[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
aCaB
acab at clamav.net
Sun Apr 4 01:06:24 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit f4363389c50a5fb99429ad63aacad0655fb2ed56
Author: aCaB <acab at clamav.net>
Date: Thu Oct 1 17:56:35 2009 +0200
macho to fmap
diff --git a/libclamav/macho.c b/libclamav/macho.c
index 3e5e1d8..218ef6f 100644
--- a/libclamav/macho.c
+++ b/libclamav/macho.c
@@ -176,7 +176,7 @@ struct macho_fat_arch
if(DETECT_BROKEN) { \
if(ctx->virname) \
*ctx->virname = "Broken.Executable"; \
- return cli_checkfp(fd, ctx) ? CL_CLEAN : CL_VIRUS; \
+ return cli_checkfp(map->fd, ctx) ? CL_CLEAN : CL_VIRUS; \
} \
return CL_EFORMAT
@@ -201,7 +201,7 @@ static uint32_t cli_rawaddr(uint32_t vaddr, struct cli_exe_section *sects, uint1
return vaddr - sects[i].rva + sects[i].raw;
}
-int cli_scanmacho(int fd, cli_ctx *ctx, struct cli_exe_info *fileinfo)
+int cli_scanmacho(cli_ctx *ctx, struct cli_exe_info *fileinfo)
{
struct macho_hdr hdr;
struct macho_load_cmd load_cmd;
@@ -213,14 +213,17 @@ int cli_scanmacho(int fd, cli_ctx *ctx, struct cli_exe_info *fileinfo)
unsigned int arch = 0, ep = 0, err;
struct cli_exe_section *sections = NULL;
char name[16];
+ struct F_MAP *map = *ctx->fmap;
+ ssize_t at;
if(fileinfo)
matcher = 1;
- if(read(fd, &hdr, sizeof(hdr)) != sizeof(hdr)) {
+ if(fmap_readn(map, &hdr, 0, sizeof(hdr)) != sizeof(hdr)) {
cli_dbgmsg("cli_scanmacho: Can't read header\n");
return matcher ? -1 : CL_EFORMAT;
}
+ at = sizeof(hdr);
if(hdr.magic == 0xfeedface) {
conv = 0;
@@ -311,7 +314,7 @@ int cli_scanmacho(int fd, cli_ctx *ctx, struct cli_exe_info *fileinfo)
}
if(m64)
- lseek(fd, 4, SEEK_CUR);
+ at += 4;
hdr.ncmds = EC32(hdr.ncmds, conv);
if(!hdr.ncmds || hdr.ncmds > 1024) {
@@ -320,11 +323,12 @@ int cli_scanmacho(int fd, cli_ctx *ctx, struct cli_exe_info *fileinfo)
}
for(i = 0; i < hdr.ncmds; i++) {
- if(read(fd, &load_cmd, sizeof(load_cmd)) != sizeof(load_cmd)) {
+ if(fmap_readn(map, &load_cmd, at, sizeof(load_cmd)) != sizeof(load_cmd)) {
cli_dbgmsg("cli_scanmacho: Can't read load command\n");
free(sections);
RETURN_BROKEN;
}
+ at += sizeof(load_cmd);
/*
if((m64 && EC32(load_cmd.cmdsize, conv) % 8) || (!m64 && EC32(load_cmd.cmdsize, conv) % 4)) {
cli_dbgmsg("cli_scanmacho: Invalid command size (%u)\n", EC32(load_cmd.cmdsize, conv));
@@ -335,19 +339,21 @@ int cli_scanmacho(int fd, cli_ctx *ctx, struct cli_exe_info *fileinfo)
load_cmd.cmd = EC32(load_cmd.cmd, conv);
if((m64 && load_cmd.cmd == 0x19) || (!m64 && load_cmd.cmd == 0x01)) { /* LC_SEGMENT */
if(m64) {
- if(read(fd, &segment_cmd64, sizeof(segment_cmd64)) != sizeof(segment_cmd64)) {
+ if(fmap_readn(map, &segment_cmd64, at, sizeof(segment_cmd64)) != sizeof(segment_cmd64)) {
cli_dbgmsg("cli_scanmacho: Can't read segment command\n");
free(sections);
RETURN_BROKEN;
}
+ at += sizeof(segment_cmd64);
nsects = EC32(segment_cmd64.nsects, conv);
strncpy(name, segment_cmd64.segname, 16);
} else {
- if(read(fd, &segment_cmd, sizeof(segment_cmd)) != sizeof(segment_cmd)) {
+ if(fmap_readn(map, &segment_cmd, at, sizeof(segment_cmd)) != sizeof(segment_cmd)) {
cli_dbgmsg("cli_scanmacho: Can't read segment command\n");
free(sections);
RETURN_BROKEN;
}
+ at += sizeof(segment_cmd);
nsects = EC32(segment_cmd.nsects, conv);
strncpy(name, segment_cmd.segname, 16);
}
@@ -374,11 +380,12 @@ int cli_scanmacho(int fd, cli_ctx *ctx, struct cli_exe_info *fileinfo)
for(j = 0; j < nsects; j++) {
if(m64) {
- if(read(fd, §ion64, sizeof(section64)) != sizeof(section64)) {
+ if(fmap_readn(map, §ion64, at, sizeof(section64)) != sizeof(section64)) {
cli_dbgmsg("cli_scanmacho: Can't read section\n");
free(sections);
RETURN_BROKEN;
}
+ at += sizeof(section64);
sections[sect].rva = EC64(section64.addr, conv);
sections[sect].vsz = EC64(section64.size, conv);
sections[sect].raw = EC32(section64.offset, conv);
@@ -386,11 +393,12 @@ int cli_scanmacho(int fd, cli_ctx *ctx, struct cli_exe_info *fileinfo)
sections[sect].rsz = sections[sect].vsz + (section64.align - (sections[sect].vsz % section64.align)) % section64.align; /* most likely we can assume it's the same as .vsz */
strncpy(name, section64.sectname, 16);
} else {
- if(read(fd, §ion, sizeof(section)) != sizeof(section)) {
+ if(fmap_readn(map, §ion, at, sizeof(section)) != sizeof(section)) {
cli_dbgmsg("cli_scanmacho: Can't read section\n");
free(sections);
RETURN_BROKEN;
}
+ at += sizeof(section);
sections[sect].rva = EC32(section.addr, conv);
sections[sect].vsz = EC32(section.size, conv);
sections[sect].raw = EC32(section.offset, conv);
@@ -414,17 +422,18 @@ int cli_scanmacho(int fd, cli_ctx *ctx, struct cli_exe_info *fileinfo)
cli_dbgmsg("MACHO: ------------------\n");
} else if(arch && (load_cmd.cmd == 0x4 || load_cmd.cmd == 0x5)) { /* LC_(UNIX)THREAD */
- lseek(fd, 8, SEEK_CUR);
+ at += 8;
switch(arch) {
case 1: /* x86 */
{
struct macho_thread_state_x86 thread_state_x86;
- if(read(fd, &thread_state_x86, sizeof(thread_state_x86)) != sizeof(thread_state_x86)) {
+ if(fmap_readn(map, &thread_state_x86, at, sizeof(thread_state_x86)) != sizeof(thread_state_x86)) {
cli_dbgmsg("cli_scanmacho: Can't read thread_state_x86\n");
free(sections);
RETURN_BROKEN;
}
+ at += sizeof(thread_state_x86);
break;
}
@@ -432,11 +441,12 @@ int cli_scanmacho(int fd, cli_ctx *ctx, struct cli_exe_info *fileinfo)
{
struct macho_thread_state_ppc thread_state_ppc;
- if(read(fd, &thread_state_ppc, sizeof(thread_state_ppc)) != sizeof(thread_state_ppc)) {
+ if(fmap_readn(map, &thread_state_ppc, at, sizeof(thread_state_ppc)) != sizeof(thread_state_ppc)) {
cli_dbgmsg("cli_scanmacho: Can't read thread_state_ppc\n");
free(sections);
RETURN_BROKEN;
}
+ at += sizeof(thread_state_ppc);
ep = EC32(thread_state_ppc.srr0, conv);
break;
}
@@ -445,11 +455,12 @@ int cli_scanmacho(int fd, cli_ctx *ctx, struct cli_exe_info *fileinfo)
{
struct macho_thread_state_ppc64 thread_state_ppc64;
- if(read(fd, &thread_state_ppc64, sizeof(thread_state_ppc64)) != sizeof(thread_state_ppc64)) {
+ if(fmap_readn(map, &thread_state_ppc64, at, sizeof(thread_state_ppc64)) != sizeof(thread_state_ppc64)) {
cli_dbgmsg("cli_scanmacho: Can't read thread_state_ppc64\n");
free(sections);
RETURN_BROKEN;
}
+ at += sizeof(thread_state_ppc64);
ep = EC64(thread_state_ppc64.srr0, conv);
break;
}
@@ -460,7 +471,7 @@ int cli_scanmacho(int fd, cli_ctx *ctx, struct cli_exe_info *fileinfo)
}
} else {
if(EC32(load_cmd.cmdsize, conv) > sizeof(load_cmd))
- lseek(fd, EC32(load_cmd.cmdsize, conv) - sizeof(load_cmd), SEEK_CUR);
+ at += EC32(load_cmd.cmdsize, conv) - sizeof(load_cmd);
}
}
@@ -492,10 +503,12 @@ int cli_scanmacho(int fd, cli_ctx *ctx, struct cli_exe_info *fileinfo)
int cli_machoheader(struct F_MAP *map, struct cli_exe_info *fileinfo)
{
- return cli_scanmacho(map->fd, NULL, fileinfo);
+ cli_ctx ctx;
+ ctx.fmap = ↦
+ return cli_scanmacho(&ctx, fileinfo);
}
-int cli_scanmacho_unibin(int fd, cli_ctx *ctx)
+int cli_scanmacho_unibin(cli_ctx *ctx)
{
struct macho_fat_header fat_header;
struct macho_fat_arch fat_arch;
@@ -503,16 +516,14 @@ int cli_scanmacho_unibin(int fd, cli_ctx *ctx)
int ret = CL_CLEAN;
struct stat sb;
off_t pos;
+ struct F_MAP *map = *ctx->fmap;
+ ssize_t at;
- if(fstat(fd, &sb) == -1) {
- cli_dbgmsg("cli_scanmacho_unibin: fstat failed for fd %d\n", fd);
- return CL_ESTAT;
- }
-
- if(read(fd, &fat_header, sizeof(fat_header)) != sizeof(fat_header)) {
+ if(fmap_readn(map, &fat_header, 0, sizeof(fat_header)) != sizeof(fat_header)) {
cli_dbgmsg("cli_scanmacho_unibin: Can't read fat_header\n");
return CL_EFORMAT;
}
+ at = sizeof(fat_header);
if(fat_header.magic == 0xcafebabe) {
conv = 0;
@@ -533,18 +544,17 @@ int cli_scanmacho_unibin(int fd, cli_ctx *ctx)
}
cli_dbgmsg("UNIBIN: Number of architectures: %u\n", (unsigned int) fat_header.nfats);
for(i = 0; i < fat_header.nfats; i++) {
- if(read(fd, &fat_arch, sizeof(fat_arch)) != sizeof(fat_arch)) {
+ if(fmap_readn(map, &fat_arch, at, sizeof(fat_arch)) != sizeof(fat_arch)) {
cli_dbgmsg("cli_scanmacho_unibin: Can't read fat_arch\n");
RETURN_BROKEN;
}
- pos = lseek(fd, 0, SEEK_CUR);
+ at += sizeof(fat_arch);
fat_arch.offset = EC32(fat_arch.offset, conv);
fat_arch.size = EC32(fat_arch.size, conv);
cli_dbgmsg("UNIBIN: Binary %u of %u\n", i + 1, fat_header.nfats);
cli_dbgmsg("UNIBIN: File offset: %u\n", fat_arch.offset);
cli_dbgmsg("UNIBIN: File size: %u\n", fat_arch.size);
- ret = cli_dumpscan(fd, fat_arch.offset, fat_arch.size, ctx);
- lseek(fd, pos, SEEK_SET);
+ ret = cli_dumpscan(map->fd, fat_arch.offset, fat_arch.size, ctx);
if(ret == CL_VIRUS)
break;
}
diff --git a/libclamav/macho.h b/libclamav/macho.h
index c80a26f..edf44f0 100644
--- a/libclamav/macho.h
+++ b/libclamav/macho.h
@@ -25,8 +25,8 @@
#include "execs.h"
#include "fmap.h"
-int cli_scanmacho(int fd, cli_ctx *ctx, struct cli_exe_info *fileinfo);
+int cli_scanmacho(cli_ctx *ctx, struct cli_exe_info *fileinfo);
int cli_machoheader(struct F_MAP *map, struct cli_exe_info *fileinfo);
-int cli_scanmacho_unibin(int fd, cli_ctx *ctx);
+int cli_scanmacho_unibin(cli_ctx *ctx);
#endif
diff --git a/libclamav/scanners.c b/libclamav/scanners.c
index 22c1158..8dd6f49 100644
--- a/libclamav/scanners.c
+++ b/libclamav/scanners.c
@@ -2075,12 +2075,12 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
case CL_TYPE_MACHO:
if(ctx->dconf->macho)
- ret = cli_scanmacho(desc, ctx, NULL);
+ ret = cli_scanmacho(ctx, NULL);
break;
case CL_TYPE_MACHO_UNIBIN:
if(ctx->dconf->macho)
- ret = cli_scanmacho_unibin(desc, ctx);
+ ret = cli_scanmacho_unibin(ctx);
break;
case CL_TYPE_SIS:
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list