static int ooxml_updatelimits(int fd, cli_ctx *ctx) { STATBUF sb; if (FSTAT(fd, &sb) == -1) { cli_errmsg("ooxml_updatelimits: Can't fstat descriptor %d\n", fd); return CL_ESTAT; } return cli_updatelimits(ctx, sb.st_size); }
int fileblobAddData(fileblob *fb, const unsigned char *data, size_t len) { if(len == 0) return 0; assert(data != NULL); if(fb->fp) { #if defined(MAX_SCAN_SIZE) && (MAX_SCAN_SIZE > 0) const cli_ctx *ctx = fb->ctx; if(fb->isInfected) /* pretend all was written */ return 0; if(ctx) { int do_scan = 1; if(cli_checklimits("fileblobAddData", ctx, fb->bytes_scanned, 0, 0)!=CL_CLEAN) do_scan = 0; if(fb->bytes_scanned > MAX_SCAN_SIZE) do_scan = 0; if(do_scan) { if(ctx->scanned) *ctx->scanned += (unsigned long)len / CL_COUNT_PRECISION; fb->bytes_scanned += (unsigned long)len; if((len > 5) && cli_updatelimits(ctx, len)==CL_CLEAN && (cli_scanbuff(data, (unsigned int)len, 0, ctx->virname, ctx->engine, CL_TYPE_BINARY_DATA, NULL) == CL_VIRUS)) { cli_dbgmsg("fileblobAddData: found %s\n", cli_get_last_virus_str(ctx->virname)); fb->isInfected = 1; } } } #endif if(fwrite(data, len, 1, fb->fp) != 1) { cli_errmsg("fileblobAddData: Can't write %lu bytes to temporary file %s\n", (unsigned long)len, fb->b.name); return -1; } fb->isNotEmpty = 1; return 0; } return blobAddData(&(fb->b), data, len); }
int32_t cli_bcapi_extract_new(struct cli_bc_ctx *ctx, int32_t id) { cli_ctx *cctx; int res = -1; cli_event_count(EV, BCEV_EXTRACTED); cli_dbgmsg("previous tempfile had %u bytes\n", ctx->written); if (!ctx->written) return 0; if (ctx->ctx && cli_updatelimits(ctx->ctx, ctx->written)) return -1; ctx->written = 0; if (lseek(ctx->outfd, 0, SEEK_SET) == -1) { cli_dbgmsg("bytecode: call to lseek() has failed\n"); return CL_ESEEK; } cli_dbgmsg("bytecode: scanning extracted file %s\n", ctx->tempfile); cctx = (cli_ctx*)ctx->ctx; if (cctx) { cli_file_t current = cctx->container_type; if (ctx->containertype != CL_TYPE_ANY) cctx->container_type = ctx->containertype; cctx->recursion++; res = cli_magic_scandesc(ctx->outfd, cctx); cctx->recursion--; cctx->container_type = current; if (res == CL_VIRUS) { ctx->virname = cli_get_last_virus(cctx); ctx->found = 1; } } if ((cctx && cctx->engine->keeptmp) || (ftruncate(ctx->outfd, 0) == -1)) { close(ctx->outfd); if (!(cctx && cctx->engine->keeptmp) && ctx->tempfile) cli_unlink(ctx->tempfile); free(ctx->tempfile); ctx->tempfile = NULL; ctx->outfd = 0; } cli_dbgmsg("bytecode: extracting new file with id %u\n", id); return res; }