1. clamav-devel
  2. Commit c58e2fdbe81c997b64c501771066273900d89205
Browse code

quick implementation of ystring table

Kevin Lin authored on 2015/02/13 01:49:21
Showing 1 changed files
libclamav/readdb.c
History View file @ c58e2fd
... ... 
@@ -2819,9 +2819,91 @@ struct cli_ytable_entry {
2819 2819
2820 2820 
 struct cli_ytable {
2821 2821 
     struct cli_ytable_entry **table;
2822 
-    uint32_t tbl_cnt;
2822 
+    int32_t tbl_cnt;
2823 2823 
 };
2824 2824
2825 
+/* function is dumb - TODO - rewrite using hashtable */
2826 
+int ytable_add_string(struct cli_ytable *ytable, const char *hexsig)
2827 
+{
2828 
+    struct cli_ytable_entry *new;
2829 
+    struct cli_ytable_entry **newtable;
2830 
+
2831 
+    if (!ytable || !hexsig)
2832 
+        return CL_ENULLARG;
2833 
+
2834 
+    new = cli_calloc(1, sizeof(struct cli_ytable_entry));
2835 
+    if (!new) {
2836 
+        /* out of memory for new ytable entry */
2837 
+        return CL_EMEM;
2838 
+    }
2839 
+
2840 
+    new->hexstr = cli_strdup(hexsig);
2841 
+    if (!new->hexstr) {
2842 
+        /* out of memory for hexsig copy */
2843 
+        free(new);
2844 
+        return CL_EMEM;
2845 
+    }
2846 
+
2847 
+    ytable->tbl_cnt++;
2848 
+    newtable = cli_realloc(ytable->table, ytable->tbl_cnt * sizeof(struct cli_ytable_entry *));
2849 
+    if (!newtable) {
2850 
+        /* failed to reallocate new ytable table */
2851 
+        free(new->hexstr);
2852 
+        free(new);
2853 
+        ytable->tbl_cnt--;
2854 
+        return CL_EMEM;
2855 
+    }
2856 
+
2857 
+    newtable[ytable->tbl_cnt-1] = new;
2858 
+    ytable->table = newtable;
2859 
+
2860 
+    return CL_SUCCESS;
2861 
+}
2862 
+
2863 
+int32_t ytable_lookup(const char *hexsig)
2864 
+{
2865 
+    /* TODO - WRITE ME! */
2866 
+    return -1;
2867 
+}
2868 
+
2869 
+int ytable_add_attrib(struct cli_ytable *ytable, const char *hexsig, const char *value, int type)
2870 
+{
2871 
+    int32_t lookup;
2872 
+    char **attrib;
2873 
+
2874 
+    if (!ytable || !value)
2875 
+        return CL_ENULLARG;
2876 
+
2877 
+    if (!hexsig)
2878 
+        lookup = ytable->tbl_cnt-1; /* assuming to attach to current string */
2879 
+    else
2880 
+        lookup = ytable_lookup(hexsig);
2881 
+
2882 
+    if (lookup < 0) {
2883 
+        /* hexsig cannot be found */
2884 
+        return CL_EARG;
2885 
+    }
2886 
+
2887 
+    if (type)
2888 
+        attrib = &ytable->table[lookup]->sigopts;
2889 
+    else
2890 
+        attrib = &ytable->table[lookup]->offset;
2891 
+
2892 
+
2893 
+    if (*attrib) {
2894 
+        /* attribute already exists for hexsig */
2895 
+        return CL_EARG;
2896 
+    }
2897 
+
2898 
+    *attrib = cli_strdup(value);
2899 
+    if (*attrib) {
2900 
+        /* ran out of memory for attribute */
2901 
+        return CL_EMEM;
2902 
+    }
2903 
+
2904 
+    return CL_SUCCESS;
2905 
+}
2906 
+
2825 2907 
 void ytable_delete(struct cli_ytable *ytable)
2826 2908 
 {
2827 2909 
     uint32_t i;
... ... 
@@ -2829,8 +2911,12 @@ void ytable_delete(struct cli_ytable *ytable)
2829 2829 
         return;
2830 2830
2831 2831 
     if (ytable->table) {
2832 
-        for (i = 0; i < ytable->tbl_cnt; ++i)
2832 
+        for (i = 0; i < ytable->tbl_cnt; ++i) {
2833 
+            free(ytable->table[i]->offset);
2834 
+            free(ytable->table[i]->hexstr);
2835 
+            free(ytable->table[i]->sigopts);
2833 2836 
             free(ytable->table[i]);
2837 
+        }
2834 2838 
         free(ytable->table);
2835 2839 
     }
2836 2840 
 }
... ... 
@@ -2916,6 +3002,8 @@ static int load_oneyara(YR_RULE *rule, struct cl_engine *engine, unsigned int op
2916 2916 
                 snprintf(rulestr+len, totsize-len, "%s", substr);
2917 2917 
                 free(substr);
2918 2918 
                 */
2919 
+                ytable_add_string(&ytable, substr);
2920 
+                free (substr);
2919 2921 
             }
2920 2922
2921 2923 
             cli_yaramsg("Yara hex string: \"%s\"\n", substr);
... ... 
@@ -3004,6 +3092,7 @@ static int load_oneyara(YR_RULE *rule, struct cl_engine *engine, unsigned int op
3004 3004 
     /*** END CONDITIONAL HANDLING ***/
3005 3005
3006 3006 
     /* TDB */
3007 
+    /*
3007 3008 
     memset(&tdb, 0, sizeof(tdb));
3008 3009 
 #ifdef USE_MPOOL
3009 3010 
     tdb.mempool = engine->mempool;
... ... 
@@ -3069,7 +3158,8 @@ static int load_oneyara(YR_RULE *rule, struct cl_engine *engine, unsigned int op
3069 3069 
     }
3070 3070
3071 3071 
     /*** populating lsig ***/
3072 
-    root = engine->root[tdb.target[0]];
3072 
+    //root = engine->root[tdb.target[0]];
3073 
+    root = engine->root[0];
3073 3074
3074 3075 
     lsig = (struct cli_ac_lsig *) mpool_calloc(engine->mempool, 1, sizeof(struct cli_ac_lsig));
3075 3076 
     if(!lsig) {
... ... 
@@ -3081,6 +3171,8 @@ static int load_oneyara(YR_RULE *rule, struct cl_engine *engine, unsigned int op
3081 3081 
     }
3082 3082
3083 3083 
     if (logic) {
3084 
+        cli_yaramsg("normal lsig triggered yara: %s\n", logic);
3085 
+
3084 3086 
         lsig->type = CLI_NORMAL_LSIG;
3085 3087 
         lsig->u.logic = cli_mpool_strdup(engine->mempool, logic);
3086 3088 
         if(!lsig->u.logic) {
... ... 
@@ -3124,8 +3216,10 @@ static int load_oneyara(YR_RULE *rule, struct cl_engine *engine, unsigned int op
3124 3124
3125 3125 
         /* TODO - options as separate table or integrated into ytable[i]? */
3126 3126
3127 
-        if((ret = cli_parse_add(root, rule->id, ytable.table[i]->hexstr, ytable.table[i]->sigopts, 0, 0, ytable.table[i]->offset, target, lsigid, options)))
3128 
-            return ret;
3127 
+        cli_yaramsg("%i: %s %s %s\n", i, ytable.table[i]->hexstr, ytable.table[i]->offset, ytable.table[i]->sigopts);
3128 
+
3129 
+        //if((ret = cli_parse_add(root, rule->id, ytable.table[i]->hexstr, ytable.table[i]->sigopts, 0, 0, ytable.table[i]->offset, target, lsigid, options)))
3130 
+        //return ret;
3129 3131 
     }
3130 3132
3131 3133 
     memcpy(&lsig->tdb, &tdb, sizeof(tdb));