@@ -1,3 +1,7 @@

+Fri Dec  9 16:41:05 CET 2011 (tk)

+---------------------------------

+ * libclamav/matcher.c: add new offset modifier SEx (bb#4008)

+

 Thu Dec  1 15:07:49 CET 2011 (tk)

 ---------------------------------

  * libclamav/readdb.c: allow comments in all db files (bb#3930)

@@ -356,6 +356,8 @@ MalwareName:TargetType:Offset:HexSignature[:MinFL:[MaxFL]]

 	\item \verb#Sx+n# = start of section \verb+x+'s (counted from 0)

 	data plus \verb+n+ bytes

 	\item \verb#Sx-n# = start of section \verb+x+'s data minus \verb+n+ bytes

+	\item \verb#SEx# = entire section \verb+x+ (offset must lie within section

+	boundaries)

 	\item \verb#SL+n# = start of last section plus \verb+n+ bytes

 	\item \verb#SL-n# = start of last section minus \verb+n+ bytes

     \end{itemize}

@@ -245,7 +245,15 @@ int cli_caloff(const char *offstr, const struct cli_target_info *info, unsigned

 	    offdata[1] = atoi(&offcpy[3]);

 	} else if(offcpy[0] == 'S') {

-	    if(!strncmp(offstr, "SL+", 3)) {

+	    if(offcpy[1] == 'E') {

+		if(!cli_isnumber(&offcpy[2])) {

+		    cli_errmsg("cli_caloff: Invalid section number\n");

+		    return CL_EMALFDB;

+		}

+		offdata[0] = CLI_OFF_SE;

+		offdata[3] = atoi(&offcpy[2]);

+

+	    } else if(!strncmp(offstr, "SL+", 3)) {

 		offdata[0] = CLI_OFF_SL_PLUS;

 		if(!cli_isnumber(&offcpy[3])) {

 		    cli_errmsg("cli_caloff: Invalid offset value\n");

@@ -303,12 +311,11 @@ int cli_caloff(const char *offstr, const struct cli_target_info *info, unsigned

     } else {

 	/* calculate relative offsets */

-	if(info->status == -1) {

-	    *offset_min = CLI_OFF_NONE;

-	    if(offset_max)

-		*offset_max = CLI_OFF_NONE;

+	*offset_min = CLI_OFF_NONE;

+	if(offset_max)

+	    *offset_max = CLI_OFF_NONE;

+	if(info->status == -1)

 	    return CL_SUCCESS;

-	}

 	switch(offdata[0]) {

 	    case CLI_OFF_EOF_MINUS:

@@ -333,6 +340,16 @@ int cli_caloff(const char *offstr, const struct cli_target_info *info, unsigned

 		else

 		    *offset_min = info->exeinfo.section[offdata[3]].raw + offdata[1];

 		break;

+

+	    case CLI_OFF_SE:

+		if(offdata[3] >= info->exeinfo.nsections) {

+		    *offset_min = CLI_OFF_NONE;

+		} else {

+		    *offset_min = info->exeinfo.section[offdata[3]].raw;

+		    *offset_max = *offset_min + info->exeinfo.section[offdata[3]].rsz + offdata[2];

+		}

+		break;

+

 	    case CLI_OFF_VERSION:

 		*offset_min = *offset_max = CLI_OFF_ANY;

 		break;

@@ -341,12 +358,8 @@ int cli_caloff(const char *offstr, const struct cli_target_info *info, unsigned

 		return CL_EARG;

 	}

-	if(offset_max) {

-	    if(*offset_min != CLI_OFF_NONE)

-		*offset_max = *offset_min + offdata[2];

-	    else

-		*offset_max = CLI_OFF_NONE;

-	}

+	if(offset_max && *offset_max == CLI_OFF_NONE && *offset_min != CLI_OFF_NONE)

+	    *offset_max = *offset_min + offdata[2];

     }

     return CL_SUCCESS;

@@ -161,6 +161,7 @@ static const struct cli_mtarget cli_mtargets[CLI_MTARGETS] =  {

 #define CLI_OFF_SX_PLUS     6

 #define CLI_OFF_VERSION     7

 #define CLI_OFF_MACRO       8

+#define CLI_OFF_SE	    9

 int cli_scanbuff(const unsigned char *buffer, uint32_t length, uint32_t offset, cli_ctx *ctx, cli_file_t ftype, struct cli_ac_data **acdata);

@@ -54,7 +54,7 @@

  * in re-enabling affected modules.

  */

-#define CL_FLEVEL 71

+#define CL_FLEVEL 72

 #define CL_FLEVEL_DCONF	CL_FLEVEL

 #define CL_FLEVEL_SIGTOOL CL_FLEVEL