[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b

aCaB acab at clamav.net
Sun Apr 4 01:11:58 UTC 2010 

The following commit has been merged in the debian/unstable branch:
commit 419e2be44d39c5933d64fd89926708ad44068b83
Author: aCaB <acab at clamav.net>
Date:   Fri Dec 11 23:04:18 2009 +0100

    icon scan interface rework

diff --git a/libclamav/others.h b/libclamav/others.h
index 22d1063..9d6eede 100644
--- a/libclamav/others.h
+++ b/libclamav/others.h
@@ -115,8 +115,11 @@ typedef struct {
     fmap_t **fmap;
 } cli_ctx;
 
+
+typedef struct {uint64_t v[2][4];} icon_groupset;
+
 struct icomtr {
-    uint32_t group[2];
+    unsigned int group[2];
     unsigned int color_avg[3];
     unsigned int color_x[3];
     unsigned int color_y[3];
diff --git a/libclamav/pe.c b/libclamav/pe.c
index 7289287..0805dd6 100644
--- a/libclamav/pe.c
+++ b/libclamav/pe.c
@@ -471,7 +471,7 @@ static void cli_parseres_special(uint32_t base, uint32_t rva, fmap_t *map, struc
     fmap_unneed_ptr(map, oentry, entries*8);
 }
 
-int cli_scanpe(cli_ctx *ctx, unsigned int *icongrps1, unsigned int *icongrps2)
+int cli_scanpe(cli_ctx *ctx, icon_groupset *iconset)
 {
 	uint16_t e_magic; /* DOS signature ("MZ") */
 	uint16_t nsections;
@@ -1043,8 +1043,8 @@ int cli_scanpe(cli_ctx *ctx, unsigned int *icongrps1, unsigned int *icongrps2)
 
     cli_dbgmsg("EntryPoint offset: 0x%x (%d)\n", ep, ep);
 
-    if(icongrps1 || icongrps2){
-	if(!dll && dirs[2].Size && scanicon(icongrps1, icongrps2, EC32(dirs[2].VirtualAddress), ctx, exe_sections, nsections, hdr_size) == CL_VIRUS) {
+    if(iconset){
+	if(!dll && dirs[2].Size && cli_scanicon(iconset, EC32(dirs[2].VirtualAddress), ctx, exe_sections, nsections, hdr_size) == CL_VIRUS) {
 	    free(exe_sections);
 	    return CL_VIRUS;
 	}
diff --git a/libclamav/pe.h b/libclamav/pe.h
index 406b9b7..774d755 100644
--- a/libclamav/pe.h
+++ b/libclamav/pe.h
@@ -150,7 +150,7 @@ struct cli_pe_hook_data {
     uint8_t *dummy EBOUNDS(dummyn);
 };
 
-int cli_scanpe(cli_ctx *ctx, unsigned int *icongrp1, unsigned int *icongrp2);
+int cli_scanpe(cli_ctx *ctx, icon_groupset *set);
 
 int cli_peheader(fmap_t *map, struct cli_exe_info *peinfo);
 
diff --git a/libclamav/pe_icons.c b/libclamav/pe_icons.c
index f35506b..73c71a2 100644
--- a/libclamav/pe_icons.c
+++ b/libclamav/pe_icons.c
@@ -74,9 +74,9 @@ static int icon_cb(void *ptr, uint32_t type, uint32_t name, uint32_t lang, uint3
 }
 
 
-static int parseicon(unsigned int *grp1, unsigned int *grp2, uint32_t rva, cli_ctx *ctx, struct cli_exe_section *exe_sections, uint16_t nsections, uint32_t hdr_size);
+static int parseicon(icon_groupset *set, uint32_t rva, cli_ctx *ctx, struct cli_exe_section *exe_sections, uint16_t nsections, uint32_t hdr_size);
 
-int scanicon(unsigned int *grp1, unsigned int *grp2, uint32_t resdir_rva, cli_ctx *ctx, struct cli_exe_section *exe_sections, uint16_t nsections, uint32_t hdr_size) {
+int cli_scanicon(icon_groupset *set, uint32_t resdir_rva, cli_ctx *ctx, struct cli_exe_section *exe_sections, uint16_t nsections, uint32_t hdr_size) {
     struct GICONS gicons;
     struct ICONS icons;
     unsigned int curicon, err;
@@ -122,7 +122,7 @@ int scanicon(unsigned int *grp1, unsigned int *grp2, uint32_t resdir_rva, cli_ct
     }
 
     for(curicon=0; curicon<icons.cnt; curicon++) {
-	if(parseicon(grp1, grp2, icons.rvas[curicon], ctx, exe_sections, nsections, hdr_size) == CL_VIRUS)
+	if(parseicon(set, icons.rvas[curicon], ctx, exe_sections, nsections, hdr_size) == CL_VIRUS)
 	    return CL_VIRUS;
     }
     return 0;
@@ -1153,7 +1153,7 @@ static int getmetrics(unsigned int side, unsigned int *imagedata, struct icomtr
 }
 
 
-static int parseicon(unsigned int *grp1, unsigned int *grp2, uint32_t rva, cli_ctx *ctx, struct cli_exe_section *exe_sections, uint16_t nsections, uint32_t hdr_size) {
+static int parseicon(icon_groupset *set, uint32_t rva, cli_ctx *ctx, struct cli_exe_section *exe_sections, uint16_t nsections, uint32_t hdr_size) {
     struct {
 	unsigned int sz;
 	unsigned int w;
@@ -1415,19 +1415,15 @@ static int parseicon(unsigned int *grp1, unsigned int *grp2, uint32_t rva, cli_c
 	unsigned int colors, confidence, bwmatch = 0, positivematch = 64 + 4*(2-enginesize);
 	unsigned int i, j;
 
-	if(grp1) {
-	    unsigned int *g1 = grp1;
-	    while(*g1 && *g1 != matcher->icons[enginesize][x].group[0]+1)
-		g1++;
-	    if(!*g1) continue;
-	}
-	if(grp2) {
-	    unsigned int *g2 = grp2;
-	    while(*g2 && *g2 != matcher->icons[enginesize][x].group[1]+1)
-		g2++;
-	    if(!*g2) continue;
-	}
-
+	i = matcher->icons[enginesize][x].group[0];
+	j = i % 64;
+	i /= 64;
+	if(!(set->v[0][i] & (1<<j))) continue;
+	i = matcher->icons[enginesize][x].group[1];
+	j = i % 64;
+	i /= 64;
+	if(!(set->v[1][i] & (1<<j))) continue;
+	
 	if(!metrics.ccount && !matcher->icons[enginesize][x].ccount) {
 	    /* BW matching */
 	    edge = matchbwpoint(width, metrics.edge_x, metrics.edge_y, metrics.edge_avg, metrics.color_x, metrics.color_y, metrics.color_avg, matcher->icons[enginesize][x].edge_x, matcher->icons[enginesize][x].edge_y, matcher->icons[enginesize][x].edge_avg, matcher->icons[enginesize][x].color_x, matcher->icons[enginesize][x].color_y, matcher->icons[enginesize][x].color_avg);
@@ -1495,23 +1491,34 @@ static int parseicon(unsigned int *grp1, unsigned int *grp2, uint32_t rva, cli_c
 }
 
 
-int cli_match_icon(cli_ctx *ctx, unsigned int *icongrp1, unsigned int *icongrp2) {
+int cli_match_icon(icon_groupset *set, cli_ctx *ctx) {
     if(!ctx || !ctx->engine || !ctx->engine->iconcheck || !ctx->engine->iconcheck->group_counts[0] || !ctx->engine->iconcheck->group_counts[1])
 	return CL_CLEAN;
-    return cli_scanpe(ctx, icongrp1, icongrp2);
+    return cli_scanpe(ctx, set);
 }
 
-int cli_icon_getgroup(const char *group, unsigned int type, cli_ctx *ctx) {
+void cli_icongroupset_add(const char *groupname, icon_groupset *set, unsigned int type, cli_ctx *ctx) {
     struct icon_matcher *matcher;
-    unsigned int i;
+    unsigned int i, j;
 
-    if(type>1 || !ctx || !ctx->engine || !ctx->engine->iconcheck || !ctx->engine->iconcheck->group_counts[type])
-	return 0;
+    if(type>1 || !ctx || !ctx->engine || !(matcher = ctx->engine->iconcheck) || !matcher->group_counts[type])
+	return;
 
-    matcher = ctx->engine->iconcheck;
-    for(i=0; i<matcher->group_counts[type]; i++) {
-	if(!strcmp(group, matcher->group_names[type][i]))
-	    return i+1;
+    j = matcher->group_counts[type];
+    if(groupname[0] == '*' && !groupname[1]) {
+	set->v[type][0] = set->v[type][1] = set->v[type][2] = set->v[type][3] = ~0;
+	return;
+    }
+    for(i=0; i<j; i++) {
+	if(!strcmp(groupname, matcher->group_names[type][i]))
+	    break;
+    }
+    if(i == j)
+	cli_dbgmsg("cli_icon_addgroup: failed to locate icon group%u %s\n", type, groupname);
+    else {
+	j = i % 64;
+	i /= 64;
+	set->v[type][i] |= 1<<j;
     }
-    return 0;
 }
+
diff --git a/libclamav/pe_icons.h b/libclamav/pe_icons.h
index 1bcebfd..5e6e3ee 100644
--- a/libclamav/pe_icons.h
+++ b/libclamav/pe_icons.h
@@ -22,7 +22,20 @@
 #define __PE_ICONS_H
 #include "pe.h"
 
-int scanicon(unsigned int *icongrp1, unsigned int *icongrp2, uint32_t resdir_rva, cli_ctx *ctx, struct cli_exe_section *exe_sections, uint16_t nsections, uint32_t hdr_size);
-int cli_match_icon(cli_ctx *ctx, unsigned int *icongrp1, unsigned int *icongrp2);
-int cli_icon_getgroup(const char *group, unsigned int type, cli_ctx *ctx);
+int cli_scanicon(icon_groupset *set, uint32_t resdir_rva, cli_ctx *ctx, struct cli_exe_section *exe_sections, uint16_t nsections, uint32_t hdr_size);
+int cli_match_icon(icon_groupset *set, cli_ctx *ctx);
+
+void cli_icongroupset_add(const char *groupname, icon_groupset *set, unsigned int type, cli_ctx *ctx);
+static inline void cli_icongroupset_init(icon_groupset *set) {
+    set->v[0][0] = 0;
+    set->v[0][1] = 0;
+    set->v[0][2] = 0;
+    set->v[0][3] = 0;
+    set->v[1][0] = 0;
+    set->v[1][1] = 0;
+    set->v[1][2] = 0;
+    set->v[1][3] = 0;
+}
+
+
 #endif
diff --git a/libclamav/readdb.c b/libclamav/readdb.c
index 6d88aaf..13ca45e 100644
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@@ -554,11 +554,13 @@ static int cli_loadidb(FILE *fs, struct cl_engine *engine, unsigned int *signo,
 
 	tokens_count = cli_strtokenize(buffer, ':', ICO_TOKENS + 1, tokens);
 	if(tokens_count != ICO_TOKENS) {
+	    cli_errmsg("cli_loadidb: Malformed hash at line %u (wrong token count)\n", line);
 	    ret = CL_EMALFDB;
 	    break;
 	}
 
 	if(strlen(tokens[3]) != 124) {
+	    cli_errmsg("cli_loadidb: Malformed hash at line %u (wrong length)\n", line);
 	    ret = CL_EMALFDB;
 	    break;
 	}
@@ -713,13 +715,19 @@ static int cli_loadidb(FILE *fs, struct cl_engine *engine, unsigned int *signo,
 	if(i==matcher->group_counts[1]) {
 	    if(!(matcher->group_names[1] = mpool_realloc(engine->mempool, matcher->group_names[1], sizeof(char *) * (i + 1))) ||
 	       !(matcher->group_names[1][i] = cli_mpool_strdup(engine->mempool, tokens[2]))) {
-		ret = CL_EMALFDB;
+		ret = CL_EMEM;
 		break;
 	    }
 	    matcher->group_counts[1]++;
 	}
 	metric->group[1] = i;
 
+	if(matcher->group_counts[0] > 256 || matcher->group_counts[1] > 256) {
+	    cli_errmsg("cli_loadidb: too many icon groups!\n");
+	    ret = CL_EMALFDB;
+	    break;
+	}
+
 	sigs++;
     }
     if(engine->ignored)
diff --git a/libclamav/scanners.c b/libclamav/scanners.c
index e381e6a..7c68204 100644
--- a/libclamav/scanners.c
+++ b/libclamav/scanners.c
@@ -2148,7 +2148,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)
 	 */
 	case CL_TYPE_MSEXE:
 	    if(SCAN_PE && ctx->dconf->pe)
-		ret = cli_scanpe(ctx, NULL, NULL);
+		ret = cli_scanpe(ctx, NULL);
 	    break;
 
 	default:

-- 
Debian repository for ClamAV

More information about the Pkg-clamav-commits mailing list