... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Fri Nov 18 15:23:50 CET 2011 (tk) |
|
2 |
+--------------------------------- |
|
3 |
+ * libclamav/scanners.c: use lsigs when scanning vba data (bb#3922) |
|
4 |
+ |
|
1 | 5 |
Fri Nov 18 15:48:59 EET 2011 (edwin) |
2 | 6 |
----------------------------------- |
3 | 7 |
* libclamav/matcher-hash.c: Fix SIGBUS on PA-RISC (big-endian) architectures (bb #3894). |
... | ... |
@@ -766,6 +766,37 @@ static int cli_scanmscab(int desc, cli_ctx *ctx, off_t sfx_offset) |
766 | 766 |
return ret; |
767 | 767 |
} |
768 | 768 |
|
769 |
+static int vba_scandata(const unsigned char *data, unsigned int len, cli_ctx *ctx) |
|
770 |
+{ |
|
771 |
+ struct cli_matcher *groot = ctx->engine->root[0]; |
|
772 |
+ struct cli_matcher *troot = ctx->engine->root[2]; |
|
773 |
+ struct cli_ac_data gmdata, tmdata; |
|
774 |
+ struct cli_ac_data *mdata[2]; |
|
775 |
+ int ret; |
|
776 |
+ |
|
777 |
+ if((ret = cli_ac_initdata(&tmdata, troot->ac_partsigs, troot->ac_lsigs, troot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) |
|
778 |
+ return ret; |
|
779 |
+ |
|
780 |
+ if((ret = cli_ac_initdata(&gmdata, groot->ac_partsigs, groot->ac_lsigs, groot->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN))) { |
|
781 |
+ cli_ac_freedata(&tmdata); |
|
782 |
+ return ret; |
|
783 |
+ } |
|
784 |
+ mdata[0] = &tmdata; |
|
785 |
+ mdata[1] = &gmdata; |
|
786 |
+ |
|
787 |
+ ret = cli_scanbuff(data, len, 0, ctx, CL_TYPE_MSOLE2, mdata); |
|
788 |
+ |
|
789 |
+ if(ret != CL_VIRUS) { |
|
790 |
+ ret = cli_lsig_eval(ctx, troot, &tmdata, NULL, NULL); |
|
791 |
+ if(ret != CL_VIRUS) |
|
792 |
+ ret = cli_lsig_eval(ctx, groot, &gmdata, NULL, NULL); |
|
793 |
+ } |
|
794 |
+ cli_ac_freedata(&tmdata); |
|
795 |
+ cli_ac_freedata(&gmdata); |
|
796 |
+ |
|
797 |
+ return ret; |
|
798 |
+} |
|
799 |
+ |
|
769 | 800 |
static int cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq *U) |
770 | 801 |
{ |
771 | 802 |
int ret = CL_CLEAN, i, j, fd, data_len, hasmacros = 0; |
... | ... |
@@ -806,7 +837,7 @@ static int cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq *U) |
806 | 806 |
/* cli_dbgmsg("Project content:\n%s", data); */ |
807 | 807 |
if(ctx->scanned) |
808 | 808 |
*ctx->scanned += data_len / CL_COUNT_PRECISION; |
809 |
- if(cli_scanbuff(data, data_len, 0, ctx, CL_TYPE_MSOLE2, NULL) == CL_VIRUS) { |
|
809 |
+ if(vba_scandata(data, data_len, ctx) == CL_VIRUS) { |
|
810 | 810 |
free(data); |
811 | 811 |
ret = CL_VIRUS; |
812 | 812 |
break; |
... | ... |
@@ -865,7 +896,7 @@ static int cli_vba_scandir(const char *dirname, cli_ctx *ctx, struct uniq *U) |
865 | 865 |
cli_dbgmsg("Project content:\n%s", data); |
866 | 866 |
if(ctx->scanned) |
867 | 867 |
*ctx->scanned += vba_project->length[i] / CL_COUNT_PRECISION; |
868 |
- if(cli_scanbuff(data, vba_project->length[i], 0, ctx, CL_TYPE_MSOLE2, NULL) == CL_VIRUS) { |
|
868 |
+ if(vba_scandata(data, vba_project->length[i], ctx) == CL_VIRUS) { |
|
869 | 869 |
free(data); |
870 | 870 |
ret = CL_VIRUS; |
871 | 871 |
break; |