Clam 1594 fix allmatch remove checks (part 2)

CMakeLists.txt

@@ -370,8 +370,6 @@ elseif(APPLE)
         )
         if(${MARKDOWN_MODULE_EXIT_CODE} EQUAL 0)
             # The markdown module is installed, we can do the conversion.
-            set(PythonTest_COMMAND "${Python3_EXECUTABLE};-m;markdown;-v")
-
             execute_process(
                 COMMAND echo "<html><body>"
                 OUTPUT_FILE ${CMAKE_CURRENT_BINARY_DIR}/prefix.html)
@@ -891,6 +889,7 @@ else()
     extract_valid_cxx_flags(WARNCXXFLAGS
         -Wall
         -Wformat-security
+        -Wno-comment                      # Disabled because LLVM's CFG.h has a warning about a multiline comment because of ascii-art of a graph with a `\` in it.
     )
 endif()
 

clambc/bcrun.c

@@ -394,8 +394,8 @@ int main(int argc, char *argv[])
             fprintf(stderr, "Out of memory\n");
             exit(3);
         }
-        ctx->ctx    = &cctx;
-        cctx.engine = engine;
+        ctx->ctx      = &cctx;
+        cctx.engine   = engine;
         cctx.evidence = evidence_new();
 
         cctx.recursion_stack_size = cctx.engine->max_recursion_level;

common/cert_util.c

@@ -85,7 +85,7 @@ static cl_error_t _x509_to_pem(X509 *cert,
     ret = CL_SUCCESS;
 
 done:
-    return (0);
+    return ret;
 }
 
 /**
@@ -125,7 +125,7 @@ static cl_error_t _x509_to_pem_append(X509 *ca_cert,
 
     current_len = *total_buf_len;
 
-    if (_x509_to_pem(ca_cert, &pem_data, &pem_data_len) != 0) {
+    if (CL_SUCCESS != _x509_to_pem(ca_cert, &pem_data, &pem_data_len)) {
         mprintf(LOGG_ERROR, "Failed to convert x509 certificate to PEM\n");
         goto done;
     }

libclamav/7z_iface.c

@@ -90,7 +90,6 @@ int cli_7unz(cli_ctx *ctx, size_t offset)
     int namelen            = UTFBUFSZ;
     cl_error_t found       = CL_CLEAN;
     Int64 begin_of_archive = offset;
-    UInt32 viruses_found   = 0;
 
     /* Replacement for
        FileInStream_CreateVTable(&archiveStream); */
@@ -111,7 +110,7 @@ int cli_7unz(cli_ctx *ctx, size_t offset)
     res = SzArEx_Open(&db, &lookStream.s, &allocImp, &allocTempImp);
     if (res == SZ_ERROR_ENCRYPTED && SCAN_HEURISTIC_ENCRYPTED_ARCHIVE) {
         cli_dbgmsg("cli_7unz: Encrypted header found in archive.\n");
-        found = cli_append_virus(ctx, "Heuristics.Encrypted.7Zip");
+        found = cli_append_potentially_unwanted(ctx, "Heuristics.Encrypted.7Zip");
     } else if (res == SZ_OK) {
         UInt32 i, blockIndex = 0xFFFFFFFF;
         Byte *outBuffer        = 0;
@@ -127,12 +126,14 @@ int cli_7unz(cli_ctx *ctx, size_t offset)
             size_t j;
             int newnamelen, fd;
 
+            // abort if we would exceed max files or max scan time.
             if ((found = cli_checklimits("7unz", ctx, 0, 0, 0)))
                 break;
 
             if (f->IsDir)
                 continue;
 
+            // skip this file if we would exceed max file size or max scan size. (we already checked for the max files and max scan time)
             if (cli_checklimits("7unz", ctx, f->Size, 0, 0))
                 continue;
 
@@ -164,21 +165,15 @@ int cli_7unz(cli_ctx *ctx, size_t offset)
                 encrypted = 1;
                 if (SCAN_HEURISTIC_ENCRYPTED_ARCHIVE) {
                     cli_dbgmsg("cli_7unz: Encrypted files found in archive.\n");
-                    found = cli_append_virus(ctx, "Heuristics.Encrypted.7Zip");
-                    if (found != CL_CLEAN) {
-                        if (found == CL_VIRUS) {
-                            if (SCAN_ALLMATCHES)
-                                viruses_found++;
-                        } else
-                            break;
+                    found = cli_append_potentially_unwanted(ctx, "Heuristics.Encrypted.7Zip");
+                    if (found != CL_SUCCESS) {
+                        break;
                     }
                 }
             }
-            if (cli_matchmeta(ctx, name, 0, f->Size, encrypted, i, f->CrcDefined ? f->Crc : 0, NULL)) {
+            if (CL_VIRUS == cli_matchmeta(ctx, name, 0, f->Size, encrypted, i, f->CrcDefined ? f->Crc : 0, NULL)) {
                 found = CL_VIRUS;
-                viruses_found++;
-                if (!SCAN_ALLMATCHES)
-                    break;
+                break;
             }
             if (res != SZ_OK)
                 cli_dbgmsg("cli_unz: extraction failed with %d\n", res);
@@ -189,18 +184,19 @@ int cli_7unz(cli_ctx *ctx, size_t offset)
                     break;
 
                 cli_dbgmsg("cli_7unz: Saving to %s\n", tmp_name);
-                if (cli_writen(fd, outBuffer + offset, outSizeProcessed) != outSizeProcessed)
+                if (cli_writen(fd, outBuffer + offset, outSizeProcessed) != outSizeProcessed) {
                     found = CL_EWRITE;
-                else if ((found = cli_magic_scan_desc(fd, tmp_name, ctx, name)) == CL_VIRUS)
-                    viruses_found++;
+                }
+
+                found = cli_magic_scan_desc(fd, tmp_name, ctx, name);
+
                 close(fd);
                 if (!ctx->engine->keeptmp && cli_unlink(tmp_name))
                     found = CL_EUNLINK;
 
                 free(tmp_name);
-                if (found != CL_CLEAN)
-                    if (!(SCAN_ALLMATCHES && found == CL_VIRUS))
-                        break;
+                if (found != CL_SUCCESS)
+                    break;
             }
         }
         IAlloc_Free(&allocImp, outBuffer);
@@ -222,7 +218,5 @@ int cli_7unz(cli_ctx *ctx, size_t offset)
     else
         cli_dbgmsg("cli_7unz: error %d\n", res);
 
-    if (SCAN_ALLMATCHES && viruses_found)
-        return CL_VIRUS;
     return found;
 }

libclamav/CMakeLists.txt

@@ -319,7 +319,7 @@ set(LIBCLAMAV_SOURCES
     matcher-ac.c        matcher-ac.h
     matcher-bm.c        matcher-bm.h
     matcher-byte-comp.c matcher-byte-comp.h
-    matcher-hash.c      matcher-hash.h
+    matcher-hash.c      matcher-hash.h      matcher-hash-types.h
     matcher-pcre.c      matcher-pcre.h
     matcher.c           matcher.h
     regex_pcre.c        regex_pcre.h

libclamav/apm.c

@@ -45,27 +45,30 @@
 #define apm_parsemsg(...) ;
 #endif
 
-static int apm_partition_intersection(cli_ctx *ctx, struct apm_partition_info *aptable, size_t sectorsize, int old_school);
+static cl_error_t apm_partition_intersection(cli_ctx *ctx, struct apm_partition_info *aptable, size_t sectorsize, bool old_school);
 
-int cli_scanapm(cli_ctx *ctx)
+cl_error_t cli_scanapm(cli_ctx *ctx)
 {
+    cl_error_t status = CL_SUCCESS;
     struct apm_driver_desc_map ddm;
     struct apm_partition_info aptable, apentry;
-    int ret = CL_CLEAN, detection = CL_CLEAN, old_school = 0;
+    bool old_school = false;
     size_t sectorsize, maplen, partsize;
     size_t pos = 0, partoff = 0;
     unsigned i;
     uint32_t max_prtns = 0;
 
     if (!ctx || !ctx->fmap) {
         cli_errmsg("cli_scanapm: Invalid context\n");
-        return CL_ENULLARG;
+        status = CL_ENULLARG;
+        goto done;
     }
 
     /* read driver description map at sector 0  */
     if (fmap_readn(ctx->fmap, &ddm, pos, sizeof(ddm)) != sizeof(ddm)) {
         cli_dbgmsg("cli_scanapm: Invalid Apple driver description map\n");
-        return CL_EFORMAT;
+        status = CL_EFORMAT;
+        goto done;
     }
 
     /* convert driver description map big-endian to host */
@@ -76,7 +79,8 @@ int cli_scanapm(cli_ctx *ctx)
     /* check DDM signature */
     if (ddm.signature != DDM_SIGNATURE) {
         cli_dbgmsg("cli_scanapm: Apple driver description map signature mismatch\n");
-        return CL_EFORMAT;
+        status = CL_EFORMAT;
+        goto done;
     }
 
     /* sector size is determined by the ddm */
@@ -87,20 +91,22 @@ int cli_scanapm(cli_ctx *ctx)
     if ((ddm.blockSize * ddm.blockCount) != maplen) {
         cli_dbgmsg("cli_scanapm: File described %u size does not match %lu actual size\n",
                    (ddm.blockSize * ddm.blockCount), (unsigned long)maplen);
-        return CL_EFORMAT;
+        status = CL_EFORMAT;
+        goto done;
     }
 
     /* check for old-school partition map */
     if (sectorsize == 2048) {
         if (fmap_readn(ctx->fmap, &aptable, APM_FALLBACK_SECTOR_SIZE, sizeof(aptable)) != sizeof(aptable)) {
             cli_dbgmsg("cli_scanapm: Invalid Apple partition entry\n");
-            return CL_EFORMAT;
+            status = CL_EFORMAT;
+            goto done;
         }
 
         aptable.signature = be16_to_host(aptable.signature);
         if (aptable.signature == APM_SIGNATURE) {
             sectorsize = APM_FALLBACK_SECTOR_SIZE;
-            old_school = 1;
+            old_school = true;
         }
     }
 
@@ -109,7 +115,8 @@ int cli_scanapm(cli_ctx *ctx)
 
     if (fmap_readn(ctx->fmap, &aptable, pos, sizeof(aptable)) != sizeof(aptable)) {
         cli_dbgmsg("cli_scanapm: Invalid Apple partition table\n");
-        return CL_EFORMAT;
+        status = CL_EFORMAT;
+        goto done;
     }
 
     /* convert partition table big endian to host */
@@ -121,25 +128,24 @@ int cli_scanapm(cli_ctx *ctx)
     /* check the partition entry signature */
     if (aptable.signature != APM_SIGNATURE) {
         cli_dbgmsg("cli_scanapm: Apple partition table signature mismatch\n");
-        return CL_EFORMAT;
+        status = CL_EFORMAT;
+        goto done;
     }
 
     /* check if partition table partition */
     if (strncmp((char *)aptable.type, "Apple_Partition_Map", 32) &&
         strncmp((char *)aptable.type, "Apple_partition_map", 32) &&
         strncmp((char *)aptable.type, "Apple_patition_map", 32)) {
         cli_dbgmsg("cli_scanapm: Initial Apple Partition Map partition is not detected\n");
-        return CL_EFORMAT;
+        status = CL_EFORMAT;
+        goto done;
     }
 
     /* check that the partition table fits in the space specified - HEURISTICS */
     if (SCAN_HEURISTIC_PARTITION_INTXN && (ctx->dconf->other & OTHER_CONF_PRTNINTXN)) {
-        ret = apm_partition_intersection(ctx, &aptable, sectorsize, old_school);
-        if (ret != CL_CLEAN) {
-            if (SCAN_ALLMATCHES && (ret == CL_VIRUS))
-                detection = CL_VIRUS;
-            else
-                return ret;
+        status = apm_partition_intersection(ctx, &aptable, sectorsize, old_school);
+        if (status != CL_SUCCESS) {
+            goto done;
         }
     }
 
@@ -167,7 +173,8 @@ int cli_scanapm(cli_ctx *ctx)
         pos = i * sectorsize;
         if (fmap_readn(ctx->fmap, &apentry, pos, sizeof(apentry)) != sizeof(apentry)) {
             cli_dbgmsg("cli_scanapm: Invalid Apple partition entry\n");
-            return CL_EFORMAT;
+            status = CL_EFORMAT;
+            goto done;
         }
 
         /* convert partition entry big endian to host */
@@ -180,7 +187,8 @@ int cli_scanapm(cli_ctx *ctx)
         /* check the partition entry signature */
         if (aptable.signature != APM_SIGNATURE) {
             cli_dbgmsg("cli_scanapm: Apple partition entry signature mismatch\n");
-            return CL_EFORMAT;
+            status = CL_EFORMAT;
+            goto done;
         }
 
         /* check if a out-of-order partition map */
@@ -223,31 +231,30 @@ int cli_scanapm(cli_ctx *ctx)
                    apentry.pBlockStart, apentry.pBlockCount, partoff, partsize);
 
         /* send the partition to cli_magic_scan_nested_fmap_type */
-        ret = cli_magic_scan_nested_fmap_type(ctx->fmap, partoff, partsize, ctx, CL_TYPE_PART_ANY, (const char *)apentry.name);
-        if (ret != CL_CLEAN) {
-            if (SCAN_ALLMATCHES && (ret == CL_VIRUS))
-                detection = CL_VIRUS;
-            else
-                return ret;
+        status = cli_magic_scan_nested_fmap_type(ctx->fmap, partoff, partsize, ctx, CL_TYPE_PART_ANY, (const char *)apentry.name);
+        if (status != CL_SUCCESS) {
+            goto done;
         }
     }
 
     if (i >= ctx->engine->maxpartitions) {
         cli_dbgmsg("cli_scanapm: max partitions reached\n");
     }
 
-    return detection;
+done:
+
+    return status;
 }
 
-static int apm_partition_intersection(cli_ctx *ctx, struct apm_partition_info *aptable, size_t sectorsize, int old_school)
+static cl_error_t apm_partition_intersection(cli_ctx *ctx, struct apm_partition_info *aptable, size_t sectorsize, bool old_school)
 {
+    cl_error_t status = CL_SUCCESS;
+    cl_error_t ret;
     partition_intersection_list_t prtncheck;
     struct apm_partition_info apentry;
     unsigned i, pitxn;
-    int ret = CL_CLEAN, tmp = CL_CLEAN;
     size_t pos;
     uint32_t max_prtns = 0;
-    int virus_found    = 0;
 
     partition_intersection_list_init(&prtncheck);
 
@@ -264,7 +271,8 @@ static int apm_partition_intersection(cli_ctx *ctx, struct apm_partition_info *a
         if (fmap_readn(ctx->fmap, &apentry, pos, sizeof(apentry)) != sizeof(apentry)) {
             cli_dbgmsg("cli_scanapm: Invalid Apple partition entry\n");
             partition_intersection_list_free(&prtncheck);
-            return CL_EFORMAT;
+            status = CL_EFORMAT;
+            goto done;
         }
 
         /* convert necessary info big endian to host */
@@ -283,33 +291,31 @@ static int apm_partition_intersection(cli_ctx *ctx, struct apm_partition_info *a
             }
         }
 
-        tmp = partition_intersection_list_check(&prtncheck, &pitxn, apentry.pBlockStart, apentry.pBlockCount);
-        if (tmp != CL_CLEAN) {
-            if (tmp == CL_VIRUS) {
+        ret = partition_intersection_list_check(&prtncheck, &pitxn, apentry.pBlockStart, apentry.pBlockCount);
+        if (ret != CL_CLEAN) {
+            if (ret == CL_VIRUS) {
                 apm_parsemsg("Name: %s\n", (char *)aptable.name);
                 apm_parsemsg("Type: %s\n", (char *)aptable.type);
 
                 cli_dbgmsg("cli_scanapm: detected intersection with partitions "
                            "[%u, %u]\n",
                            pitxn, i);
-                ret = cli_append_virus(ctx, PRTN_INTXN_DETECTION);
-                if (ret == CL_VIRUS)
-                    virus_found = 1;
-                if (SCAN_ALLMATCHES || ret == CL_CLEAN)
-                    tmp = 0;
-                else
-                    goto leave;
+                status = cli_append_potentially_unwanted(ctx, "Heuristics.APMPartitionIntersection");
+                if (status != CL_SUCCESS) {
+                    goto done;
+                }
             } else {
-                ret = tmp;
-                goto leave;
+                status = ret;
+                goto done;
             }
         }
+
+        /* increment the offsets to next partition entry */
         pos += sectorsize;
     }
 
-leave:
+done:
     partition_intersection_list_free(&prtncheck);
-    if (virus_found)
-        return CL_VIRUS;
-    return ret;
+
+    return status;
 }

libclamav/apm.h

@@ -25,7 +25,7 @@
 #include "clamav-config.h"
 #endif
 
-#include "clamav-types.h"
+#include "clamav.h"
 #include "others.h"
 
 #define APM_FALLBACK_SECTOR_SIZE 512
@@ -112,6 +112,6 @@ struct apm_partition_info {
 #pragma pack
 #endif
 
-int cli_scanapm(cli_ctx *ctx);
+cl_error_t cli_scanapm(cli_ctx *ctx);
 
 #endif