@@ -1,3 +1,7 @@

+Tue Jul 13 05:24:07 CEST 2004 (tk)

+----------------------------------

+  * libclamav: initial support for MD5 signatures

+

 Mon Jul 12 16:03:11 BST 2004 (trog)

 -----------------------------------

   * libclamav/htmlnorm.c: fix decoding of hex char encoding

@@ -85,15 +85,25 @@ struct cli_patt {

     struct cli_patt *next;

 };

-struct cl_node {

+struct cli_ac_node {

     char islast;

     struct cli_patt *list;

-    struct cl_node *trans[CL_NUM_CHILDS], *fail;

+    struct cli_ac_node *trans[CL_NUM_CHILDS], *fail;

+};

-    /* FIXME: these variables are only used in a root node */

+struct cli_md5_node {

+    char *virname, *viralias, *md5;

+    struct cli_md5_node *next;

+};

+

+struct cl_node {

+    /* Aho-Corasick */

+    struct cli_ac_node *ac_root, **nodetable;

     unsigned int maxpatlen, partsigs;

     unsigned int nodes;

-    struct cl_node **nodetable;

+

+    /* MD5 */

+    struct cli_md5_node *hlist[256];

 };

 struct cl_limits {

@@ -167,15 +177,6 @@ extern int cl_mbox(const char *dir, int desc);

 /* compute MD5 message digest from file (compatible with md5sum(1)) */

 extern char *cl_md5file(const char *filename);

-/* decode hexadecimal string */

-extern short int *cl_hex2str(const char *hex);

-

-/* encode a buffer 'string' length of 'len' to a hexadecimal string */

-extern char *cl_str2hex(const char *string, unsigned int len);

-

-/* generate a pseudo-random number */

-extern unsigned int cl_rndnum(unsigned int max);

-

 /* generate unique file name in temporary directory */

 char *cl_gentemp(const char *dir);

@@ -39,27 +39,27 @@

 int cli_addpatt(struct cl_node *root, struct cli_patt *pattern)

 {

-	struct cl_node *pos, *next;

+	struct cli_ac_node *pos, *next;

 	int i;

     if(pattern->length < CL_MIN_LENGTH) {

 	return CL_EPATSHORT;

     }

-    pos = root;

+    pos = root->ac_root;

     for(i = 0; i < CL_MIN_LENGTH; i++) {

 	next = pos->trans[((unsigned char) pattern->pattern[i]) & 0xff]; 

 	if(!next) {

-	    next = (struct cl_node *) cli_calloc(1, sizeof(struct cl_node));

+	    next = (struct cli_ac_node *) cli_calloc(1, sizeof(struct cli_ac_node));

 	    if(!next) {

 		cli_dbgmsg("Unable to allocate pattern node (%d)\n", sizeof(struct cl_node));

 		return CL_EMEM;

 	    }

 	    root->nodes++;

-	    root->nodetable = (struct cl_node **) realloc(root->nodetable, (root->nodes) * sizeof(struct cl_node *));

+	    root->nodetable = (struct cli_ac_node **) realloc(root->nodetable, (root->nodes) * sizeof(struct cli_ac_node *));

 	    if (root->nodetable == NULL) {

 		cli_dbgmsg("Unable to realloc nodetable (%d)\n", (root->nodes) * sizeof(struct cl_node *));

 		return CL_EMEM;

@@ -80,7 +80,7 @@ int cli_addpatt(struct cl_node *root, struct cli_patt *pattern)

     return 0;

 }

-static int cli_enqueue(struct nodelist **bfs, struct cl_node *n)

+static int cli_enqueue(struct nodelist **bfs, struct cli_ac_node *n)

 {

 	struct nodelist *new;

@@ -96,10 +96,10 @@ static int cli_enqueue(struct nodelist **bfs, struct cl_node *n)

     return 0;

 }

-static struct cl_node *cli_dequeue(struct nodelist **bfs)

+static struct cli_ac_node *cli_dequeue(struct nodelist **bfs)

 {

 	struct nodelist *handler, *prev = NULL;

-	struct cl_node *pt;

+	struct cli_ac_node *pt;

     handler = *bfs;

@@ -125,12 +125,12 @@ static struct cl_node *cli_dequeue(struct nodelist **bfs)

 static int cli_maketrans(struct cl_node *root)

 {

 	struct nodelist *bfs = NULL;

-	struct cl_node *child, *node;

+	struct cli_ac_node *ac_root = root->ac_root, *child, *node;

 	int i, ret;

-    root->fail = NULL;

-    if((ret = cli_enqueue(&bfs, root)) != 0) {

+    ac_root->fail = NULL;

+    if((ret = cli_enqueue(&bfs, ac_root)) != 0) {

 	return ret;

     }

@@ -144,12 +144,12 @@ static int cli_maketrans(struct cl_node *root)

 		if(node->fail)

 		    node->trans[i] = (node->fail)->trans[i];

 		else

-		    node->trans[i] = root;

+		    node->trans[i] = ac_root;

 	    } else {

 		if(node->fail)

 		    child->fail = (node->fail)->trans[i];

 		else

-		    child->fail = root;

+		    child->fail = ac_root;

 		if((ret = cli_enqueue(&bfs, child)) != 0) {

 		    return ret;

@@ -167,6 +167,11 @@ int cl_buildtrie(struct cl_node *root)

     if(!root)

 	return CL_EMALFDB;

+    if(!root->ac_root) {

+	cli_dbgmsg("Pattern matcher not initialised\n");

+	return 0;

+    }

+

     if((ret = cli_addtypesigs(root)))

 	return ret;

@@ -200,12 +205,14 @@ void cl_freetrie(struct cl_node *root)

 {

 	unsigned int i;

+

     for(i = 0; i < root->nodes; i++) {

 	cli_freepatt(root->nodetable[i]->list);

 	free(root->nodetable[i]);

     }

     free(root->nodetable);

+    free(root->ac_root);

     free(root);

 }

@@ -248,20 +255,24 @@ int inline cli_findpos(const char *buffer, int offset, int length, const struct

 int cli_scanbuff(const char *buffer, unsigned int length, const char **virname, const struct cl_node *root, int *partcnt, int typerec, unsigned long int offset, unsigned long int *partoff)

 {

-	struct cl_node *current;

+	struct cli_ac_node *current;

 	struct cli_patt *pt;

 	int position, type = CL_CLEAN, dist;

         unsigned int i;

-int j;

-    current = (struct cl_node *) root;

+    if(!root->ac_root) {

+	cli_dbgmsg("cli_scanbuff: Pattern matcher not initialised\n");

+	return CL_CLEAN;

+    }

     if(!partcnt || !partoff) {

 	cli_dbgmsg("cli_scanbuff(): partcnt == NULL || partoff == NULL\n");

 	return CL_EMEM;

     }

+    current = root->ac_root;

+

     for(i = 0; i < length; i++)  {

 	current = current->trans[(unsigned char) buffer[i] & 0xff];

@@ -282,12 +293,6 @@ int j;

 			    if(dist && pt->mindist)

 				if(offset + i - partoff[pt->sigid] < pt->mindist)

 				    dist = 0;

-/*

-			    printf("dist == %d\n", dist);

-			    printf("curr offset == %d\n", offset + i);

-			    printf("min dist == %d\n", pt->mindist);

-			    printf("max dist == %d\n", pt->maxdist);

-*/

 			    if(dist) {

 				partoff[pt->sigid] = offset + i + pt->length;

@@ -22,7 +22,7 @@

 #include "clamav.h"

 struct nodelist {

-    struct cl_node *node;

+    struct cli_ac_node *node;

     struct nodelist *next;

 };

@@ -57,8 +57,7 @@ static int cli_addsig(struct cl_node *root, const char *virname, const char *hex

     new->maxdist = maxdist;

     if(strchr(hexsig, '(')) {

-	    char *hexcpy, *hexnew, *start, *h;

-	    short int *c;

+	    char *hexcpy, *hexnew, *start, *h, *c;

 	if(!(hexcpy = strdup(hexsig))) {

 	    free(new);

@@ -115,13 +114,13 @@ static int cli_addsig(struct cl_node *root, const char *virname, const char *hex

 		    break;

 		}

-		if((c = cl_hex2str(h)) == NULL) {

+		if((c = cli_hex2str(h)) == NULL) {

 		    free(h);

 		    error = 1;

 		    break;

 		}

-		new->altc[new->alt - 1][i] = (char) *c;

+		new->altc[new->alt - 1][i] = *c;

 		free(c);

 		free(h);

 	    }

@@ -158,7 +157,7 @@ static int cli_addsig(struct cl_node *root, const char *virname, const char *hex

     if(new->length > root->maxpatlen)

 	root->maxpatlen = new->length;

-    if((new->pattern = cl_hex2str(hex)) == NULL) {

+    if((new->pattern = cli_hex2si(hex)) == NULL) {

 	if(new->alt) {

 	    free(new->altn);

 	    for(i = 0; i < new->alt; i++)

@@ -339,95 +338,166 @@ int cli_parse_add(struct cl_node *root, char *virname, const char *hexsig, int t

     return 0;

 }

-int cl_loaddb(const char *filename, struct cl_node **root, int *virnum)

+static int cli_loaddb(FILE *fd, struct cl_node **root, int *virnum)

 {

-	FILE *fd;

-	char *buffer, *pt, *start;

-	int line = 0, ret;

+	char buffer[FILEBUFF], *pt, *start;

+	int line = 0, ret = 0;

-    if((fd = fopen(filename, "rb")) == NULL) {

-	cli_errmsg("cl_loaddb(): Can't open file %s\n", filename);

-	return CL_EOPEN;

+    if(!*root) {

+	cli_dbgmsg("Initializing main node\n");

+	*root = (struct cl_node *) cli_calloc(1, sizeof(struct cl_node));

+	if(!*root)

+	    return CL_EMEM;

     }

-    cli_dbgmsg("Loading %s\n", filename);

-

-    if(!(buffer = (char *) cli_malloc(FILEBUFF))) {

-	fclose(fd);

-	return CL_EMEM;

+    if(!(*root)->ac_root) {

+	cli_dbgmsg("Initializing trie\n");

+	(*root)->ac_root =  (struct cli_ac_node *) cli_calloc(1, sizeof(struct cli_ac_node));

+	if(!(*root)->ac_root) {

+	    free(*root);

+	    return CL_EMEM;

+	}

     }

-    memset(buffer, 0, FILEBUFF);

+    while(fgets(buffer, FILEBUFF, fd)) {

+	line++;

+	cli_chomp(buffer);

+

+	pt = strchr(buffer, '=');

+	if(!pt) {

+	    cli_errmsg("Malformed pattern line %d\n", line);

+	    ret = CL_EMALFDB;

+	    break;

+	}

+

+	start = buffer;

+	*pt++ = 0;

-    /* test for CVD file */

+	if(*pt == '=') continue;

-    if (fgets(buffer, 12, fd) == NULL) {

-	cli_dbgmsg("%s: failure reading header\n", filename);

-	free(buffer);

-	fclose(fd);

-	return CL_EMALFDB;

+	if((ret = cli_parse_add(*root, start, pt, 0))) {

+	    cli_errmsg("Problem parsing signature at line %d\n", line);

+	    ret = CL_EMALFDB;

+	    break;

+	}

     }

-    rewind(fd);

+    if(!line) {

+	cli_errmsg("Empty database file\n");

+	/* FIXME: release memory */

+	return CL_EMALFDB;

+    }

-    if(!strncmp(buffer, "ClamAV-VDB:", 11)) {

-	cli_dbgmsg("%s: CVD file detected\n", filename);

-	ret = cli_cvdload(fd, root, virnum);

-	free(buffer);

-	fclose(fd);

+    if(ret) {

+	/* FIXME: release memory */

 	return ret;

     }

-    while(fgets(buffer, FILEBUFF, fd)) {

+    if(virnum != NULL)

+	*virnum += line;

+

+    return 0;

+}

+

+static int cli_loadhdb(FILE *fd, struct cl_node **root, int *virnum)

+{

+	char buffer[FILEBUFF], *pt, *start;

+	int line = 0, ret = 0;

+	struct cli_md5_node *new;

+

+    if(!*root) {

+	cli_dbgmsg("Initializing main node\n");

+	*root = (struct cl_node *) cli_calloc(1, sizeof(struct cl_node));

+	if(!*root)

+	    return CL_EMEM;

+    }

+

+    while(fgets(buffer, FILEBUFF, fd)) {

 	line++;

 	cli_chomp(buffer);

-	pt = strchr(buffer, '=');

-	if(!pt) {

-	    cli_errmsg("readdb(): Malformed pattern line %d (file %s).\n", line, filename);

-	    free(buffer);

-	    fclose(fd);

-	    return CL_EMALFDB;

+	new = (struct cli_md5_node *) cli_calloc(1, sizeof(struct cli_md5_node));

+	if(!new) {

+	    ret = CL_EMEM;

+	    break;

 	}

-	start = buffer;

-	*pt++ = 0;

-

-	if(*pt == '=') continue;

+	if(!(pt = cli_strtok(buffer, 0, ":"))) {

+	    free(new);

+	    ret = CL_EMALFDB;

+	    break;

+	}

-	if(!*root) {

-	    cli_dbgmsg("Initializing trie.\n");

-	    *root = (struct cl_node *) cli_calloc(1, sizeof(struct cl_node));

-	    if(!*root) {

-		free(buffer);

-		fclose(fd);

-		return CL_EMEM;

-	    }

-	    (*root)->maxpatlen = 0;

+	if(!(new->md5 = cli_hex2str(pt))) {

+	    cli_errmsg("Malformed MD5 string at line %d\n", line);

+	    free(pt);

+	    free(new);

+	    ret = CL_EMALFDB;

+	    break;

 	}

+	free(pt);

-	if((ret = cli_parse_add(*root, start, pt, 0))) {

-	    cli_errmsg("readdb(): Problem parsing signature at line %d (file %s).\n", line, filename);

-	    free(buffer);

-	    fclose(fd);

-	    return ret;

+	if(!(new->virname = cli_strtok(buffer, 1, ":"))) {

+	    free(new->md5);

+	    free(new);

+	    ret = CL_EMALFDB;

+	    break;

 	}

+

+	new->viralias = cli_strtok(buffer, 1, ":"); /* aliases are optional */

+

+	new->next = (*root)->hlist[new->md5[0] & 0xff];

+	(*root)->hlist[new->md5[0] & 0xff] = new;

     }

-    if(virnum != NULL)

-	*virnum += line;

+    if(!line) {

+	cli_errmsg("Empty database file\n");

+	/* FIXME: release memory */

+	return CL_EMALFDB;

+    }

-    free(buffer);

-    fclose(fd);

+    if(ret) {

+	/* FIXME: release memory */

+	return ret;

+    }

     return 0;

 }

-const char *cl_retdbdir(void)

+int cl_loaddb(const char *filename, struct cl_node **root, int *virnum)

 {

-    return DATADIR;

+	FILE *fd;

+	int ret;

+

+

+    if((fd = fopen(filename, "rb")) == NULL) {

+	cli_errmsg("cl_loaddb(): Can't open file %s\n", filename);

+	return CL_EOPEN;

+    }

+

+    cli_dbgmsg("Loading %s\n", filename);

+

+    if(cli_strbcasestr(filename, ".db")  || cli_strbcasestr(filename, ".db2") || cli_strbcasestr(filename, ".db3")) {

+	ret = cli_loaddb(fd, root, virnum);

+

+    } else if(cli_strbcasestr(filename, ".cvd")) {

+	ret = cli_cvdload(fd, root, virnum);

+

+    } else if(cli_strbcasestr(filename, ".hdb")) {

+	ret = cli_loadhdb(fd, root, virnum);

+

+    } else {

+	cli_dbgmsg("cl_loaddb: unknown extension - assuming old database format\n");

+	ret = cli_loaddb(fd, root, virnum);

+    }

+

+    if(ret)

+	cli_errmsg("Malformed database file %s\n", filename);

+

+    fclose(fd);

+    return ret;

 }

 int cl_loaddbdir(const char *dirname, struct cl_node **root, int *virnum)

@@ -454,6 +524,7 @@ int cl_loaddbdir(const char *dirname, struct cl_node **root, int *virnum)

 	    (cli_strbcasestr(dent->d_name, ".db")  ||

 	     cli_strbcasestr(dent->d_name, ".db2") ||

 	     cli_strbcasestr(dent->d_name, ".db3") ||

+	     cli_strbcasestr(dent->d_name, ".hdb") ||

 	     cli_strbcasestr(dent->d_name, ".cvd"))) {

 		dbfile = (char *) cli_calloc(strlen(dent->d_name) + strlen(dirname) + 2, sizeof(char));

@@ -479,6 +550,11 @@ int cl_loaddbdir(const char *dirname, struct cl_node **root, int *virnum)

     return 0;

 }

+const char *cl_retdbdir(void)

+{

+    return DATADIR;

+}

+

 int cl_statinidir(const char *dirname, struct cl_stat *dbstat)

 {

 	DIR *dd;

@@ -507,7 +583,7 @@ int cl_statinidir(const char *dirname, struct cl_stat *dbstat)

 	if(dent->d_ino)

 #endif

 	{

-	    if(strcmp(dent->d_name, ".") && strcmp(dent->d_name, "..") && (cli_strbcasestr(dent->d_name, ".db") || cli_strbcasestr(dent->d_name, ".db2") || cli_strbcasestr(dent->d_name, ".db3") || cli_strbcasestr(dent->d_name, ".cvd"))) {

+	    if(strcmp(dent->d_name, ".") && strcmp(dent->d_name, "..") && (cli_strbcasestr(dent->d_name, ".db") || cli_strbcasestr(dent->d_name, ".db2") || cli_strbcasestr(dent->d_name, ".db3") || cli_strbcasestr(dent->d_name, ".hdb") || cli_strbcasestr(dent->d_name, ".cvd"))) {

 		dbstat->no++;

 		dbstat->stattab = (struct stat *) realloc(dbstat->stattab, dbstat->no * sizeof(struct stat));

@@ -549,7 +625,7 @@ int cl_statchkdir(const struct cl_stat *dbstat)

 	if(dent->d_ino)

 #endif

 	{

-	    if(strcmp(dent->d_name, ".") && strcmp(dent->d_name, "..") && (cli_strbcasestr(dent->d_name, ".db") || cli_strbcasestr(dent->d_name, ".db2") || cli_strbcasestr(dent->d_name, ".db3") || cli_strbcasestr(dent->d_name, ".cvd"))) {

+	    if(strcmp(dent->d_name, ".") && strcmp(dent->d_name, "..") && (cli_strbcasestr(dent->d_name, ".db") || cli_strbcasestr(dent->d_name, ".db2") || cli_strbcasestr(dent->d_name, ".db3") || cli_strbcasestr(dent->d_name, ".hdb") || cli_strbcasestr(dent->d_name, ".cvd"))) {

                 fname = cli_calloc(strlen(dbstat->dir) + strlen(dent->d_name) + 2, sizeof(char));

 		sprintf(fname, "%s/%s", dbstat->dir, dent->d_name);

@@ -57,6 +57,7 @@ extern short cli_leavetemps_flag;

 #include "pe.h"

 #include "filetypes.h"

 #include "htmlnorm.h"

+#include "md5.h"

 #ifdef HAVE_ZLIB_H

 #include <zlib.h>

@@ -77,15 +78,38 @@ extern short cli_leavetemps_flag;

 #define MAX_MAIL_RECURSION  15

+#define MD5_BLOCKSIZE 4096

 static int cli_magic_scandesc(int desc, const char **virname, long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec);

 static int cli_scanfile(const char *filename, const char **virname, unsigned long int *scanned, const struct cl_node *root, const struct cl_limits *limits, int options, int *arec, int *mrec);

+

+struct cli_md5_node *cli_vermd5(const char *md5, const struct cl_node *root)

+{

+	struct cli_md5_node *pt;

+

+

+    if(!(pt = root->hlist[md5[0] & 0xff]))

+	return NULL;

+

+    while(pt) {

+	if(!memcmp(pt->md5, md5, 16))

+	    return pt;

+

+	pt = pt->next;

+    }

+

+    return NULL;

+}

+

 static int cli_scandesc(int desc, const char **virname, long int *scanned, const struct cl_node *root, int typerec)

 {

  	char *buffer, *buff, *endbl, *pt;

 	int bytes, buffsize, length, ret, *partcnt, type = CL_CLEAN;

 	unsigned long int *partoff, offset = 0;

+	struct md5_ctx ctx;

+        unsigned char md5buff[16];

+	struct cli_md5_node *md5_node;

     /* prepare the buffer */

@@ -106,6 +130,8 @@ static int cli_scandesc(int desc, const char **virname, long int *scanned, const

 	return CL_EMEM;

     }

+    md5_init_ctx (&ctx);

+

     buff = buffer;

     buff += root->maxpatlen; /* pointer to read data block */

     endbl = buff + SCANBUFF - root->maxpatlen; /* pointer to the last block

@@ -139,11 +165,37 @@ static int cli_scandesc(int desc, const char **virname, long int *scanned, const

         pt = buffer;

         length = buffsize;

+

+	/* compute MD5 */

+

+	if(bytes % 64 == 0) {

+	    md5_process_block(buff, bytes, &ctx);

+	} else {

+		int block = bytes;

+		char *mpt = buff;

+

+	    while(block >= MD5_BLOCKSIZE) {

+		md5_process_block(mpt, MD5_BLOCKSIZE, &ctx);

+		mpt += MD5_BLOCKSIZE;

+		block -= MD5_BLOCKSIZE;

+	    }

+

+	    if(block)

+		md5_process_bytes(mpt, block, &ctx);

+	}

     }

     free(buffer);

     free(partcnt);

+    md5_finish_ctx(&ctx, &md5buff);

+

+    if((md5_node = cli_vermd5(md5buff, root))) {

+	if(virname)

+	    *virname = md5_node->virname;

+	return CL_VIRUS;

+    }

+

     return typerec ? type : CL_CLEAN;

 }

@@ -46,16 +46,16 @@ static int cli_hex2int(int c)

     return -1;

 }

-short int *cl_hex2str(const char *hex)

+short int *cli_hex2si(const char *hex)

 {

 	short int *str, *ptr, val, c;

 	int i, len;

+

     len = strlen(hex);

-    /* additional check - hex strings are parity length here */

     if(len % 2 != 0) {

-	cli_errmsg("cl_hex2str(): Malformed hexstring: %s (length: %d)\n", hex, len);

+	cli_errmsg("cl_hex2si(): Malformed hexstring: %s (length: %d)\n", hex, len);

 	return NULL;

     }

@@ -90,6 +90,45 @@ short int *cl_hex2str(const char *hex)

     return str;

 }

+char *cli_hex2str(const char *hex)

+{

+	char *str, *ptr, val, c;

+	int i, len;

+

+

+    len = strlen(hex);

+

+    if(len % 2 != 0) {

+	cli_errmsg("cl_hex2str(): Malformed hexstring: %s (length: %d)\n", hex, len);

+	return NULL;

+    }

+

+    str = cli_calloc((len / 2) + 1, sizeof(char));

+    if(!str)

+	return NULL;

+

+    ptr = str;

+

+    for(i = 0; i < len; i += 2) {

+	if((c = cli_hex2int(hex[i])) >= 0) {

+	    val = c;

+	    if((c = cli_hex2int(hex[i+1])) >= 0) {

+		val = (val << 4) + c;

+	    } else {

+		free(str);

+		return NULL;

+	    }

+	} else {

+	    free(str);

+	    return NULL;

+	}

+

+	*ptr++ = val;

+    }

+

+    return str;

+}

+

 char *cl_str2hex(const char *string, unsigned int len)

 {

 	char *hexstr;

@@ -190,5 +229,3 @@ char *cli_strtok(const char *line, int fieldno, const char *delim)

     return buffer;

 }

-

-

@@ -16,11 +16,13 @@

  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

  */

-#ifndef __STRINGS_H

-#define __STRINGS_H

+#ifndef __STR_H

+#define __STR_H

 int cli_strbcasestr(const char *haystack, const char *needle);

-int	cli_chomp(char *string);

+int cli_chomp(char *string);

 char *cli_strtok(const char *line, int field, const char *delim);

+short int *cli_hex2si(const char *hex);

+char *cli_hex2str(const char *hex);

 #endif