git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@583 77e5149b-7576-45b1-b177-96237e5ba77b
Trog authored on 2004/05/28 22:01:30... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Fri May 28 14:01:48 BST 2004 (trog) |
|
2 |
+----------------------------------- |
|
3 |
+ * libclamav/vba_extract.[ch]: Add PowerPoint endian conversion and small |
|
4 |
+ fixes. Export interface, ready to go. |
|
5 |
+ |
|
1 | 6 |
Thu May 27 22:11:08 CEST 2004 (tk) |
2 | 7 |
---------------------------------- |
3 | 8 |
* contrib: update init script for SuSE (Martin Fuxa <yeti*email.cz>) |
... | ... |
@@ -694,7 +694,8 @@ static int ppt_read_atom_header(int fd, atom_header_t *atom_header) |
694 | 694 |
if (cli_readn(fd, &atom_header->ver_inst, 2) != 2) { |
695 | 695 |
cli_dbgmsg("read ppt_current_user failed\n"); |
696 | 696 |
return FALSE; |
697 |
- } |
|
697 |
+ } |
|
698 |
+ atom_header->ver_inst = vba_endian_convert_16(atom_header->ver_inst, FALSE); |
|
698 | 699 |
atom_header->version = atom_header->ver_inst & 0x000f; |
699 | 700 |
atom_header->instance = atom_header->ver_inst >> 4; |
700 | 701 |
if (cli_readn(fd, &atom_header->type, 2) != 2) { |
... | ... |
@@ -705,6 +706,8 @@ static int ppt_read_atom_header(int fd, atom_header_t *atom_header) |
705 | 705 |
cli_dbgmsg("read ppt_current_user failed\n"); |
706 | 706 |
return FALSE; |
707 | 707 |
} |
708 |
+ atom_header->type = vba_endian_convert_16(atom_header->type, FALSE); |
|
709 |
+ atom_header->length = vba_endian_convert_32(atom_header->length, FALSE); |
|
708 | 710 |
return TRUE; |
709 | 711 |
} |
710 | 712 |
|
... | ... |
@@ -734,6 +737,10 @@ static int ppt_read_useredit(int fd, ppt_useredit_t *ppt_useredit) |
734 | 734 |
if (!ppt_read_atom_header(fd, &ppt_useredit->atom_hdr)) { |
735 | 735 |
return FALSE; |
736 | 736 |
} |
737 |
+ if (ppt_useredit->atom_hdr.type != 0x0FF5) { |
|
738 |
+ cli_dbgmsg("read ppt_useredit failed, wrong atom type\n"); |
|
739 |
+ return FALSE; |
|
740 |
+ } |
|
737 | 741 |
if (cli_readn(fd, &ppt_useredit->last_slide_id, 4) != 4) { |
738 | 742 |
cli_dbgmsg("read ppt_useredit failed\n"); |
739 | 743 |
return FALSE; |
... | ... |
@@ -762,6 +769,13 @@ static int ppt_read_useredit(int fd, ppt_useredit_t *ppt_useredit) |
762 | 762 |
cli_dbgmsg("read ppt_useredit failed\n"); |
763 | 763 |
return FALSE; |
764 | 764 |
} |
765 |
+ ppt_useredit->last_slide_id = vba_endian_convert_32(ppt_useredit->last_slide_id, FALSE); |
|
766 |
+ ppt_useredit->version = vba_endian_convert_32(ppt_useredit->version, FALSE); |
|
767 |
+ ppt_useredit->last_edit_offset = vba_endian_convert_32(ppt_useredit->last_edit_offset, FALSE); |
|
768 |
+ ppt_useredit->persist_dir_offset = vba_endian_convert_32(ppt_useredit->persist_dir_offset, FALSE); |
|
769 |
+ ppt_useredit->document_ref = vba_endian_convert_32(ppt_useredit->document_ref, FALSE); |
|
770 |
+ ppt_useredit->max_persist = vba_endian_convert_32(ppt_useredit->max_persist, FALSE); |
|
771 |
+ ppt_useredit->last_view_type = vba_endian_convert_16(ppt_useredit->last_view_type, FALSE); |
|
765 | 772 |
return TRUE; |
766 | 773 |
} |
767 | 774 |
|
... | ... |
@@ -777,6 +791,10 @@ static int ppt_read_current_user(int fd, ppt_currentuser_t *ppt_current_user) |
777 | 777 |
if (!ppt_read_atom_header(fd, &ppt_current_user->atom_hdr)) { |
778 | 778 |
return FALSE; |
779 | 779 |
} |
780 |
+ if (ppt_current_user->atom_hdr.type != 0x0FF6) { |
|
781 |
+ cli_dbgmsg("read ppt_current_user failed, wrong atom type\n"); |
|
782 |
+ return FALSE; |
|
783 |
+ } |
|
780 | 784 |
if (cli_readn(fd, &ppt_current_user->len, 4) != 4) { |
781 | 785 |
cli_dbgmsg("read ppt_current_user failed\n"); |
782 | 786 |
return FALSE; |
... | ... |
@@ -793,6 +811,14 @@ static int ppt_read_current_user(int fd, ppt_currentuser_t *ppt_current_user) |
793 | 793 |
|
794 | 794 |
/* Don't need to read the rest of the Current User file in order |
795 | 795 |
to extract what we need */ |
796 |
+ |
|
797 |
+ ppt_current_user->len = vba_endian_convert_32(ppt_current_user->len, FALSE); |
|
798 |
+ ppt_current_user->magic = vba_endian_convert_32(ppt_current_user->magic, FALSE); |
|
799 |
+ ppt_current_user->current_edit_offset = vba_endian_convert_32(ppt_current_user->current_edit_offset, FALSE); |
|
800 |
+ if (ppt_current_user->magic != 0xE391C05F) { |
|
801 |
+ cli_dbgmsg("read ppt_current_user failed, wrong magic\n"); |
|
802 |
+ return FALSE; |
|
803 |
+ } |
|
796 | 804 |
return TRUE; |
797 | 805 |
} |
798 | 806 |
|
... | ... |
@@ -811,9 +837,12 @@ static uint32_t *ppt_read_persist_dir(int fd, ppt_useredit_t *ppt_useredit) |
811 | 811 |
return NULL; |
812 | 812 |
} |
813 | 813 |
ppt_print_atom_header(&atom_header); |
814 |
- |
|
814 |
+ if (atom_header.type != 0x1772) { |
|
815 |
+ cli_dbgmsg("read ppt_current_user failed, wrong atom type\n"); |
|
816 |
+ return NULL; |
|
817 |
+ } |
|
815 | 818 |
size = sizeof(uint32_t) * (ppt_useredit->max_persist+1); |
816 |
- persist_dir = malloc(size); |
|
819 |
+ persist_dir = cli_malloc(size); |
|
817 | 820 |
if (!persist_dir) { |
818 | 821 |
return NULL; |
819 | 822 |
} |
... | ... |
@@ -826,6 +855,7 @@ static uint32_t *ppt_read_persist_dir(int fd, ppt_useredit_t *ppt_useredit) |
826 | 826 |
free(persist_dir); |
827 | 827 |
return NULL; |
828 | 828 |
} |
829 |
+ noffsets = vba_endian_convert_32(noffsets, FALSE); |
|
829 | 830 |
off_index = noffsets & 0x000FFFFF; |
830 | 831 |
noffsets = noffsets >> 20; |
831 | 832 |
cli_dbgmsg("nOffsets: %d\n", noffsets); |
... | ... |
@@ -842,6 +872,7 @@ static uint32_t *ppt_read_persist_dir(int fd, ppt_useredit_t *ppt_useredit) |
842 | 842 |
free(persist_dir); |
843 | 843 |
return NULL; |
844 | 844 |
} |
845 |
+ persist_dir[off_index+i-1] = vba_endian_convert_32(persist_dir[off_index+i-1], FALSE); |
|
845 | 846 |
cli_dbgmsg("persist_dir[%d] = 0x%.8x\n", off_index+i-1, persist_dir[off_index+i-1]); |
846 | 847 |
off_count++; |
847 | 848 |
} |
... | ... |
@@ -860,14 +891,17 @@ static int ppt_unlzw(const char *dir, int fd, uint32_t length) |
860 | 860 |
uint32_t bufflen; |
861 | 861 |
z_stream stream; |
862 | 862 |
|
863 |
- fullname = malloc(strlen(dir) + 17); |
|
863 |
+ fullname = cli_malloc(strlen(dir) + 17); |
|
864 |
+ if (!fullname) { |
|
865 |
+ return FALSE; |
|
866 |
+ } |
|
864 | 867 |
sprintf(fullname, "%s/ppt%.8x.doc", dir, lseek(fd, 0, SEEK_CUR)); |
865 | 868 |
|
866 | 869 |
ofd = open(fullname, O_WRONLY|O_CREAT|O_TRUNC, 0600); |
867 | 870 |
free(fullname); |
868 | 871 |
if (ofd == -1) { |
869 | 872 |
cli_dbgmsg("ppt_unlzw Open outfile failed\n"); |
870 |
- return -1; |
|
873 |
+ return FALSE; |
|
871 | 874 |
} |
872 | 875 |
|
873 | 876 |
stream.zalloc = Z_NULL; |
... | ... |
@@ -1028,6 +1062,7 @@ char *ppt_vba_read(const char *dir) |
1028 | 1028 |
free(out_dir); |
1029 | 1029 |
return NULL; |
1030 | 1030 |
} |
1031 |
+ ole_id = vba_endian_convert_32(ole_id, FALSE); |
|
1031 | 1032 |
cli_dbgmsg("OleID: %d, length: %d\n", |
1032 | 1033 |
ole_id, atom_header.length-4); |
1033 | 1034 |
if (!ppt_unlzw(out_dir, fd, atom_header.length-4)) { |
... | ... |
@@ -1052,7 +1087,8 @@ char *ppt_vba_read(const char *dir) |
1052 | 1052 |
return NULL; |
1053 | 1053 |
} |
1054 | 1054 |
} while (ppt_useredit.last_edit_offset != 0); |
1055 |
- |
|
1055 |
+ |
|
1056 |
+ close(fd); |
|
1056 | 1057 |
return out_dir; |
1057 | 1058 |
} |
1058 | 1059 |
|
... | ... |
@@ -37,6 +37,8 @@ typedef struct vba_project_tag { |
37 | 37 |
vba_project_t *vba56_dir_read(const char *dir); |
38 | 38 |
unsigned char *vba_decompress(int fd, uint32_t offset, int *size); |
39 | 39 |
|
40 |
+char *ppt_vba_read(const char *dir); |
|
41 |
+ |
|
40 | 42 |
vba_project_t *wm_dir_read(const char *dir); |
41 | 43 |
unsigned char *wm_decrypt_macro(int fd, uint32_t offset, uint32_t len, |
42 | 44 |
unsigned char key); |