... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Fri Nov 18 15:23:50 CET 2011 (tk) |
|
2 |
+--------------------------------- |
|
3 |
+ * libclamav/scanners.c: use lsigs when scanning vba data (bb#3922) |
|
4 |
+ |
|
1 | 5 |
Fri Nov 18 15:48:59 EET 2011 (edwin) |
2 | 6 |
----------------------------------- |
3 | 7 |
* libclamav/matcher-hash.c: Fix SIGBUS on PA-RISC (big-endian) architectures (bb #3894). |
... | ... |
@@ -773,6 +773,37 @@ static int cli_scanmscab(int desc, cli_ctx *ctx, off_t sfx_offset) |
773 | 773 |
return ret; |
774 | 774 |
} |
775 | 775 |
|
776 |
+static int vba_scandata(const unsigned char *data, unsigned int len, cli_ctx *ctx) |
|
777 |
+{ |
|
778 |
+ struct cli_matcher *groot = ctx->engine->root[0]; |
|
779 |
+ struct cli_matcher *troot = ctx->engine->root[2]; |
|
780 |
+ struct cli_ac_data gmdata, tmdata; |
|
781 |
+ struct cli_ac_data *mdata[2]; |
|
782 |
+ int ret; |
|
783 |
+ |
|
784 |
+ if((ret = cli_ac_initdata(&tmdata, troot->ac_partsigs, troot->ac_lsigs, troot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) |
|
785 |
+ return ret; |
|
786 |
+ |
|
787 |
+ if((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) { |
|
788 |
+ cli_ac_freedata(&tmdata); |
|
789 |
+ return ret; |
|
790 |
+ } |
|
791 |
+ mdata[0] = &tmdata; |
|
792 |
+ mdata[1] = &gmdata; |
|
793 |
+ |
|
794 |
+ ret = cli_scanbuff(data, len, 0, ctx, CL_TYPE_MSOLE2, mdata); |
|
795 |
+ |
|
796 |
+ if(ret != CL_VIRUS) { |
|
797 |
+ ret = cli_lsig_eval(ctx, troot, &tmdata, NULL, NULL); |
|
798 |
+ if(ret != CL_VIRUS) |
|
799 |
+ ret = cli_lsig_eval(ctx, groot, &gmdata, NULL, NULL); |
|
800 |
+ } |
|
801 |
+ cli_ac_freedata(&tmdata); |
|
802 |
+ cli_ac_freedata(&gmdata); |
|
803 |
+ |
|
804 |
+ return ret; |
|
805 |
+} |
|
806 |
+ |
|
776 | 807 |
static int cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq *U) |
777 | 808 |
{ |
778 | 809 |
int ret = CL_CLEAN, i, j, fd, data_len, hasmacros = 0; |
... | ... |
@@ -813,7 +844,7 @@ static int cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq *U) |
813 | 813 |
/* cli_dbgmsg("Project content:\n%s", data); */ |
814 | 814 |
if(ctx->scanned) |
815 | 815 |
*ctx->scanned += data_len / CL_COUNT_PRECISION; |
816 |
- if(cli_scanbuff(data, data_len, 0, ctx, CL_TYPE_MSOLE2, NULL) == CL_VIRUS) { |
|
816 |
+ if(vba_scandata(data, data_len, ctx) == CL_VIRUS) { |
|
817 | 817 |
free(data); |
818 | 818 |
ret = CL_VIRUS; |
819 | 819 |
break; |
... | ... |
@@ -872,7 +903,7 @@ static int cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq *U) |
872 | 872 |
cli_dbgmsg("Project content:\n%s", data); |
873 | 873 |
if(ctx->scanned) |
874 | 874 |
*ctx->scanned += vba_project->length[i] / CL_COUNT_PRECISION; |
875 |
- if(cli_scanbuff(data, vba_project->length[i], 0, ctx, CL_TYPE_MSOLE2, NULL) == CL_VIRUS) { |
|
875 |
+ if(vba_scandata(data, vba_project->length[i], ctx) == CL_VIRUS) { |
|
876 | 876 |
free(data); |
877 | 877 |
ret = CL_VIRUS; |
878 | 878 |
break; |