int cli_scancpio_old(int fd, cli_ctx *ctx) { struct cpio_hdr_old hdr_old; char name[513]; unsigned int file = 0, trailer = 0; uint32_t filesize, namesize, hdr_namesize; int ret, conv; off_t pos; while(read(fd, &hdr_old, sizeof(hdr_old)) == sizeof(hdr_old)) { if(!hdr_old.magic && trailer) return CL_SUCCESS; if(hdr_old.magic == 070707) { conv = 0; } else if(hdr_old.magic == 0143561) { conv = 1; } else { cli_dbgmsg("cli_scancpio_old: Invalid magic number\n"); return CL_EFORMAT; } cli_dbgmsg("CPIO: -- File %u --\n", ++file); if(hdr_old.namesize) { hdr_namesize = EC16(hdr_old.namesize, conv); namesize = MIN(sizeof(name), hdr_namesize); if(read(fd, name, namesize) != namesize) { cli_dbgmsg("cli_scancpio_old: Can't read file name\n"); return CL_EFORMAT; } name[namesize - 1] = 0; sanitname(name); cli_dbgmsg("CPIO: Name: %s\n", name); if(!strcmp(name, "TRAILER!!!")) trailer = 1; if(namesize < hdr_namesize) { if(hdr_namesize % 2) hdr_namesize++; lseek(fd, hdr_namesize - namesize, SEEK_CUR); } else if(hdr_namesize % 2) lseek(fd, 1, SEEK_CUR); } filesize = (uint32_t) (EC16(hdr_old.filesize[0], conv) << 16 | EC16(hdr_old.filesize[1], conv)); cli_dbgmsg("CPIO: Filesize: %u\n", filesize); if(!filesize) continue; if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS) return CL_VIRUS; pos = lseek(fd, 0, SEEK_CUR); if((EC16(hdr_old.mode, conv) & 0170000) != 0100000) { cli_dbgmsg("CPIO: Not a regular file, skipping\n"); } else { ret = cli_checklimits("cli_scancpio_old", ctx, filesize, 0, 0); if(ret == CL_EMAXFILES) { return ret; } else if(ret == CL_SUCCESS) { ret = cli_dumpscan(fd, 0, filesize, ctx); if(ret == CL_VIRUS) return ret; } } if(filesize % 2) filesize++; lseek(fd, pos + filesize, SEEK_SET); } return CL_CLEAN; }
int cli_scancpio_newc(int fd, cli_ctx *ctx, int crc) { struct cpio_hdr_newc hdr_newc; char name[513], buff[9]; unsigned int file = 0, trailer = 0; uint32_t filesize, namesize, hdr_namesize, pad; int ret; off_t pos; while(read(fd, &hdr_newc, sizeof(hdr_newc)) == sizeof(hdr_newc)) { if(!hdr_newc.magic[0] && trailer) return CL_SUCCESS; if((!crc && strncmp(hdr_newc.magic, "070701", 6)) || (crc && strncmp(hdr_newc.magic, "070702", 6))) { cli_dbgmsg("cli_scancpio_newc: Invalid magic string\n"); return CL_EFORMAT; } cli_dbgmsg("CPIO: -- File %u --\n", ++file); strncpy(buff, hdr_newc.namesize, 8); buff[8] = 0; if(sscanf(buff, "%x", &hdr_namesize) != 1) { cli_dbgmsg("cli_scancpio_newc: Can't convert name size\n"); return CL_EFORMAT; } if(hdr_namesize) { namesize = MIN(sizeof(name), hdr_namesize); if(read(fd, name, namesize) != namesize) { cli_dbgmsg("cli_scancpio_newc: Can't read file name\n"); return CL_EFORMAT; } name[namesize - 1] = 0; sanitname(name); cli_dbgmsg("CPIO: Name: %s\n", name); if(!strcmp(name, "TRAILER!!!")) trailer = 1; pad = (4 - (sizeof(hdr_newc) + hdr_namesize) % 4) % 4; if(namesize < hdr_namesize) { if(pad) hdr_namesize += pad; lseek(fd, hdr_namesize - namesize, SEEK_CUR); } else if(pad) lseek(fd, pad, SEEK_CUR); } strncpy(buff, hdr_newc.filesize, 8); buff[8] = 0; if(sscanf(buff, "%x", &filesize) != 1) { cli_dbgmsg("cli_scancpio_newc: Can't convert file size\n"); return CL_EFORMAT; } cli_dbgmsg("CPIO: Filesize: %u\n", filesize); if(!filesize) continue; if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS) return CL_VIRUS; pos = lseek(fd, 0, SEEK_CUR); ret = cli_checklimits("cli_scancpio_newc", ctx, filesize, 0, 0); if(ret == CL_EMAXFILES) { return ret; } else if(ret == CL_SUCCESS) { ret = cli_dumpscan(fd, 0, filesize, ctx); if(ret == CL_VIRUS) return ret; } if((pad = filesize % 4)) filesize += (4 - pad); lseek(fd, pos + filesize, SEEK_SET); } return CL_CLEAN; }
int cli_scancpio_old(cli_ctx *ctx) { struct cpio_hdr_old hdr_old; char name[513]; unsigned int file = 0, trailer = 0; uint32_t filesize, namesize, hdr_namesize; int ret = CL_CLEAN, conv; off_t pos = 0; int virus_found = 0; while(fmap_readn(*ctx->fmap, &hdr_old, pos, sizeof(hdr_old)) == sizeof(hdr_old)) { pos += sizeof(hdr_old); if(!hdr_old.magic && trailer) { ret = CL_SUCCESS; goto leave; } if(hdr_old.magic == 070707) { conv = 0; } else if(hdr_old.magic == 0143561) { conv = 1; } else { cli_dbgmsg("cli_scancpio_old: Invalid magic number\n"); ret = CL_EFORMAT; goto leave; } cli_dbgmsg("CPIO: -- File %u --\n", ++file); if(hdr_old.namesize) { hdr_namesize = EC16(hdr_old.namesize, conv); namesize = MIN(sizeof(name), hdr_namesize); if ((uint32_t)fmap_readn(*ctx->fmap, &name, pos, namesize) != namesize) { cli_dbgmsg("cli_scancpio_old: Can't read file name\n"); return CL_EFORMAT; } pos += namesize; name[namesize - 1] = 0; sanitname(name); cli_dbgmsg("CPIO: Name: %s\n", name); if(!strcmp(name, "TRAILER!!!")) trailer = 1; if(namesize < hdr_namesize) { if(hdr_namesize % 2) hdr_namesize++; pos += hdr_namesize - namesize; } else if(hdr_namesize % 2) pos++; } filesize = (uint32_t) (EC16(hdr_old.filesize[0], conv) << 16 | EC16(hdr_old.filesize[1], conv)); cli_dbgmsg("CPIO: Filesize: %u\n", filesize); if(!filesize) continue; if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS) { if (!SCAN_ALL) return CL_VIRUS; virus_found = 1; } if((EC16(hdr_old.mode, conv) & 0170000) != 0100000) { cli_dbgmsg("CPIO: Not a regular file, skipping\n"); } else { ret = cli_checklimits("cli_scancpio_old", ctx, filesize, 0, 0); if(ret == CL_EMAXFILES) { goto leave; } else if(ret == CL_SUCCESS) { ret = cli_map_scan(*ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY); if(ret == CL_VIRUS) { if (!SCAN_ALL) return ret; virus_found = 1; } } } if(filesize % 2) filesize++; pos += filesize; } leave: if (virus_found != 0) return CL_VIRUS; return ret; }
int cli_scancpio_odc(cli_ctx *ctx) { struct cpio_hdr_odc hdr_odc; char name[513], buff[12]; unsigned int file = 0, trailer = 0; uint32_t filesize, namesize, hdr_namesize; int ret; off_t pos = 0; while(fmap_readn(*ctx->fmap, &hdr_odc, pos, sizeof(hdr_odc)) == sizeof(hdr_odc)) { pos += sizeof(hdr_odc); if(!hdr_odc.magic[0] && trailer) return CL_SUCCESS; if(strncmp(hdr_odc.magic, "070707", 6)) { cli_dbgmsg("cli_scancpio_odc: Invalid magic string\n"); return CL_EFORMAT; } cli_dbgmsg("CPIO: -- File %u --\n", ++file); strncpy(buff, hdr_odc.namesize, 6); buff[6] = 0; if(sscanf(buff, "%o", &hdr_namesize) != 1) { cli_dbgmsg("cli_scancpio_odc: Can't convert name size\n"); return CL_EFORMAT; } if(hdr_namesize) { namesize = MIN(sizeof(name), hdr_namesize); if ((uint32_t)fmap_readn(*ctx->fmap, &name, pos, namesize) != namesize) { cli_dbgmsg("cli_scancpio_odc: Can't read file name\n"); return CL_EFORMAT; } pos += namesize; name[namesize - 1] = 0; sanitname(name); cli_dbgmsg("CPIO: Name: %s\n", name); if(!strcmp(name, "TRAILER!!!")) trailer = 1; if(namesize < hdr_namesize) pos += hdr_namesize - namesize; } strncpy(buff, hdr_odc.filesize, 11); buff[11] = 0; if(sscanf(buff, "%o", &filesize) != 1) { cli_dbgmsg("cli_scancpio_odc: Can't convert file size\n"); return CL_EFORMAT; } cli_dbgmsg("CPIO: Filesize: %u\n", filesize); if(!filesize) continue; if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS) return CL_VIRUS; ret = cli_checklimits("cli_scancpio_odc", ctx, filesize, 0, 0); if(ret == CL_EMAXFILES) { return ret; } else if(ret == CL_SUCCESS) { ret = cli_map_scan(*ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY); if(ret == CL_VIRUS) return ret; } pos += filesize; } return CL_CLEAN; }
int cli_scancpio_newc(cli_ctx *ctx, int crc) { struct cpio_hdr_newc hdr_newc; char name[513], buff[9]; unsigned int file = 0, trailer = 0; uint32_t filesize, namesize, hdr_namesize, pad; int ret = CL_CLEAN; off_t pos = 0; int virus_found = 0; memset(name, 0, 513); while(fmap_readn(*ctx->fmap, &hdr_newc, pos, sizeof(hdr_newc)) == sizeof(hdr_newc)) { pos += sizeof(hdr_newc); if(!hdr_newc.magic[0] && trailer) goto leave; if((!crc && strncmp(hdr_newc.magic, "070701", 6)) || (crc && strncmp(hdr_newc.magic, "070702", 6))) { cli_dbgmsg("cli_scancpio_newc: Invalid magic string\n"); ret = CL_EFORMAT; goto leave; } cli_dbgmsg("CPIO: -- File %u --\n", ++file); strncpy(buff, hdr_newc.namesize, 8); buff[8] = 0; if(sscanf(buff, "%x", &hdr_namesize) != 1) { cli_dbgmsg("cli_scancpio_newc: Can't convert name size\n"); ret = CL_EFORMAT; goto leave; } if(hdr_namesize) { namesize = MIN(sizeof(name), hdr_namesize); if ((uint32_t)fmap_readn(*ctx->fmap, &name, pos, namesize) != namesize) { cli_dbgmsg("cli_scancpio_newc: Can't read file name\n"); ret = CL_EFORMAT; goto leave; } pos += namesize; name[namesize - 1] = 0; sanitname(name); cli_dbgmsg("CPIO: Name: %s\n", name); if(!strcmp(name, "TRAILER!!!")) trailer = 1; pad = (4 - (sizeof(hdr_newc) + hdr_namesize) % 4) % 4; if(namesize < hdr_namesize) { if(pad) hdr_namesize += pad; pos += hdr_namesize - namesize; } else if(pad) pos += pad; } strncpy(buff, hdr_newc.filesize, 8); buff[8] = 0; if(sscanf(buff, "%x", &filesize) != 1) { cli_dbgmsg("cli_scancpio_newc: Can't convert file size\n"); ret = CL_EFORMAT; goto leave; } cli_dbgmsg("CPIO: Filesize: %u\n", filesize); if(!filesize) continue; if(cli_matchmeta(ctx, name, filesize, filesize, 0, file, 0, NULL) == CL_VIRUS) { if (!SCAN_ALL) return CL_VIRUS; virus_found = 1; } ret = cli_checklimits("cli_scancpio_newc", ctx, filesize, 0, 0); if(ret == CL_EMAXFILES) { goto leave; } else if(ret == CL_SUCCESS) { ret = cli_map_scan(*ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY); if(ret == CL_VIRUS) { if (!SCAN_ALL) return ret; virus_found = 1; } } if((pad = filesize % 4)) filesize += (4 - pad); pos += filesize; } leave: if (virus_found != 0) return CL_VIRUS; return ret; }