|
 |
1f873aa |
From 5a7b1cdfadc980fb1c4fa32e6275e7c96a963110 Mon Sep 17 00:00:00 2001
|
|
|
1f873aa |
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
|
|
|
1f873aa |
Date: Fri, 6 Jan 2023 21:42:30 +0100
|
|
|
1f873aa |
Subject: libclamav/pe: Use endian wrapper in more places.
|
|
|
1f873aa |
|
|
|
1f873aa |
A few user of VirtualAddress and Size in cli_exe_info::pe_image_data_dir
|
|
|
1f873aa |
don't use the endian wrapper while other places do. This leads to
|
|
|
1f873aa |
testsuite failures on big endian machines.
|
|
|
1f873aa |
|
|
|
1f873aa |
Use the endian wrapper in all places across pe.c for the two members.
|
|
|
1f873aa |
|
|
|
1f873aa |
Patch-Name: libclamav-pe-Use-endian-wrapper-in-more-places.patch
|
|
|
1f873aa |
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
|
|
|
1f873aa |
---
|
|
|
1f873aa |
libclamav/pe.c | 18 +++++++++---------
|
|
|
1f873aa |
1 file changed, 9 insertions(+), 9 deletions(-)
|
|
|
1f873aa |
|
|
|
1f873aa |
diff --git a/libclamav/pe.c b/libclamav/pe.c
|
|
|
1f873aa |
index f5dcea9..19cd2d4 100644
|
|
|
1f873aa |
--- a/libclamav/pe.c
|
|
|
1f873aa |
+++ b/libclamav/pe.c
|
|
|
1f873aa |
@@ -2422,22 +2422,22 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im
|
|
|
1f873aa |
|
|
|
1f873aa |
/* If the PE doesn't have an import table then skip it. This is an
|
|
|
1f873aa |
* uncommon case but can happen. */
|
|
|
1f873aa |
- if (peinfo->dirs[1].VirtualAddress == 0 || peinfo->dirs[1].Size == 0) {
|
|
|
1f873aa |
+ if (EC32(peinfo->dirs[1].VirtualAddress) == 0 || EC32(peinfo->dirs[1].Size) == 0) {
|
|
|
1f873aa |
cli_dbgmsg("scan_pe: import table data dir does not exist (skipping .imp scanning)\n");
|
|
|
1f873aa |
status = CL_BREAK;
|
|
|
1f873aa |
goto done;
|
|
|
1f873aa |
}
|
|
|
1f873aa |
|
|
|
1f873aa |
// TODO Add EC32 wrappers
|
|
|
1f873aa |
- impoff = cli_rawaddr(peinfo->dirs[1].VirtualAddress, peinfo->sections, peinfo->nsections, &err, fsize, peinfo->hdr_size);
|
|
|
1f873aa |
- if (err || impoff + peinfo->dirs[1].Size > fsize) {
|
|
|
1f873aa |
+ impoff = cli_rawaddr(EC32(peinfo->dirs[1].VirtualAddress), peinfo->sections, peinfo->nsections, &err, fsize, peinfo->hdr_size);
|
|
|
1f873aa |
+ if (err || impoff + EC32(peinfo->dirs[1].Size) > fsize) {
|
|
|
1f873aa |
cli_dbgmsg("scan_pe: invalid rva for import table data\n");
|
|
|
1f873aa |
status = CL_BREAK;
|
|
|
1f873aa |
goto done;
|
|
|
1f873aa |
}
|
|
|
1f873aa |
|
|
|
1f873aa |
// TODO Add EC32 wrapper
|
|
|
1f873aa |
- impdes = (const struct pe_image_import_descriptor *)fmap_need_off(map, impoff, peinfo->dirs[1].Size);
|
|
|
1f873aa |
+ impdes = (const struct pe_image_import_descriptor *)fmap_need_off(map, impoff, EC32(peinfo->dirs[1].Size));
|
|
|
1f873aa |
if (impdes == NULL) {
|
|
|
1f873aa |
cli_dbgmsg("scan_pe: failed to acquire fmap buffer\n");
|
|
|
1f873aa |
status = CL_EREAD;
|
|
|
1f873aa |
@@ -2447,7 +2447,7 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im
|
|
|
1f873aa |
|
|
|
1f873aa |
/* Safety: We can trust peinfo->dirs[1].Size only because `fmap_need_off()` (above)
|
|
|
1f873aa |
* would have failed if the size exceeds the end of the fmap. */
|
|
|
1f873aa |
- left = peinfo->dirs[1].Size;
|
|
|
1f873aa |
+ left = EC32(peinfo->dirs[1].Size);
|
|
|
1f873aa |
|
|
|
1f873aa |
if (genhash[CLI_HASH_MD5]) {
|
|
|
1f873aa |
hashctx[CLI_HASH_MD5] = cl_hash_init("md5");
|
|
|
1f873aa |
@@ -2546,7 +2546,7 @@ static cl_error_t hash_imptbl(cli_ctx *ctx, unsigned char **digest, uint32_t *im
|
|
|
1f873aa |
|
|
|
1f873aa |
done:
|
|
|
1f873aa |
if (needed_impoff) {
|
|
|
1f873aa |
- fmap_unneed_off(map, impoff, peinfo->dirs[1].Size);
|
|
|
1f873aa |
+ fmap_unneed_off(map, impoff, EC32(peinfo->dirs[1].Size));
|
|
|
1f873aa |
}
|
|
|
1f873aa |
|
|
|
1f873aa |
for (type = CLI_HASH_MD5; type < CLI_HASH_AVAIL_TYPES; type++) {
|
|
|
1f873aa |
@@ -3250,7 +3250,7 @@ int cli_scanpe(cli_ctx *ctx)
|
|
|
1f873aa |
|
|
|
1f873aa |
/* Trojan.Swizzor.Gen */
|
|
|
1f873aa |
if (SCAN_HEURISTICS && (DCONF & PE_CONF_SWIZZOR) && peinfo->nsections > 1 && fsize > 64 * 1024 && fsize < 4 * 1024 * 1024) {
|
|
|
1f873aa |
- if (peinfo->dirs[2].Size) {
|
|
|
1f873aa |
+ if (EC32(peinfo->dirs[2].Size)) {
|
|
|
1f873aa |
struct swizz_stats *stats = cli_calloc(1, sizeof(*stats));
|
|
|
1f873aa |
unsigned int m = 1000;
|
|
|
1f873aa |
ret = CL_CLEAN;
|
|
|
1f873aa |
@@ -5292,13 +5292,13 @@ cl_error_t cli_peheader(fmap_t *map, struct cli_exe_info *peinfo, uint32_t opts,
|
|
|
1f873aa |
cli_dbgmsg("EntryPoint offset: 0x%x (%d)\n", peinfo->ep, peinfo->ep);
|
|
|
1f873aa |
}
|
|
|
1f873aa |
|
|
|
1f873aa |
- if (is_dll || peinfo->ndatadirs < 3 || !peinfo->dirs[2].Size)
|
|
|
1f873aa |
+ if (is_dll || peinfo->ndatadirs < 3 || !EC32(peinfo->dirs[2].Size))
|
|
|
1f873aa |
peinfo->res_addr = 0;
|
|
|
1f873aa |
else
|
|
|
1f873aa |
peinfo->res_addr = EC32(peinfo->dirs[2].VirtualAddress);
|
|
|
1f873aa |
|
|
|
1f873aa |
while (opts & CLI_PEHEADER_OPT_EXTRACT_VINFO &&
|
|
|
1f873aa |
- peinfo->ndatadirs >= 3 && peinfo->dirs[2].Size) {
|
|
|
1f873aa |
+ peinfo->ndatadirs >= 3 && EC32(peinfo->dirs[2].Size)) {
|
|
|
1f873aa |
struct vinfo_list vlist;
|
|
|
1f873aa |
const uint8_t *vptr, *baseptr;
|
|
|
1f873aa |
uint32_t rva, res_sz;
|