[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Tomasz Kojm
tkojm at clamav.net
Sun Apr 4 01:04:58 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit 8c3c77b49cde220cc8a469c848d47a38cd5152b4
Author: Tomasz Kojm <tkojm at clamav.net>
Date: Thu Sep 17 22:49:45 2009 +0200
libclamav/matcher-ac.c: implement word delimiter (B) as requested in bb#1631
diff --git a/ChangeLog b/ChangeLog
index f995070..294262f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Thu Sep 17 22:36:30 CEST 2009 (tk)
+----------------------------------
+ * libclamav/matcher-ac.c: implement word delimiter (B) as requested in bb#1631
+
Mon Sep 14 19:52:01 CEST 2009 (tk)
----------------------------------
* freshclam: return 0 instead of 1 when database is up-to-date (bb#1312)
diff --git a/libclamav/matcher-ac.c b/libclamav/matcher-ac.c
index 00efb69..8fc536d 100644
--- a/libclamav/matcher-ac.c
+++ b/libclamav/matcher-ac.c
@@ -51,6 +51,30 @@
#define AC_SPECIAL_LINE_END 4
#define AC_SPECIAL_BOUNDARY 5
+#define AC_BOUNDARY_LEFT 1
+#define AC_BOUNDARY_LEFT_NEGATIVE 2
+#define AC_BOUNDARY_RIGHT 4
+#define AC_BOUNDARY_RIGHT_NEGATIVE 8
+
+static char boundary[256] = {
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0, 0, 2, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 3, 0, 2, 0, 0, 0, 0, 2, 0, 0, 0, 0, 0, 3, 1, 3,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 2, 0,
+ 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
int cli_ac_addpatt(struct cli_matcher *root, struct cli_ac_patt *pattern)
{
struct cli_ac_node *pt, *next;
@@ -698,7 +722,7 @@ int cli_ac_chklsig(const char *expr, const char *end, uint32_t *lsigcnt, unsigne
break; \
\
case AC_SPECIAL_BOUNDARY: \
- if(memchr("\x22\x27\x20\x2f\x3d\x2d\x5f\x3e\x0a\x0d", b, 10)) \
+ if(boundary[b]) \
match = !special->negative; \
break; \
\
@@ -724,7 +748,7 @@ int cli_ac_chklsig(const char *expr, const char *end, uint32_t *lsigcnt, unsigne
match = 0; \
}
-inline static int ac_findmatch(const unsigned char *buffer, uint32_t offset, uint32_t length, const struct cli_ac_patt *pattern, uint32_t *end)
+inline static int ac_findmatch(const unsigned char *buffer, uint32_t offset, uint32_t fileoffset, uint32_t length, const struct cli_ac_patt *pattern, uint32_t *end)
{
uint32_t bp, match;
uint16_t wc, i, j, specialcnt = pattern->special_pattern;
@@ -745,6 +769,22 @@ inline static int ac_findmatch(const unsigned char *buffer, uint32_t offset, uin
}
*end = bp;
+ if(pattern->boundary & AC_BOUNDARY_LEFT) {
+ match = !!(pattern->boundary & AC_BOUNDARY_LEFT_NEGATIVE);
+ if(!fileoffset || (offset && (boundary[buffer[offset - 1]] == 1 || boundary[buffer[offset - 1]] == 3)))
+ match = !match;
+ if(!match)
+ return 0;
+ }
+
+ if(pattern->boundary & AC_BOUNDARY_RIGHT) {
+ match = !!(pattern->boundary & AC_BOUNDARY_RIGHT_NEGATIVE);
+ if((length <= SCANBUFF) && (bp == length || boundary[buffer[bp]] >= 2))
+ match = !match;
+ if(!match)
+ return 0;
+ }
+
if(!(pattern->ch[1] & CLI_MATCH_IGNORE)) {
bp += pattern->ch_mindist[1];
for(i = pattern->ch_mindist[1]; i <= pattern->ch_maxdist[1]; i++) {
@@ -1001,7 +1041,7 @@ int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **v
}
}
pt = patt;
- if(ac_findmatch(buffer, bp, length, patt, &matchend)) {
+ if(ac_findmatch(buffer, bp, offset + bp - patt->prefix_length, length, patt, &matchend)) {
while(pt) {
if((pt->type && !(mode & AC_SCAN_FT)) || (!pt->type && !(mode & AC_SCAN_VIR))) {
pt = pt->next_same;
@@ -1340,7 +1380,6 @@ int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hex
}
}
strcat(hexnew, start);
- strcat(hexnew, "()");
if(!(start = strchr(pt, ')'))) {
mpool_free(root->mempool, newspecial);
@@ -1353,6 +1392,24 @@ int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hex
error = CL_EMALFDB;
break;
}
+
+ if(!strcmp(pt, "B")) {
+ if(!*start) {
+ new->boundary |= AC_BOUNDARY_RIGHT;
+ if(newspecial->negative)
+ new->boundary |= AC_BOUNDARY_RIGHT_NEGATIVE;
+ mpool_free(root->mempool, newspecial);
+ continue;
+ } else if(pt - 1 == hexcpy) {
+ new->boundary |= AC_BOUNDARY_LEFT;
+ if(newspecial->negative)
+ new->boundary |= AC_BOUNDARY_LEFT_NEGATIVE;
+ mpool_free(root->mempool, newspecial);
+ continue;
+ }
+ }
+
+ strcat(hexnew, "()");
new->special++;
newtable = (struct cli_ac_special **) mpool_realloc(root->mempool, new->special_table, new->special * sizeof(struct cli_ac_special *));
if(!newtable) {
diff --git a/libclamav/matcher-ac.h b/libclamav/matcher-ac.h
index ad0b9ab..f18f3c6 100644
--- a/libclamav/matcher-ac.h
+++ b/libclamav/matcher-ac.h
@@ -61,6 +61,7 @@ struct cli_ac_patt {
uint8_t depth;
uint16_t rtype, type;
uint32_t offdata[4], offset_min, offset_max;
+ uint32_t boundary;
};
struct cli_ac_node {
diff --git a/libclamav/others.h b/libclamav/others.h
index 9f318dc..c4712b2 100644
--- a/libclamav/others.h
+++ b/libclamav/others.h
@@ -50,7 +50,7 @@
* in re-enabling affected modules.
*/
-#define CL_FLEVEL 47
+#define CL_FLEVEL 48
#define CL_FLEVEL_DCONF CL_FLEVEL
extern uint8_t cli_debug_flag;
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list