...
|
...
|
@@ -565,6 +565,8 @@ cl_error_t cli_bcomp_compare_check(const unsigned char* f_buffer, size_t buffer_
|
565
|
565
|
uint16_t opt = 0;
|
566
|
566
|
uint16_t opt_val = 0;
|
567
|
567
|
int64_t value = 0;
|
|
568
|
+ uint64_t bin_value = 0;
|
|
569
|
+ int16_t compare_check = 0;
|
568
|
570
|
const unsigned char* end_buf = NULL;
|
569
|
571
|
const unsigned char* buffer = NULL;
|
570
|
572
|
unsigned char* tmp_buffer = NULL;
|
...
|
...
|
@@ -715,10 +717,10 @@ cl_error_t cli_bcomp_compare_check(const unsigned char* f_buffer, size_t buffer_
|
715
|
715
|
case CLI_BCOMP_BIN | CLI_BCOMP_LE:
|
716
|
716
|
/* exact byte_length option is implied for binary extraction */
|
717
|
717
|
switch (byte_len) {
|
718
|
|
- case 1: value = (*(int8_t*) f_buffer); break;
|
719
|
|
- case 2: value = (int16_t) le16_to_host( *(int16_t*) f_buffer); break;
|
720
|
|
- case 4: value = (int32_t) le32_to_host( *(int32_t*) f_buffer); break;
|
721
|
|
- case 8: value = (int64_t) le64_to_host( *(int64_t*) f_buffer); break;
|
|
718
|
+ case 1: bin_value = (*(uint8_t*) f_buffer); break;
|
|
719
|
+ case 2: bin_value = (uint16_t) le16_to_host( *(uint16_t*) f_buffer); break;
|
|
720
|
+ case 4: bin_value = (uint32_t) le32_to_host( *(uint32_t*) f_buffer); break;
|
|
721
|
+ case 8: bin_value = (uint64_t) le64_to_host( *(uint64_t*) f_buffer); break;
|
722
|
722
|
|
723
|
723
|
default:
|
724
|
724
|
bcm_dbgmsg("cli_bcomp_compare_check: invalid byte size for binary integer field (%u)\n", byte_len);
|
...
|
...
|
@@ -731,10 +733,10 @@ cl_error_t cli_bcomp_compare_check(const unsigned char* f_buffer, size_t buffer_
|
731
|
731
|
case CLI_BCOMP_BIN | CLI_BCOMP_BE:
|
732
|
732
|
/* exact byte_length option is implied for binary extraction */
|
733
|
733
|
switch (byte_len) {
|
734
|
|
- case 1: value = ( *(int8_t*) f_buffer); break;
|
735
|
|
- case 2: value = (int16_t) be16_to_host( *(int16_t*) f_buffer); break;
|
736
|
|
- case 4: value = (int32_t) be32_to_host( *(int32_t*) f_buffer); break;
|
737
|
|
- case 8: value = (int64_t) be64_to_host( *(int64_t*) f_buffer); break;
|
|
734
|
+ case 1: bin_value = ( *(uint8_t*) f_buffer); break;
|
|
735
|
+ case 2: bin_value = (uint16_t) be16_to_host( *(uint16_t*) f_buffer); break;
|
|
736
|
+ case 4: bin_value = (uint32_t) be32_to_host( *(uint32_t*) f_buffer); break;
|
|
737
|
+ case 8: bin_value = (uint64_t) be64_to_host( *(uint64_t*) f_buffer); break;
|
738
|
738
|
|
739
|
739
|
default:
|
740
|
740
|
bcm_dbgmsg("cli_bcomp_compare_check: invalid byte size for binary integer field (%u)\n", byte_len);
|
...
|
...
|
@@ -770,8 +772,13 @@ cl_error_t cli_bcomp_compare_check(const unsigned char* f_buffer, size_t buffer_
|
770
|
770
|
switch (bm->comps[i]->comp_symbol) {
|
771
|
771
|
|
772
|
772
|
case '>':
|
773
|
|
- if (value > bm->comps[i]->comp_value) {
|
774
|
|
- bcm_dbgmsg("cli_bcomp_compare_check: extracted value (%ld) greater than comparison value (%ld)\n", value, bm->comps[i]->comp_value);
|
|
773
|
+ if (opt & CLI_BCOMP_BIN) {
|
|
774
|
+ compare_check = (bin_value > bm->comps[i]->comp_value);
|
|
775
|
+ } else {
|
|
776
|
+ compare_check = (value > bm->comps[i]->comp_value);
|
|
777
|
+ }
|
|
778
|
+ if (compare_check) {
|
|
779
|
+ bcm_dbgmsg("cli_bcomp_compare_check: extracted value (%ld) greater than comparison value (%ld)\n", (opt & CLI_BCOMP_BIN) ? bin_value : value, bm->comps[i]->comp_value);
|
775
|
780
|
ret = CL_VIRUS;
|
776
|
781
|
} else {
|
777
|
782
|
ret = CL_CLEAN;
|
...
|
...
|
@@ -779,8 +786,13 @@ cl_error_t cli_bcomp_compare_check(const unsigned char* f_buffer, size_t buffer_
|
779
|
779
|
break;
|
780
|
780
|
|
781
|
781
|
case '<':
|
782
|
|
- if (value < bm->comps[i]->comp_value) {
|
783
|
|
- bcm_dbgmsg("cli_bcomp_compare_check: extracted value (%ld) less than comparison value (%ld)\n", value, bm->comps[i]->comp_value);
|
|
782
|
+ if (opt & CLI_BCOMP_BIN) {
|
|
783
|
+ compare_check = (bin_value < bm->comps[i]->comp_value);
|
|
784
|
+ } else {
|
|
785
|
+ compare_check = (value < bm->comps[i]->comp_value);
|
|
786
|
+ }
|
|
787
|
+ if (compare_check) {
|
|
788
|
+ bcm_dbgmsg("cli_bcomp_compare_check: extracted value (%ld) less than comparison value (%ld)\n", (opt & CLI_BCOMP_BIN) ? bin_value : value, bm->comps[i]->comp_value);
|
784
|
789
|
ret = CL_VIRUS;
|
785
|
790
|
} else {
|
786
|
791
|
ret = CL_CLEAN;
|
...
|
...
|
@@ -788,8 +800,13 @@ cl_error_t cli_bcomp_compare_check(const unsigned char* f_buffer, size_t buffer_
|
788
|
788
|
break;
|
789
|
789
|
|
790
|
790
|
case '=':
|
791
|
|
- if (value == bm->comps[i]->comp_value) {
|
792
|
|
- bcm_dbgmsg("cli_bcomp_compare_check: extracted value (%ld) equal to comparison value (%ld)\n", value, bm->comps[i]->comp_value);
|
|
791
|
+ if (opt & CLI_BCOMP_BIN) {
|
|
792
|
+ compare_check = (bin_value == bm->comps[i]->comp_value);
|
|
793
|
+ } else {
|
|
794
|
+ compare_check = (value == bm->comps[i]->comp_value);
|
|
795
|
+ }
|
|
796
|
+ if (compare_check) {
|
|
797
|
+ bcm_dbgmsg("cli_bcomp_compare_check: extracted value (%ld) equal to comparison value (%ld)\n", (opt & CLI_BCOMP_BIN) ? bin_value : value, bm->comps[i]->comp_value);
|
793
|
798
|
ret = CL_VIRUS;
|
794
|
799
|
} else {
|
795
|
800
|
ret = CL_CLEAN;
|
...
|
...
|
@@ -803,11 +820,12 @@ cl_error_t cli_bcomp_compare_check(const unsigned char* f_buffer, size_t buffer_
|
803
|
803
|
|
804
|
804
|
if (CL_CLEAN == ret) {
|
805
|
805
|
/* comparison was not successful */
|
806
|
|
- bcm_dbgmsg("cli_bcomp_compare_check: extracted value (%ld) was not %c %ld\n", value, bm->comps[i]->comp_symbol, bm->comps[i]->comp_value);
|
|
806
|
+ bcm_dbgmsg("cli_bcomp_compare_check: extracted value (%ld) was not %c %ld\n", (opt & CLI_BCOMP_BIN) ? bin_value : value, bm->comps[i]->comp_symbol, bm->comps[i]->comp_value);
|
807
|
807
|
return CL_CLEAN;
|
808
|
808
|
}
|
809
|
809
|
}
|
810
|
810
|
}
|
|
811
|
+
|
811
|
812
|
return ret;
|
812
|
813
|
}
|
813
|
814
|
|