diff --git a/libclamav/7z_iface.c b/libclamav/7z_iface.c index 69a3c8c721..d82134f785 100644 --- a/libclamav/7z_iface.c +++ b/libclamav/7z_iface.c @@ -191,7 +191,7 @@ int cli_7unz(cli_ctx *ctx, size_t offset) cli_dbgmsg("cli_7unz: Saving to %s\n", tmp_name); if (cli_writen(fd, outBuffer + offset, outSizeProcessed) != outSizeProcessed) found = CL_EWRITE; - else if ((found = cli_magic_scan_desc(fd, tmp_name, ctx, name)) == CL_VIRUS) + else if (CL_VIRUS == (found = cli_magic_scan_desc(fd, tmp_name, ctx, name, LAYER_ATTRIBUTES_NONE))) viruses_found++; close(fd); if (!ctx->engine->keeptmp && cli_unlink(tmp_name)) diff --git a/libclamav/apm.c b/libclamav/apm.c index c4f738df4c..9297fc3c76 100644 --- a/libclamav/apm.c +++ b/libclamav/apm.c @@ -223,7 +223,8 @@ int cli_scanapm(cli_ctx *ctx) apentry.pBlockStart, apentry.pBlockCount, partoff, partsize); /* send the partition to cli_magic_scan_nested_fmap_type */ - ret = cli_magic_scan_nested_fmap_type(ctx->fmap, partoff, partsize, ctx, CL_TYPE_PART_ANY, (const char *)apentry.name); + ret = cli_magic_scan_nested_fmap_type(ctx->fmap, partoff, partsize, ctx, CL_TYPE_PART_ANY, + (const char *)apentry.name, LAYER_ATTRIBUTES_NONE); if (ret != CL_CLEAN) { if (SCAN_ALLMATCHES && (ret == CL_VIRUS)) detection = CL_VIRUS; diff --git a/libclamav/autoit.c b/libclamav/autoit.c index 5d93517c25..ad34f0e196 100644 --- a/libclamav/autoit.c +++ b/libclamav/autoit.c @@ -857,7 +857,7 @@ static int ea05(cli_ctx *ctx, const uint8_t *base, char *tmpd) close(i); return CL_ESEEK; } - if (cli_magic_scan_desc(i, tempfile, ctx, NULL) == CL_VIRUS) { + if (CL_VIRUS == cli_magic_scan_desc(i, tempfile, ctx, NULL, LAYER_ATTRIBUTES_NONE)) { if (!SCAN_ALLMATCHES) { close(i); if (!ctx->engine->keeptmp) @@ -1474,7 +1474,7 @@ static int ea06(cli_ctx *ctx, const uint8_t *base, char *tmpd) close(i); return CL_ESEEK; } - if (cli_magic_scan_desc(i, tempfile, ctx, NULL) == CL_VIRUS) { + if (CL_VIRUS == cli_magic_scan_desc(i, tempfile, ctx, NULL, LAYER_ATTRIBUTES_NONE)) { if (!SCAN_ALLMATCHES) { close(i); if (!ctx->engine->keeptmp) diff --git a/libclamav/binhex.c b/libclamav/binhex.c index 98d04a32b5..8c117ed373 100644 --- a/libclamav/binhex.c +++ b/libclamav/binhex.c @@ -122,7 +122,7 @@ int cli_binhex(cli_ctx *ctx) ret = CL_ESEEK; break; } - ret = cli_magic_scan_desc(datafd, dname, ctx, NULL); + ret = cli_magic_scan_desc(datafd, dname, ctx, NULL, LAYER_ATTRIBUTES_NONE); if (ret == CL_VIRUS) break; } if (dec_done) @@ -168,7 +168,7 @@ int cli_binhex(cli_ctx *ctx) ret = CL_ESEEK; break; } - ret = cli_magic_scan_desc(resfd, rname, ctx, NULL); + ret = cli_magic_scan_desc(resfd, rname, ctx, NULL, LAYER_ATTRIBUTES_NONE); break; } } @@ -180,7 +180,7 @@ int cli_binhex(cli_ctx *ctx) ret = CL_ESEEK; break; } - ret = cli_magic_scan_desc(datafd, dname, ctx, NULL); + ret = cli_magic_scan_desc(datafd, dname, ctx, NULL, LAYER_ATTRIBUTES_NONE); } else if (write_phase == IN_RES) { cli_dbgmsg("cli_binhex: scanning partially extracted resource fork\n"); if (lseek(resfd, 0, SEEK_SET) == -1) { @@ -188,7 +188,7 @@ int cli_binhex(cli_ctx *ctx) ret = CL_ESEEK; break; } - ret = cli_magic_scan_desc(resfd, rname, ctx, NULL); + ret = cli_magic_scan_desc(resfd, rname, ctx, NULL, LAYER_ATTRIBUTES_NONE); } break; } diff --git a/libclamav/blob.c b/libclamav/blob.c index 5d583ecd72..b1d3ca05bb 100644 --- a/libclamav/blob.c +++ b/libclamav/blob.c @@ -661,7 +661,7 @@ int fileblobScan(const fileblob *fb) virus_found = 1; } - rc = cli_magic_scan_desc(fb->fd, fb->fullname, fb->ctx, fb->b.name); + rc = cli_magic_scan_desc(fb->fd, fb->fullname, fb->ctx, fb->b.name, LAYER_ATTRIBUTES_NONE); if (rc == CL_VIRUS || virus_found != 0) { cli_dbgmsg("%s is infected\n", fb->fullname); return CL_VIRUS; diff --git a/libclamav/bytecode.c b/libclamav/bytecode.c index 9b3337d7f3..446bace96e 100644 --- a/libclamav/bytecode.c +++ b/libclamav/bytecode.c @@ -165,18 +165,14 @@ static int cli_bytecode_context_reset(struct cli_bc_ctx *ctx) snprintf(fullname, 1024, "%s" PATHSEP "javascript", ctx->jsnormdir); fd = open(fullname, O_RDONLY | O_BINARY); if (fd >= 0) { - // This flag ingested by cli_recursion_stack_push(). - cctx->next_layer_attributes |= LAYER_ATTRIBUTES_NORMALIZED; - - ret = cli_scan_desc(fd, cctx, CL_TYPE_HTML, 0, NULL, AC_SCAN_VIR, NULL, NULL); + ret = cli_scan_desc(fd, cctx, CL_TYPE_HTML, 0, NULL, AC_SCAN_VIR, + NULL, NULL, LAYER_ATTRIBUTES_NORMALIZED); if (ret == CL_CLEAN) { if (lseek(fd, 0, SEEK_SET) == -1) cli_dbgmsg("cli_bytecode: call to lseek() has failed\n"); else { - // This flag ingested by cli_recursion_stack_push(). - cctx->next_layer_attributes |= LAYER_ATTRIBUTES_NORMALIZED; - - ret = cli_scan_desc(fd, cctx, CL_TYPE_TEXT_ASCII, 0, NULL, AC_SCAN_VIR, NULL, NULL); + ret = cli_scan_desc(fd, cctx, CL_TYPE_TEXT_ASCII, 0, NULL, AC_SCAN_VIR, + NULL, NULL, LAYER_ATTRIBUTES_NORMALIZED); } } close(fd); @@ -2912,7 +2908,7 @@ int cli_bytecode_runhook(cli_ctx *cctx, const struct cl_engine *engine, struct c lseek(fd, 0, SEEK_SET); cli_dbgmsg("***** Scanning unpacked file ******\n"); - ret = cli_magic_scan_desc(fd, tempfile, cctx, NULL); + ret = cli_magic_scan_desc(fd, tempfile, cctx, NULL, LAYER_ATTRIBUTES_NONE); if (!cctx->engine->keeptmp) if (ftruncate(fd, 0) == -1) diff --git a/libclamav/bytecode_api.c b/libclamav/bytecode_api.c index 23da485b56..f59ff11dc9 100644 --- a/libclamav/bytecode_api.c +++ b/libclamav/bytecode_api.c @@ -550,7 +550,7 @@ int32_t cli_bcapi_extract_new(struct cli_bc_ctx *ctx, int32_t id) cli_dbgmsg("bytecode: scanning extracted file %s\n", ctx->tempfile); cctx = (cli_ctx *)ctx->ctx; if (cctx) { - res = cli_magic_scan_desc_type(ctx->outfd, ctx->tempfile, cctx, ctx->containertype, NULL); + res = cli_magic_scan_desc_type(ctx->outfd, ctx->tempfile, cctx, ctx->containertype, NULL, LAYER_ATTRIBUTES_NONE); if (res == CL_VIRUS) { ctx->virname = cli_get_last_virus(cctx); ctx->found = 1; diff --git a/libclamav/clamav.h b/libclamav/clamav.h index 617c46b7c2..1d19de3839 100644 --- a/libclamav/clamav.h +++ b/libclamav/clamav.h @@ -492,7 +492,7 @@ extern void cl_engine_set_clcb_pre_cache(struct cl_engine *engine, clcb_pre_cach /* * Attributes of each layer in scan. */ -#define LAYER_ATTRIBUTES_NORMAL 0x0 +#define LAYER_ATTRIBUTES_NONE 0x0 #define LAYER_ATTRIBUTES_NORMALIZED 0x1 /** This layer was modified to make matching more generic, reliable. */ #define LAYER_ATTRIBUTES_DECRYPTED 0x2 /** Decryption was used to extract this layer. I.e. had to decrypt some previous layer. */ diff --git a/libclamav/cpio.c b/libclamav/cpio.c index 3c6cd2af8b..a691144854 100644 --- a/libclamav/cpio.c +++ b/libclamav/cpio.c @@ -168,7 +168,8 @@ int cli_scancpio_old(cli_ctx *ctx) if (ret == CL_EMAXFILES) { goto leave; } else if (ret == CL_SUCCESS) { - ret = cli_magic_scan_nested_fmap_type(ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY, fmap_name); + ret = cli_magic_scan_nested_fmap_type(ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY, + fmap_name, LAYER_ATTRIBUTES_NONE); if (ret == CL_VIRUS) { if (!SCAN_ALLMATCHES) return ret; @@ -259,7 +260,8 @@ int cli_scancpio_odc(cli_ctx *ctx) if (ret == CL_EMAXFILES) { goto leave; } else if (ret == CL_SUCCESS) { - ret = cli_magic_scan_nested_fmap_type(ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY, name); + ret = cli_magic_scan_nested_fmap_type(ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY, + name, LAYER_ATTRIBUTES_NONE); if (ret == CL_VIRUS) { if (!SCAN_ALLMATCHES) return ret; @@ -352,7 +354,8 @@ int cli_scancpio_newc(cli_ctx *ctx, int crc) if (ret == CL_EMAXFILES) { goto leave; } else if (ret == CL_SUCCESS) { - ret = cli_magic_scan_nested_fmap_type(ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY, name); + ret = cli_magic_scan_nested_fmap_type(ctx->fmap, pos, filesize, ctx, CL_TYPE_ANY, + name, LAYER_ATTRIBUTES_NONE); if (ret == CL_VIRUS) { if (!SCAN_ALLMATCHES) return ret; diff --git a/libclamav/dmg.c b/libclamav/dmg.c index 7b882022da..0c44e1dfa7 100644 --- a/libclamav/dmg.c +++ b/libclamav/dmg.c @@ -179,7 +179,8 @@ int cli_scandmg(cli_ctx *ctx) } /* scan XML with cli_magic_scan_nested_fmap_type */ - ret = cli_magic_scan_nested_fmap_type(ctx->fmap, (size_t)hdr.xmlOffset, (size_t)hdr.xmlLength, ctx, CL_TYPE_ANY, NULL); + ret = cli_magic_scan_nested_fmap_type(ctx->fmap, (size_t)hdr.xmlOffset, (size_t)hdr.xmlLength, + ctx, CL_TYPE_ANY, NULL, LAYER_ATTRIBUTES_NONE); if (ret != CL_CLEAN) { cli_dbgmsg("cli_scandmg: retcode from scanning TOC xml: %s\n", cl_strerror(ret)); if (!ctx->engine->keeptmp) @@ -1083,7 +1084,7 @@ static int dmg_handle_mish(cli_ctx *ctx, unsigned int mishblocknum, char *dir, /* If okay so far, scan rebuilt partition */ if (ret == CL_CLEAN) { /* Have to keep partition typing separate */ - ret = cli_magic_scan_desc_type(ofd, outfile, ctx, CL_TYPE_PART_ANY, NULL); + ret = cli_magic_scan_desc_type(ofd, outfile, ctx, CL_TYPE_PART_ANY, NULL, LAYER_ATTRIBUTES_NONE); } close(ofd); diff --git a/libclamav/elf.c b/libclamav/elf.c index f9ead2c0dd..c5b428a671 100644 --- a/libclamav/elf.c +++ b/libclamav/elf.c @@ -870,7 +870,7 @@ int cli_unpackelf(cli_ctx *ctx) cli_dbgmsg("cli_scanelf: Unpacked and rebuilt executable\n"); lseek(ndesc, 0, SEEK_SET); cli_dbgmsg("***** Scanning rebuilt ELF file *****\n"); - if (cli_magic_scan_desc(ndesc, tempfile, ctx, NULL) == CL_VIRUS) { + if (CL_VIRUS == cli_magic_scan_desc(ndesc, tempfile, ctx, NULL, LAYER_ATTRIBUTES_NONE)) { close(ndesc); CLI_TMPUNLK(); free(tempfile); diff --git a/libclamav/gif.c b/libclamav/gif.c index d608ce91a4..21c75a7edb 100644 --- a/libclamav/gif.c +++ b/libclamav/gif.c @@ -416,8 +416,11 @@ cl_error_t cli_parsegif(cli_ctx *ctx) // Is there an overlay? if (offset < map->len) { cli_dbgmsg("GIF: Found extra data after the end of the GIF data stream: %zu bytes, we'll scan it!\n", map->len - offset); - cl_error_t nested_scan_result = cli_magic_scan_nested_fmap_type(map, offset, map->len - offset, ctx, CL_TYPE_ANY, NULL); - status = nested_scan_result != CL_SUCCESS ? nested_scan_result : status; + cl_error_t nested_scan_result = cli_magic_scan_nested_fmap_type(map, offset, map->len - offset, + ctx, CL_TYPE_ANY, NULL, + LAYER_ATTRIBUTES_NONE); + + status = nested_scan_result != CL_SUCCESS ? nested_scan_result : status; } done: diff --git a/libclamav/gpt.c b/libclamav/gpt.c index 0540d26b08..378fb5e14f 100644 --- a/libclamav/gpt.c +++ b/libclamav/gpt.c @@ -344,7 +344,9 @@ static int gpt_scan_partitions(cli_ctx *ctx, struct gpt_header hdr, size_t secto /* send the partition to cli_magic_scan_nested_fmap_type */ part_off = gpe.firstLBA * sectorsize; part_size = (gpe.lastLBA - gpe.firstLBA + 1) * sectorsize; - ret = cli_magic_scan_nested_fmap_type(ctx->fmap, part_off, part_size, ctx, CL_TYPE_PART_ANY, namestr); + + ret = cli_magic_scan_nested_fmap_type(ctx->fmap, part_off, part_size, ctx, + CL_TYPE_PART_ANY, namestr, LAYER_ATTRIBUTES_NONE); if (NULL != namestr) { free(namestr); } diff --git a/libclamav/hfsplus.c b/libclamav/hfsplus.c index 406789e089..47fbe13352 100644 --- a/libclamav/hfsplus.c +++ b/libclamav/hfsplus.c @@ -433,7 +433,7 @@ static cl_error_t hfsplus_scanfile(cli_ctx *ctx, hfsPlusVolumeHeader *volHeader, *filename = tmpname; } else { if (ret == CL_CLEAN) { - ret = cli_magic_scan_desc(ofd, tmpname, ctx, orig_filename); + ret = cli_magic_scan_desc(ofd, tmpname, ctx, orig_filename, LAYER_ATTRIBUTES_NONE); } if (!ctx->engine->keeptmp) { @@ -1319,7 +1319,7 @@ static cl_error_t hfsplus_walk_catalog(cli_ctx *ctx, hfsPlusVolumeHeader *volHea cli_dbgmsg("hfsplus_walk_catalog: Extracted to %s\n", tmpname); /* if successful so far, scan the output */ - ret = cli_magic_scan_desc(ofd, tmpname, ctx, name_utf8); + ret = cli_magic_scan_desc(ofd, tmpname, ctx, name_utf8, LAYER_ATTRIBUTES_NONE); if (ret == CL_VIRUS) { has_alerts = 1; diff --git a/libclamav/hwp.c b/libclamav/hwp.c index c03726ed75..d93710cff3 100644 --- a/libclamav/hwp.c +++ b/libclamav/hwp.c @@ -175,7 +175,7 @@ static cl_error_t decompress_and_callback(cli_ctx *ctx, fmap_t *input, size_t at ret = cb(cbdata, ofd, tmpname, ctx); } else { /* default to scanning what we got */ - ret = cli_magic_scan_desc(ofd, tmpname, ctx, NULL); + ret = cli_magic_scan_desc(ofd, tmpname, ctx, NULL, LAYER_ATTRIBUTES_NONE); } /* clean-up */ @@ -293,8 +293,8 @@ cl_error_t cli_scanhwpole2(cli_ctx *ctx) else cli_dbgmsg("HWPOLE2: Matched uncompressed prefix and size: %u == %u\n", usize, asize); - return cli_magic_scan_nested_fmap_type(map, 4, 0, ctx, CL_TYPE_ANY, NULL); - // return cli_magic_scan_nested_fmap_type(map, 4, 0, ctx, CL_TYPE_OLE2); + return cli_magic_scan_nested_fmap_type(map, 4, 0, ctx, + CL_TYPE_ANY, NULL, LAYER_ATTRIBUTES_NONE); } /*** HWP5 ***/ @@ -374,7 +374,7 @@ static cl_error_t hwp5_cb(void *cbdata, int fd, const char *filepath, cli_ctx *c if (fd < 0 || !ctx) return CL_ENULLARG; - return cli_magic_scan_desc(fd, filepath, ctx, NULL); + return cli_magic_scan_desc(fd, filepath, ctx, NULL, LAYER_ATTRIBUTES_NONE); } cl_error_t cli_scanhwp5_stream(cli_ctx *ctx, hwp5_header_t *hwp5, char *name, int fd, const char *filepath) @@ -394,7 +394,7 @@ cl_error_t cli_scanhwp5_stream(cli_ctx *ctx, hwp5_header_t *hwp5, char *name, in if (hwp5->flags & HWP5_PASSWORD) { cli_dbgmsg("HWP5.x: Password encrypted stream, scanning as-is\n"); - return cli_magic_scan_desc(fd, filepath, ctx, name); + return cli_magic_scan_desc(fd, filepath, ctx, name, LAYER_ATTRIBUTES_NONE); } if (hwp5->flags & HWP5_COMPRESSED) { @@ -437,7 +437,7 @@ cl_error_t cli_scanhwp5_stream(cli_ctx *ctx, hwp5_header_t *hwp5, char *name, in } /* normal streams */ - return cli_magic_scan_desc(fd, filepath, ctx, name); + return cli_magic_scan_desc(fd, filepath, ctx, name, LAYER_ATTRIBUTES_NONE); } /*** HWP3 ***/ @@ -1642,7 +1642,8 @@ static inline cl_error_t parsehwp3_infoblk_1(cli_ctx *ctx, fmap_t *dmap, size_t #endif /* 32 bytes for extra data fields */ if (infolen > 0) - ret = cli_magic_scan_nested_fmap_type(map, *offset + 32, infolen - 32, ctx, CL_TYPE_ANY, NULL); + ret = cli_magic_scan_nested_fmap_type(map, *offset + 32, infolen - 32, ctx, + CL_TYPE_ANY, NULL, LAYER_ATTRIBUTES_NONE); break; case 2: /* OLE2 Data */ hwp3_debug("HWP3.x: Information Block[%llu]: TYPE: OLE2 Data\n", infoloc); @@ -1651,7 +1652,8 @@ static inline cl_error_t parsehwp3_infoblk_1(cli_ctx *ctx, fmap_t *dmap, size_t cli_jsonstr(entry, "Type", "OLE2 Data"); #endif if (infolen > 0) - ret = cli_magic_scan_nested_fmap_type(map, *offset, infolen, ctx, CL_TYPE_ANY, NULL); + ret = cli_magic_scan_nested_fmap_type(map, *offset, infolen, ctx, + CL_TYPE_ANY, NULL, LAYER_ATTRIBUTES_NONE); break; case 3: /* Hypertext/Hyperlink Information */ hwp3_debug("HWP3.x: Information Block[%llu]: TYPE: Hypertext/Hyperlink Information\n", infoloc); @@ -1679,7 +1681,8 @@ static inline cl_error_t parsehwp3_infoblk_1(cli_ctx *ctx, fmap_t *dmap, size_t hwp3_debug("HWP3.x: Information Block[%llu]: %d: NAME: %s\n", infoloc, i, field); #endif /* scanning macros - TODO - check numbers */ - ret = cli_magic_scan_nested_fmap_type(map, *offset + (617 * i) + 288, 325, ctx, CL_TYPE_ANY, NULL); + ret = cli_magic_scan_nested_fmap_type(map, *offset + (617 * i) + 288, 325, ctx, + CL_TYPE_ANY, NULL, LAYER_ATTRIBUTES_NONE); } break; case 4: /* Presentation Information */ @@ -1716,7 +1719,8 @@ static inline cl_error_t parsehwp3_infoblk_1(cli_ctx *ctx, fmap_t *dmap, size_t #endif /* 324 bytes for extra data fields */ if (infolen > 0) - ret = cli_magic_scan_nested_fmap_type(map, *offset + 324, infolen - 324, ctx, CL_TYPE_ANY, NULL); + ret = cli_magic_scan_nested_fmap_type(map, *offset + 324, infolen - 324, ctx, + CL_TYPE_ANY, NULL, LAYER_ATTRIBUTES_NONE); break; case 0x100: /* Table Extension */ hwp3_debug("HWP3.x: Information Block[%llu]: TYPE: Table Extension\n", infoloc); @@ -1737,7 +1741,8 @@ static inline cl_error_t parsehwp3_infoblk_1(cli_ctx *ctx, fmap_t *dmap, size_t default: cli_warnmsg("HWP3.x: Information Block[%llu]: TYPE: UNKNOWN(%u)\n", infoloc, infoid); if (infolen > 0) - ret = cli_magic_scan_nested_fmap_type(map, *offset, infolen, ctx, CL_TYPE_ANY, NULL); + ret = cli_magic_scan_nested_fmap_type(map, *offset, infolen, ctx, + CL_TYPE_ANY, NULL, LAYER_ATTRIBUTES_NONE); } *offset += infolen; @@ -1860,8 +1865,8 @@ static cl_error_t hwp3_cb(void *cbdata, int fd, const char *filepath, cli_ctx *c cl_error_t subret = ret; size_t dlen = offset - start; - ret = cli_magic_scan_nested_fmap_type(map, start, dlen, ctx, CL_TYPE_ANY, NULL); - // ret = cli_magic_scan_nested_fmap_type(map, 0, 0, ctx, CL_TYPE_ANY); + ret = cli_magic_scan_nested_fmap_type(map, start, dlen, ctx, + CL_TYPE_ANY, NULL, LAYER_ATTRIBUTES_NONE); if (ret == CL_SUCCESS) ret = subret; @@ -1972,7 +1977,7 @@ static cl_error_t hwpml_scan_cb(void *cbdata, int fd, const char *filepath, cli_ if (fd < 0 || !ctx) return CL_ENULLARG; - return cli_magic_scan_desc(fd, filepath, ctx, NULL); + return cli_magic_scan_desc(fd, filepath, ctx, NULL, LAYER_ATTRIBUTES_NONE); } static cl_error_t hwpml_binary_cb(int fd, const char *filepath, cli_ctx *ctx, int num_attribs, struct attrib_entry *attribs, void *cbdata) @@ -2008,7 +2013,7 @@ static cl_error_t hwpml_binary_cb(int fd, const char *filepath, cli_ctx *ctx, in /* decode the binary data if needed - base64 */ if (enc < 0) { cli_errmsg("HWPML: Unrecognized encoding method\n"); - return cli_magic_scan_desc(fd, filepath, ctx, NULL); + return cli_magic_scan_desc(fd, filepath, ctx, NULL, LAYER_ATTRIBUTES_NONE); } else if (enc == 1) { STATBUF statbuf; fmap_t *input; @@ -2040,7 +2045,7 @@ static cl_error_t hwpml_binary_cb(int fd, const char *filepath, cli_ctx *ctx, in funmap(input); if (!decoded) { cli_errmsg("HWPML: Failed to get base64 decode binary data\n"); - return cli_magic_scan_desc(fd, filepath, ctx, NULL); + return cli_magic_scan_desc(fd, filepath, ctx, NULL, LAYER_ATTRIBUTES_NONE); } /* open file for writing and scanning */ diff --git a/libclamav/ishield.c b/libclamav/ishield.c index dcdff6458a..f831f8f111 100644 --- a/libclamav/ishield.c +++ b/libclamav/ishield.c @@ -311,7 +311,7 @@ int cli_scanishield_msi(cli_ctx *ctx, off_t off) cli_dbgmsg("ishield-msi: call to lseek() failed\n"); ret = CL_ESEEK; } - ret = cli_magic_scan_desc(ofd, tempfile, ctx, filename); + ret = cli_magic_scan_desc(ofd, tempfile, ctx, filename, LAYER_ATTRIBUTES_NONE); } close(ofd); @@ -502,7 +502,7 @@ static int is_dump_and_scan(cli_ctx *ctx, off_t off, size_t fsize) cli_dbgmsg("ishield: call to lseek() failed\n"); ret = CL_ESEEK; } - ret = cli_magic_scan_desc(ofd, fname, ctx, NULL); + ret = cli_magic_scan_desc(ofd, fname, ctx, NULL, LAYER_ATTRIBUTES_NONE); } close(ofd); if (!ctx->engine->keeptmp) @@ -802,7 +802,7 @@ static int is_extract_cab(cli_ctx *ctx, uint64_t off, uint64_t size, uint64_t cs cli_dbgmsg("is_extract_cab: extracted to %s\n", tempfile); if (lseek(ofd, 0, SEEK_SET) == -1) cli_dbgmsg("is_extract_cab: call to lseek() failed\n"); - ret = cli_magic_scan_desc(ofd, tempfile, ctx, NULL); + ret = cli_magic_scan_desc(ofd, tempfile, ctx, NULL, LAYER_ATTRIBUTES_NONE); } close(ofd); diff --git a/libclamav/iso9660.c b/libclamav/iso9660.c index 9a74fbc70c..51938f4978 100644 --- a/libclamav/iso9660.c +++ b/libclamav/iso9660.c @@ -82,7 +82,7 @@ static int iso_scan_file(const iso9660_t *iso, unsigned int block, unsigned int } if (!len) - ret = cli_magic_scan_desc(fd, tmpf, iso->ctx, iso->buf); + ret = cli_magic_scan_desc(fd, tmpf, iso->ctx, iso->buf, LAYER_ATTRIBUTES_NONE); close(fd); if (!iso->ctx->engine->keeptmp) { diff --git a/libclamav/jpeg.c b/libclamav/jpeg.c index 3f41e4ca3c..5f9ee1624f 100644 --- a/libclamav/jpeg.c +++ b/libclamav/jpeg.c @@ -303,7 +303,8 @@ static cl_error_t jpeg_check_photoshop_8bim(cli_ctx *ctx, size_t *off) offset += 4 + 28; /* Scan the thumbnail JPEG */ - retval = cli_magic_scan_nested_fmap_type(map, offset, 0, ctx, CL_TYPE_JPEG, "photoshop-thumbnail"); + retval = cli_magic_scan_nested_fmap_type(map, offset, 0, ctx, CL_TYPE_JPEG, + "photoshop-thumbnail", LAYER_ATTRIBUTES_NONE); return retval; } diff --git a/libclamav/libmspack.c b/libclamav/libmspack.c index e26fd74e37..04a28e0476 100644 --- a/libclamav/libmspack.c +++ b/libclamav/libmspack.c @@ -432,7 +432,7 @@ int cli_scanmscab(cli_ctx *ctx, off_t sfx_offset) /* Failed to extract. Try to scan what is there */ cli_dbgmsg("%s() failed to extract %d\n", __func__, ret); - ret = cli_magic_scan_file(tmp_fname, ctx, cab_f->filename); + ret = cli_magic_scan_file(tmp_fname, ctx, cab_f->filename, LAYER_ATTRIBUTES_NONE); if (CL_EOPEN == ret) { ret = CL_CLEAN; } else if (CL_VIRUS == ret) { @@ -549,7 +549,7 @@ int cli_scanmschm(cli_ctx *ctx) /* Failed to extract. Try to scan what is there */ cli_dbgmsg("%s() failed to extract %d\n", __func__, ret); - ret = cli_magic_scan_file(tmp_fname, ctx, mschm_f->filename); + ret = cli_magic_scan_file(tmp_fname, ctx, mschm_f->filename, LAYER_ATTRIBUTES_NONE); if (CL_EOPEN == ret) { ret = CL_CLEAN; } else if (CL_VIRUS == ret) { diff --git a/libclamav/macho.c b/libclamav/macho.c index 2922cd4a63..5ebbfc71a8 100644 --- a/libclamav/macho.c +++ b/libclamav/macho.c @@ -569,7 +569,8 @@ int cli_scanmacho_unibin(cli_ctx *ctx) RETURN_BROKEN; } - ret = cli_magic_scan_nested_fmap_type(map, fat_arch.offset, fat_arch.size, ctx, CL_TYPE_ANY, NULL); + ret = cli_magic_scan_nested_fmap_type(map, fat_arch.offset, fat_arch.size, ctx, + CL_TYPE_ANY, NULL, LAYER_ATTRIBUTES_NONE); if (ret == CL_VIRUS) break; } @@ -608,7 +609,7 @@ int cli_unpackmacho(cli_ctx *ctx) cli_dbgmsg("cli_scanmacho: Unpacked and rebuilt executable\n"); lseek(ndesc, 0, SEEK_SET); cli_dbgmsg("***** Scanning rebuilt Mach-O file *****\n"); - if (cli_magic_scan_desc(ndesc, tempfile, ctx, NULL) == CL_VIRUS) { + if (CL_VIRUS == cli_magic_scan_desc(ndesc, tempfile, ctx, NULL, LAYER_ATTRIBUTES_NONE)) { close(ndesc); CLI_TMPUNLK(); free(tempfile); diff --git a/libclamav/matcher.c b/libclamav/matcher.c index 70550d0afd..f0b76e6d5c 100644 --- a/libclamav/matcher.c +++ b/libclamav/matcher.c @@ -768,7 +768,8 @@ int32_t cli_bcapi_matchicon(struct cli_bc_ctx *ctx, const uint8_t *grp1, int32_t return (int32_t)ret; } -cl_error_t cli_scan_desc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli_matched_type **ftoffset, unsigned int acmode, struct cli_ac_result **acres, const char *name) +cl_error_t cli_scan_desc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli_matched_type **ftoffset, + unsigned int acmode, struct cli_ac_result **acres, const char *name, uint32_t attributes) { cl_error_t status = CL_CLEAN; int empty; @@ -784,7 +785,7 @@ cl_error_t cli_scan_desc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonl goto done; } - status = cli_recursion_stack_push(ctx, new_map, ftype, true); /* Perform scan with child fmap */ + status = cli_recursion_stack_push(ctx, new_map, ftype, true, attributes); /* Perform scan with child fmap */ if (CL_SUCCESS != status) { cli_dbgmsg("cli_scan_desc: Failed to scan fmap.\n"); goto done; @@ -802,8 +803,6 @@ cl_error_t cli_scan_desc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonl if (NULL != new_map) { funmap(new_map); } - // Clear the next-layer attributes so we don't accidentally apply them to subsequent layers. - ctx->next_layer_attributes = 0; return status; } @@ -876,7 +875,7 @@ static cl_error_t lsig_eval(cli_ctx *ctx, struct cli_matcher *root, struct cli_a memcpy(ctx->handlertype_hash, hash, 16); - status = cli_recursion_stack_push(ctx, new_map, ac_lsig->tdb.handlertype[0], true); /* Perform scan with child fmap */ + status = cli_recursion_stack_push(ctx, new_map, ac_lsig->tdb.handlertype[0], true, LAYER_ATTRIBUTES_NONE); /* Perform scan with child fmap */ if (CL_SUCCESS != status) { cli_dbgmsg("Failed to re-scan fmap as a new type.\n"); goto done; diff --git a/libclamav/matcher.h b/libclamav/matcher.h index 3a4d07971a..90d9d4820e 100644 --- a/libclamav/matcher.h +++ b/libclamav/matcher.h @@ -278,9 +278,11 @@ cl_error_t cli_scan_buff(const unsigned char *buffer, uint32_t length, uint32_t * @param acmode Use AC_SCAN_VIR and AC_SCAN_FT to set scanning modes. * @param[out] acres A list of cli_ac_result AC pattern matching results. * @param name (optional) Original name of the file (to set fmap name metadata) + * @param attributes Layer attributes for the thing to be scanned. * @return cl_error_t */ -cl_error_t cli_scan_desc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli_matched_type **ftoffset, unsigned int acmode, struct cli_ac_result **acres, const char *name); +cl_error_t cli_scan_desc(int desc, cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli_matched_type **ftoffset, + unsigned int acmode, struct cli_ac_result **acres, const char *name, uint32_t attributes); /** * @brief Non-magic scan matching of the current fmap in the scan context. Newer API. diff --git a/libclamav/mbr.c b/libclamav/mbr.c index 26fa332361..97395499a3 100644 --- a/libclamav/mbr.c +++ b/libclamav/mbr.c @@ -184,7 +184,8 @@ int cli_scanmbr(cli_ctx *ctx, size_t sectorsize) } /* MBR is valid, examine bootstrap code */ - ret = cli_magic_scan_nested_fmap_type(ctx->fmap, 0, sectorsize, ctx, CL_TYPE_ANY, NULL); + ret = cli_magic_scan_nested_fmap_type(ctx->fmap, 0, sectorsize, ctx, + CL_TYPE_ANY, NULL, LAYER_ATTRIBUTES_NONE); if (ret != CL_CLEAN) { if (SCAN_ALLMATCHES && (ret == CL_VIRUS)) detection = CL_VIRUS; @@ -240,7 +241,8 @@ int cli_scanmbr(cli_ctx *ctx, size_t sectorsize) partoff = mbr.entries[i].firstLBA * sectorsize; partsize = mbr.entries[i].numLBA * sectorsize; mbr_parsemsg("cli_magic_scan_nested_fmap_type: [%u, +%u)\n", partoff, partsize); - ret = cli_magic_scan_nested_fmap_type(ctx->fmap, partoff, partsize, ctx, CL_TYPE_PART_ANY, NULL); + ret = cli_magic_scan_nested_fmap_type(ctx->fmap, partoff, partsize, ctx, + CL_TYPE_PART_ANY, NULL, LAYER_ATTRIBUTES_NONE); if (ret != CL_CLEAN) { if (SCAN_ALLMATCHES && (ret == CL_VIRUS)) detection = CL_VIRUS; @@ -381,7 +383,8 @@ static int mbr_scanextprtn(cli_ctx *ctx, unsigned *prtncount, size_t extlba, siz return CL_EFORMAT; } - ret = cli_magic_scan_nested_fmap_type(ctx->fmap, partoff, partsize, ctx, CL_TYPE_PART_ANY, NULL); + ret = cli_magic_scan_nested_fmap_type(ctx->fmap, partoff, partsize, ctx, + CL_TYPE_PART_ANY, NULL, LAYER_ATTRIBUTES_NONE); if (ret != CL_CLEAN) { if (SCAN_ALLMATCHES && (ret == CL_VIRUS)) detection = CL_VIRUS; diff --git a/libclamav/msxml_parser.c b/libclamav/msxml_parser.c index 04ec738a57..0049af88e9 100644 --- a/libclamav/msxml_parser.c +++ b/libclamav/msxml_parser.c @@ -462,7 +462,7 @@ static int msxml_parse_element(struct msxml_ctx *mxctx, xmlTextReaderPtr reader, cli_dbgmsg("msxml_parse_element: extracted binary data to %s\n", tempfile); - ret = cli_magic_scan_desc(of, tempfile, ctx, NULL); + ret = cli_magic_scan_desc(of, tempfile, ctx, NULL, LAYER_ATTRIBUTES_NONE); close(of); if (!(ctx->engine->keeptmp)) cli_unlink(tempfile); diff --git a/libclamav/nsis/nulsft.c b/libclamav/nsis/nulsft.c index fab42e6bbc..6655b6b34d 100644 --- a/libclamav/nsis/nulsft.c +++ b/libclamav/nsis/nulsft.c @@ -546,9 +546,9 @@ int cli_scannulsft(cli_ctx *ctx, off_t offset) return CL_ESEEK; } if (nsist.fno == 1) - ret = cli_scan_desc(nsist.ofd, ctx, 0, 0, NULL, AC_SCAN_VIR, NULL, NULL); /// TODO: Extract file names + ret = cli_scan_desc(nsist.ofd, ctx, 0, 0, NULL, AC_SCAN_VIR, NULL, NULL, LAYER_ATTRIBUTES_NONE); /// TODO: Extract file names else - ret = cli_magic_scan_desc(nsist.ofd, nsist.ofn, ctx, NULL); /// TODO: Extract file names + ret = cli_magic_scan_desc(nsist.ofd, nsist.ofn, ctx, NULL, LAYER_ATTRIBUTES_NONE); /// TODO: Extract file names close(nsist.ofd); if (!ctx->engine->keeptmp) if (cli_unlink(nsist.ofn)) ret = CL_EUNLINK; diff --git a/libclamav/ole2_extract.c b/libclamav/ole2_extract.c index 3f3fa8795a..e4bcd8fa41 100644 --- a/libclamav/ole2_extract.c +++ b/libclamav/ole2_extract.c @@ -1503,7 +1503,7 @@ static cl_error_t scan_mso_stream(int fd, cli_ctx *ctx) } /* scanning inflated stream */ - ret = cli_magic_scan_desc(ofd, tmpname, ctx, NULL); + ret = cli_magic_scan_desc(ofd, tmpname, ctx, NULL, LAYER_ATTRIBUTES_NONE); /* clean-up */ mso_end: @@ -1666,7 +1666,7 @@ static cl_error_t handler_otf(ole2_header_t *hdr, property_t *prop, const char * ret = scan_mso_stream(ofd, ctx); } else { /* Normal File Scan */ - ret = cli_magic_scan_desc(ofd, tempfile, ctx, NULL); + ret = cli_magic_scan_desc(ofd, tempfile, ctx, NULL, LAYER_ATTRIBUTES_NONE); } ret = ret == CL_VIRUS ? CL_VIRUS : CL_SUCCESS; diff --git a/libclamav/ooxml.c b/libclamav/ooxml.c index 644779432c..de56860677 100644 --- a/libclamav/ooxml.c +++ b/libclamav/ooxml.c @@ -146,12 +146,13 @@ static cl_error_t ooxml_parse_document(int fd, cli_ctx *ctx) return ret; } -static cl_error_t ooxml_core_cb(int fd, const char *filepath, cli_ctx *ctx, const char *name) +static cl_error_t ooxml_core_cb(int fd, const char *filepath, cli_ctx *ctx, const char *name, uint32_t attributes) { cl_error_t ret; UNUSEDPARAM(filepath); UNUSEDPARAM(name); + UNUSEDPARAM(attributes); cli_dbgmsg("in ooxml_core_cb\n"); ret = ooxml_parse_document(fd, ctx); @@ -163,12 +164,13 @@ static cl_error_t ooxml_core_cb(int fd, const char *filepath, cli_ctx *ctx, cons return ret; } -static cl_error_t ooxml_extn_cb(int fd, const char *filepath, cli_ctx *ctx, const char *name) +static cl_error_t ooxml_extn_cb(int fd, const char *filepath, cli_ctx *ctx, const char *name, uint32_t attributes) { cl_error_t ret; UNUSEDPARAM(filepath); UNUSEDPARAM(name); + UNUSEDPARAM(attributes); cli_dbgmsg("in ooxml_extn_cb\n"); ret = ooxml_parse_document(fd, ctx); @@ -180,7 +182,7 @@ static cl_error_t ooxml_extn_cb(int fd, const char *filepath, cli_ctx *ctx, cons return ret; } -static cl_error_t ooxml_content_cb(int fd, const char *filepath, cli_ctx *ctx, const char *name) +static cl_error_t ooxml_content_cb(int fd, const char *filepath, cli_ctx *ctx, const char *name, uint32_t attributes) { cl_error_t ret = CL_SUCCESS; int tmp, toval = 0, state; @@ -192,6 +194,7 @@ static cl_error_t ooxml_content_cb(int fd, const char *filepath, cli_ctx *ctx, c UNUSEDPARAM(filepath); UNUSEDPARAM(name); + UNUSEDPARAM(attributes); unsigned long sav_scansize = ctx->scansize; unsigned int sav_scannedfiles = ctx->scannedfiles; @@ -351,13 +354,14 @@ static cl_error_t ooxml_content_cb(int fd, const char *filepath, cli_ctx *ctx, c return ret; } -static cl_error_t ooxml_hwp_cb(int fd, const char *filepath, cli_ctx *ctx, const char *name) +static cl_error_t ooxml_hwp_cb(int fd, const char *filepath, cli_ctx *ctx, const char *name, uint32_t attributes) { cl_error_t ret = CL_SUCCESS; xmlTextReaderPtr reader = NULL; UNUSEDPARAM(filepath); UNUSEDPARAM(name); + UNUSEDPARAM(attributes); cli_dbgmsg("in ooxml_hwp_cb\n"); diff --git a/libclamav/others.c b/libclamav/others.c index 5a565e749b..b7668d18d6 100644 --- a/libclamav/others.c +++ b/libclamav/others.c @@ -1381,7 +1381,7 @@ const char *cli_get_last_virus_str(const cli_ctx *ctx) return ""; } -cl_error_t cli_recursion_stack_push(cli_ctx *ctx, cl_fmap_t *map, cli_file_t type, bool is_new_buffer) +cl_error_t cli_recursion_stack_push(cli_ctx *ctx, cl_fmap_t *map, cli_file_t type, bool is_new_buffer, uint32_t attributes) { cl_error_t status = CL_SUCCESS; @@ -1428,7 +1428,7 @@ cl_error_t cli_recursion_stack_push(cli_ctx *ctx, cl_fmap_t *map, cli_file_t typ // Normalized layers should be ignored when using the get_type() and get_intermediate_type() // functions so that signatures that specify the container or intermediates need not account // for normalized layers "contained in" HTML / Javascript / etc. - new_container->attributes = ctx->next_layer_attributes; + new_container->attributes = attributes; // If the current layer is marked "decrypted", all child-layers are also marked "decrypted". if (current_container->attributes & LAYER_ATTRIBUTES_DECRYPTED) { @@ -1438,8 +1438,6 @@ cl_error_t cli_recursion_stack_push(cli_ctx *ctx, cl_fmap_t *map, cli_file_t typ ctx->fmap = new_container->fmap; done: - // Clear the next-layer attributes so we don't accidentally apply them to all subsequent layers. - ctx->next_layer_attributes = 0; return status; } diff --git a/libclamav/others.h b/libclamav/others.h index df6a09b7d7..7e37c3412d 100644 --- a/libclamav/others.h +++ b/libclamav/others.h @@ -208,9 +208,6 @@ typedef struct cli_ctx_tag { uint32_t recursion_stack_size; /* stack size must == engine->max_recursion_level */ uint32_t recursion_level; /* Index into recursion_stack; current fmap recursion level from start of scan. */ fmap_t *fmap; /* Pointer to current fmap in recursion_stack, varies with recursion depth. For convenience. */ - uint32_t next_layer_attributes; /* Indicate attributes that should apply to the next layer created. - * Notably for LAYER_ATTRIBUTES_NORMALIZED: Indicate that the next fmap pushed to the stack is - * normalized and should be ignored when checking container/intermediate types */ unsigned char handlertype_hash[16]; struct cli_dconf *dconf; bitset_t *hook_lsig_matches; @@ -747,9 +744,10 @@ void cli_virus_found_cb(cli_ctx *ctx); * @param map The fmap for the new layer. * @param type The file type. May be CL_TYPE_ANY if unknown. Can change it later with cli_recursion_stack_change_type(). * @param is_new_buffer true if the fmap represents a new buffer/file, and not some window into an existing fmap. + * @param attributes Layer attributes for the thing to be scanned. * @return cl_error_t CL_SUCCESS if successful, else CL_EMAXREC if exceeding the max recursion depth. */ -cl_error_t cli_recursion_stack_push(cli_ctx *ctx, cl_fmap_t *map, cli_file_t type, bool is_new_buffer); +cl_error_t cli_recursion_stack_push(cli_ctx *ctx, cl_fmap_t *map, cli_file_t type, bool is_new_buffer, uint32_t attributes); /** * @brief Pop off a layer of our scan recursion stack. diff --git a/libclamav/pdf.c b/libclamav/pdf.c index 1762bce4cf..b2011c781c 100644 --- a/libclamav/pdf.c +++ b/libclamav/pdf.c @@ -1419,7 +1419,7 @@ static int pdf_scan_contents(int fd, struct pdf_struct *pdf) cli_writen(fout, s.out, s.out_pos); lseek(fout, 0, SEEK_SET); - rc = cli_magic_scan_desc(fout, fullname, pdf->ctx, NULL); + rc = cli_magic_scan_desc(fout, fullname, pdf->ctx, NULL, LAYER_ATTRIBUTES_NONE); close(fout); if (!pdf->ctx->engine->keeptmp || (s.out_pos == 0)) @@ -1814,7 +1814,7 @@ cl_error_t pdf_extract_obj(struct pdf_struct *pdf, struct pdf_obj *obj, uint32_t /* TODO: invoke bytecode on this pdf obj with metainformation associated */ lseek(fout, 0, SEEK_SET); - rc2 = cli_magic_scan_desc(fout, fullname, pdf->ctx, NULL); + rc2 = cli_magic_scan_desc(fout, fullname, pdf->ctx, NULL, LAYER_ATTRIBUTES_NONE); if (rc2 == CL_VIRUS || rc == CL_SUCCESS) rc = rc2; diff --git a/libclamav/pe.c b/libclamav/pe.c index 1f85004d5f..27a57a002c 100644 --- a/libclamav/pe.c +++ b/libclamav/pe.c @@ -191,44 +191,44 @@ free(tempfile); \ break; -#define CLI_UNPRESULTS_(NAME, FSGSTUFF, EXPR, GOOD, FREEME) \ - switch (EXPR) { \ - case GOOD: /* Unpacked and rebuilt */ \ - if (ctx->engine->keeptmp) \ - cli_dbgmsg(NAME ": Unpacked and rebuilt executable saved in %s\n", tempfile); \ - else \ - cli_dbgmsg(NAME ": Unpacked and rebuilt executable\n"); \ - cli_multifree FREEME; \ - cli_exe_info_destroy(peinfo); \ - lseek(ndesc, 0, SEEK_SET); \ - cli_dbgmsg("***** Scanning rebuilt PE file *****\n"); \ - SHA_OFF; \ - if (cli_magic_scan_desc(ndesc, tempfile, ctx, NULL) == CL_VIRUS) { \ - close(ndesc); \ - SHA_RESET; \ - CLI_TMPUNLK(); \ - free(tempfile); \ - return CL_VIRUS; \ - } \ - SHA_RESET; \ - close(ndesc); \ - CLI_TMPUNLK(); \ - free(tempfile); \ - return CL_CLEAN; \ - \ - FSGSTUFF; \ - \ - default: \ - cli_dbgmsg(NAME ": Unpacking failed\n"); \ - close(ndesc); \ - if (cli_unlink(tempfile)) { \ - cli_exe_info_destroy(peinfo); \ - free(tempfile); \ - cli_multifree FREEME; \ - return CL_EUNLINK; \ - } \ - cli_multifree FREEME; \ - free(tempfile); \ +#define CLI_UNPRESULTS_(NAME, FSGSTUFF, EXPR, GOOD, FREEME) \ + switch (EXPR) { \ + case GOOD: /* Unpacked and rebuilt */ \ + if (ctx->engine->keeptmp) \ + cli_dbgmsg(NAME ": Unpacked and rebuilt executable saved in %s\n", tempfile); \ + else \ + cli_dbgmsg(NAME ": Unpacked and rebuilt executable\n"); \ + cli_multifree FREEME; \ + cli_exe_info_destroy(peinfo); \ + lseek(ndesc, 0, SEEK_SET); \ + cli_dbgmsg("***** Scanning rebuilt PE file *****\n"); \ + SHA_OFF; \ + if (CL_VIRUS == cli_magic_scan_desc(ndesc, tempfile, ctx, NULL, LAYER_ATTRIBUTES_NONE)) { \ + close(ndesc); \ + SHA_RESET; \ + CLI_TMPUNLK(); \ + free(tempfile); \ + return CL_VIRUS; \ + } \ + SHA_RESET; \ + close(ndesc); \ + CLI_TMPUNLK(); \ + free(tempfile); \ + return CL_CLEAN; \ + \ + FSGSTUFF; \ + \ + default: \ + cli_dbgmsg(NAME ": Unpacking failed\n"); \ + close(ndesc); \ + if (cli_unlink(tempfile)) { \ + cli_exe_info_destroy(peinfo); \ + free(tempfile); \ + cli_multifree FREEME; \ + return CL_EUNLINK; \ + } \ + cli_multifree FREEME; \ + free(tempfile); \ } #define CLI_UNPRESULTS(NAME, EXPR, GOOD, FREEME) CLI_UNPRESULTS_(NAME, (void)0, EXPR, GOOD, FREEME) @@ -4026,7 +4026,7 @@ int cli_scanpe(cli_ctx *ctx) cli_dbgmsg("***** Scanning decompressed file *****\n"); SHA_OFF; - if ((ret = cli_magic_scan_desc(ndesc, tempfile, ctx, NULL)) == CL_VIRUS) { + if ((ret = cli_magic_scan_desc(ndesc, tempfile, ctx, NULL, LAYER_ATTRIBUTES_NONE)) == CL_VIRUS) { close(ndesc); SHA_RESET; CLI_TMPUNLK(); diff --git a/libclamav/png.c b/libclamav/png.c index ac7c5d47ea..ad5ae8de68 100644 --- a/libclamav/png.c +++ b/libclamav/png.c @@ -302,7 +302,8 @@ cl_error_t cli_parsepng(cli_ctx *ctx) /* Check if there's an overlay, and scan it if one exists. */ if (map->len > offset) { cli_dbgmsg("PNG: Found " STDu64 " additional data after end of PNG! Scanning as a nested file.\n", map->len - offset); - status = cli_magic_scan_nested_fmap_type(map, (size_t)offset, map->len - offset, ctx, CL_TYPE_ANY, NULL); + status = cli_magic_scan_nested_fmap_type(map, (size_t)offset, map->len - offset, ctx, + CL_TYPE_ANY, NULL, LAYER_ATTRIBUTES_NONE); goto done; } diff --git a/libclamav/rtf.c b/libclamav/rtf.c index 0c74b5439d..682835a2f5 100644 --- a/libclamav/rtf.c +++ b/libclamav/rtf.c @@ -246,7 +246,7 @@ static int decode_and_scan(struct rtf_object_data* data, cli_ctx* ctx) cli_dbgmsg("Decoding ole object\n"); ret = cli_scan_ole10(data->fd, ctx); } else if (data->fd > 0) - ret = cli_magic_scan_desc(data->fd, data->name, ctx, NULL); + ret = cli_magic_scan_desc(data->fd, data->name, ctx, NULL, LAYER_ATTRIBUTES_NONE); if (data->fd > 0) close(data->fd); data->fd = -1; diff --git a/libclamav/scanners.c b/libclamav/scanners.c index c7a80b5d20..7e32581a9b 100644 --- a/libclamav/scanners.c +++ b/libclamav/scanners.c @@ -128,15 +128,14 @@ #include #include -cl_error_t cli_magic_scan_dir(const char *dir, cli_ctx *ctx) +cl_error_t cli_magic_scan_dir(const char *dir, cli_ctx *ctx, uint32_t attributes) { cl_error_t status = CL_CLEAN; DIR *dd = NULL; struct dirent *dent; STATBUF statbuf; - char *fname = NULL; - unsigned int viruses_found = 0; - uint32_t next_layer_attributes = ctx->next_layer_attributes; + char *fname = NULL; + unsigned int viruses_found = 0; if ((dd = opendir(dir)) != NULL) { while ((dent = readdir(dd))) { @@ -155,7 +154,7 @@ cl_error_t cli_magic_scan_dir(const char *dir, cli_ctx *ctx) /* stat the file */ if (LSTAT(fname, &statbuf) != -1) { if (S_ISDIR(statbuf.st_mode) && !S_ISLNK(statbuf.st_mode)) { - if (cli_magic_scan_dir(fname, ctx) == CL_VIRUS) { + if (cli_magic_scan_dir(fname, ctx, attributes) == CL_VIRUS) { if (SCAN_ALLMATCHES) { viruses_found++; continue; @@ -166,10 +165,7 @@ cl_error_t cli_magic_scan_dir(const char *dir, cli_ctx *ctx) } } else { if (S_ISREG(statbuf.st_mode)) { - // restore next-layer attributes, so it applies to all normalized/etc. files in this dir scan. - ctx->next_layer_attributes = next_layer_attributes; - - if (CL_VIRUS == cli_magic_scan_file(fname, ctx, dent->d_name)) { + if (CL_VIRUS == cli_magic_scan_file(fname, ctx, dent->d_name, attributes)) { if (SCAN_ALLMATCHES) { viruses_found++; continue; @@ -310,7 +306,7 @@ static cl_error_t cli_scanrar_file(const char *filepath, int desc, cli_ctx *ctx) } /* Scan the comment */ - status = cli_magic_scan_buff(comment, comment_size, ctx, NULL); + status = cli_magic_scan_buff(comment, comment_size, ctx, NULL, LAYER_ATTRIBUTES_NONE); if ((status == CL_VIRUS) && SCAN_ALLMATCHES) { status = CL_CLEAN; @@ -466,7 +462,7 @@ static cl_error_t cli_scanrar_file(const char *filepath, int desc, cli_ctx *ctx) * ... scan the extracted file. */ cli_dbgmsg("RAR: Extraction complete. Scanning now...\n"); - status = cli_magic_scan_file(extract_fullpath, ctx, filename_base); + status = cli_magic_scan_file(extract_fullpath, ctx, filename_base, LAYER_ATTRIBUTES_NONE); if (status == CL_EOPEN) { cli_dbgmsg("RAR: File not found, Extraction failed!\n"); status = CL_CLEAN; @@ -756,7 +752,7 @@ static cl_error_t cli_scanegg(cli_ctx *ctx) /* * Scan the comment. */ - status = cli_magic_scan_buff(comments[i], strlen(comments[i]), ctx, NULL); + status = cli_magic_scan_buff(comments[i], strlen(comments[i]), ctx, NULL, LAYER_ATTRIBUTES_NONE); if ((status == CL_VIRUS) && SCAN_ALLMATCHES) { status = CL_CLEAN; @@ -926,7 +922,7 @@ static cl_error_t cli_scanegg(cli_ctx *ctx) * Scan the extracted file... */ cli_dbgmsg("EGG: Extraction complete. Scanning now...\n"); - status = cli_magic_scan_buff(extract_buffer, extract_buffer_len, ctx, filename_base); + status = cli_magic_scan_buff(extract_buffer, extract_buffer_len, ctx, filename_base, LAYER_ATTRIBUTES_NONE); if (status == CL_VIRUS) { cli_dbgmsg("EGG: infected with %s\n", cli_get_last_virus(ctx)); status = CL_VIRUS; @@ -1092,7 +1088,7 @@ static cl_error_t cli_scanarj(cli_ctx *ctx) if (lseek(metadata.ofd, 0, SEEK_SET) == -1) { cli_dbgmsg("ARJ: call to lseek() failed\n"); } - status = cli_magic_scan_desc(metadata.ofd, NULL, ctx, metadata.filename); + status = cli_magic_scan_desc(metadata.ofd, NULL, ctx, metadata.filename, LAYER_ATTRIBUTES_NONE); close(metadata.ofd); if (status == CL_VIRUS) { cli_dbgmsg("ARJ: infected with %s\n", cli_get_last_virus(ctx)); @@ -1179,7 +1175,7 @@ static cl_error_t cli_scangzip_with_zib_from_the_80s(cli_ctx *ctx, unsigned char gzclose(gz); - if ((ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL)) == CL_VIRUS) { + if (CL_VIRUS == (ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL, LAYER_ATTRIBUTES_NONE))) { cli_dbgmsg("GZip: Infected with %s\n", cli_get_last_virus(ctx)); close(fd); if (!ctx->engine->keeptmp) { @@ -1281,7 +1277,7 @@ static cl_error_t cli_scangzip(cli_ctx *ctx) inflateEnd(&z); - if ((ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL)) == CL_VIRUS) { + if (CL_VIRUS == (ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL, LAYER_ATTRIBUTES_NONE))) { cli_dbgmsg("GZip: Infected with %s\n", cli_get_last_virus(ctx)); close(fd); if (!ctx->engine->keeptmp) { @@ -1387,7 +1383,7 @@ static cl_error_t cli_scanbzip(cli_ctx *ctx) BZ2_bzDecompressEnd(&strm); - if ((ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL)) == CL_VIRUS) { + if (CL_VIRUS == (ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL, LAYER_ATTRIBUTES_NONE))) { cli_dbgmsg("Bzip: Infected with %s\n", cli_get_last_virus(ctx)); close(fd); if (!ctx->engine->keeptmp) { @@ -1496,7 +1492,7 @@ static cl_error_t cli_scanxz(cli_ctx *ctx) } while (XZ_STREAM_END != rc); /* scan decompressed file */ - if ((ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL)) == CL_VIRUS) { + if (CL_VIRUS == (ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL, LAYER_ATTRIBUTES_NONE))) { cli_dbgmsg("cli_scanxz: Infected with %s\n", cli_get_last_virus(ctx)); } @@ -1536,7 +1532,7 @@ static cl_error_t cli_scanszdd(cli_ctx *ctx) } cli_dbgmsg("MSEXPAND: Decompressed into %s\n", tmpname); - ret = cli_magic_scan_desc(ofd, tmpname, ctx, NULL); + ret = cli_magic_scan_desc(ofd, tmpname, ctx, NULL, LAYER_ATTRIBUTES_NONE); close(ofd); if (!ctx->engine->keeptmp) if (cli_unlink(tmpname)) @@ -1588,10 +1584,7 @@ static cl_error_t vba_scandata(const unsigned char *data, size_t len, cli_ctx *c goto done; } - // This flag ingested by cli_recursion_stack_push(). - ctx->next_layer_attributes |= LAYER_ATTRIBUTES_NORMALIZED; - - ret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_MSOLE2, true); /* Perform exp_eval with child fmap */ + ret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_MSOLE2, true, LAYER_ATTRIBUTES_NONE); /* Perform exp_eval with child fmap */ if (CL_SUCCESS != ret) { cli_dbgmsg("Failed to scan fmap.\n"); goto done; @@ -1754,7 +1747,7 @@ static cl_error_t cli_ole2_tempdir_scan_vba_new(const char *dir, cli_ctx *ctx, s goto done; } - ret = cli_scan_desc(tempfd, ctx, CL_TYPE_SCRIPT, 0, NULL, AC_SCAN_VIR, NULL, NULL); + ret = cli_scan_desc(tempfd, ctx, CL_TYPE_SCRIPT, 0, NULL, AC_SCAN_VIR, NULL, NULL, LAYER_ATTRIBUTES_NONE); close(tempfd); tempfd = -1; @@ -2006,7 +1999,7 @@ static cl_error_t cli_ole2_tempdir_scan_vba(const char *dir, cli_ctx *ctx, struc continue; } if ((fullname = cli_ppt_vba_read(fd, ctx))) { - ret = cli_magic_scan_dir(fullname, ctx); + ret = cli_magic_scan_dir(fullname, ctx, LAYER_ATTRIBUTES_NONE); if (!ctx->engine->keeptmp) cli_rmdirs(fullname); @@ -2173,11 +2166,10 @@ static cl_error_t cli_scanhtml(cli_ctx *ctx) snprintf(fullname, 1024, "%s" PATHSEP "nocomment.html", tempname); fd = open(fullname, O_RDONLY | O_BINARY); if (fd >= 0) { - // This flag ingested by cli_recursion_stack_push(). - ctx->next_layer_attributes |= LAYER_ATTRIBUTES_NORMALIZED; - - if ((ret = cli_scan_desc(fd, ctx, CL_TYPE_HTML, 0, NULL, AC_SCAN_VIR, NULL, NULL)) == CL_VIRUS) + if (CL_VIRUS == (ret = cli_scan_desc(fd, ctx, CL_TYPE_HTML, 0, NULL, AC_SCAN_VIR, + NULL, NULL, LAYER_ATTRIBUTES_NORMALIZED))) { viruses_found++; + } close(fd); } @@ -2193,11 +2185,10 @@ static cl_error_t cli_scanhtml(cli_ctx *ctx) snprintf(fullname, 1024, "%s" PATHSEP "notags.html", tempname); fd = open(fullname, O_RDONLY | O_BINARY); if (fd >= 0) { - // This flag ingested by cli_recursion_stack_push(). - ctx->next_layer_attributes |= LAYER_ATTRIBUTES_NORMALIZED; - - if ((ret = cli_scan_desc(fd, ctx, CL_TYPE_HTML, 0, NULL, AC_SCAN_VIR, NULL, NULL)) == CL_VIRUS) + if (CL_VIRUS == (ret = cli_scan_desc(fd, ctx, CL_TYPE_HTML, 0, NULL, AC_SCAN_VIR, + NULL, NULL, LAYER_ATTRIBUTES_NORMALIZED))) { viruses_found++; + } close(fd); } @@ -2208,18 +2199,16 @@ static cl_error_t cli_scanhtml(cli_ctx *ctx) snprintf(fullname, 1024, "%s" PATHSEP "javascript", tempname); fd = open(fullname, O_RDONLY | O_BINARY); if (fd >= 0) { - // This flag ingested by cli_recursion_stack_push(). - ctx->next_layer_attributes |= LAYER_ATTRIBUTES_NORMALIZED; - - if ((ret = cli_scan_desc(fd, ctx, CL_TYPE_HTML, 0, NULL, AC_SCAN_VIR, NULL, NULL)) == CL_VIRUS) + if (CL_VIRUS == (ret = cli_scan_desc(fd, ctx, CL_TYPE_HTML, 0, NULL, AC_SCAN_VIR, + NULL, NULL, LAYER_ATTRIBUTES_NORMALIZED))) { viruses_found++; + } if (ret == CL_CLEAN || (ret == CL_VIRUS && SCAN_ALLMATCHES)) { - // This flag ingested by cli_recursion_stack_push(). - ctx->next_layer_attributes |= LAYER_ATTRIBUTES_NORMALIZED; - - if ((ret = cli_scan_desc(fd, ctx, CL_TYPE_TEXT_ASCII, 0, NULL, AC_SCAN_VIR, NULL, NULL)) == CL_VIRUS) + if (CL_VIRUS == (ret = cli_scan_desc(fd, ctx, CL_TYPE_TEXT_ASCII, 0, NULL, AC_SCAN_VIR, + NULL, NULL, LAYER_ATTRIBUTES_NORMALIZED))) { viruses_found++; + } } close(fd); } @@ -2227,11 +2216,7 @@ static cl_error_t cli_scanhtml(cli_ctx *ctx) if (ret == CL_CLEAN || (ret == CL_VIRUS && SCAN_ALLMATCHES)) { snprintf(fullname, 1024, "%s" PATHSEP "rfc2397", tempname); - - // This flag ingested by cli_recursion_stack_push() or cleared when cli_magic_scan_dir() is done. - ctx->next_layer_attributes |= LAYER_ATTRIBUTES_NORMALIZED; - - ret = cli_magic_scan_dir(fullname, ctx); + ret = cli_magic_scan_dir(fullname, ctx, LAYER_ATTRIBUTES_NORMALIZED); if (CL_EOPEN == ret) { /* If the directory doesn't exist, that's fine */ ret = CL_CLEAN; @@ -2346,10 +2331,8 @@ static cl_error_t cli_scanscript(cli_ctx *ctx) goto done; } - // This flag ingested by cli_recursion_stack_push(). - ctx->next_layer_attributes |= LAYER_ATTRIBUTES_NORMALIZED; - - ret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_TEXT_ASCII, true); /* Perform cli_scan_fmap with child fmap */ + /* Perform cli_scan_fmap with child fmap */ + ret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_TEXT_ASCII, true, LAYER_ATTRIBUTES_NORMALIZED); if (CL_SUCCESS != ret) { cli_dbgmsg("Failed to scan fmap.\n"); goto done; @@ -2504,11 +2487,8 @@ static cl_error_t cli_scanhtml_utf16(cli_ctx *ctx) goto done; } - // s/normalized/transcoded, practically the same thing. - // This flag ingested by cli_recursion_stack_push(). - ctx->next_layer_attributes |= LAYER_ATTRIBUTES_NORMALIZED; - - status = cli_recursion_stack_push(ctx, new_map, CL_TYPE_HTML, true); /* Perform exp_eval with child fmap */ + /* Perform exp_eval with child fmap */ + status = cli_recursion_stack_push(ctx, new_map, CL_TYPE_HTML, true, LAYER_ATTRIBUTES_NORMALIZED); if (CL_SUCCESS != status) { cli_dbgmsg("Failed to scan fmap.\n"); goto done; @@ -2636,7 +2616,7 @@ static cl_error_t cli_ole2_scan_tempdir( } if (has_xlm || has_vba) { - status = cli_magic_scan_dir(dir, ctx); + status = cli_magic_scan_dir(dir, ctx, LAYER_ATTRIBUTES_NONE); if (CL_VIRUS == status) { viruses_found++; if (!SCAN_ALLMATCHES) { @@ -2837,7 +2817,7 @@ static cl_error_t cli_scanscrenc(cli_ctx *ctx) } if (html_screnc_decode(ctx->fmap, tempname)) - ret = cli_magic_scan_dir(tempname, ctx); + ret = cli_magic_scan_dir(tempname, ctx, LAYER_ATTRIBUTES_NONE); if (!ctx->engine->keeptmp) cli_rmdirs(tempname); @@ -2902,7 +2882,7 @@ static cl_error_t cli_scancryptff(cli_ctx *ctx) cli_dbgmsg("CryptFF: Scanning decrypted data\n"); - if ((ret = cli_magic_scan_desc(ndesc, tempfile, ctx, NULL)) == CL_VIRUS) + if (CL_VIRUS == (ret = cli_magic_scan_desc(ndesc, tempfile, ctx, NULL, LAYER_ATTRIBUTES_NONE))) cli_dbgmsg("CryptFF: Infected with %s\n", cli_get_last_virus(ctx)); close(ndesc); @@ -2956,7 +2936,7 @@ static cl_error_t cli_scantnef(cli_ctx *ctx) ret = cli_tnef(dir, ctx); if (ret == CL_CLEAN) - ret = cli_magic_scan_dir(dir, ctx); + ret = cli_magic_scan_dir(dir, ctx, LAYER_ATTRIBUTES_NONE); if (!ctx->engine->keeptmp) cli_rmdirs(dir); @@ -2982,7 +2962,7 @@ static cl_error_t cli_scanuuencoded(cli_ctx *ctx) ret = cli_uuencode(dir, ctx->fmap); if (ret == CL_CLEAN) - ret = cli_magic_scan_dir(dir, ctx); + ret = cli_magic_scan_dir(dir, ctx, LAYER_ATTRIBUTES_NONE); if (!ctx->engine->keeptmp) cli_rmdirs(dir); @@ -3023,7 +3003,7 @@ static cl_error_t cli_scanmail(cli_ctx *ctx) } } - ret = cli_magic_scan_dir(dir, ctx); + ret = cli_magic_scan_dir(dir, ctx, LAYER_ATTRIBUTES_NONE); if (!ctx->engine->keeptmp) cli_rmdirs(dir); @@ -3183,7 +3163,7 @@ static cl_error_t cli_scanembpe(cli_ctx *ctx, off_t offset) corrupted_input = ctx->corrupted_input; ctx->corrupted_input = 1; - ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL); + ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL, LAYER_ATTRIBUTES_NONE); ctx->corrupted_input = corrupted_input; if (ret == CL_VIRUS) { cli_dbgmsg("cli_scanembpe: Infected with %s\n", cli_get_last_virus(ctx)); @@ -3650,7 +3630,8 @@ static cl_error_t scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_fi break; } - nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_RAR, false); /* Perform scan with child fmap */ + /* Perform scan with child fmap */ + nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_RAR, false, LAYER_ATTRIBUTES_NONE); if (CL_SUCCESS != nret) { ret = nret; cli_dbgmsg("scanraw: Failed to add map to recursion stack to scan embedded file.\n"); @@ -3673,7 +3654,8 @@ static cl_error_t scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_fi break; } - nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_EGG, false); /* Perform scan with child fmap */ + /* Perform scan with child fmap */ + nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_EGG, false, LAYER_ATTRIBUTES_NONE); if (CL_SUCCESS != nret) { ret = nret; cli_dbgmsg("scanraw: Failed to add map to recursion stack to scan embedded file.\n"); @@ -3696,7 +3678,8 @@ static cl_error_t scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_fi break; } - nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_ZIP, false); /* Perform scan with child fmap */ + /* Perform scan with child fmap */ + nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_ZIP, false, LAYER_ATTRIBUTES_NONE); if (CL_SUCCESS != nret) { ret = nret; cli_dbgmsg("scanraw: Failed to add map to recursion stack to scan embedded file.\n"); @@ -3719,7 +3702,8 @@ static cl_error_t scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_fi break; } - nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_MSCAB, false); /* Perform scan with child fmap */ + /* Perform scan with child fmap */ + nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_MSCAB, false, LAYER_ATTRIBUTES_NONE); if (CL_SUCCESS != nret) { ret = nret; cli_dbgmsg("scanraw: Failed to add map to recursion stack to scan embedded file.\n"); @@ -3742,7 +3726,8 @@ static cl_error_t scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_fi break; } - nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_ARJ, false); /* Perform scan with child fmap */ + /* Perform scan with child fmap */ + nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_ARJ, false, LAYER_ATTRIBUTES_NONE); if (CL_SUCCESS != nret) { ret = nret; cli_dbgmsg("scanraw: Failed to add map to recursion stack to scan embedded file.\n"); @@ -3765,7 +3750,8 @@ static cl_error_t scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_fi break; } - nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_7Z, false); /* Perform scan with child fmap */ + /* Perform scan with child fmap */ + nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_7Z, false, LAYER_ATTRIBUTES_NONE); if (CL_SUCCESS != nret) { ret = nret; cli_dbgmsg("scanraw: Failed to add map to recursion stack to scan embedded file.\n"); @@ -3788,7 +3774,8 @@ static cl_error_t scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_fi break; } - nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_NULSFT, false); /* Perform scan with child fmap */ + /* Perform scan with child fmap */ + nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_NULSFT, false, LAYER_ATTRIBUTES_NONE); if (CL_SUCCESS != nret) { ret = nret; cli_dbgmsg("scanraw: Failed to add map to recursion stack to scan embedded file.\n"); @@ -3811,7 +3798,8 @@ static cl_error_t scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_fi break; } - nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_AUTOIT, false); /* Perform scan with child fmap */ + /* Perform scan with child fmap */ + nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_AUTOIT, false, LAYER_ATTRIBUTES_NONE); if (CL_SUCCESS != nret) { ret = nret; cli_dbgmsg("scanraw: Failed to add map to recursion stack to scan embedded file.\n"); @@ -3834,7 +3822,8 @@ static cl_error_t scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_fi break; } - nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_ISHIELD_MSI, false); /* Perform scan with child fmap */ + /* Perform scan with child fmap */ + nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_ISHIELD_MSI, false, LAYER_ATTRIBUTES_NONE); if (CL_SUCCESS != nret) { ret = nret; cli_dbgmsg("scanraw: Failed to add map to recursion stack to scan embedded file.\n"); @@ -3857,7 +3846,8 @@ static cl_error_t scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_fi break; } - nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_PDF, false); /* Perform scan with child fmap */ + /* Perform scan with child fmap */ + nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_PDF, false, LAYER_ATTRIBUTES_NONE); if (CL_SUCCESS != nret) { ret = nret; cli_dbgmsg("scanraw: Failed to add map to recursion stack to scan embedded file.\n"); @@ -3885,7 +3875,8 @@ static cl_error_t scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_fi break; } - nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_MSEXE, false); /* Perform scan with child fmap */ + /* Perform scan with child fmap */ + nret = cli_recursion_stack_push(ctx, new_map, CL_TYPE_MSEXE, false, LAYER_ATTRIBUTES_NONE); if (CL_SUCCESS != nret) { ret = nret; cli_dbgmsg("scanraw: Failed to add map to recursion stack to scan embedded file.\n"); @@ -5100,7 +5091,8 @@ cl_error_t cli_magic_scan(cli_ctx *ctx, cli_file_t type) return ret; } -cl_error_t cli_magic_scan_desc_type(int desc, const char *filepath, cli_ctx *ctx, cli_file_t type, const char *name) +cl_error_t cli_magic_scan_desc_type(int desc, const char *filepath, cli_ctx *ctx, cli_file_t type, + const char *name, uint32_t attributes) { STATBUF sb; cl_error_t status = CL_CLEAN; @@ -5145,7 +5137,7 @@ cl_error_t cli_magic_scan_desc_type(int desc, const char *filepath, cli_ctx *ctx goto done; } - status = cli_recursion_stack_push(ctx, new_map, type, true); /* Perform scan with child fmap */ + status = cli_recursion_stack_push(ctx, new_map, type, true, attributes); /* Perform scan with child fmap */ if (CL_SUCCESS != status) { cli_dbgmsg("Failed to scan fmap.\n"); goto done; @@ -5162,15 +5154,12 @@ cl_error_t cli_magic_scan_desc_type(int desc, const char *filepath, cli_ctx *ctx ctx->sub_filepath = parent_filepath; - // Clear the next-layer attributes so we don't accidentally apply them to subsequent layers. - ctx->next_layer_attributes = 0; - return status; } -cl_error_t cli_magic_scan_desc(int desc, const char *filepath, cli_ctx *ctx, const char *name) +cl_error_t cli_magic_scan_desc(int desc, const char *filepath, cli_ctx *ctx, const char *name, uint32_t attributes) { - return cli_magic_scan_desc_type(desc, filepath, ctx, CL_TYPE_ANY, name); + return cli_magic_scan_desc_type(desc, filepath, ctx, CL_TYPE_ANY, name, attributes); } cl_error_t cl_scandesc(int desc, const char *filename, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, struct cl_scan_options *scanoptions) @@ -5191,7 +5180,8 @@ cl_error_t cl_scandesc(int desc, const char *filename, const char **virname, uns * @param name (optional) Original name of the file (to set fmap name metadata) * @return int CL_SUCCESS, or an error code. */ -static cl_error_t magic_scan_nested_fmap_type(cl_fmap_t *map, size_t offset, size_t length, cli_ctx *ctx, cli_file_t type, const char *name) +static cl_error_t magic_scan_nested_fmap_type(cl_fmap_t *map, size_t offset, size_t length, cli_ctx *ctx, + cli_file_t type, const char *name, uint32_t attributes) { cl_error_t status = CL_CLEAN; fmap_t *new_map = NULL; @@ -5224,7 +5214,7 @@ static cl_error_t magic_scan_nested_fmap_type(cl_fmap_t *map, size_t offset, siz goto done; } - status = cli_recursion_stack_push(ctx, new_map, type, false); /* Perform scan with child fmap */ + status = cli_recursion_stack_push(ctx, new_map, type, false, attributes); /* Perform scan with child fmap */ if (CL_SUCCESS != status) { cli_dbgmsg("magic_scan_nested_fmap_type: Failed to add map to recursion stack for magic scan.\n"); goto done; @@ -5243,7 +5233,8 @@ static cl_error_t magic_scan_nested_fmap_type(cl_fmap_t *map, size_t offset, siz } /* For map scans that may be forced to disk */ -cl_error_t cli_magic_scan_nested_fmap_type(cl_fmap_t *map, size_t offset, size_t length, cli_ctx *ctx, cli_file_t type, const char *name) +cl_error_t cli_magic_scan_nested_fmap_type(cl_fmap_t *map, size_t offset, size_t length, cli_ctx *ctx, + cli_file_t type, const char *name, uint32_t attributes) { cl_error_t ret = CL_CLEAN; @@ -5301,7 +5292,7 @@ cl_error_t cli_magic_scan_nested_fmap_type(cl_fmap_t *map, size_t offset, size_t } /* scan the temp file */ - ret = cli_magic_scan_desc_type(fd, tempfile, ctx, type, name); + ret = cli_magic_scan_desc_type(fd, tempfile, ctx, type, name, attributes); /* remove the temp file, if needed */ if (fd >= 0) { @@ -5320,12 +5311,12 @@ cl_error_t cli_magic_scan_nested_fmap_type(cl_fmap_t *map, size_t offset, size_t * * Just use nested map by scanning given fmap at offset + length. */ - ret = magic_scan_nested_fmap_type(map, offset, length, ctx, type, name); + ret = magic_scan_nested_fmap_type(map, offset, length, ctx, type, name, attributes); } return ret; } -cl_error_t cli_magic_scan_buff(const void *buffer, size_t length, cli_ctx *ctx, const char *name) +cl_error_t cli_magic_scan_buff(const void *buffer, size_t length, cli_ctx *ctx, const char *name, uint32_t attributes) { cl_error_t ret; fmap_t *map = NULL; @@ -5335,7 +5326,7 @@ cl_error_t cli_magic_scan_buff(const void *buffer, size_t length, cli_ctx *ctx, return CL_EMAP; } - ret = cli_magic_scan_nested_fmap_type(map, 0, length, ctx, CL_TYPE_ANY, name); + ret = cli_magic_scan_nested_fmap_type(map, 0, length, ctx, CL_TYPE_ANY, name, attributes); funmap(map); @@ -5557,7 +5548,7 @@ static cl_error_t scan_common(cl_fmap_t *map, const char *filepath, const char * )) { cli_dbgmsg("scan_common: running deprecated preclass bytecodes for target type 13\n"); ctx.options->general &= ~CL_SCAN_GENERAL_COLLECT_METADATA; - status = cli_magic_scan_buff(jstring, strlen(jstring), &ctx, NULL); + status = cli_magic_scan_buff(jstring, strlen(jstring), &ctx, NULL, LAYER_ATTRIBUTES_NONE); } } @@ -5731,7 +5722,7 @@ cl_error_t cli_found_possibly_unwanted(cli_ctx *ctx) return CL_CLEAN; } -cl_error_t cli_magic_scan_file(const char *filename, cli_ctx *ctx, const char *original_name) +cl_error_t cli_magic_scan_file(const char *filename, cli_ctx *ctx, const char *original_name, uint32_t attributes) { int fd = -1; cl_error_t ret = CL_EOPEN; @@ -5742,14 +5733,12 @@ cl_error_t cli_magic_scan_file(const char *filename, cli_ctx *ctx, const char *o goto done; } - ret = cli_magic_scan_desc(fd, filename, ctx, original_name); + ret = cli_magic_scan_desc(fd, filename, ctx, original_name, attributes); done: if (fd >= 0) { close(fd); } - // Clear the next-layer attributes so we don't accidentally apply them to subsequent layers. - ctx->next_layer_attributes = 0; return ret; } diff --git a/libclamav/scanners.h b/libclamav/scanners.h index ba869cff54..b5887b91cf 100644 --- a/libclamav/scanners.h +++ b/libclamav/scanners.h @@ -31,34 +31,38 @@ * * This API allows you to specify the file type in advance if you know it. * - * @param desc File descriptor - * @param filepath (optional) Full file path. - * @param ctx Scanning context structure. - * @param type CL_TYPE of data to be scanned. - * @param name (optional) Original name of the file (to set fmap name metadata) + * @param desc File descriptor + * @param filepath (optional) Full file path. + * @param ctx Scanning context structure. + * @param type CL_TYPE of data to be scanned. + * @param name (optional) Original name of the file (to set fmap name metadata) + * @param attributes Layer attributes of the file being scanned (is it normalized, decrypted, etc) * @return cl_error_t */ -cl_error_t cli_magic_scan_desc_type(int desc, const char *filepath, cli_ctx *ctx, cli_file_t type, const char *name); +cl_error_t cli_magic_scan_desc_type(int desc, const char *filepath, cli_ctx *ctx, cli_file_t type, + const char *name, uint32_t attributes); /** * @brief Scan a tempfile / sub-file of _any_ type, passing in the fd, filepath (if available), and the scanning context. * - * @param desc File descriptor - * @param filepath (optional) Full file path. - * @param ctx Scanning context structure. - * @param name (optional) Original name of the file (to set fmap name metadata) - * @return int CL_SUCCESS, or an error code. + * @param desc File descriptor + * @param filepath (optional) Full file path. + * @param ctx Scanning context structure. + * @param name (optional) Original name of the file (to set fmap name metadata) + * @param attributes Layer attributes of the file being scanned (is it normalized, decrypted, etc) + * @return int CL_SUCCESS, or an error code. */ -cl_error_t cli_magic_scan_desc(int desc, const char *filepath, cli_ctx *ctx, const char *name); +cl_error_t cli_magic_scan_desc(int desc, const char *filepath, cli_ctx *ctx, + const char *name, uint32_t attributes); /** * @brief Perform a magic scan on the current ctx. * * Calls to cli_magic_scan() should be wrapped with a cli_recursion_stack_push/pop, except in scan_common() * - * @param ctx Scanning context structure. - * @param type CL_TYPE of data to be scanned. - * @return int CL_SUCCESS, or an error code. + * @param ctx Scanning context structure. + * @param type CL_TYPE of data to be scanned. + * @return int CL_SUCCESS, or an error code. */ cl_error_t cli_magic_scan(cli_ctx *ctx, cli_file_t type); @@ -71,28 +75,32 @@ cl_error_t cli_magic_scan(cli_ctx *ctx, cli_file_t type); * or if force-to-disk IS enabled, it will write the file to a temp file and then * will scan with cli_magic_scan_desc_type(). * - * @param map File map. - * @param offset Offset into file map. - * @param length Length from offset. - * @param ctx Scanning context structure. - * @param type CL_TYPE of data to be scanned. - * @param name (optional) Original name of the file (to set fmap name metadata) - * @return int CL_SUCCESS, or an error code. + * @param map File map. + * @param offset Offset into file map. + * @param length Length from offset. + * @param ctx Scanning context structure. + * @param type CL_TYPE of data to be scanned. + * @param name (optional) Original name of the file (to set fmap name metadata) + * @param attributes Layer attributes of the file being scanned (is it normalized, decrypted, etc) + * @return int CL_SUCCESS, or an error code. */ -cl_error_t cli_magic_scan_nested_fmap_type(cl_fmap_t *map, size_t offset, size_t length, cli_ctx *ctx, cli_file_t type, const char *name); +cl_error_t cli_magic_scan_nested_fmap_type(cl_fmap_t *map, size_t offset, size_t length, cli_ctx *ctx, + cli_file_t type, const char *name, uint32_t attributes); /** * @brief Convenience wrapper for cli_magic_scan_nested_fmap_type(). * * Creates an fmap and calls cli_magic_scan_nested_fmap_type() for you, with type CL_TYPE_ANY. * - * @param buffer Pointer to the buffer to be scanned. - * @param length Size in bytes of the buffer being scanned. - * @param ctx Scanning context structure. - * @param name (optional) Original name of the file (to set fmap name metadata) - * @return int CL_SUCCESS, or an error code. + * @param buffer Pointer to the buffer to be scanned. + * @param length Size in bytes of the buffer being scanned. + * @param ctx Scanning context structure. + * @param name (optional) Original name of the file (to set fmap name metadata) + * @param attributes Layer attributes of the file being scanned (is it normalized, decrypted, etc) + * @return int CL_SUCCESS, or an error code. */ -cl_error_t cli_magic_scan_buff(const void *buffer, size_t length, cli_ctx *ctx, const char *name); +cl_error_t cli_magic_scan_buff(const void *buffer, size_t length, cli_ctx *ctx, + const char *name, uint32_t attributes); cl_error_t cli_found_possibly_unwanted(cli_ctx *ctx); @@ -104,9 +112,11 @@ cl_error_t cli_found_possibly_unwanted(cli_ctx *ctx); * @param filename Filepath of the file to be scanned. * @param ctx Scanning context structure. * @param original_name (optional) Original name of the file (to set fmap name metadata) + * @param attributes Layer attributes of the file being scanned (is it normalized, decrypted, etc) * @return cl_error_t */ -cl_error_t cli_magic_scan_file(const char *filename, cli_ctx *ctx, const char *original_name); +cl_error_t cli_magic_scan_file(const char *filename, cli_ctx *ctx, + const char *original_name, uint32_t attributes); /** * @brief Internal function to recursively scan a directory. @@ -115,9 +125,10 @@ cl_error_t cli_magic_scan_file(const char *filename, cli_ctx *ctx, const char *o * * @param dirname Filepath of the directory to be scanned. * @param ctx Scanning context structure. + * @param attributes Layer attributes of the file being scanned (is it normalized, decrypted, etc) * @return cl_error_t */ -cl_error_t cli_magic_scan_dir(const char *dirname, cli_ctx *ctx); +cl_error_t cli_magic_scan_dir(const char *dirname, cli_ctx *ctx, uint32_t attributes); /** * @brief Mark all scan recursion fmap layers as non-cacheable. diff --git a/libclamav/sis.c b/libclamav/sis.c index 28e89cdd1a..11a9c46b09 100644 --- a/libclamav/sis.c +++ b/libclamav/sis.c @@ -517,7 +517,7 @@ static cl_error_t real_scansis(cli_ctx *ctx, const char *tmpd) FREE(decomp); - if (cli_magic_scan_desc(fd, ofn, ctx, original_filepath) == CL_VIRUS) { + if (CL_VIRUS == cli_magic_scan_desc(fd, ofn, ctx, original_filepath, LAYER_ATTRIBUTES_NONE)) { status = CL_VIRUS; goto done; } @@ -840,7 +840,7 @@ static cl_error_t real_scansis9x(cli_ctx *ctx, const char *tmpd) break; } free(dst); - if (cli_magic_scan_desc(fd, tempf, ctx, NULL) == CL_VIRUS) { + if (cli_magic_scan_desc(fd, tempf, ctx, NULL, LAYER_ATTRIBUTES_NONE) == CL_VIRUS) { close(fd); return CL_VIRUS; } diff --git a/libclamav/swf.c b/libclamav/swf.c index 5f3966b8c4..404092cdaf 100644 --- a/libclamav/swf.c +++ b/libclamav/swf.c @@ -288,7 +288,7 @@ static cl_error_t scanzws(cli_ctx *ctx, struct swf_file_hdr *hdr) hdr->filesize, (long long unsigned)outsize); } - ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL); + ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL, LAYER_ATTRIBUTES_NONE); close(fd); if (!(ctx->engine->keeptmp)) { @@ -424,7 +424,7 @@ static cl_error_t scancws(cli_ctx *ctx, struct swf_file_hdr *hdr) hdr->filesize, outsize); } - ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL); + ret = cli_magic_scan_desc(fd, tmpname, ctx, NULL, LAYER_ATTRIBUTES_NONE); close(fd); if (!ctx->engine->keeptmp) { diff --git a/libclamav/untar.c b/libclamav/untar.c index acf735bed2..6306500c1d 100644 --- a/libclamav/untar.c +++ b/libclamav/untar.c @@ -173,7 +173,7 @@ cl_error_t cli_untar(const char *dir, unsigned int posix, cli_ctx *ctx) if (fout >= 0) { lseek(fout, 0, SEEK_SET); - ret = cli_magic_scan_desc(fout, fullname, ctx, name); + ret = cli_magic_scan_desc(fout, fullname, ctx, name, LAYER_ATTRIBUTES_NONE); close(fout); if (!ctx->engine->keeptmp) if (cli_unlink(fullname)) return CL_EUNLINK; @@ -369,7 +369,7 @@ cl_error_t cli_untar(const char *dir, unsigned int posix, cli_ctx *ctx) } if (fout >= 0) { lseek(fout, 0, SEEK_SET); - ret = cli_magic_scan_desc(fout, fullname, ctx, name); + ret = cli_magic_scan_desc(fout, fullname, ctx, name, LAYER_ATTRIBUTES_NONE); close(fout); if (!ctx->engine->keeptmp) if (cli_unlink(fullname)) return CL_EUNLINK; diff --git a/libclamav/unzip.c b/libclamav/unzip.c index 1cf895c34b..66f6f51c6c 100644 --- a/libclamav/unzip.c +++ b/libclamav/unzip.c @@ -111,7 +111,8 @@ static cl_error_t unz( cli_ctx *ctx, char *tmpd, zip_cb zcb, - const char *original_filename) + const char *original_filename, + bool decrypted) { char obuf[BUFSIZ] = {0}; char *tempfile = NULL; @@ -142,7 +143,8 @@ static cl_error_t unz( if (csize < usize) { unsigned int fake = *num_files_unzipped + 1; cli_dbgmsg("cli_unzip: attempting to inflate stored file with inconsistent size\n"); - if ((ret = unz(src, csize, usize, ALG_DEFLATE, 0, &fake, ctx, tmpd, zcb, original_filename)) == CL_CLEAN) { + if (CL_CLEAN == (ret = unz(src, csize, usize, ALG_DEFLATE, 0, &fake, ctx, + tmpd, zcb, original_filename, decrypted))) { (*num_files_unzipped)++; res = fake - (*num_files_unzipped); } else @@ -150,7 +152,8 @@ static cl_error_t unz( } if (res == 1) { if (ctx->engine->maxfilesize && csize > ctx->engine->maxfilesize) { - cli_dbgmsg("cli_unzip: trimming output size to maxfilesize (%lu)\n", (long unsigned int)ctx->engine->maxfilesize); + cli_dbgmsg("cli_unzip: trimming output size to maxfilesize (%lu)\n", + (long unsigned int)ctx->engine->maxfilesize); csize = ctx->engine->maxfilesize; } if (cli_writen(out_file, src, csize) != csize) @@ -350,7 +353,7 @@ static cl_error_t unz( close(out_file); return CL_ESEEK; } - ret = zcb(out_file, tempfile, ctx, original_filename); + ret = zcb(out_file, tempfile, ctx, original_filename, decrypted); close(out_file); if (!ctx->engine->keeptmp) if (cli_unlink(tempfile)) ret = CL_EUNLINK; @@ -537,9 +540,6 @@ static inline cl_error_t zdecrypt( cli_dbgmsg("cli_unzip: decrypt - decrypted %zu bytes to %s\n", total, tempfile); - /* The next call to push a layer onto the recursion stack will collect this "was decrypted" status. */ - ctx->next_layer_attributes |= LAYER_ATTRIBUTES_DECRYPTED; - /* decrypt data to new fmap -> buffer */ if (!(dcypt_map = fmap(out_file, 0, total, NULL))) { cli_warnmsg("cli_unzip: decrypt - failed to create fmap on decrypted file %s\n", tempfile); @@ -555,7 +555,8 @@ static inline cl_error_t zdecrypt( } /* call unz on decrypted output */ - ret = unz(dcypt_zip, csize - SIZEOF_ENCRYPTION_HEADER, usize, LOCAL_HEADER_method, LOCAL_HEADER_flags, num_files_unzipped, ctx, tmpd, zcb, original_filename); + ret = unz(dcypt_zip, csize - SIZEOF_ENCRYPTION_HEADER, usize, LOCAL_HEADER_method, LOCAL_HEADER_flags, + num_files_unzipped, ctx, tmpd, zcb, original_filename, true); /* clean-up and return */ funmap(dcypt_map); @@ -727,7 +728,8 @@ static unsigned int parse_local_file_header( *ret = zdecrypt(zip, csize, usize, local_header, num_files_unzipped, ctx, tmpd, zcb, original_filename); } else { if (fmap_need_ptr_once(map, zip, csize)) - *ret = unz(zip, csize, usize, LOCAL_HEADER_method, LOCAL_HEADER_flags, num_files_unzipped, ctx, tmpd, zcb, original_filename); + *ret = unz(zip, csize, usize, LOCAL_HEADER_method, LOCAL_HEADER_flags, num_files_unzipped, + ctx, tmpd, zcb, original_filename, false); } } else { if ((NULL == original_filename) || @@ -1275,7 +1277,8 @@ cl_error_t cli_unzip(cli_ctx *ctx) ctx, tmpd, zip_scan_cb, - zip_catalogue[i].original_filename); + zip_catalogue[i].original_filename, + false); } file_count++; diff --git a/libclamav/unzip.h b/libclamav/unzip.h index 2b67660aa8..744ddb603a 100644 --- a/libclamav/unzip.h +++ b/libclamav/unzip.h @@ -28,7 +28,8 @@ #include "others.h" -typedef cl_error_t (*zip_cb)(int fd, const char *filepath, cli_ctx *ctx, const char *name); +// Callback is the same as cli_magic_scan_desc +typedef cl_error_t (*zip_cb)(int fd, const char *filepath, cli_ctx *ctx, const char *name, uint32_t attributes); #define zip_scan_cb cli_magic_scan_desc #define MAX_ZIP_REQUESTS 10 diff --git a/libclamav/vba_extract.c b/libclamav/vba_extract.c index d8280c68b3..3e2bf67fcb 100644 --- a/libclamav/vba_extract.c +++ b/libclamav/vba_extract.c @@ -1723,7 +1723,7 @@ int cli_scan_ole10(int fd, cli_ctx *ctx) cli_dbgmsg("cli_decode_ole_object: decoding to %s\n", fullname); ole_copy_file_data(fd, ofd, object_size); lseek(ofd, 0, SEEK_SET); - ret = cli_magic_scan_desc(ofd, fullname, ctx, NULL); + ret = cli_magic_scan_desc(ofd, fullname, ctx, NULL, LAYER_ATTRIBUTES_NONE); close(ofd); if (ctx && !ctx->engine->keeptmp) if (cli_unlink(fullname)) diff --git a/libclamav/xar.c b/libclamav/xar.c index 45e3d83f30..a5de297370 100644 --- a/libclamav/xar.c +++ b/libclamav/xar.c @@ -308,7 +308,7 @@ static int xar_scan_subdocuments(xmlTextReaderPtr reader, cli_ctx *ctx) } subdoc_len = xmlStrlen(subdoc); cli_dbgmsg("cli_scanxar: in-memory scan of xml subdocument, len %i.\n", subdoc_len); - rc = cli_magic_scan_buff(subdoc, subdoc_len, ctx, NULL); + rc = cli_magic_scan_buff(subdoc, subdoc_len, ctx, NULL, LAYER_ATTRIBUTES_NONE); if (rc == CL_VIRUS && SCAN_ALLMATCHES) rc = CL_SUCCESS; @@ -517,7 +517,7 @@ int cli_scanxar(cli_ctx *ctx) /* scan the xml */ cli_dbgmsg("cli_scanxar: scanning xar TOC xml in memory.\n"); - rc = cli_magic_scan_buff(toc, hdr.toc_length_decompressed, ctx, NULL); + rc = cli_magic_scan_buff(toc, hdr.toc_length_decompressed, ctx, NULL, LAYER_ATTRIBUTES_NONE); if (rc != CL_SUCCESS) { if (rc != CL_VIRUS || !SCAN_ALLMATCHES) goto exit_toc; @@ -846,7 +846,7 @@ int cli_scanxar(cli_ctx *ctx) } } - rc = cli_magic_scan_desc(fd, tmpname, ctx, NULL); /// TODO: collect file names in xar_get_toc_data_values() + rc = cli_magic_scan_desc(fd, tmpname, ctx, NULL, LAYER_ATTRIBUTES_NONE); /// TODO: collect file names in xar_get_toc_data_values() if (rc != CL_SUCCESS) { if (rc == CL_VIRUS) { cli_dbgmsg("cli_scanxar: Infected with %s\n", cli_get_last_virus(ctx)); diff --git a/libclamav/xdp.c b/libclamav/xdp.c index 8b829457a1..6536d9ce6b 100644 --- a/libclamav/xdp.c +++ b/libclamav/xdp.c @@ -159,7 +159,7 @@ cl_error_t cli_scanxdp(cli_ctx *ctx) break; } - rc = cli_magic_scan_buff(decoded, decodedlen, ctx, NULL); + rc = cli_magic_scan_buff(decoded, decodedlen, ctx, NULL, LAYER_ATTRIBUTES_NONE); free(decoded); if (rc != CL_SUCCESS || rc == CL_BREAK) { xmlFree((void *)value); diff --git a/libclamav/xlm_extract.c b/libclamav/xlm_extract.c index 02fa5a0874..e242ed894d 100644 --- a/libclamav/xlm_extract.c +++ b/libclamav/xlm_extract.c @@ -4350,10 +4350,11 @@ cl_error_t process_blip_record(struct OfficeArtRecordHeader_Unpacked *rh, const goto done; } - ret = cli_magic_scan_desc_type(extracted_image_tempfd, extracted_image_filepath, ctx, CL_TYPE_ANY, NULL); + ret = cli_magic_scan_desc_type(extracted_image_tempfd, extracted_image_filepath, ctx, CL_TYPE_ANY, + NULL, LAYER_ATTRIBUTES_NONE); } else { /* Scan the buffer */ - ret = cli_magic_scan_buff(start_of_image, size_of_image, ctx, NULL); + ret = cli_magic_scan_buff(start_of_image, size_of_image, ctx, NULL, LAYER_ATTRIBUTES_NONE); } if (ret == CL_VIRUS) { if (!SCAN_ALLMATCHES) { @@ -4976,7 +4977,8 @@ cl_error_t cli_extract_xlm_macros_and_images(const char *dir, cli_ctx *ctx, char goto done; } - if (cli_scan_desc(out_fd, ctx, CL_TYPE_SCRIPT, 0, NULL, AC_SCAN_VIR, NULL, NULL) == CL_VIRUS) { + if (CL_VIRUS == cli_scan_desc(out_fd, ctx, CL_TYPE_SCRIPT, 0, NULL, AC_SCAN_VIR, + NULL, NULL, LAYER_ATTRIBUTES_NONE)) { status = CL_VIRUS; goto done; } diff --git a/libclamav_rust/src/sys.rs b/libclamav_rust/src/sys.rs index 55e1e616b4..3e7661c6db 100644 --- a/libclamav_rust/src/sys.rs +++ b/libclamav_rust/src/sys.rs @@ -119,7 +119,7 @@ pub type clcb_pre_cache = ::std::option::Option< #[doc = ""] #[doc = " @param fd Current file descriptor which is about to be scanned."] #[doc = " @param type Current file type detected via magic - i.e. NOT on the fly - (e.g. \"CL_TYPE_MSEXE\")."] -#[doc = " @param ancestors A list of ancestors filenames, delimited by \" > \". Unnamed files are given the name \"(no name)\"."] +#[doc = " @param ancestors An array of ancestors filenames of size `recursion_level`. filenames may be NULL."] #[doc = " @param parent_file_size Parent file size."] #[doc = " @param file_name Current file name, or NULL if the file does not have a name or ClamAV failed to record the name."] #[doc = " @param file_size Current file size."] @@ -800,7 +800,6 @@ pub struct cli_ctx_tag { pub recursion_stack_size: u32, pub recursion_level: u32, pub fmap: *mut fmap_t, - pub next_layer_attributes: u32, pub handlertype_hash: [::std::os::raw::c_uchar; 16usize], pub dconf: *mut cli_dconf, pub hook_lsig_matches: *mut bitset_t,