned char *md5;

@@ -150,20 +124,6 @@ struct cli_meta_node {

     struct cli_meta_node *next;

 };

-struct cli_matcher {

-    unsigned int maxpatlen; /* maximal length of pattern in db */

-    unsigned short ac_only;

-

-    /* Extended Boyer-Moore */

-    int *bm_shift;

-    struct cli_bm_patt **bm_suffix;

-

-    /* Extended Aho-Corasick */

-    unsigned int ac_depth;

-    struct cli_ac_node *ac_root, **ac_nodetable;

-    unsigned int ac_partsigs, ac_nodes;

-};

-

 struct cl_engine {

     unsigned int refcount; /* reference counter */

     unsigned short ncore;

@@ -171,7 +131,7 @@ struct cl_engine {

     unsigned int dboptions;

     /* Roots table */

-    struct cli_matcher **root;

+    void **root;

     /* MD5 */

     struct cli_md5_node **md5_hlist;

deleted file mode 100644

@@ -1,25 +0,0 @@

-/*

- *  Copyright (C) 2002 - 2005 Tomasz Kojm <tkojm@clamav.net>

- *

- *  This program is free software; you can redistribute it and/or modify

- *  it under the terms of the GNU General Public License as published by

- *  the Free Software Foundation; either version 2 of the License, or

- *  (at your option) any later version.

- *

- *  This program is distributed in the hope that it will be useful,

- *  but WITHOUT ANY WARRANTY; without even the implied warranty of

- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

- *  GNU General Public License for more details.

- *

- *  You should have received a copy of the GNU General Public License

- *  along with this program; if not, write to the Free Software

- *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

- *  MA 02110-1301, USA.

- */

-

-#ifndef DATADIR

-# define DATADIR "/usr/local/share/clamav"

-#endif

-

-#define CLI_IGN -200

-#define CLI_ALT -201

@@ -382,13 +382,6 @@ int cli_addtypesigs(struct cl_engine *engine)

 	    return CL_EMEM;

 	}

-	if(engine->ncore) {

-	    /*

-	    cli_dbgmsg("cli_addtypesigs: AC depth 10 (ncore mode)\n");

-	    cli_ac_setdepth(10);

-	    */

-	}

-

 	root->ac_root =  (struct cli_ac_node *) cli_calloc(1, sizeof(struct cli_ac_node));

 	if(!root->ac_root) {

 	    cli_errmsg("cli_addtypesigs: Can't initialise AC pattern matcher\n");

@@ -4,7 +4,7 @@

  *  http://www-sr.informatik.uni-tuebingen.de/~buehler/AC/AC.html

  *  Thanks to Kurt Huwig for pointing me to this page.

  *

- *  Copyright (C) 2002 - 2006 Tomasz Kojm <tkojm@clamav.net>

+ *  Copyright (C) 2002 - 2007 Tomasz Kojm <tkojm@clamav.net>

  *

  *  This program is free software; you can redistribute it and/or modify

  *  it under the terms of the GNU General Public License as published by

@@ -37,7 +37,6 @@

 #include "others.h"

 #include "matcher.h"

 #include "matcher-ac.h"

-#include "defaults.h"

 #include "filetypes.h"

 #include "cltypes.h"

@@ -46,12 +45,12 @@ struct nodelist {

     struct nodelist *next;

 };

-unsigned short ac_depth = AC_DEFAULT_DEPTH;

+static uint8_t ac_depth = AC_DEFAULT_DEPTH;

 int cli_ac_addpatt(struct cli_matcher *root, struct cli_ac_patt *pattern)

 {

 	struct cli_ac_node *pos, *next;

-	int i;

+	uint8_t i;

     if(pattern->length < ac_depth)

 	return CL_EPATSHORT;

@@ -59,7 +58,7 @@ int cli_ac_addpatt(struct cli_matcher *root, struct cli_ac_patt *pattern)

     pos = root->ac_root;

     for(i = 0; i < ac_depth; i++) {

-	next = pos->trans[((unsigned char) pattern->pattern[i]) & 0xff]; 

+	next = pos->trans[(unsigned char) (pattern->pattern[i] & 0xff)]; 

 	if(!next) {

 	    next = (struct cli_ac_node *) cli_calloc(1, sizeof(struct cli_ac_node));

@@ -248,7 +247,7 @@ inline static int cli_findpos(const unsigned char *buffer, unsigned int depth, u

 	if(bufferpos == postfixend)

 	    return 0;

-	if(pattern->pattern[i] == CLI_ALT) {

+	if((pattern->pattern[i] & CLI_MATCH_WILDCARD) == CLI_MATCH_ALTERNATIVE) {

 	    found = 0;

 	    for(j = 0; j < pattern->altn[alt]; j++) {

 		if(pattern->altc[alt][j] == buffer[bufferpos]) {

@@ -261,7 +260,15 @@ inline static int cli_findpos(const unsigned char *buffer, unsigned int depth, u

 		return 0;

 	    alt++;

-	} else if(pattern->pattern[i] != CLI_IGN && (unsigned char) pattern->pattern[i] != buffer[bufferpos])

+	} else if((pattern->pattern[i] & CLI_MATCH_WILDCARD) == CLI_MATCH_NIBBLE_HIGH) {

+	    if((unsigned char) (pattern->pattern[i] & 0x00f0) != (buffer[bufferpos] & 0xf0))

+		return 0;

+

+	} else if((pattern->pattern[i] & CLI_MATCH_WILDCARD) == CLI_MATCH_NIBBLE_LOW) {

+	    if((unsigned char) (pattern->pattern[i] & 0x000f) != (buffer[bufferpos] & 0x0f))

+		return 0;

+

+	} else if((pattern->pattern[i] & CLI_MATCH_WILDCARD) != CLI_MATCH_IGNORE && (unsigned char) pattern->pattern[i] != buffer[bufferpos])

 	    return 0;

 	bufferpos++;

@@ -276,7 +283,7 @@ inline static int cli_findpos(const unsigned char *buffer, unsigned int depth, u

 	for(i = 0; i < pattern->prefix_length; i++) {

-	    if(pattern->prefix[i] == CLI_ALT) {

+	    if((pattern->prefix[i] & CLI_MATCH_WILDCARD) == CLI_MATCH_ALTERNATIVE) {

 		found = 0;

 		for(j = 0; j < pattern->altn[alt]; j++) {

 		    if(pattern->altc[alt][j] == buffer[bufferpos]) {

@@ -289,7 +296,15 @@ inline static int cli_findpos(const unsigned char *buffer, unsigned int depth, u

 		    return 0;

 		alt++;

-	    } else if(pattern->prefix[i] != CLI_IGN && (unsigned char) pattern->prefix[i] != buffer[bufferpos])

+	    } else if((pattern->prefix[i] & CLI_MATCH_WILDCARD) == CLI_MATCH_NIBBLE_HIGH) {

+		if((unsigned char) (pattern->prefix[i] & 0x00f0) != (buffer[bufferpos] & 0xf0))

+		    return 0;

+

+	    } else if((pattern->prefix[i] & CLI_MATCH_WILDCARD) == CLI_MATCH_NIBBLE_LOW) {

+		if((unsigned char) (pattern->prefix[i] & 0x000f) != (buffer[bufferpos] & 0x0f))

+		    return 0;

+

+	    } else if(!(pattern->prefix[i] & CLI_MATCH_IGNORE) && (unsigned char) pattern->prefix[i] != buffer[bufferpos])

 		return 0;

 	    bufferpos++;

@@ -299,7 +314,7 @@ inline static int cli_findpos(const unsigned char *buffer, unsigned int depth, u

     return 1;

 }

-int cli_ac_initdata(struct cli_ac_data *data, unsigned int partsigs, unsigned int tracklen)

+int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint8_t tracklen)

 {

 	unsigned int i, j;

@@ -321,7 +336,7 @@ int cli_ac_initdata(struct cli_ac_data *data, unsigned int partsigs, unsigned in

     }

     memset(data->inioff, -1, partsigs * sizeof(off_t));

-    data->partcnt = (unsigned int *) cli_calloc(partsigs, sizeof(unsigned int));

+    data->partcnt = (uint16_t *) cli_calloc(partsigs, sizeof(uint16_t));

     if(!data->partcnt) {

 	cli_errmsg("cli_ac_init(): unable to cli_calloc(%u, %u)\n", partsigs, sizeof(unsigned int));

@@ -348,7 +363,7 @@ int cli_ac_initdata(struct cli_ac_data *data, unsigned int partsigs, unsigned in

 	return CL_EMEM;

     }

-    data->maxshift = (int *) cli_malloc(partsigs * sizeof(int));

+    data->maxshift = (int32_t *) cli_malloc(partsigs * sizeof(int32_t));

     if(!data->maxshift) {

 	cli_errmsg("cli_ac_init(): unable to cli_malloc(%u)\n", partsigs * sizeof(int));

@@ -359,9 +374,9 @@ int cli_ac_initdata(struct cli_ac_data *data, unsigned int partsigs, unsigned in

 	return CL_EMEM;

     }

-    memset(data->maxshift, -1, partsigs * sizeof(int));

+    memset(data->maxshift, -1, partsigs * sizeof(int32_t));

-    data->partoff = (unsigned int **) cli_calloc(partsigs, sizeof(unsigned int *));

+    data->partoff = (uint32_t **) cli_calloc(partsigs, sizeof(uint32_t *));

     if(!data->partoff) {

 	cli_errmsg("cli_ac_init(): unable to cli_calloc(%u, %u)\n", partsigs, sizeof(unsigned int));

@@ -379,7 +394,7 @@ int cli_ac_initdata(struct cli_ac_data *data, unsigned int partsigs, unsigned in

      */

     for(i = 0; i < partsigs; i++) {

-	data->partoff[i] = (unsigned int *) cli_calloc(tracklen, sizeof(unsigned int));

+	data->partoff[i] = (uint32_t *) cli_calloc(tracklen, sizeof(uint32_t));

 	if(!data->partoff[i]) {

 	    for(j = 0; j < i; j++)

@@ -418,12 +433,12 @@ void cli_ac_freedata(struct cli_ac_data *data)

     }

 }

-int cli_ac_scanbuff(const unsigned char *buffer, unsigned int length, const char **virname, const struct cli_matcher *root, struct cli_ac_data *mdata, unsigned short otfrec, unsigned long int offset, cli_file_t ftype, int fd, struct cli_matched_type **ftoffset)

+int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, const struct cli_matcher *root, struct cli_ac_data *mdata, uint8_t otfrec, uint32_t offset, cli_file_t ftype, int fd, struct cli_matched_type **ftoffset)

 {

 	struct cli_ac_node *current;

 	struct cli_ac_patt *pt;

 	int type = CL_CLEAN, j;

-        unsigned int i, position, curroff;

+        uint32_t i, position, curroff;

 	uint8_t offnum, found;

 	struct cli_matched_type *tnode, *tnode_last = NULL;

 	struct cli_target_info info;

@@ -614,8 +629,3 @@ int cli_ac_scanbuff(const unsigned char *buffer, unsigned int length, const char

     return otfrec ? type : CL_CLEAN;

 }

-

-void cli_ac_setdepth(unsigned int depth)

-{

-    ac_depth = depth;

-}

@@ -1,5 +1,5 @@

 /*

- *  Copyright (C) 2002 - 2005 Tomasz Kojm <tkojm@clamav.net>

+ *  Copyright (C) 2002 - 2007 Tomasz Kojm <tkojm@clamav.net>

  *

  *  This program is free software; you can redistribute it and/or modify

  *  it under the terms of the GNU General Public License as published by

@@ -22,8 +22,6 @@

 #include <sys/types.h>

-#include "clamav.h"

-#include "matcher.h"

 #include "filetypes.h"

 #include "cltypes.h"

@@ -31,21 +29,41 @@

 #define AC_DEFAULT_TRACKLEN 8

 struct cli_ac_data {

-    unsigned int partsigs;

+    uint32_t partsigs;

     off_t *inioff;

-    unsigned int *partcnt;

-    unsigned int **partoff;

+    uint16_t *partcnt;

+    uint32_t **partoff;

     uint8_t *offcnt;

     uint8_t *offidx;

-    int *maxshift;

+    int32_t *maxshift;

+};

+

+struct cli_ac_patt {

+    uint16_t *pattern, *prefix, length, prefix_length;

+    uint32_t mindist, maxdist;

+    char *virname, *offset;

+    const char *viralias;

+    uint32_t sigid;

+    uint16_t parts, partno, alt, *altn, alt_pattern;

+    uint8_t target;

+    uint16_t type;

+    unsigned char **altc;

+    struct cli_ac_patt *next;

 };

+struct cli_ac_node {

+    uint8_t islast;

+    struct cli_ac_patt *list;

+    struct cli_ac_node *trans[256], *fail;

+};

+

+#include "matcher.h"

+

 int cli_ac_addpatt(struct cli_matcher *root, struct cli_ac_patt *pattern);

-int cli_ac_initdata(struct cli_ac_data *data, unsigned int partsigs, unsigned int histlen);

+int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint8_t tracklen);

 void cli_ac_freedata(struct cli_ac_data *data);

-int cli_ac_scanbuff(const unsigned char *buffer, unsigned int length, const char **virname, const struct cli_matcher *root, struct cli_ac_data *mdata, unsigned short otfrec, unsigned long int offset, cli_file_t ftype, int fd, struct cli_matched_type **ftoffset);

+int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, const struct cli_matcher *root, struct cli_ac_data *mdata, uint8_t otfrec, uint32_t offset, cli_file_t ftype, int fd, struct cli_matched_type **ftoffset);

 int cli_ac_buildtrie(struct cli_matcher *root);

 void cli_ac_free(struct cli_matcher *root);

-void cli_ac_setdepth(unsigned int depth);

 #endif

@@ -17,6 +17,12 @@

  *  MA 02110-1301, USA.

  */

+#if HAVE_CONFIG_H

+#include "clamav-config.h"

+#endif

+

+#include <stdio.h>

+

 #include "clamav.h"

 #include "memory.h"

 #include "others.h"

@@ -129,7 +135,7 @@ void cli_bm_free(struct cli_matcher *root)

     }

 }

-int cli_bm_scanbuff(const unsigned char *buffer, unsigned int length, const char **virname, const struct cli_matcher *root, unsigned long int offset, cli_file_t ftype, int fd)

+int cli_bm_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, const struct cli_matcher *root, uint32_t offset, cli_file_t ftype, int fd)

 {

 	unsigned int i, j, shift, off, found = 0;

 	int idxtest;

@@ -20,14 +20,22 @@

 #ifndef __MATCHER_BM_H

 #define __MATCHER_BM_H

-#include "clamav.h"

 #include "matcher.h"

-#include "matcher-bm.h"

 #include "filetypes.h"

+#include "cltypes.h"

+

+struct cli_bm_patt {

+    unsigned char *pattern;

+    uint32_t length;

+    char *virname, *offset;

+    const char *viralias;

+    uint8_t target;

+    struct cli_bm_patt *next;

+};

 int cli_bm_addpatt(struct cli_matcher *root, struct cli_bm_patt *pattern);

 int cli_bm_init(struct cli_matcher *root);

-int cli_bm_scanbuff(const unsigned char *buffer, unsigned int length, const char **virname, const struct cli_matcher *root, unsigned long int offset, cli_file_t ftype, int fd);

+int cli_bm_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, const struct cli_matcher *root, uint32_t offset, cli_file_t ftype, int fd);

 void cli_bm_free(struct cli_matcher *root);

 #endif

@@ -41,6 +41,7 @@

 #include "execs.h"

 #include "special.h"

 #include "str.h"

+#include "cltypes.h"

 #ifdef HAVE_NCORE

 #include "matcher-ncore.h"

@@ -50,9 +51,10 @@ static cli_file_t targettab[CL_TARGET_TABLE_SIZE] = { 0, CL_TYPE_MSEXE, CL_TYPE_

 extern short cli_debug_flag;

-int cli_scanbuff(const unsigned char *buffer, unsigned int length, const char **virname, const struct cl_engine *engine, cli_file_t ftype)

+int cli_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, const struct cl_engine *engine, cli_file_t ftype)

 {

-	int ret = CL_CLEAN, i;

+	int ret = CL_CLEAN;

+	unsigned int i;

 	struct cli_ac_data mdata;

 	struct cli_matcher *groot, *troot = NULL;

@@ -285,12 +287,11 @@ int cli_validatesig(cli_file_t ftype, const char *offstr, off_t fileoff, struct

     return 1;

 }

-int cli_scandesc(int desc, cli_ctx *ctx, unsigned short otfrec, cli_file_t ftype, unsigned short ftonly, struct cli_matched_type **ftoffset)

+int cli_scandesc(int desc, cli_ctx *ctx, uint8_t otfrec, cli_file_t ftype, uint8_t ftonly, struct cli_matched_type **ftoffset)

 {

  	unsigned char *buffer, *buff, *endbl, *upt;

 	int ret = CL_CLEAN, type = CL_CLEAN, i, bytes;

-	unsigned int buffersize, length, maxpatlen, shift = 0;

-	unsigned long int offset = 0;

+	uint32_t buffersize, length, maxpatlen, shift = 0, offset = 0;

 	struct cli_ac_data gdata, tdata;

 	cli_md5_ctx md5ctx;

 	unsigned char digest[16];

@@ -29,6 +29,29 @@

 #include "cltypes.h"

 #include "md5.h"

+#include "matcher-ac.h"

+#include "matcher-bm.h"

+

+#define CLI_MATCH_WILDCARD	0xff00

+#define CLI_MATCH_IGNORE	0x0100

+#define CLI_MATCH_ALTERNATIVE	0x0200

+#define CLI_MATCH_NIBBLE_HIGH	0x0300

+#define CLI_MATCH_NIBBLE_LOW	0x0400

+

+struct cli_matcher {

+    uint16_t maxpatlen;

+    uint8_t ac_only;

+

+    /* Extended Boyer-Moore */

+    int32_t *bm_shift;

+    struct cli_bm_patt **bm_suffix;

+

+    /* Extended Aho-Corasick */

+    uint8_t ac_depth;

+    struct cli_ac_node *ac_root, **ac_nodetable;

+    uint32_t ac_partsigs, ac_nodes;

+};

+

 #define CL_TARGET_TABLE_SIZE 7

 struct cli_target_info {

@@ -37,9 +60,9 @@ struct cli_target_info {

     int8_t status; /* 0 == not initialised, 1 == initialised OK, -1 == error */

 };

-int cli_scandesc(int desc, cli_ctx *ctx, unsigned short otfrec, cli_file_t ftype, unsigned short ftonly, struct cli_matched_type **ftoffset);

+int cli_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, const struct cl_engine *engine, cli_file_t ftype);

-int cli_scanbuff(const unsigned char *buffer, unsigned int length, const char **virname, const struct cl_engine *engine, cli_file_t ftype);

+int cli_scandesc(int desc, cli_ctx *ctx, uint8_t otfrec, cli_file_t ftype, uint8_t ftonly, struct cli_matched_type **ftoffset);

 int cli_validatesig(cli_file_t ftype, const char *offstr, off_t fileoff, struct cli_target_info *info, int desc, const char *virname);

@@ -70,7 +70,6 @@ static	char	const	rcsid[] = "$Id: mbox.c,v 1.381 2007/02/15 12:26:44 njh Exp $";

 #endif

 #include "others.h"

-#include "defaults.h"

 #include "str.h"

 #include "filetypes.h"

 #include "mbox.h"

@@ -81,7 +81,7 @@ static pthread_mutex_t cli_gentempname_mutex = PTHREAD_MUTEX_INITIALIZER;

 #define       P_tmpdir        "C:\\WINDOWS\\TEMP"

 #endif

-#define CL_FLEVEL 14 /* don't touch it */

+#define CL_FLEVEL 15 /* don't touch it */

 short cli_debug_flag = 0, cli_leavetemps_flag = 0;

@@ -286,7 +286,7 @@ char *cli_md5file(const char *filename)

     return md5str;

 }

-static char *cli_md5buff(const char *buffer, unsigned int len, unsigned char *dig)

+static char *cli_md5buff(const unsigned char *buffer, unsigned int len, unsigned char *dig)

 {

 	unsigned char digest[16];

 	char *md5str, *pt;

@@ -295,7 +295,7 @@ static char *cli_md5buff(const char *buffer, unsigned int len, unsigned char *di

     cli_md5_init(&ctx);

-    cli_md5_update(&ctx, (const unsigned char *) buffer, len);

+    cli_md5_update(&ctx, buffer, len);

     cli_md5_final(digest, &ctx);

     if(dig)

@@ -465,7 +465,7 @@ static char *cli_gentempname(const char *dir)

     for(i = 16; i < 48; i++)

 	salt[i] = cli_rndnum(256);

-    tmp = cli_md5buff((char *) salt, 48, name_salt);

+    tmp = cli_md5buff(salt, 48, name_salt);

 #ifdef CL_THREAD_SAFE

     pthread_mutex_unlock(&cli_gentempname_mutex);

@@ -49,9 +49,9 @@

 #endif

 #include "matcher-ac.h"

 #include "matcher-bm.h"

+#include "matcher.h"

 #include "others.h"

 #include "str.h"

-#include "defaults.h"

 #include "dconf.h"

 #include "lockdb.h"

 #include "readdb.h"

@@ -101,6 +101,9 @@ static int cli_ac_addsig(struct cli_matcher *root, const char *virname, const ch

 	free(hex);			\

     }

+    if(strlen(hexsig) / 2 < AC_DEFAULT_DEPTH)

+	return CL_EPATSHORT;

+

     if((new = (struct cli_ac_patt *) cli_calloc(1, sizeof(struct cli_ac_patt))) == NULL)

 	return CL_EMEM;

@@ -210,7 +213,7 @@ static int cli_ac_addsig(struct cli_matcher *root, const char *virname, const ch

 	}

     }

-    if((new->pattern = cli_hex2si(new->alt ? hex : hexsig)) == NULL) {

+    if((new->pattern = cli_hex2ui(new->alt ? hex : hexsig)) == NULL) {

 	FREE_ALT;

 	if(new->offset)

 	    free(new->offset);

@@ -221,17 +224,17 @@ static int cli_ac_addsig(struct cli_matcher *root, const char *virname, const ch

     new->length = strlen(new->alt ? hex : hexsig) / 2;

     for(i = 0; i < AC_DEFAULT_DEPTH; i++) {

-	if(new->pattern[i] == CLI_IGN || new->pattern[i] == CLI_ALT) {

+	if(new->pattern[i] & CLI_MATCH_WILDCARD) {

 	    wprefix = 1;

 	    break;

 	}

     }

     if(wprefix) {

-	for(; i < new->length - AC_DEFAULT_DEPTH + 1; i++) {

+	for(; i < (uint16_t) (new->length - AC_DEFAULT_DEPTH + 1); i++) {

 	    wprefix = 0;

 	    for(j = i; j < i + AC_DEFAULT_DEPTH; j++) {

-		if(new->pattern[j] == CLI_IGN || new->pattern[j] == CLI_ALT) {

+		if(new->pattern[j] & CLI_MATCH_WILDCARD) {

 		    wprefix = 1;

 		    break;

 		}

@@ -255,7 +258,7 @@ static int cli_ac_addsig(struct cli_matcher *root, const char *virname, const ch

 	new->length -= i;

 	for(i = 0; i < new->prefix_length; i++)

-	    if(new->prefix[i] == CLI_ALT)

+	    if((new->prefix[i] & CLI_MATCH_WILDCARD) == CLI_MATCH_ALTERNATIVE)

 		new->alt_pattern++;

     }

@@ -524,7 +527,7 @@ int cli_initengine(struct cl_engine **engine, unsigned int options)

 	(*engine)->refcount = 1;

-	(*engine)->root = (struct cli_matcher **) cli_calloc(CL_TARGET_TABLE_SIZE, sizeof(struct cli_matcher *));

+	(*engine)->root = cli_calloc(CL_TARGET_TABLE_SIZE, sizeof(struct cli_matcher *));

 	if(!(*engine)->root) {

 	    /* no need to free previously allocated memory here */

 	    cli_errmsg("Can't allocate memory for roots!\n");

@@ -1674,9 +1677,9 @@ void cl_free(struct cl_engine *engine)

     if(engine->root) {

 	for(i = 0; i < CL_TARGET_TABLE_SIZE; i++) {

 	    if((root = engine->root[i])) {

-		cli_ac_free(root);

-		if(!engine->root[i]->ac_only)

+		if(!root->ac_only)

 		    cli_bm_free(root);

+		cli_ac_free(root);

 		free(root);

 	    }

 	}

@@ -21,6 +21,7 @@

 #define __READDB_H

 #include "clamav.h"

+#include "matcher.h"

 int cli_parse_add(struct cli_matcher *root, const char *virname, const char *hexsig, unsigned short type, const char *offset, unsigned short target);

@@ -1748,7 +1748,7 @@ static int cli_scanembpe(int desc, cli_ctx *ctx)

 static int cli_scanraw(int desc, cli_ctx *ctx, cli_file_t type)

 {

 	int ret = CL_CLEAN, nret = CL_CLEAN;

-	unsigned short ftrec, break_loop = 0;

+	uint8_t ftrec, break_loop = 0;

 	struct cli_matched_type *ftoffset = NULL, *fpt;

 	uint32_t lastzip, lastrar;

 	struct cli_exe_info peinfo;

@@ -33,7 +33,8 @@

 #include "clamav.h"

 #include "others.h"

-#include "defaults.h"

+#include "matcher.h"

+#include "cltypes.h"

 static int cli_hex2int(int c)

 {

@@ -53,30 +54,53 @@ static int cli_hex2int(int c)

     return -1;

 }

-short int *cli_hex2si(const char *hex)

+uint16_t *cli_hex2ui(const char *hex)

 {

-	short int *str, *ptr, val, c;

-	int i, len;

+	uint16_t *str, *ptr, val;

+	unsigned int i, len;

+	int c;

     len = strlen(hex);

     if(len % 2 != 0) {

-	cli_errmsg("cli_hex2si(): Malformed hexstring: %s (length: %d)\n", hex, len);

+	cli_errmsg("cli_hex2si(): Malformed hexstring: %s (length: %u)\n", hex, len);

 	return NULL;

     }

-    str = cli_calloc((len / 2) + 1, sizeof(short int));

+    str = cli_calloc((len / 2) + 1, sizeof(uint16_t));

     if(!str)

 	return NULL;

     ptr = str;

     for(i = 0; i < len; i += 2) {

-	if(hex[i] == '?') {

-	    val = CLI_IGN;

+	val = 0;

+

+	if(hex[i] == '?' && hex[i + 1] == '?') {

+	    val |= CLI_MATCH_IGNORE;

+

+	} else if(hex[i + 1] == '?') {

+	    if((c = cli_hex2int(hex[i])) >= 0) {

+		val = c << 4;

+	    } else {

+		free(str);

+		return NULL;

+	    }

+	    val |= CLI_MATCH_NIBBLE_HIGH;

+

+	} else if(hex[i] == '?') {

+	    if((c = cli_hex2int(hex[i + 1])) >= 0) {

+		val = c;

+	    } else {

+		free(str);

+		return NULL;

+	    }

+	    val |= CLI_MATCH_NIBBLE_LOW;

+

 	} else if(hex[i] == '@') {

-	    val = CLI_ALT;

+	    val |= CLI_MATCH_ALTERNATIVE;

+

 	} else {

 	    if((c = cli_hex2int(hex[i])) >= 0) {

 		val = c;

@@ -91,6 +115,7 @@ short int *cli_hex2si(const char *hex)

 		return NULL;

 	    }

 	}

+

 	*ptr++ = val;

     }

@@ -22,10 +22,12 @@

 #include <sys/types.h>

+#include "cltypes.h"

+

 int cli_strbcasestr(const char *haystack, const char *needle);

 int cli_chomp(char *string);

 char *cli_strtok(const char *line, int field, const char *delim);

-short int *cli_hex2si(const char *hex);

+uint16_t *cli_hex2ui(const char *hex);

 char *cli_hex2str(const char *hex);

 int cli_hex2num(const char *hex);

 char *cli_str2hex(const char *string, unsigned int len);