예제 #1
0
static void
addToBlob(const line_t *line, void *arg)
{
    blob *b = (blob *)arg;

    if(line) {
        const char *l = lineGetData(line);

        blobAddData(b, (const unsigned char *)l, strlen(l));
    }
    blobAddData(b, (const unsigned char *)"\n", 1);
}
예제 #2
0
파일: blob.c 프로젝트: nsxz/clamav-devel
int
fileblobAddData(fileblob *fb, const unsigned char *data, size_t len)
{
    if(len == 0)
        return 0;

    assert(data != NULL);

    if(fb->fp) {
#if	defined(MAX_SCAN_SIZE) && (MAX_SCAN_SIZE > 0)
        const cli_ctx *ctx = fb->ctx;

        if(fb->isInfected)	/* pretend all was written */
            return 0;
        if(ctx) {
            int do_scan = 1;

            if(cli_checklimits("fileblobAddData", ctx, fb->bytes_scanned, 0, 0)!=CL_CLEAN)
                do_scan = 0;

            if(fb->bytes_scanned > MAX_SCAN_SIZE)
                do_scan = 0;
            if(do_scan) {
                if(ctx->scanned)
                    *ctx->scanned += (unsigned long)len / CL_COUNT_PRECISION;
                fb->bytes_scanned += (unsigned long)len;

                if((len > 5) && cli_updatelimits(ctx, len)==CL_CLEAN && (cli_scanbuff(data, (unsigned int)len, 0, ctx->virname, ctx->engine, CL_TYPE_BINARY_DATA, NULL) == CL_VIRUS)) {
                    cli_dbgmsg("fileblobAddData: found %s\n", cli_get_last_virus_str(ctx->virname));
                    fb->isInfected = 1;
                }
            }
        }
#endif

        if(fwrite(data, len, 1, fb->fp) != 1) {
            cli_errmsg("fileblobAddData: Can't write %lu bytes to temporary file %s\n",
                       (unsigned long)len, fb->b.name);
            return -1;
        }
        fb->isNotEmpty = 1;
        return 0;
    }
    return blobAddData(&(fb->b), data, len);
}
예제 #3
0
unsigned char *
cli_vba_inflate(int fd, off_t offset, int *size)
{
	unsigned int pos, shift, mask, distance, clean;
	uint8_t flag;
	uint16_t token;
	blob *b;
	unsigned char buffer[VBA_COMPRESSION_WINDOW];

	if(fd < 0)
		return NULL;

	b = blobCreate();

	if(b == NULL)
		return NULL;

	lseek(fd, offset+3, SEEK_SET); /* 1byte ?? , 2byte length ?? */
	clean = TRUE;
	pos = 0;

	while (cli_readn(fd, &flag, 1) == 1) {
		for(mask = 1; mask < 0x100; mask<<=1) {
			unsigned int winpos = pos % VBA_COMPRESSION_WINDOW;
			if (flag & mask) {
				uint16_t len;
				unsigned int srcpos;

				if(!read_uint16(fd, &token, FALSE)) {
					blobDestroy(b);
					if(size)
						*size = 0;
					return NULL;
				}
				shift = 12 - (winpos > 0x10)
						- (winpos > 0x20)
						- (winpos > 0x40)
						- (winpos > 0x80)
						- (winpos > 0x100)
						- (winpos > 0x200)
						- (winpos > 0x400)
						- (winpos > 0x800);
				len = (uint16_t)((token & ((1 << shift) - 1)) + 3);
				distance = token >> shift;

				srcpos = pos - distance - 1;
				if((((srcpos + len) % VBA_COMPRESSION_WINDOW) < winpos) &&
				   ((winpos + len) < VBA_COMPRESSION_WINDOW) &&
				   (((srcpos % VBA_COMPRESSION_WINDOW) + len) < VBA_COMPRESSION_WINDOW) &&
				   (len <= VBA_COMPRESSION_WINDOW)) {
					srcpos %= VBA_COMPRESSION_WINDOW;
					memcpy(&buffer[winpos], &buffer[srcpos],
						len);
					pos += len;
				} else
					while(len-- > 0) {
						srcpos = (pos - distance - 1) % VBA_COMPRESSION_WINDOW;
						buffer[pos++ % VBA_COMPRESSION_WINDOW] = buffer[srcpos];
					}
			} else {
				if((pos != 0) && (winpos == 0) && clean) {
					if (cli_readn(fd, &token, 2) != 2) {
						blobDestroy(b);
						if(size)
							*size = 0;
						return NULL;
					}
					(void)blobAddData(b, buffer, VBA_COMPRESSION_WINDOW);
					clean = FALSE;
					break;
				}
				if(cli_readn(fd, &buffer[winpos], 1) == 1)
					pos++;
			}
			clean = TRUE;
		}