Browse code
bcomp - changing map to use original scan buffer to account for normalization offset discrepancies--patch based on suggested solution by Micah
Mickey Sola authored on 2018/09/29 06:35:12Showing 3 changed files
| ... | ... |
@@ -426,7 +426,7 @@ cl_error_t cli_bcomp_addpatt(struct cli_matcher *root, const char *virname, cons |
| 426 | 426 |
* @param ctx the clamav context struct |
| 427 | 427 |
* |
| 428 | 428 |
*/ |
| 429 |
-cl_error_t cli_bcomp_scanbuf(fmap_t *map, const char **virname, struct cli_ac_result **res, const struct cli_matcher *root, struct cli_ac_data *mdata, cli_ctx *ctx) {
|
|
| 429 |
+cl_error_t cli_bcomp_scanbuf(const unsigned char *buffer, size_t buffer_length, const char **virname, struct cli_ac_result **res, const struct cli_matcher *root, struct cli_ac_data *mdata, cli_ctx *ctx) {
|
|
| 430 | 430 |
|
| 431 | 431 |
int64_t i = 0, rc = 0, ret = CL_SUCCESS; |
| 432 | 432 |
uint32_t lsigid, ref_subsigid; |
| ... | ... |
@@ -496,7 +496,7 @@ cl_error_t cli_bcomp_scanbuf(fmap_t *map, const char **virname, struct cli_ac_re |
| 496 | 496 |
} |
| 497 | 497 |
|
| 498 | 498 |
/* now we have all the pieces of the puzzle, so lets do our byte compare check */ |
| 499 |
- ret = cli_bcomp_compare_check(map, offset, bcomp); |
|
| 499 |
+ ret = cli_bcomp_compare_check(buffer, buffer_length, offset, bcomp); |
|
| 500 | 500 |
|
| 501 | 501 |
/* set and append our lsig's virus name if the comparison came back positive */ |
| 502 | 502 |
if (CL_VIRUS == ret) {
|
| ... | ... |
@@ -528,7 +528,7 @@ cl_error_t cli_bcomp_scanbuf(fmap_t *map, const char **virname, struct cli_ac_re |
| 528 | 528 |
* @param bm the byte comparison meta data struct, contains all the other info needed to do the comparison |
| 529 | 529 |
* |
| 530 | 530 |
*/ |
| 531 |
-cl_error_t cli_bcomp_compare_check(fmap_t *map, int offset, struct cli_bcomp_meta *bm) |
|
| 531 |
+cl_error_t cli_bcomp_compare_check(const unsigned char* buffer, size_t buffer_length, int offset, struct cli_bcomp_meta *bm) |
|
| 532 | 532 |
{
|
| 533 | 533 |
|
| 534 | 534 |
uint32_t byte_len = 0; |
| ... | ... |
@@ -536,18 +536,16 @@ cl_error_t cli_bcomp_compare_check(fmap_t *map, int offset, struct cli_bcomp_met |
| 536 | 536 |
uint32_t i = 0; |
| 537 | 537 |
cl_error_t ret = 0; |
| 538 | 538 |
uint16_t opt = 0; |
| 539 |
- const unsigned char *buffer = NULL; |
|
| 540 |
- unsigned char *conversion_buf = NULL; |
|
| 541 | 539 |
int64_t value = 0; |
| 542 | 540 |
const unsigned char* end_buf = NULL; |
| 543 | 541 |
|
| 544 |
- if (!map || !bm) {
|
|
| 542 |
+ if (!buffer || !bm) {
|
|
| 545 | 543 |
bcm_dbgmsg("cli_bcomp_compare_check: a param is null\n");
|
| 546 | 544 |
return CL_ENULLARG; |
| 547 | 545 |
} |
| 548 | 546 |
|
| 549 | 547 |
byte_len = bm->byte_len; |
| 550 |
- length = map->len; |
|
| 548 |
+ length = buffer_length; |
|
| 551 | 549 |
opt = bm->options; |
| 552 | 550 |
|
| 553 | 551 |
/* ensure we won't run off the end of the file buffer */ |
| ... | ... |
@@ -565,11 +563,8 @@ cl_error_t cli_bcomp_compare_check(fmap_t *map, int offset, struct cli_bcomp_met |
| 565 | 565 |
|
| 566 | 566 |
/* jump to byte compare offset, then store off specified bytes into a null terminated buffer */ |
| 567 | 567 |
offset += bm->offset; |
| 568 |
- buffer = fmap_need_off_once(map, offset, byte_len); |
|
| 569 |
- if (!buffer) {
|
|
| 570 |
- bcm_dbgmsg("cli_bcomp_compare_check: could not extract bytes from buffer offset\n");
|
|
| 571 |
- return CL_EMEM; |
|
| 572 |
- } |
|
| 568 |
+ buffer += offset; |
|
| 569 |
+ |
|
| 573 | 570 |
bcm_dbgmsg("cli_bcomp_compare_check: literal extracted bytes before comparison %s\n", buffer);
|
| 574 | 571 |
|
| 575 | 572 |
/* grab the first byte to handle byte length options to convert the string appropriately */ |
| ... | ... |
@@ -61,8 +61,8 @@ struct cli_bcomp_comp {
|
| 61 | 61 |
}; |
| 62 | 62 |
|
| 63 | 63 |
cl_error_t cli_bcomp_addpatt(struct cli_matcher *root, const char *virname, const char* hexsig, const uint32_t *lsigid, unsigned int options); |
| 64 |
-cl_error_t cli_bcomp_scanbuf(fmap_t *map, const char **virname, struct cli_ac_result **res, const struct cli_matcher *root, struct cli_ac_data *mdata, cli_ctx *ctx); |
|
| 65 |
-cl_error_t cli_bcomp_compare_check(fmap_t *map, int offset, struct cli_bcomp_meta *bm); |
|
| 64 |
+cl_error_t cli_bcomp_scanbuf(const unsigned char *buffer, size_t buffer_length, const char **virname, struct cli_ac_result **res, const struct cli_matcher *root, struct cli_ac_data *mdata, cli_ctx *ctx); |
|
| 65 |
+cl_error_t cli_bcomp_compare_check(const unsigned char *buffer, size_t buffer_length, int offset, struct cli_bcomp_meta *bm); |
|
| 66 | 66 |
void cli_bcomp_freemeta(struct cli_matcher *root, struct cli_bcomp_meta *bm); |
| 67 | 67 |
|
| 68 | 68 |
#endif |
| ... | ... |
@@ -181,7 +181,7 @@ static inline int matcher_run(const struct cli_matcher *root, |
| 181 | 181 |
} |
| 182 | 182 |
|
| 183 | 183 |
if (root->bcomp_metas && !(acmode & AC_SCAN_FT)) {
|
| 184 |
- ret = cli_bcomp_scanbuf(map, virname, acres, root, mdata, ctx); |
|
| 184 |
+ ret = cli_bcomp_scanbuf(orig_buffer, orig_length, virname, acres, root, mdata, ctx); |
|
| 185 | 185 |
if (ret != CL_CLEAN) {
|
| 186 | 186 |
if (ret == CL_VIRUS) {
|
| 187 | 187 |
if (SCAN_ALLMATCHES) |