Add support for UDF files

Add support for specifically for Beginning Extended Area Descriptor
(BEA01) type of UDF files.

Author: ragusaa

libclamav/CMakeLists.txt

@@ -395,6 +395,8 @@ set(LIBCLAMAV_SOURCES
     tiff.c              tiff.h
     # GIF image format checker
     gif.c               gif.h
+    # UDF partition
+    udf.c               udf.h
 )
 
 if(ENABLE_SHARED_LIB)

libclamav/dconf.c

@@ -106,6 +106,7 @@ static struct dconf_module modules[] = {
     {"ARCHIVE", "GPT", ARCH_CONF_GPT, 1},
     {"ARCHIVE", "APM", ARCH_CONF_APM, 1},
     {"ARCHIVE", "EGG", ARCH_CONF_EGG, 1},
+    {"ARCHIVE", "UDF", ARCH_CONF_UDF, 1},
 
     {"DOCUMENT", "HTML", DOC_CONF_HTML, 1},
     {"DOCUMENT", "RTF", DOC_CONF_RTF, 1},

libclamav/dconf.h

@@ -96,6 +96,7 @@ struct cli_dconf {
 #define ARCH_CONF_GPT     0x1000000
 #define ARCH_CONF_APM     0x2000000
 #define ARCH_CONF_EGG     0x4000000
+#define ARCH_CONF_UDF     0x8000000
 
 /* Document flags */
 #define DOC_CONF_HTML         0x1

libclamav/filetypes.c

@@ -137,6 +137,7 @@ static const struct ftmap_s {
     { "CL_TYPE_LNK",          CL_TYPE_LNK          },
     { "CL_TYPE_EGG",          CL_TYPE_EGG          },
     { "CL_TYPE_EGGSFX",       CL_TYPE_EGGSFX       },
+    { "CL_TYPE_UDF",          CL_TYPE_UDF          },
     { NULL,                   CL_TYPE_IGNORED      }
 };
 // clang-format on

libclamav/filetypes.h

@@ -122,7 +122,7 @@ typedef enum cli_file {
     CL_TYPE_HWPOLE2,
     CL_TYPE_MHTML,
     CL_TYPE_LNK,
-
+    CL_TYPE_UDF,
     CL_TYPE_OTHER,  /* on-the-fly, used for target 14 (OTHER) */
     CL_TYPE_IGNORED /* please don't add anything below */
 } cli_file_t;

libclamav/filetypes_int.h

@@ -149,6 +149,7 @@ static const char *ftypes_int[] = {
     "0:0:4d53434600000000:MS CAB:CL_TYPE_ANY:CL_TYPE_MSCAB",
     "1:*:4d53434600000000:CAB-SFX:CL_TYPE_ANY:CL_TYPE_CABSFX",
     "1:*:014344303031{2043-2443}4344303031:ISO9660:CL_TYPE_ANY:CL_TYPE_ISO9660:71",
+    "1:0,32768:004245413031:UDF:CL_TYPE_ANY:CL_TYPE_UDF:180",
     "0:0:5b616c69617365735d:TAR-POSIX-CVE-2012-1419:CL_TYPE_ANY:CL_TYPE_POSIX_TAR",
     "1:8,12:19040010:SIS:CL_TYPE_ANY:CL_TYPE_SIS",
     "1:0,1024:44656c6976657265642d546f3a{-256}52656365697665643a:Mail file:CL_TYPE_ANY:CL_TYPE_MAIL",

libclamav/scanners.c

@@ -100,6 +100,7 @@
 #include "gif.h"
 #include "png.h"
 #include "iso9660.h"
+#include "udf.h"
 #include "dmg.h"
 #include "xar.h"
 #include "hfsplus.h"
@@ -3490,12 +3491,24 @@ static cl_error_t scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_fi
                                 // Reassign type of current layer based on what we discovered
                                 cli_recursion_stack_change_type(ctx, fpt->type);
 
-                                cli_dbgmsg("DMG signature found at %u\n", (unsigned int)fpt->offset);
+                                cli_dbgmsg("ISO signature found at %u\n", (unsigned int)fpt->offset);
                                 nret = cli_scaniso(ctx, fpt->offset);
                             }
                         }
                         break;
 
+                    case CL_TYPE_UDF:
+                        if (SCAN_PARSE_ARCHIVE && (DCONF_ARCH & ARCH_CONF_UDF)) {
+                            {
+                                // Reassign type of current layer based on what we discovered
+                                cli_recursion_stack_change_type(ctx, fpt->type);
+
+                                cli_dbgmsg("UDF signature found at %u\n", (unsigned int)fpt->offset);
+                                nret = cli_scanudf(ctx, fpt->offset);
+                            }
+                        }
+                        break;
+
                     case CL_TYPE_MBR:
                         if (SCAN_PARSE_ARCHIVE) {
                             // TODO: determine all types that GPT or MBR may start with