Browse code

bcomp - fixing signedness issue with large extracted binary values

Mickey Sola authored on 2018/11/15 06:08:59
Showing 1 changed files
... ...
@@ -565,6 +565,8 @@ cl_error_t cli_bcomp_compare_check(const unsigned char* f_buffer, size_t buffer_
565 565
     uint16_t opt = 0;
566 566
     uint16_t opt_val = 0;
567 567
     int64_t value = 0;
568
+    uint64_t bin_value = 0;
569
+    int16_t compare_check = 0;
568 570
     const unsigned char* end_buf = NULL;
569 571
     const unsigned char* buffer = NULL;
570 572
     unsigned char* tmp_buffer = NULL;
... ...
@@ -715,10 +717,10 @@ cl_error_t cli_bcomp_compare_check(const unsigned char* f_buffer, size_t buffer_
715 715
         case CLI_BCOMP_BIN | CLI_BCOMP_LE:
716 716
             /* exact byte_length option is implied for binary extraction */
717 717
             switch (byte_len) {
718
-                case 1: value = (*(int8_t*) f_buffer);                           break;
719
-                case 2: value =   (int16_t) le16_to_host( *(int16_t*) f_buffer); break;
720
-                case 4: value =   (int32_t) le32_to_host( *(int32_t*) f_buffer); break;
721
-                case 8: value =   (int64_t) le64_to_host( *(int64_t*) f_buffer); break;
718
+                case 1: bin_value = (*(uint8_t*) f_buffer);                           break;
719
+                case 2: bin_value =   (uint16_t) le16_to_host( *(uint16_t*) f_buffer); break;
720
+                case 4: bin_value =   (uint32_t) le32_to_host( *(uint32_t*) f_buffer); break;
721
+                case 8: bin_value =   (uint64_t) le64_to_host( *(uint64_t*) f_buffer); break;
722 722
 
723 723
                 default:
724 724
                     bcm_dbgmsg("cli_bcomp_compare_check: invalid byte size for binary integer field (%u)\n", byte_len);
... ...
@@ -731,10 +733,10 @@ cl_error_t cli_bcomp_compare_check(const unsigned char* f_buffer, size_t buffer_
731 731
         case CLI_BCOMP_BIN | CLI_BCOMP_BE:
732 732
             /* exact byte_length option is implied for binary extraction */
733 733
             switch (byte_len) {
734
-                case 1: value = ( *(int8_t*) f_buffer);                           break;
735
-                case 2: value =    (int16_t) be16_to_host( *(int16_t*) f_buffer); break;
736
-                case 4: value =    (int32_t) be32_to_host( *(int32_t*) f_buffer); break;
737
-                case 8: value =    (int64_t) be64_to_host( *(int64_t*) f_buffer); break;
734
+                case 1: bin_value = ( *(uint8_t*) f_buffer);                           break;
735
+                case 2: bin_value =    (uint16_t) be16_to_host( *(uint16_t*) f_buffer); break;
736
+                case 4: bin_value =    (uint32_t) be32_to_host( *(uint32_t*) f_buffer); break;
737
+                case 8: bin_value =    (uint64_t) be64_to_host( *(uint64_t*) f_buffer); break;
738 738
 
739 739
                 default:
740 740
                     bcm_dbgmsg("cli_bcomp_compare_check: invalid byte size for binary integer field (%u)\n", byte_len);
... ...
@@ -770,8 +772,13 @@ cl_error_t cli_bcomp_compare_check(const unsigned char* f_buffer, size_t buffer_
770 770
             switch (bm->comps[i]->comp_symbol) {
771 771
 
772 772
                 case '>':
773
-                    if (value > bm->comps[i]->comp_value) {
774
-                        bcm_dbgmsg("cli_bcomp_compare_check: extracted value (%ld) greater than comparison value (%ld)\n", value, bm->comps[i]->comp_value);
773
+                    if (opt & CLI_BCOMP_BIN) {
774
+                        compare_check = (bin_value > bm->comps[i]->comp_value);
775
+                    } else {
776
+                        compare_check = (value > bm->comps[i]->comp_value);
777
+                    }
778
+                    if (compare_check) {
779
+                        bcm_dbgmsg("cli_bcomp_compare_check: extracted value (%ld) greater than comparison value (%ld)\n", (opt & CLI_BCOMP_BIN) ? bin_value : value, bm->comps[i]->comp_value);
775 780
                         ret = CL_VIRUS;
776 781
                     } else {
777 782
                         ret = CL_CLEAN;
... ...
@@ -779,8 +786,13 @@ cl_error_t cli_bcomp_compare_check(const unsigned char* f_buffer, size_t buffer_
779 779
                     break;
780 780
 
781 781
                 case '<':
782
-                    if (value < bm->comps[i]->comp_value) {
783
-                        bcm_dbgmsg("cli_bcomp_compare_check: extracted value (%ld) less than comparison value (%ld)\n", value, bm->comps[i]->comp_value);
782
+                    if (opt & CLI_BCOMP_BIN) {
783
+                        compare_check = (bin_value < bm->comps[i]->comp_value);
784
+                    } else {
785
+                        compare_check = (value < bm->comps[i]->comp_value);
786
+                    }
787
+                    if (compare_check) {
788
+                        bcm_dbgmsg("cli_bcomp_compare_check: extracted value (%ld) less than comparison value (%ld)\n", (opt & CLI_BCOMP_BIN) ? bin_value : value, bm->comps[i]->comp_value);
784 789
                         ret = CL_VIRUS;
785 790
                     } else {
786 791
                         ret = CL_CLEAN;
... ...
@@ -788,8 +800,13 @@ cl_error_t cli_bcomp_compare_check(const unsigned char* f_buffer, size_t buffer_
788 788
                     break;
789 789
 
790 790
                 case '=':
791
-                    if (value == bm->comps[i]->comp_value) {
792
-                        bcm_dbgmsg("cli_bcomp_compare_check: extracted value (%ld) equal to comparison value (%ld)\n", value, bm->comps[i]->comp_value);
791
+                    if (opt & CLI_BCOMP_BIN) {
792
+                        compare_check = (bin_value == bm->comps[i]->comp_value);
793
+                    } else {
794
+                        compare_check = (value == bm->comps[i]->comp_value);
795
+                    }
796
+                    if (compare_check) {
797
+                        bcm_dbgmsg("cli_bcomp_compare_check: extracted value (%ld) equal to comparison value (%ld)\n", (opt & CLI_BCOMP_BIN) ? bin_value : value, bm->comps[i]->comp_value);
793 798
                         ret = CL_VIRUS;
794 799
                     } else {
795 800
                         ret = CL_CLEAN;
... ...
@@ -803,11 +820,12 @@ cl_error_t cli_bcomp_compare_check(const unsigned char* f_buffer, size_t buffer_
803 803
 
804 804
             if (CL_CLEAN == ret) {
805 805
                 /* comparison was not successful */
806
-                bcm_dbgmsg("cli_bcomp_compare_check: extracted value (%ld) was not %c %ld\n", value, bm->comps[i]->comp_symbol, bm->comps[i]->comp_value);
806
+                bcm_dbgmsg("cli_bcomp_compare_check: extracted value (%ld) was not %c %ld\n", (opt & CLI_BCOMP_BIN) ? bin_value : value, bm->comps[i]->comp_symbol, bm->comps[i]->comp_value);
807 807
                 return CL_CLEAN;
808 808
             }
809 809
         }
810 810
     }
811
+
811 812
     return ret;
812 813
 }
813 814