[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Török Edvin
edwin at clamav.net
Sun Apr 4 01:05:13 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit d38d6dadefa89ddca4e56b73ca70f2025d9c701a
Author: Török Edvin <edwin at clamav.net>
Date: Tue Sep 22 11:03:17 2009 +0300
Logical signature hook for bytecode.
diff --git a/libclamav/bytecode.c b/libclamav/bytecode.c
index fdab1e9..11cbfcb 100644
--- a/libclamav/bytecode.c
+++ b/libclamav/bytecode.c
@@ -31,6 +31,9 @@
#include "readdb.h"
#include <string.h>
+/* TODO: we should make sure lsigcnt is never NULL, and has at least as many
+ * elements as the bytecode needs */
+static const uint32_t nomatch[64];
struct cli_bc_ctx *cli_bytecode_context_alloc(void)
{
struct cli_bc_ctx *ctx = cli_malloc(sizeof(*ctx));
@@ -41,6 +44,8 @@ struct cli_bc_ctx *cli_bytecode_context_alloc(void)
ctx->opsizes = NULL;
ctx->fd = -1;
ctx->off = 0;
+ ctx->lsigcnt = nomatch;
+ ctx->virname = NULL;
return ctx;
}
@@ -967,6 +972,8 @@ static int parseBB(struct cli_bc *bc, unsigned func, unsigned bb, unsigned char
default:
numOp = operand_counts[inst.opcode];
switch (numOp) {
+ case 0:
+ break;
case 1:
inst.u.unaryop = readOperand(bcfunc, buffer, &offset, len, &ok);
break;
@@ -980,7 +987,7 @@ static int parseBB(struct cli_bc *bc, unsigned func, unsigned bb, unsigned char
inst.u.three[2] = readOperand(bcfunc, buffer, &offset, len, &ok);
break;
default:
- cli_errmsg("Opcode with too many operands: %u?\n", numOp);
+ cli_errmsg("Opcode %u with too many operands: %u?\n", inst.opcode, numOp);
ok = 0;
break;
}
@@ -1398,3 +1405,30 @@ int cli_bytecode_context_setfile(struct cli_bc_ctx *ctx, int fd)
return 0;
}
+int cli_bytecode_runlsig(const struct cli_all_bc *bcs, const struct cli_bc *bc, const char **virname, const uint32_t* lsigcnt, int fd)
+{
+ int ret;
+ struct cli_bc_ctx ctx;
+ memset(&ctx, 0, sizeof(ctx));
+ cli_bytecode_context_setfuncid(&ctx, bc, 0);
+ ctx.lsigcnt = lsigcnt;
+ cli_bytecode_context_setfile(&ctx, fd);
+
+ cli_dbgmsg("Running bytecode for logical signature match\n");
+ ret = cli_bytecode_run(bcs, bc, &ctx);
+ if (ret != CL_SUCCESS) {
+ cli_warnmsg("Bytcode failed to run: %s\n", cl_strerror(ret));
+ return CL_SUCCESS;
+ }
+ if (ctx.virname) {
+ cli_dbgmsg("Bytecode found virus: %s\n", ctx.virname);
+ if (virname)
+ *virname = ctx.virname;
+ cli_bytecode_context_clear(&ctx);
+ return CL_VIRUS;
+ }
+ ret = cli_bytecode_context_getresult_int(&ctx);
+ cli_dbgmsg("Bytecode returned code: %u\n", ret);
+ cli_bytecode_context_clear(&ctx);
+ return CL_SUCCESS;
+}
diff --git a/libclamav/bytecode.h b/libclamav/bytecode.h
index 7517b2c..04ba9c8 100644
--- a/libclamav/bytecode.h
+++ b/libclamav/bytecode.h
@@ -81,6 +81,9 @@ int cli_bytecode_run(const struct cli_all_bc *bcs, const struct cli_bc *bc, stru
void cli_bytecode_destroy(struct cli_bc *bc);
int cli_bytecode_done(struct cli_all_bc *allbc);
+/* Hooks */
+int cli_bytecode_runlsig(const struct cli_all_bc *bcs, const struct cli_bc* bc, const char **virname, const uint32_t* lsigcnt, int fd);
+
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/libclamav/bytecode_api.c b/libclamav/bytecode_api.c
index b0fed10..77b6535 100644
--- a/libclamav/bytecode_api.c
+++ b/libclamav/bytecode_api.c
@@ -80,3 +80,11 @@ uint32_t cli_bcapi_debug_print_uint(struct cli_bc_ctx *ctx, uint32_t a, uint32_t
{
cli_dbgmsg("bytecode debug: %u\n", a);
}
+
+/*TODO: compiler should make sure that only constants are passed here, and not
+ * pointers to arbitrary locations that may not be valid when bytecode finishes
+ * executing */
+uint32_t cli_bcapi_setvirusname(struct cli_bc_ctx* ctx, const uint8_t *name, uint32_t len)
+{
+ ctx->virname = name;
+}
diff --git a/libclamav/bytecode_api.h b/libclamav/bytecode_api.h
index 044f11c..a0f1834 100644
--- a/libclamav/bytecode_api.h
+++ b/libclamav/bytecode_api.h
@@ -48,6 +48,9 @@ enum {
* start of file */
int32_t seek(int32_t pos, uint32_t whence);
+/* Set the name of the virus we have found */
+uint32_t setvirusname(const uint8_t *name, uint32_t len);
+
uint32_t debug_print_str(const uint8_t *str, uint32_t len);
uint32_t debug_print_uint(uint32_t a, uint32_t b);
//const char *LogicalSignature;
diff --git a/libclamav/bytecode_api_decl.c b/libclamav/bytecode_api_decl.c
index 63680ec..3a6af38 100644
--- a/libclamav/bytecode_api_decl.c
+++ b/libclamav/bytecode_api_decl.c
@@ -28,6 +28,7 @@ uint32_t cli_bcapi_test0(struct cli_bc_ctx *ctx, struct foo*, uint32_t);
uint32_t cli_bcapi_test1(struct cli_bc_ctx *ctx, uint32_t, uint32_t);
int32_t cli_bcapi_read(struct cli_bc_ctx *ctx, uint8_t*, int32_t);
int32_t cli_bcapi_seek(struct cli_bc_ctx *ctx, int32_t, uint32_t);
+uint32_t cli_bcapi_setvirusname(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);
uint32_t cli_bcapi_debug_print_str(struct cli_bc_ctx *ctx, const const uint8_t*, uint32_t);
uint32_t cli_bcapi_debug_print_uint(struct cli_bc_ctx *ctx, uint32_t, uint32_t);
@@ -52,7 +53,8 @@ const struct cli_apicall cli_apicalls[]={
{"test1", 3, 0, 0},
{"read", 4, 1, 1},
{"seek", 3, 1, 0},
- {"debug_print_str", 4, 2, 1},
+ {"setvirusname", 4, 2, 1},
+ {"debug_print_str", 4, 3, 1},
{"debug_print_uint", 3, 2, 0}
/* Bytecode APIcalls END */
};
@@ -64,6 +66,7 @@ const cli_apicall_int2 cli_apicalls0[] = {
const cli_apicall_pointer cli_apicalls1[] = {
(cli_apicall_pointer)cli_bcapi_test0,
(cli_apicall_pointer)cli_bcapi_read,
+ (cli_apicall_pointer)cli_bcapi_setvirusname,
(cli_apicall_pointer)cli_bcapi_debug_print_str
};
const unsigned cli_apicall_maxapi = sizeof(cli_apicalls)/sizeof(cli_apicalls[0]);
diff --git a/libclamav/bytecode_api_impl.h b/libclamav/bytecode_api_impl.h
index c9cca91..6c6df57 100644
--- a/libclamav/bytecode_api_impl.h
+++ b/libclamav/bytecode_api_impl.h
@@ -25,5 +25,8 @@ uint32_t cli_bcapi_test1(struct cli_bc_ctx *, uint32_t, uint32_t);
int32_t cli_bcapi_read(struct cli_bc_ctx*, uint8_t *data, int32_t size);
int32_t cli_bcapi_seek(struct cli_bc_ctx*, int32_t pos, uint32_t whence);
+
+uint32_t cli_bcapi_setvirusname(struct cli_bc_ctx*, const uint8_t *name, uint32_t len);
+
uint32_t cli_bcapi_debug_print_str(struct cli_bc_ctx *ctx, const uint8_t*, uint32_t);
uint32_t cli_bcapi_debug_print_uint(struct cli_bc_ctx *ctx, uint32_t, uint32_t);
diff --git a/libclamav/bytecode_priv.h b/libclamav/bytecode_priv.h
index 285b65c..63409a0 100644
--- a/libclamav/bytecode_priv.h
+++ b/libclamav/bytecode_priv.h
@@ -99,6 +99,7 @@ struct cli_bc_ctx {
off_t off;
int fd;
const uint32_t *lsigcnt;
+ const char *virname;
};
struct cli_all_bc;
int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct cli_bc_func *func, const struct cli_bc_inst *inst);
diff --git a/libclamav/c++/Makefile.am b/libclamav/c++/Makefile.am
index c7a7747..ccd1996 100644
--- a/libclamav/c++/Makefile.am
+++ b/libclamav/c++/Makefile.am
@@ -13,7 +13,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# MA 02110-1301, USA.
-AM_CPPFLAGS = -I$(top_srcdir)/../.. -I$(top_srcdir)/..
+AM_CPPFLAGS = -I$(top_srcdir)/../.. -I$(top_srcdir)/.. -I$(top_builddir)/../../
ACLOCAL_AMFLAGS=-I m4
if DEBUG_BUILD
LLVM_CONFIG=llvm/Debug/bin/llvm-config
diff --git a/libclamav/c++/Makefile.in b/libclamav/c++/Makefile.in
index f3eb9bf..2346f9e 100644
--- a/libclamav/c++/Makefile.in
+++ b/libclamav/c++/Makefile.in
@@ -933,7 +933,7 @@ target_vendor = @target_vendor@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
-AM_CPPFLAGS = -I$(top_srcdir)/../.. -I$(top_srcdir)/..
+AM_CPPFLAGS = -I$(top_srcdir)/../.. -I$(top_srcdir)/.. -I$(top_builddir)/../../
ACLOCAL_AMFLAGS = -I m4
@DEBUG_BUILD_FALSE at LLVM_CONFIG = llvm/Release/bin/llvm-config
@DEBUG_BUILD_TRUE at LLVM_CONFIG = llvm/Debug/bin/llvm-config
diff --git a/libclamav/c++/bytecode2llvm.cpp b/libclamav/c++/bytecode2llvm.cpp
index 786680c..38630e9 100644
--- a/libclamav/c++/bytecode2llvm.cpp
+++ b/libclamav/c++/bytecode2llvm.cpp
@@ -57,6 +57,15 @@
#ifndef LLVM_MULTITHREADED
#error "Multithreading support must be available to LLVM!"
#endif
+
+#ifdef HAVE_CONFIG_H
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+#include "clamav-config.h"
+#endif
#include "clamav.h"
#include "clambc.h"
#include "bytecode_priv.h"
@@ -344,7 +353,6 @@ public:
{}
bool generate() {
- PrettyStackTraceString Trace(BytecodeID.str().c_str());
TypeMap = new LLVMTypeMapper(Context, bc->types + 4, bc->num_types - 5);
FunctionType *FTy = FunctionType::get(Type::getVoidTy(Context),
@@ -602,6 +610,9 @@ public:
case OP_BC_RET:
Builder.CreateRet(Op0);
break;
+ case OP_BC_RET_VOID:
+ Builder.CreateRetVoid();
+ break;
case OP_BC_ICMP_EQ:
Store(inst->dest, Builder.CreateICmpEQ(Op0, Op1));
break;
@@ -651,7 +662,8 @@ public:
}
CallInst *CI = Builder.CreateCall(DestF, args.begin(), args.end());
CI->setCallingConv(CallingConv::Fast);
- Store(inst->dest, CI);
+ if (CI->getType()->getTypeID() != Type::VoidTyID)
+ Store(inst->dest, CI);
break;
}
case OP_BC_CALL_API:
@@ -904,6 +916,8 @@ int bytecode_init(void)
llvm_install_error_handler(llvm_error_handler);
#ifdef CL_DEBUG
sys::PrintStackTraceOnErrorSignal();
+#else
+ llvm::DisablePrettyStackTrace = true;
#endif
atexit(do_shutdown);
diff --git a/libclamav/matcher.c b/libclamav/matcher.c
index e4e83b2..3d09fa4 100644
--- a/libclamav/matcher.c
+++ b/libclamav/matcher.c
@@ -318,7 +318,7 @@ int cli_checkfp(int fd, cli_ctx *ctx)
int cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli_matched_type **ftoffset, unsigned int acmode)
{
- unsigned char *buffer, *buff, *endbl, *upt;
+ unsigned char *buffer, *buff, *endbl, *upt;
int ret = CL_CLEAN, type = CL_CLEAN, bytes;
unsigned int i, evalcnt;
uint32_t buffersize, length, maxpatlen, shift = 0, offset = 0;
@@ -459,10 +459,16 @@ int cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struc
evalcnt = 0;
evalids = 0;
if(cli_ac_chklsig(troot->ac_lsigtable[i]->logic, troot->ac_lsigtable[i]->logic + strlen(troot->ac_lsigtable[i]->logic), tdata.lsigcnt[i], &evalcnt, &evalids, 0) == 1) {
- if(ctx->virname)
- *ctx->virname = troot->ac_lsigtable[i]->virname;
- ret = CL_VIRUS;
- break;
+ if (!troot->ac_lsigtable[i]->bc) {
+ if(ctx->virname)
+ *ctx->virname = troot->ac_lsigtable[i]->virname;
+ ret = CL_VIRUS;
+ break;
+ }
+ if (cli_bytecode_runlsig(&ctx->engine->bcs, troot->ac_lsigtable[i]->bc, ctx->virname, tdata.lsigcnt[i], desc) == CL_VIRUS) {
+ ret = CL_VIRUS;
+ break;
+ }
}
}
cli_ac_freedata(&tdata);
@@ -473,10 +479,16 @@ int cli_scandesc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struc
evalcnt = 0;
evalids = 0;
if(cli_ac_chklsig(groot->ac_lsigtable[i]->logic, groot->ac_lsigtable[i]->logic + strlen(groot->ac_lsigtable[i]->logic), gdata.lsigcnt[i], &evalcnt, &evalids, 0) == 1) {
- if(ctx->virname)
- *ctx->virname = groot->ac_lsigtable[i]->virname;
- ret = CL_VIRUS;
- break;
+ if (!groot->ac_lsigtable[i]->bc) {
+ if(ctx->virname)
+ *ctx->virname = groot->ac_lsigtable[i]->virname;
+ ret = CL_VIRUS;
+ break;
+ }
+ if (cli_bytecode_runlsig(&ctx->engine->bcs, groot->ac_lsigtable[i]->bc, ctx->virname, gdata.lsigcnt[i], desc) == CL_VIRUS) {
+ ret = CL_VIRUS;
+ break;
+ }
}
}
cli_ac_freedata(&gdata);
diff --git a/libclamav/readdb.c b/libclamav/readdb.c
index e41914a..94581be 100644
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@@ -882,6 +882,16 @@ static int load_oneldb(char *buffer, int chkpua, int chkign, struct cl_engine *e
cli_errmsg("cli_loadldb: Broken logical expression or too many subsignatures\n");
return CL_EMALFDB;
}
+ if (!line) {
+ /* This is a logical signature from the bytecode, we need all
+ * subsignatures, even if not referenced from the logical expression */
+ if (subsigs > tokens_count-3) {
+ cli_errmsg("load_oneldb: Too many subsignatures: %u (max %u)\n",
+ subsigs, tokens_count-3);
+ return CL_EMALFDB;
+ }
+ subsigs = tokens_count-3;
+ }
/* TDB */
memset(&tdb, 0, sizeof(tdb));
@@ -937,7 +947,7 @@ static int load_oneldb(char *buffer, int chkpua, int chkign, struct cl_engine *e
root->ac_lsigtable = newtable;
for(i = 0; i < subsigs; i++) {
- if(i >= tokens_count) {
+ if(i+3 >= tokens_count) {
cli_errmsg("cli_loadldb: Missing subsignature id %u\n", i);
return CL_EMALFDB;
}
diff --git a/unit_tests/input/lsig.cbc b/unit_tests/input/lsig.cbc
index 55d5a18..cb08a87 100644
--- a/unit_tests/input/lsig.cbc
+++ b/unit_tests/input/lsig.cbc
@@ -1,7 +1,11 @@
-ClamBCaa`|`````|`aoaap`clamcoincidencejb
+ClamBCaa`|`````|`bbaabp`clamcoincidencejb
L;Target:0;((0|1|2)=42,2);aabb;ffffffff;aaccee;f00d
-Tedebndebmdebldebkdebadebcddadb`bdagahdaiahdaeah
-E``
-GalbndBafBafBbfBbf@`bmdBffBffBffBffBffBffBffBff@`bndBffB`cB`cBdf@`bldBafBafBcfBcfBefBef@`bad@@`bad at Aa`bad at Ab`bad at Ac`bcdAcD```h`bcdAbD```h`bcd at D```h`bcdAaD```h`
-A`b`bLacb`baab`bFadaa
-Bb`b`gbAh`aaaaeab`b`Abdb`bab`aaaTcab`babE
+Tedebaeeb`eebodebndebmdebadebcdacb`bbadb`bdadb`bdakahdagahdaiahdaeah
+Eaeaaaebld|amcgefdgfgifbgegcgnfafmfef``
+GanbaeBafBafBbfBbf@`b`eBffBffBffBffBffBffBffBff@`baeBffB`cB`cBdf@`bodBafBafBcfBcfBefBef@`bndBdeBbgBofBjfBafBnfBnbBfdBodBod@`bad@@`bad at Aa`bad at Ab`bad at Ac`bad at Ad`bcdAcD```h`bcdAbD```h`bcd at D```h`bcdAaD```h`
+A`b`bLacb`baa`Fafac
+Bb`b`gbAj`aaaaeab`b`AbdTaaaaaaab
+B```b`abTcab`b at d
+BTcab`b at dE
+A``Laab`bFabaa
+Bb`b`abbaeAi`@dTdaE
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list