int hm_addhash_bin(struct cli_matcher *root, const void *binhash, enum CLI_HASH_TYPE type, uint32_t size, const char *virusname) { const unsigned int hlen = hashlen[type]; const struct cli_htu32_element *item; struct cli_sz_hash *szh; struct cli_htu32 *ht; int i; if (size) { /* size non-zero, find sz_hash element in size-driven hashtable */ ht = &root->hm.sizehashes[type]; if(!root->hm.sizehashes[type].capacity) { i = cli_htu32_init(ht, 64, root->mempool); if(i) return i; } item = cli_htu32_find(ht, size); if(!item) { struct cli_htu32_element htitem; szh = mpool_calloc(root->mempool, 1, sizeof(*szh)); if(!szh) { cli_errmsg("hm_addhash_bin: failed to allocate size hash\n"); return CL_EMEM; } htitem.key = size; htitem.data.as_ptr = szh; i = cli_htu32_insert(ht, &htitem, root->mempool); if(i) { cli_errmsg("hm_addhash_bin: failed to add item to hashtab"); mpool_free(root->mempool, szh); return i; } } else szh = (struct cli_sz_hash *)item->data.as_ptr; } else { /* size 0 = wildcard */ szh = &root->hwild.hashes[type]; } szh->items++; szh->hash_array = mpool_realloc2(root->mempool, szh->hash_array, hlen * szh->items); if(!szh->hash_array) { cli_errmsg("hm_addhash_bin: failed to grow hash array to %u entries\n", szh->items); szh->items=0; mpool_free(root->mempool, szh->virusnames); szh->virusnames = NULL; return CL_EMEM; } szh->virusnames = mpool_realloc2(root->mempool, szh->virusnames, sizeof(*szh->virusnames) * szh->items); if(!szh->virusnames) { cli_errmsg("hm_addhash_bin: failed to grow virusname array to %u entries\n", szh->items); szh->items=0; mpool_free(root->mempool, szh->hash_array); szh->hash_array = NULL; return CL_EMEM; } memcpy(&szh->hash_array[(szh->items-1) * hlen], binhash, hlen); szh->virusnames[(szh->items-1)] = virusname; return 0; }
int cli_bm_addpatt(struct cli_matcher *root, struct cli_bm_patt *pattern, const char *offset) { uint16_t idx, i; const unsigned char *pt = pattern->pattern; struct cli_bm_patt *prev, *next = NULL; int ret; if(pattern->length < BM_MIN_LENGTH) { cli_errmsg("cli_bm_addpatt: Signature for %s is too short\n", pattern->virname); return CL_EMALFDB; } if((ret = cli_caloff(offset, NULL, root->type, pattern->offdata, &pattern->offset_min, &pattern->offset_max))) { cli_errmsg("cli_bm_addpatt: Can't calculate offset for signature %s\n", pattern->virname); return ret; } if(pattern->offdata[0] != CLI_OFF_ANY) { if(pattern->offdata[0] == CLI_OFF_ABSOLUTE) root->bm_absoff_num++; else root->bm_reloff_num++; } /* bm_offmode doesn't use the prefilter for BM signatures anyway, so * don't add these to the filter. */ if(root->filter && !root->bm_offmode) { /* the bm_suffix load balancing below can shorten the sig, * we want to see the entire signature! */ if (filter_add_static(root->filter, pattern->pattern, pattern->length, pattern->virname) == -1) { cli_warnmsg("cli_bm_addpatt: cannot use filter for trie\n"); mpool_free(root->mempool, root->filter); root->filter = NULL; } /* TODO: should this affect maxpatlen? */ } #if BM_MIN_LENGTH == BM_BLOCK_SIZE /* try to load balance bm_suffix (at the cost of bm_shift) */ for(i = 0; i < pattern->length - BM_BLOCK_SIZE + 1; i++) { idx = HASH(pt[i], pt[i + 1], pt[i + 2]); if(!root->bm_suffix[idx]) { if(i) { pattern->prefix = pattern->pattern; pattern->prefix_length = i; pattern->pattern = &pattern->pattern[i]; pattern->length -= i; pt = pattern->pattern; } break; } } #endif for(i = 0; i <= BM_MIN_LENGTH - BM_BLOCK_SIZE; i++) { idx = HASH(pt[i], pt[i + 1], pt[i + 2]); root->bm_shift[idx] = MIN(root->bm_shift[idx], BM_MIN_LENGTH - BM_BLOCK_SIZE - i); } prev = next = root->bm_suffix[idx]; while(next) { if(pt[0] >= next->pattern0) break; prev = next; next = next->next; } if(next == root->bm_suffix[idx]) { pattern->next = root->bm_suffix[idx]; if(root->bm_suffix[idx]) pattern->cnt = root->bm_suffix[idx]->cnt; root->bm_suffix[idx] = pattern; } else { pattern->next = prev->next; prev->next = pattern; } pattern->pattern0 = pattern->pattern[0]; root->bm_suffix[idx]->cnt++; if(root->bm_offmode) { root->bm_pattab = (struct cli_bm_patt **) mpool_realloc2(root->mempool, root->bm_pattab, (root->bm_patterns + 1) * sizeof(struct cli_bm_patt *)); if(!root->bm_pattab) { cli_errmsg("cli_bm_addpatt: Can't allocate memory for root->bm_pattab\n"); return CL_EMEM; } root->bm_pattab[root->bm_patterns] = pattern; if(pattern->offdata[0] != CLI_OFF_ABSOLUTE) pattern->offset_min = root->bm_patterns; } root->bm_patterns++; return CL_SUCCESS; }