... | ... |
@@ -15,10 +15,13 @@ |
15 | 15 |
struct mscab_compressor * |
16 | 16 |
mspack_create_cab_compressor(struct mspack_system *sys) |
17 | 17 |
{ |
18 |
+ (void) sys; |
|
18 | 19 |
/* todo */ |
19 | 20 |
return NULL; |
20 | 21 |
} |
21 | 22 |
|
22 | 23 |
void mspack_destroy_cab_compressor(struct mscab_compressor *self) { |
24 |
+ (void) self; |
|
23 | 25 |
/* todo */ |
26 |
+ return; |
|
24 | 27 |
} |
... | ... |
@@ -15,10 +15,13 @@ |
15 | 15 |
struct mschm_compressor * |
16 | 16 |
mspack_create_chm_compressor(struct mspack_system *sys) |
17 | 17 |
{ |
18 |
+ (void) sys; |
|
18 | 19 |
/* todo */ |
19 | 20 |
return NULL; |
20 | 21 |
} |
21 | 22 |
|
22 | 23 |
void mspack_destroy_chm_compressor(struct mschm_compressor *self) { |
24 |
+ (void) self; |
|
23 | 25 |
/* todo */ |
26 |
+ return; |
|
24 | 27 |
} |
... | ... |
@@ -1371,16 +1371,22 @@ static int chmd_error(struct mschm_decompressor *base) { |
1371 | 1371 |
* are accepted, offsets beyond that cause an error message. |
1372 | 1372 |
*/ |
1373 | 1373 |
static int read_off64(off_t *var, unsigned char *mem, |
1374 |
- struct mspack_system *sys, struct mspack_file *fh) |
|
1374 |
+ struct mspack_system *sys, struct mspack_file *fh) |
|
1375 | 1375 |
{ |
1376 |
+ (void) sys; |
|
1377 |
+ |
|
1376 | 1378 |
#ifdef LARGEFILE_SUPPORT |
1377 |
- *var = EndGetI64(mem); |
|
1379 |
+ (void) fh; |
|
1380 |
+ |
|
1381 |
+ *var = EndGetI64(mem); |
|
1378 | 1382 |
#else |
1379 |
- *var = EndGetI32(mem); |
|
1380 |
- if ((*var & 0x80000000) || EndGetI32(mem+4)) { |
|
1381 |
- sys->message(fh, (char *)largefile_msg); |
|
1382 |
- return 1; |
|
1383 |
- } |
|
1383 |
+ *var = EndGetI32(mem); |
|
1384 |
+ |
|
1385 |
+ if ((*var & 0x80000000) || EndGetI32(mem + 4)) |
|
1386 |
+ { |
|
1387 |
+ sys->message(fh, (char *)largefile_msg); |
|
1388 |
+ return 1; |
|
1389 |
+ } |
|
1384 | 1390 |
#endif |
1385 |
- return 0; |
|
1391 |
+ return 0; |
|
1386 | 1392 |
} |
... | ... |
@@ -15,10 +15,13 @@ |
15 | 15 |
struct mshlp_compressor * |
16 | 16 |
mspack_create_hlp_compressor(struct mspack_system *sys) |
17 | 17 |
{ |
18 |
+ (void) sys; |
|
18 | 19 |
/* todo */ |
19 | 20 |
return NULL; |
20 | 21 |
} |
21 | 22 |
|
22 | 23 |
void mspack_destroy_hlp_compressor(struct mshlp_compressor *self) { |
24 |
+ (void) self; |
|
23 | 25 |
/* todo */ |
26 |
+ return; |
|
24 | 27 |
} |
... | ... |
@@ -15,10 +15,13 @@ |
15 | 15 |
struct mshlp_decompressor * |
16 | 16 |
mspack_create_hlp_decompressor(struct mspack_system *sys) |
17 | 17 |
{ |
18 |
+ (void) sys; |
|
18 | 19 |
/* todo */ |
19 | 20 |
return NULL; |
20 | 21 |
} |
21 | 22 |
|
22 | 23 |
void mspack_destroy_hlp_decompressor(struct mshlp_decompressor *self) { |
24 |
+ (void) self; |
|
23 | 25 |
/* todo */ |
26 |
+ return; |
|
24 | 27 |
} |
... | ... |
@@ -15,10 +15,13 @@ |
15 | 15 |
struct mskwaj_compressor * |
16 | 16 |
mspack_create_kwaj_compressor(struct mspack_system *sys) |
17 | 17 |
{ |
18 |
+ (void) sys; |
|
18 | 19 |
/* todo */ |
19 | 20 |
return NULL; |
20 | 21 |
} |
21 | 22 |
|
22 | 23 |
void mspack_destroy_kwaj_compressor(struct mskwaj_compressor *self) { |
24 |
+ (void) self; |
|
23 | 25 |
/* todo */ |
26 |
+ return; |
|
24 | 27 |
} |
... | ... |
@@ -15,10 +15,13 @@ |
15 | 15 |
struct mslit_compressor * |
16 | 16 |
mspack_create_lit_compressor(struct mspack_system *sys) |
17 | 17 |
{ |
18 |
+ (void) sys; |
|
18 | 19 |
/* todo */ |
19 | 20 |
return NULL; |
20 | 21 |
} |
21 | 22 |
|
22 | 23 |
void mspack_destroy_lit_compressor(struct mslit_compressor *self) { |
24 |
+ (void) self; |
|
23 | 25 |
/* todo */ |
26 |
+ return; |
|
24 | 27 |
} |
... | ... |
@@ -15,10 +15,13 @@ |
15 | 15 |
struct mslit_decompressor * |
16 | 16 |
mspack_create_lit_decompressor(struct mspack_system *sys) |
17 | 17 |
{ |
18 |
+ (void) sys; |
|
18 | 19 |
/* todo */ |
19 | 20 |
return NULL; |
20 | 21 |
} |
21 | 22 |
|
22 | 23 |
void mspack_destroy_lit_decompressor(struct mslit_decompressor *self) { |
24 |
+ (void) self; |
|
23 | 25 |
/* todo */ |
26 |
+ return; |
|
24 | 27 |
} |
... | ... |
@@ -15,10 +15,13 @@ |
15 | 15 |
struct msoab_compressor * |
16 | 16 |
mspack_create_oab_compressor(struct mspack_system *sys) |
17 | 17 |
{ |
18 |
+ (void) sys; |
|
18 | 19 |
/* todo */ |
19 | 20 |
return NULL; |
20 | 21 |
} |
21 | 22 |
|
22 | 23 |
void mspack_destroy_oab_compressor(struct msoab_compressor *self) { |
24 |
+ (void) self; |
|
23 | 25 |
/* todo */ |
26 |
+ return; |
|
24 | 27 |
} |
... | ... |
@@ -118,6 +118,8 @@ static struct mspack_file *msp_open(struct mspack_system *self, |
118 | 118 |
struct mspack_file_p *fh; |
119 | 119 |
const char *fmode; |
120 | 120 |
|
121 |
+ (void) self; |
|
122 |
+ |
|
121 | 123 |
switch (mode) { |
122 | 124 |
case MSPACK_SYS_OPEN_READ: fmode = "rb"; break; |
123 | 125 |
case MSPACK_SYS_OPEN_WRITE: fmode = "wb"; break; |
... | ... |
@@ -201,10 +203,12 @@ static void *msp_alloc(struct mspack_system *self, size_t bytes) { |
201 | 201 |
#ifdef DEBUG |
202 | 202 |
/* make uninitialised data obvious */ |
203 | 203 |
char *buf = malloc(bytes + 8); |
204 |
+ (void) self; |
|
204 | 205 |
if (buf) memset(buf, 0xDC, bytes); |
205 | 206 |
*((size_t *)buf) = bytes; |
206 | 207 |
return &buf[8]; |
207 | 208 |
#else |
209 |
+ (void) self; |
|
208 | 210 |
return malloc(bytes); |
209 | 211 |
#endif |
210 | 212 |
} |
... | ... |
@@ -15,10 +15,13 @@ |
15 | 15 |
struct msszdd_compressor * |
16 | 16 |
mspack_create_szdd_compressor(struct mspack_system *sys) |
17 | 17 |
{ |
18 |
+ (void) sys; |
|
18 | 19 |
/* todo */ |
19 | 20 |
return NULL; |
20 | 21 |
} |
21 | 22 |
|
22 | 23 |
void mspack_destroy_szdd_compressor(struct msszdd_compressor *self) { |
24 |
+ (void) self; |
|
23 | 25 |
/* todo */ |
26 |
+ return; |
|
24 | 27 |
} |
... | ... |
@@ -307,7 +307,6 @@ static int cli_ac_addpatt_recursive(struct cli_matcher *root, struct cli_ac_patt |
307 | 307 |
|
308 | 308 |
int cli_ac_addpatt(struct cli_matcher *root, struct cli_ac_patt *pattern) |
309 | 309 |
{ |
310 |
- struct cli_ac_node *pt; |
|
311 | 310 |
struct cli_ac_patt **newtable; |
312 | 311 |
uint16_t len = MIN(root->ac_maxdepth, pattern->length[0]); |
313 | 312 |
uint8_t i; |
... | ... |
@@ -1275,7 +1274,7 @@ int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint32_t lsigs, |
1275 | 1275 |
|
1276 | 1276 |
data->partsigs = partsigs; |
1277 | 1277 |
if(partsigs) { |
1278 |
- data->offmatrix = (int32_t ***) cli_calloc(partsigs, sizeof(int32_t **)); |
|
1278 |
+ data->offmatrix = (uint32_t ***) cli_calloc(partsigs, sizeof(uint32_t **)); |
|
1279 | 1279 |
if(!data->offmatrix) { |
1280 | 1280 |
cli_errmsg("cli_ac_init: Can't allocate memory for data->offmatrix\n"); |
1281 | 1281 |
|
... | ... |
@@ -1529,7 +1528,6 @@ int lsig_sub_matched(const struct cli_matcher *root, struct cli_ac_data *mdata, |
1529 | 1529 |
} |
1530 | 1530 |
|
1531 | 1531 |
if (ac_lsig->type & CLI_YARA_OFFSET && realoff != CLI_OFF_NONE) { |
1532 |
- uint32_t * offs; |
|
1533 | 1532 |
struct cli_subsig_matches * ss_matches; |
1534 | 1533 |
struct cli_lsig_matches * ls_matches; |
1535 | 1534 |
cli_dbgmsg("lsig_sub_matched lsig %u:%u at %u\n", lsigid1, lsigid2, realoff); |
... | ... |
@@ -1624,7 +1622,19 @@ int cli_ac_chkmacro(struct cli_matcher *root, struct cli_ac_data *data, unsigned |
1624 | 1624 |
} |
1625 | 1625 |
|
1626 | 1626 |
|
1627 |
-int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, void **customdata, struct cli_ac_result **res, const struct cli_matcher *root, struct cli_ac_data *mdata, uint32_t offset, cli_file_t ftype, struct cli_matched_type **ftoffset, unsigned int mode, cli_ctx *ctx) |
|
1627 |
+int cli_ac_scanbuff( |
|
1628 |
+ const unsigned char *buffer, |
|
1629 |
+ uint32_t length, |
|
1630 |
+ const char **virname, |
|
1631 |
+ void **customdata, |
|
1632 |
+ struct cli_ac_result **res, |
|
1633 |
+ const struct cli_matcher *root, |
|
1634 |
+ struct cli_ac_data *mdata, |
|
1635 |
+ uint32_t offset, |
|
1636 |
+ cli_file_t ftype, |
|
1637 |
+ struct cli_matched_type **ftoffset, |
|
1638 |
+ unsigned int mode, |
|
1639 |
+ cli_ctx *ctx) |
|
1628 | 1640 |
{ |
1629 | 1641 |
struct cli_ac_node *current; |
1630 | 1642 |
struct cli_ac_list *pattN, *ptN; |
... | ... |
@@ -1632,7 +1642,7 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v |
1632 | 1632 |
uint32_t i, bp, exptoff[2], realoff, matchstart, matchend; |
1633 | 1633 |
uint16_t j; |
1634 | 1634 |
uint8_t found, viruses_found = 0; |
1635 |
- int32_t **offmatrix, swp; |
|
1635 |
+ uint32_t **offmatrix, swp; |
|
1636 | 1636 |
int type = CL_CLEAN; |
1637 | 1637 |
struct cli_ac_result *newres; |
1638 | 1638 |
int rc; |
... | ... |
@@ -1741,14 +1751,14 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v |
1741 | 1741 |
return CL_EMEM; |
1742 | 1742 |
} |
1743 | 1743 |
|
1744 |
- mdata->offmatrix[pt->sigid - 1][0] = cli_malloc(pt->parts * (CLI_DEFAULT_AC_TRACKLEN + 2) * sizeof(int32_t)); |
|
1744 |
+ mdata->offmatrix[pt->sigid - 1][0] = cli_malloc(pt->parts * (CLI_DEFAULT_AC_TRACKLEN + 2) * sizeof(uint32_t)); |
|
1745 | 1745 |
if(!mdata->offmatrix[pt->sigid - 1][0]) { |
1746 | 1746 |
cli_errmsg("cli_ac_scanbuff: Can't allocate memory for mdata->offmatrix[%u][0]\n", pt->sigid - 1); |
1747 | 1747 |
free(mdata->offmatrix[pt->sigid - 1]); |
1748 | 1748 |
mdata->offmatrix[pt->sigid - 1] = NULL; |
1749 | 1749 |
return CL_EMEM; |
1750 | 1750 |
} |
1751 |
- memset(mdata->offmatrix[pt->sigid - 1][0], -1, pt->parts * (CLI_DEFAULT_AC_TRACKLEN + 2) * sizeof(int32_t)); |
|
1751 |
+ memset(mdata->offmatrix[pt->sigid - 1][0], (uint32_t)-1, pt->parts * (CLI_DEFAULT_AC_TRACKLEN + 2) * sizeof(uint32_t)); |
|
1752 | 1752 |
mdata->offmatrix[pt->sigid - 1][0][0] = 0; |
1753 | 1753 |
for(j = 1; j < pt->parts; j++) { |
1754 | 1754 |
mdata->offmatrix[pt->sigid - 1][j] = mdata->offmatrix[pt->sigid - 1][0] + j * (CLI_DEFAULT_AC_TRACKLEN + 2); |
... | ... |
@@ -1759,7 +1769,7 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v |
1759 | 1759 |
|
1760 | 1760 |
found = 0; |
1761 | 1761 |
if(pt->partno != 1) { |
1762 |
- for(j = 1; j <= CLI_DEFAULT_AC_TRACKLEN + 1 && offmatrix[pt->partno - 2][j] != -1; j++) { |
|
1762 |
+ for(j = 1; j <= CLI_DEFAULT_AC_TRACKLEN + 1 && offmatrix[pt->partno - 2][j] != (uint32_t)-1; j++) { |
|
1763 | 1763 |
found = j; |
1764 | 1764 |
if(realoff < offmatrix[pt->partno - 2][j]) |
1765 | 1765 |
found = 0; |
... | ... |
@@ -1810,12 +1820,12 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v |
1810 | 1810 |
/* FIXME: the first offset in the array is most likely the correct one but |
1811 | 1811 |
* it may happen it is not |
1812 | 1812 |
*/ |
1813 |
- for(j = 1; j <= CLI_DEFAULT_AC_TRACKLEN + 1 && offmatrix[0][j] != -1; j++) |
|
1813 |
+ for(j = 1; j <= CLI_DEFAULT_AC_TRACKLEN + 1 && offmatrix[0][j] != (uint32_t)-1; j++) |
|
1814 | 1814 |
if(ac_addtype(ftoffset, type, offmatrix[pt->parts - 1][j], ctx)) |
1815 | 1815 |
return CL_EMEM; |
1816 | 1816 |
} |
1817 | 1817 |
|
1818 |
- memset(offmatrix[0], -1, pt->parts * (CLI_DEFAULT_AC_TRACKLEN + 2) * sizeof(int32_t)); |
|
1818 |
+ memset(offmatrix[0], (uint32_t)-1, pt->parts * (CLI_DEFAULT_AC_TRACKLEN + 2) * sizeof(uint32_t)); |
|
1819 | 1819 |
for(j = 0; j < pt->parts; j++) |
1820 | 1820 |
offmatrix[j][0] = 0; |
1821 | 1821 |
} |
... | ... |
@@ -1838,7 +1848,7 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v |
1838 | 1838 |
newres->virname = pt->virname; |
1839 | 1839 |
newres->customdata = pt->customdata; |
1840 | 1840 |
newres->next = *res; |
1841 |
- newres->offset = offmatrix[pt->parts - 1][1]; |
|
1841 |
+ newres->offset = (off_t)offmatrix[pt->parts - 1][1]; |
|
1842 | 1842 |
*res = newres; |
1843 | 1843 |
|
1844 | 1844 |
ptN = ptN->next_same; |
... | ... |
@@ -1892,7 +1902,7 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v |
1892 | 1892 |
} |
1893 | 1893 |
newres->virname = pt->virname; |
1894 | 1894 |
newres->customdata = pt->customdata; |
1895 |
- newres->offset = realoff; |
|
1895 |
+ newres->offset = (off_t)realoff; |
|
1896 | 1896 |
newres->next = *res; |
1897 | 1897 |
*res = newres; |
1898 | 1898 |
|
... | ... |
@@ -1946,7 +1956,8 @@ static int qcompare_fstr(const void *arg, const void *a, const void *b) |
1946 | 1946 |
/* returns if level of nesting, end set to MATCHING paren, start AFTER staring paren */ |
1947 | 1947 |
inline static int find_paren_end(char *hexstr, char **end) |
1948 | 1948 |
{ |
1949 |
- int i, nest = 0, level = 0; |
|
1949 |
+ unsigned long i; |
|
1950 |
+ int nest = 0, level = 0; |
|
1950 | 1951 |
|
1951 | 1952 |
*end = NULL; |
1952 | 1953 |
for (i = 0; i < strlen(hexstr); i++) { |
... | ... |
@@ -1970,7 +1981,8 @@ inline static int find_paren_end(char *hexstr, char **end) |
1970 | 1970 |
* counts applied to start of expr (not end, i.e. numexpr starts at 1 for the first expr */ |
1971 | 1971 |
inline static int ac_analyze_expr(char *hexstr, int *fixed_len, int *sub_len) |
1972 | 1972 |
{ |
1973 |
- int i, level = 0, len = 0, numexpr = 1; |
|
1973 |
+ unsigned long i; |
|
1974 |
+ int level = 0, len = 0, numexpr = 1; |
|
1974 | 1975 |
int flen, slen; |
1975 | 1976 |
|
1976 | 1977 |
flen = 1; |
... | ... |
@@ -2026,7 +2038,7 @@ inline static int ac_analyze_expr(char *hexstr, int *fixed_len, int *sub_len) |
2026 | 2026 |
|
2027 | 2027 |
inline static int ac_uicmp(uint16_t *a, size_t alen, uint16_t *b, size_t blen, int *wild) |
2028 | 2028 |
{ |
2029 |
- uint16_t cmp, awild, bwild, side_wild; |
|
2029 |
+ uint16_t awild, bwild, side_wild; |
|
2030 | 2030 |
size_t i, minlen = MIN(alen, blen); |
2031 | 2031 |
|
2032 | 2032 |
side_wild = 0; |
... | ... |
@@ -2404,7 +2416,7 @@ int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hex |
2404 | 2404 |
char *pt, *pt2, *hex = NULL, *hexcpy = NULL; |
2405 | 2405 |
uint16_t i, j, ppos = 0, pend, *dec, nzpos = 0; |
2406 | 2406 |
uint8_t wprefix = 0, zprefix = 1, plen = 0, nzplen = 0; |
2407 |
- struct cli_ac_special *newspecial, *specialpt, **newtable; |
|
2407 |
+ struct cli_ac_special *newspecial, **newtable; |
|
2408 | 2408 |
int ret, error = CL_SUCCESS; |
2409 | 2409 |
|
2410 | 2410 |
|
... | ... |
@@ -1,5 +1,5 @@ |
1 | 1 |
/* |
2 |
- * Copyright (C) 2015 Cisco Systems, Inc. and/or its affiliates. All rights reserved. |
|
2 |
+ * Copyright (C) 2015, 2017 Cisco Systems, Inc. and/or its affiliates. All rights reserved. |
|
3 | 3 |
* Copyright (C) 2007-2009 Sourcefire, Inc. |
4 | 4 |
* |
5 | 5 |
* Authors: Tomasz Kojm |
... | ... |
@@ -57,7 +57,7 @@ struct cli_lsig_matches { |
57 | 57 |
}; |
58 | 58 |
|
59 | 59 |
struct cli_ac_data { |
60 |
- int32_t ***offmatrix; |
|
60 |
+ uint32_t ***offmatrix; |
|
61 | 61 |
uint32_t partsigs, lsigs, reloffsigs; |
62 | 62 |
uint32_t **lsigcnt; |
63 | 63 |
uint32_t **lsigsuboff_last, **lsigsuboff_first; |
... | ... |
@@ -1,5 +1,5 @@ |
1 | 1 |
/* |
2 |
- * Copyright (C) 2015 Cisco Systems, Inc. and/or its affiliates. All rights reserved. |
|
2 |
+ * Copyright (C) 2015, 2017 Cisco Systems, Inc. and/or its affiliates. All rights reserved. |
|
3 | 3 |
* Copyright (C) 2007-2013 Sourcefire, Inc. |
4 | 4 |
* All Rights Reserved. |
5 | 5 |
* |
... | ... |
@@ -802,8 +802,11 @@ static int yara_eval(cli_ctx *ctx, struct cli_matcher *root, struct cli_ac_data |
802 | 802 |
{ |
803 | 803 |
struct cli_ac_lsig *ac_lsig = root->ac_lsigtable[lsid]; |
804 | 804 |
int rc; |
805 |
- YR_SCAN_CONTEXT context = {0}; |
|
805 |
+ YR_SCAN_CONTEXT context; |
|
806 |
+ |
|
807 |
+ (void)hash; |
|
806 | 808 |
|
809 |
+ memset(&context, 0, sizeof(YR_SCAN_CONTEXT)); |
|
807 | 810 |
context.fmap = *ctx->fmap; |
808 | 811 |
context.file_size = (*ctx->fmap)->len; |
809 | 812 |
if (target_info != NULL) { |
... | ... |
@@ -852,9 +855,9 @@ int cli_exp_eval(cli_ctx *ctx, struct cli_matcher *root, struct cli_ac_data *acd |
852 | 852 |
int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli_matched_type **ftoffset, unsigned int acmode, struct cli_ac_result **acres, unsigned char *refhash) |
853 | 853 |
{ |
854 | 854 |
const unsigned char *buff; |
855 |
- int ret = CL_CLEAN, type = CL_CLEAN, bytes, compute_hash[CLI_HASH_AVAIL_TYPES]; |
|
855 |
+ int ret = CL_CLEAN, type = CL_CLEAN, compute_hash[CLI_HASH_AVAIL_TYPES]; |
|
856 | 856 |
unsigned int i = 0, j = 0, bm_offmode = 0; |
857 |
- uint32_t maxpatlen, offset = 0; |
|
857 |
+ uint32_t maxpatlen, bytes, offset = 0; |
|
858 | 858 |
struct cli_ac_data gdata, tdata; |
859 | 859 |
struct cli_bm_off toff; |
860 | 860 |
struct cli_pcre_off gpoff, tpoff; |
... | ... |
@@ -1265,16 +1268,17 @@ int cli_matchmeta(cli_ctx *ctx, const char *fname, size_t fsizec, size_t fsizer, |
1265 | 1265 |
if(cdb->res1 && (cdb->ctype == CL_TYPE_ZIP || cdb->ctype == CL_TYPE_RAR) && cdb->res1 != res1) |
1266 | 1266 |
continue; |
1267 | 1267 |
|
1268 |
-#define CDBRANGE(field, val) \ |
|
1269 |
- if(field[0] != CLI_OFF_ANY) { \ |
|
1270 |
- if(field[0] == field[1] && field[0] != val) \ |
|
1271 |
- continue; \ |
|
1272 |
- else if(field[0] != field[1] && ((field[0] && field[0] > val) ||\ |
|
1273 |
- (field[1] && field[1] < val))) \ |
|
1274 |
- continue; \ |
|
1275 |
- } |
|
1268 |
+ #define CDBRANGE(field, val) \ |
|
1269 |
+ if (field[0] != CLI_OFF_ANY) \ |
|
1270 |
+ { \ |
|
1271 |
+ if (field[0] == field[1] && field[0] != val) \ |
|
1272 |
+ continue; \ |
|
1273 |
+ else if (field[0] != field[1] && ((field[0] && field[0] > val) || \ |
|
1274 |
+ (field[1] && field[1] < val))) \ |
|
1275 |
+ continue; \ |
|
1276 |
+ } |
|
1276 | 1277 |
|
1277 |
- CDBRANGE(cdb->csize, cli_get_container_size(ctx, -1)); |
|
1278 |
+ CDBRANGE(cdb->csize, cli_get_container_size(ctx, -1)); |
|
1278 | 1279 |
CDBRANGE(cdb->fsizec, fsizec); |
1279 | 1280 |
CDBRANGE(cdb->fsizer, fsizer); |
1280 | 1281 |
CDBRANGE(cdb->filepos, filepos); |
... | ... |
@@ -1,5 +1,5 @@ |
1 | 1 |
/* |
2 |
- * Copyright (C) 2015 Cisco Systems, Inc. and/or its affiliates. All rights reserved. |
|
2 |
+ * Copyright (C) 2015, 2017 Cisco Systems, Inc. and/or its affiliates. All rights reserved. |
|
3 | 3 |
* Copyright (C) 2007-2013 Sourcefire, Inc. |
4 | 4 |
* |
5 | 5 |
* Authors: Tomasz Kojm |
... | ... |
@@ -143,18 +143,18 @@ struct cli_matcher { |
143 | 143 |
|
144 | 144 |
struct cli_cdb |
145 | 145 |
{ |
146 |
- char *virname; /* virus name */ |
|
147 |
- cli_file_t ctype; /* container type */ |
|
148 |
- regex_t name; /* filename regex */ |
|
149 |
- size_t csize[2]; /* container size (min, max); if csize[0] != csize[1] |
|
150 |
- * then value of 0 makes the field ignored |
|
151 |
- */ |
|
152 |
- size_t fsizec[2]; /* file size in container */ |
|
153 |
- size_t fsizer[2]; /* real file size */ |
|
154 |
- int encrypted; /* file is encrypted; 2 == ignore */ |
|
155 |
- int filepos[2]; /* file position in container */ |
|
156 |
- int res1; /* reserved / format specific */ |
|
157 |
- void *res2; /* reserved / format specific */ |
|
146 |
+ char *virname; /* virus name */ |
|
147 |
+ cli_file_t ctype; /* container type */ |
|
148 |
+ regex_t name; /* filename regex */ |
|
149 |
+ size_t csize[2]; /* container size (min, max); if csize[0] != csize[1] |
|
150 |
+ * then value of 0 makes the field ignored |
|
151 |
+ */ |
|
152 |
+ size_t fsizec[2]; /* file size in container */ |
|
153 |
+ size_t fsizer[2]; /* real file size */ |
|
154 |
+ int encrypted; /* file is encrypted; 2 == ignore */ |
|
155 |
+ unsigned int filepos[2]; /* file position in container */ |
|
156 |
+ int res1; /* reserved / format specific */ |
|
157 |
+ void *res2; /* reserved / format specific */ |
|
158 | 158 |
|
159 | 159 |
struct cli_cdb *next; |
160 | 160 |
}; |
... | ... |
@@ -1,5 +1,5 @@ |
1 | 1 |
/* |
2 |
- * Copyright (C) 2015 Cisco Systems, Inc. and/or its affiliates. All rights reserved. |
|
2 |
+ * Copyright (C) 2015, 2017 Cisco Systems, Inc. and/or its affiliates. All rights reserved. |
|
3 | 3 |
* Copyright (C) 2007-2010 Sourcefire, Inc. |
4 | 4 |
* |
5 | 5 |
* Authors: Tomasz Kojm, Trog |
... | ... |
@@ -1171,35 +1171,37 @@ void cli_set_container(cli_ctx *ctx, cli_file_t type, size_t size) |
1171 | 1171 |
|
1172 | 1172 |
cli_file_t cli_get_container(cli_ctx *ctx, int index) |
1173 | 1173 |
{ |
1174 |
- if (index < 0) |
|
1175 |
- index = ctx->recursion + index + 1; |
|
1176 |
- while (index >= 0 && index <= ctx->recursion) { |
|
1177 |
- if (ctx->containers[index].flag & CONTAINER_FLAG_VALID) |
|
1178 |
- return ctx->containers[index].type; |
|
1179 |
- index--; |
|
1180 |
- } |
|
1181 |
- return CL_TYPE_ANY; |
|
1174 |
+ if (index < 0) |
|
1175 |
+ index = ctx->recursion + index + 1; |
|
1176 |
+ while (index >= 0 && index <= (int)ctx->recursion) |
|
1177 |
+ { |
|
1178 |
+ if (ctx->containers[index].flag & CONTAINER_FLAG_VALID) |
|
1179 |
+ return ctx->containers[index].type; |
|
1180 |
+ index--; |
|
1181 |
+ } |
|
1182 |
+ return CL_TYPE_ANY; |
|
1182 | 1183 |
} |
1183 | 1184 |
|
1184 | 1185 |
cli_file_t cli_get_container_intermediate(cli_ctx *ctx, int index) |
1185 | 1186 |
{ |
1186 |
- if (index < 0) |
|
1187 |
- index = ctx->recursion + index + 1; |
|
1188 |
- if (index >= 0 && index <= ctx->recursion) |
|
1189 |
- return ctx->containers[index].type; |
|
1190 |
- return CL_TYPE_ANY; |
|
1187 |
+ if (index < 0) |
|
1188 |
+ index = ctx->recursion + index + 1; |
|
1189 |
+ if (index >= 0 && index <= (int)ctx->recursion) |
|
1190 |
+ return ctx->containers[index].type; |
|
1191 |
+ return CL_TYPE_ANY; |
|
1191 | 1192 |
} |
1192 | 1193 |
|
1193 | 1194 |
size_t cli_get_container_size(cli_ctx *ctx, int index) |
1194 | 1195 |
{ |
1195 |
- if (index < 0) |
|
1196 |
- index = ctx->recursion + index + 1; |
|
1197 |
- while (index >= 0 && index <= ctx->recursion) { |
|
1198 |
- if (ctx->containers[index].flag & CONTAINER_FLAG_VALID) |
|
1199 |
- return ctx->containers[index].size; |
|
1200 |
- index--; |
|
1201 |
- } |
|
1202 |
- return ctx->containers[0].size; |
|
1196 |
+ if (index < 0) |
|
1197 |
+ index = ctx->recursion + index + 1; |
|
1198 |
+ while (index >= 0 && index <= (int)ctx->recursion) |
|
1199 |
+ { |
|
1200 |
+ if (ctx->containers[index].flag & CONTAINER_FLAG_VALID) |
|
1201 |
+ return ctx->containers[index].size; |
|
1202 |
+ index--; |
|
1203 |
+ } |
|
1204 |
+ return ctx->containers[0].size; |
|
1203 | 1205 |
} |
1204 | 1206 |
|
1205 | 1207 |
|
... | ... |
@@ -126,7 +126,8 @@ char *cli_virname(const char *virname, unsigned int official) |
126 | 126 |
int cli_sigopts_handler(struct cli_matcher *root, const char *virname, const char *hexsig, uint8_t sigopts, uint16_t rtype, uint16_t type, const char *offset, uint8_t target, const uint32_t *lsigid, unsigned int options) |
127 | 127 |
{ |
128 | 128 |
char *hexcpy, *start, *end; |
129 |
- int i, ret = CL_SUCCESS; |
|
129 |
+ unsigned int i; |
|
130 |
+ int ret = CL_SUCCESS; |
|
130 | 131 |
|
131 | 132 |
/* |
132 | 133 |
* cyclic loops with cli_parse_add are impossible now as cli_parse_add |
... | ... |
@@ -303,7 +304,6 @@ int cli_parse_add(struct cli_matcher *root, const char *virname, const char *hex |
303 | 303 |
int ret, asterisk = 0, range; |
304 | 304 |
unsigned int i, j, hexlen, nest, parts = 0; |
305 | 305 |
int mindist = 0, maxdist = 0, error = 0; |
306 |
- size_t hexcpysz; |
|
307 | 306 |
|
308 | 307 |
hexlen = strlen(hexsig); |
309 | 308 |
if (hexsig[0] == '$') { |
... | ... |
@@ -1820,7 +1820,7 @@ static int load_oneldb(char *buffer, int chkpua, struct cl_engine *engine, unsig |
1820 | 1820 |
sigopts = subtokens[3]; |
1821 | 1821 |
|
1822 | 1822 |
if(sigopts) { /* signature modifiers */ |
1823 |
- for(j = 0; j < strlen(sigopts); j++) |
|
1823 |
+ for(j = 0; j < (int)strlen(sigopts); j++) |
|
1824 | 1824 |
switch(sigopts[j]) { |
1825 | 1825 |
case 'i': |
1826 | 1826 |
subsig_opts |= ACPATT_OPTION_NOCASE; |
... | ... |
@@ -2687,7 +2687,7 @@ static int cli_loadmd(FILE *fs, struct cl_engine *engine, unsigned int *signo, i |
2687 | 2687 |
|
2688 | 2688 |
/* tokens[6] - not used */ |
2689 | 2689 |
|
2690 |
- new->filepos[0] = new->filepos[1] = strcmp(tokens[7], "*") ? atoi(tokens[7]) : (int) CLI_OFF_ANY; |
|
2690 |
+ new->filepos[0] = new->filepos[1] = strcmp(tokens[7], "*") ? (unsigned int) atoi(tokens[7]) : (unsigned int) CLI_OFF_ANY; |
|
2691 | 2691 |
|
2692 | 2692 |
/* tokens[8] - not used */ |
2693 | 2693 |
|
... | ... |
@@ -2812,36 +2812,46 @@ static int cli_loadcdb(FILE *fs, struct cl_engine *engine, unsigned int *signo, |
2812 | 2812 |
break; |
2813 | 2813 |
} |
2814 | 2814 |
|
2815 |
-#define CDBRANGE(token_str, dest) \ |
|
2816 |
- if(strcmp(token_str, "*")) { \ |
|
2817 |
- if(strchr(token_str, '-')) { \ |
|
2818 |
- if(sscanf(token_str, "%u-%u", &n0, &n1) != 2) { \ |
|
2819 |
- ret = CL_EMALFDB; \ |
|
2820 |
- } else { \ |
|
2821 |
- dest[0] = n0; \ |
|
2822 |
- dest[1] = n1; \ |
|
2823 |
- } \ |
|
2824 |
- } else { \ |
|
2825 |
- if(!cli_isnumber(token_str)) \ |
|
2826 |
- ret = CL_EMALFDB; \ |
|
2827 |
- else \ |
|
2828 |
- dest[0] = dest[1] = atoi(token_str); \ |
|
2829 |
- } \ |
|
2830 |
- if(ret != CL_SUCCESS) { \ |
|
2831 |
- cli_errmsg("cli_loadcdb: Invalid value %s in signature for %s\n",\ |
|
2832 |
- token_str, tokens[0]); \ |
|
2833 |
- if(new->name.re_magic) \ |
|
2834 |
- cli_regfree(&new->name); \ |
|
2835 |
- mpool_free(engine->mempool, new->virname); \ |
|
2836 |
- mpool_free(engine->mempool, new); \ |
|
2837 |
- ret = CL_EMEM; \ |
|
2838 |
- break; \ |
|
2839 |
- } \ |
|
2840 |
- } else { \ |
|
2841 |
- dest[0] = dest[1] = CLI_OFF_ANY; \ |
|
2842 |
- } |
|
2815 |
+ #define CDBRANGE(token_str, dest) \ |
|
2816 |
+ if (strcmp(token_str, "*")) \ |
|
2817 |
+ { \ |
|
2818 |
+ if (strchr(token_str, '-')) \ |
|
2819 |
+ { \ |
|
2820 |
+ if (sscanf(token_str, "%u-%u", &n0, &n1) != 2) \ |
|
2821 |
+ { \ |
|
2822 |
+ ret = CL_EMALFDB; \ |
|
2823 |
+ } \ |
|
2824 |
+ else \ |
|
2825 |
+ { \ |
|
2826 |
+ dest[0] = n0; \ |
|
2827 |
+ dest[1] = n1; \ |
|
2828 |
+ } \ |
|
2829 |
+ } \ |
|
2830 |
+ else \ |
|
2831 |
+ { \ |
|
2832 |
+ if (!cli_isnumber(token_str)) \ |
|
2833 |
+ ret = CL_EMALFDB; \ |
|
2834 |
+ else \ |
|
2835 |
+ dest[0] = dest[1] = (unsigned int)atoi(token_str); \ |
|
2836 |
+ } \ |
|
2837 |
+ if (ret != CL_SUCCESS) \ |
|
2838 |
+ { \ |
|
2839 |
+ cli_errmsg("cli_loadcdb: Invalid value %s in signature for %s\n", \ |
|
2840 |
+ token_str, tokens[0]); \ |
|
2841 |
+ if (new->name.re_magic) \ |
|
2842 |
+ cli_regfree(&new->name); \ |
|
2843 |
+ mpool_free(engine->mempool, new->virname); \ |
|
2844 |
+ mpool_free(engine->mempool, new); \ |
|
2845 |
+ ret = CL_EMEM; \ |
|
2846 |
+ break; \ |
|
2847 |
+ } \ |
|
2848 |
+ } \ |
|
2849 |
+ else \ |
|
2850 |
+ { \ |
|
2851 |
+ dest[0] = dest[1] = CLI_OFF_ANY; \ |
|
2852 |
+ } |
|
2843 | 2853 |
|
2844 |
- CDBRANGE(tokens[2], new->csize); |
|
2854 |
+ CDBRANGE(tokens[2], new->csize); |
|
2845 | 2855 |
CDBRANGE(tokens[4], new->fsizec); |
2846 | 2856 |
CDBRANGE(tokens[5], new->fsizer); |
2847 | 2857 |
CDBRANGE(tokens[7], new->filepos); |
... | ... |
@@ -3113,7 +3123,6 @@ static char *parse_yara_hex_string(YR_STRING *string, int *ret) |
3113 | 3113 |
{ |
3114 | 3114 |
char *res, *str, *ovr; |
3115 | 3115 |
size_t slen, reslen=0, i, j; |
3116 |
- int sqr = 0; |
|
3117 | 3116 |
|
3118 | 3117 |
if (!(string) || !(string->string)) { |
3119 | 3118 |
if (ret) *ret = CL_ENULLARG; |
... | ... |
@@ -3242,6 +3251,7 @@ struct cli_ytable { |
3242 | 3242 |
|
3243 | 3243 |
static int32_t ytable_lookup(const char *hexsig) |
3244 | 3244 |
{ |
3245 |
+ (void) hexsig; |
|
3245 | 3246 |
/* TODO - WRITE ME! */ |
3246 | 3247 |
return -1; |
3247 | 3248 |
} |
... | ... |
@@ -3249,7 +3259,6 @@ static int32_t ytable_lookup(const char *hexsig) |
3249 | 3249 |
static int ytable_add_attrib(struct cli_ytable *ytable, const char *hexsig, const char *value, int type) |
3250 | 3250 |
{ |
3251 | 3251 |
int32_t lookup; |
3252 |
- char **attrib; |
|
3253 | 3252 |
|
3254 | 3253 |
if (!ytable || !value) |
3255 | 3254 |
return CL_ENULLARG; |
... | ... |
@@ -3349,7 +3358,7 @@ static int ytable_add_string(struct cli_ytable *ytable, const char *hexsig) |
3349 | 3349 |
|
3350 | 3350 |
static void ytable_delete(struct cli_ytable *ytable) |
3351 | 3351 |
{ |
3352 |
- uint32_t i; |
|
3352 |
+ int32_t i; |
|
3353 | 3353 |
if (!ytable) |
3354 | 3354 |
return; |
3355 | 3355 |
|
... | ... |
@@ -3404,17 +3413,17 @@ static int load_oneyara(YR_RULE *rule, int chkpua, struct cl_engine *engine, uns |
3404 | 3404 |
{ |
3405 | 3405 |
YR_STRING *string; |
3406 | 3406 |
struct cli_ytable ytable; |
3407 |
- int str_error = 0, i = 0, ret = CL_SUCCESS; |
|
3407 |
+ size_t i; |
|
3408 |
+ int str_error = 0, ret = CL_SUCCESS; |
|
3408 | 3409 |
struct cli_lsig_tdb tdb; |
3409 | 3410 |
uint32_t lsigid[2]; |
3410 | 3411 |
struct cli_matcher *root; |
3411 | 3412 |
struct cli_ac_lsig **newtable, *lsig, *tsig = NULL; |
3412 | 3413 |
unsigned short target = 0; |
3413 |
- size_t lsize; |
|
3414 | 3414 |
char *logic = NULL, *target_str = NULL; |
3415 |
- uint8_t has_short_string; |
|
3416 |
- char *exp_op = "|"; |
|
3417 | 3415 |
char *newident = NULL; |
3416 |
+ /* size_t lsize; */ // only used in commented out code |
|
3417 |
+ /* char *exp_op = "|"; */ // only used in commented out code |
|
3418 | 3418 |
|
3419 | 3419 |
cli_yaramsg("load_oneyara: attempting to load %s\n", rule->identifier); |
3420 | 3420 |
|
... | ... |
@@ -3859,10 +3868,10 @@ static int load_oneyara(YR_RULE *rule, int chkpua, struct cl_engine *engine, uns |
3859 | 3859 |
tdb.subsigs = ytable.tbl_cnt; |
3860 | 3860 |
|
3861 | 3861 |
/*** loading step - put things into the AC trie ***/ |
3862 |
- for (i = 0; i < ytable.tbl_cnt; ++i) { |
|
3862 |
+ for (i = 0; i < (size_t)ytable.tbl_cnt; ++i) { |
|
3863 | 3863 |
lsigid[1] = i; |
3864 | 3864 |
|
3865 |
- cli_yaramsg("%d: [%s] [%s] [%s%s%s%s]\n", i, ytable.table[i]->hexstr, ytable.table[i]->offset, |
|
3865 |
+ cli_yaramsg("%zu: [%s] [%s] [%s%s%s%s]\n", i, ytable.table[i]->hexstr, ytable.table[i]->offset, |
|
3866 | 3866 |
(ytable.table[i]->sigopts & ACPATT_OPTION_NOCASE) ? "i" : "", |
3867 | 3867 |
(ytable.table[i]->sigopts & ACPATT_OPTION_FULLWORD) ? "f" : "", |
3868 | 3868 |
(ytable.table[i]->sigopts & ACPATT_OPTION_WIDE) ? "w" : "", |
... | ... |
@@ -3972,7 +3981,7 @@ void cli_yara_free(struct cl_engine * engine) |
3972 | 3972 |
//TODO - pua? dbio? |
3973 | 3973 |
static int cli_loadyara(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigned int options, struct cli_dbio *dbio, const char *filename) |
3974 | 3974 |
{ |
3975 |
- YR_COMPILER compiler = {0}; |
|
3975 |
+ YR_COMPILER compiler; |
|
3976 | 3976 |
YR_NAMESPACE ns; |
3977 | 3977 |
YR_RULE *rule; |
3978 | 3978 |
unsigned int sigs = 0, rules = 0, rule_errors = 0; |
... | ... |
@@ -3983,6 +3992,8 @@ static int cli_loadyara(FILE *fs, struct cl_engine *engine, unsigned int *signo, |
3983 | 3983 |
if((rc = cli_initroots(engine, options))) |
3984 | 3984 |
return rc; |
3985 | 3985 |
|
3986 |
+ memset(&compiler, 0, sizeof(YR_COMPILER)); |
|
3987 |
+ |
|
3986 | 3988 |
compiler.last_result = ERROR_SUCCESS; |
3987 | 3989 |
STAILQ_INIT(&compiler.rule_q); |
3988 | 3990 |
STAILQ_INIT(&compiler.current_rule_string_q); |
... | ... |
@@ -4095,7 +4106,7 @@ static int cli_loadpwdb(FILE *fs, struct cl_engine *engine, unsigned int options |
4095 | 4095 |
char *attribs; |
4096 | 4096 |
char buffer[FILEBUFF]; |
4097 | 4097 |
unsigned int line = 0, skip = 0, pwcnt = 0, tokens_count; |
4098 |
- struct cli_pwdb *new, *ins; |
|
4098 |
+ struct cli_pwdb *new; |
|
4099 | 4099 |
cl_pwdb_t container; |
4100 | 4100 |
struct cli_lsig_tdb tdb; |
4101 | 4101 |
int ret = CL_SUCCESS, pwstype; |