Skip to content

Commit

Permalink
Scan ISO file tree when there is a joliet tree
Browse files Browse the repository at this point in the history 
Previously were only scanning the joliet tree when we found it, but
files in the ISO tree need to be scanned as well.
  • Loading branch information
@ragusaa
ragusaa committed Jun 1, 2023
1 parent 4161986 commit 5ea0a25
Showing 1 changed file with 58 additions and 42 deletions.
100 changes: 58 additions & 42 deletions libclamav/iso9660.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -228,6 +228,8 @@ cl_error_t cli_scaniso(cli_ctx *ctx, size_t offset)
const uint8_t *privol, *next;
iso9660_t iso;
int i;
cl_error_t ret = CL_SUCCESS;
cl_error_t tmp = CL_SUCCESS;

if (offset < 32768)
return CL_SUCCESS; /* Need 16 sectors at least 2048 bytes long */
Expand Down Expand Up @@ -283,59 +285,73 @@ cl_error_t cli_scaniso(cli_ctx *ctx, size_t offset)

/* NOTE: freeing sector now. it is still safe to access as we don't alloc anymore */
fmap_unneed_off(ctx->fmap, offset, 2448);
if (iso.joliet)
privol = next;
if (!iso.joliet) {
next = NULL;
}

cli_dbgmsg("in cli_scaniso\n");
if (cli_debug_flag) {
cli_dbgmsg("cli_scaniso: Raw sector size: %u\n", iso.sectsz);
cli_dbgmsg("cli_scaniso: Block size: %u\n", iso.blocksz);
do {
cli_dbgmsg("in cli_scaniso\n");
if (cli_debug_flag) {
cli_dbgmsg("cli_scaniso: Raw sector size: %u\n", iso.sectsz);
cli_dbgmsg("cli_scaniso: Block size: %u\n", iso.blocksz);

cli_dbgmsg("cli_scaniso: Volume descriptor version: %u\n", privol[6]);
cli_dbgmsg("cli_scaniso: Volume descriptor version: %u\n", privol[6]);

#define ISOSTRING(src, len) iso_string(&iso, (src), (len))
cli_dbgmsg("cli_scaniso: System: %s\n", ISOSTRING(privol + 8, 32));
cli_dbgmsg("cli_scaniso: Volume: %s\n", ISOSTRING(privol + 40, 32));
cli_dbgmsg("cli_scaniso: System: %s\n", ISOSTRING(privol + 8, 32));
cli_dbgmsg("cli_scaniso: Volume: %s\n", ISOSTRING(privol + 40, 32));

cli_dbgmsg("cli_scaniso: Volume space size: 0x%x blocks\n", cli_readint32(&privol[80]));
cli_dbgmsg("cli_scaniso: Volume %u of %u\n", cli_readint32(privol + 124) & 0xffff, cli_readint32(privol + 120) & 0xffff);
cli_dbgmsg("cli_scaniso: Volume space size: 0x%x blocks\n", cli_readint32(&privol[80]));
cli_dbgmsg("cli_scaniso: Volume %u of %u\n", cli_readint32(privol + 124) & 0xffff, cli_readint32(privol + 120) & 0xffff);

cli_dbgmsg("cli_scaniso: Volume Set: %s\n", ISOSTRING(privol + 190, 128));
cli_dbgmsg("cli_scaniso: Publisher: %s\n", ISOSTRING(privol + 318, 128));
cli_dbgmsg("cli_scaniso: Data Preparer: %s\n", ISOSTRING(privol + 446, 128));
cli_dbgmsg("cli_scaniso: Application: %s\n", ISOSTRING(privol + 574, 128));
cli_dbgmsg("cli_scaniso: Volume Set: %s\n", ISOSTRING(privol + 190, 128));
cli_dbgmsg("cli_scaniso: Publisher: %s\n", ISOSTRING(privol + 318, 128));
cli_dbgmsg("cli_scaniso: Data Preparer: %s\n", ISOSTRING(privol + 446, 128));
cli_dbgmsg("cli_scaniso: Application: %s\n", ISOSTRING(privol + 574, 128));

#define ISOTIME(s, n) cli_dbgmsg("cli_scaniso: "s \
": %c%c%c%c-%c%c-%c%c %c%c:%c%c:%c%c\n", \
privol[n], privol[n + 1], privol[n + 2], privol[n + 3], privol[n + 4], privol[n + 5], privol[n + 6], privol[n + 7], privol[n + 8], privol[n + 9], privol[n + 10], privol[n + 11], privol[n + 12], privol[n + 13])
ISOTIME("Volume creation time", 813);
ISOTIME("Volume modification time", 830);
ISOTIME("Volume expiration time", 847);
ISOTIME("Volume effective time", 864);

cli_dbgmsg("cli_scaniso: Path table size: 0x%x\n", cli_readint32(privol + 132) & 0xffff);
cli_dbgmsg("cli_scaniso: LSB Path Table: 0x%x\n", cli_readint32(privol + 140));
cli_dbgmsg("cli_scaniso: Opt LSB Path Table: 0x%x\n", cli_readint32(privol + 144));
cli_dbgmsg("cli_scaniso: MSB Path Table: 0x%x\n", cbswap32(cli_readint32(privol + 148)));
cli_dbgmsg("cli_scaniso: Opt MSB Path Table: 0x%x\n", cbswap32(cli_readint32(privol + 152)));
cli_dbgmsg("cli_scaniso: File Structure Version: %u\n", privol[881]);

if (iso.joliet)
cli_dbgmsg("cli_scaniso: Joliet level %u\n", iso.joliet);
}
ISOTIME("Volume creation time", 813);
ISOTIME("Volume modification time", 830);
ISOTIME("Volume expiration time", 847);
ISOTIME("Volume effective time", 864);

cli_dbgmsg("cli_scaniso: Path table size: 0x%x\n", cli_readint32(privol + 132) & 0xffff);
cli_dbgmsg("cli_scaniso: LSB Path Table: 0x%x\n", cli_readint32(privol + 140));
cli_dbgmsg("cli_scaniso: Opt LSB Path Table: 0x%x\n", cli_readint32(privol + 144));
cli_dbgmsg("cli_scaniso: MSB Path Table: 0x%x\n", cbswap32(cli_readint32(privol + 148)));
cli_dbgmsg("cli_scaniso: Opt MSB Path Table: 0x%x\n", cbswap32(cli_readint32(privol + 152)));
cli_dbgmsg("cli_scaniso: File Structure Version: %u\n", privol[881]);

if (iso.joliet)
cli_dbgmsg("cli_scaniso: Joliet level %u\n", iso.joliet);
}

if (privol[156 + 26] || privol[156 + 27]) {
cli_dbgmsg("cli_scaniso: Interleaved root directory is not supported\n");
return CL_SUCCESS;
}
if (privol[156 + 26] || privol[156 + 27]) {
cli_dbgmsg("cli_scaniso: Interleaved root directory is not supported\n");
return CL_SUCCESS;
}

iso.ctx = ctx;
i = cli_hashset_init(&iso.dir_blocks, 1024, 80);
if (i != CL_SUCCESS)
return i;
i = iso_parse_dir(&iso, cli_readint32(privol + 156 + 2) + privol[156 + 1], cli_readint32(privol + 156 + 10));
cli_hashset_destroy(&iso.dir_blocks);
if (i == CL_BREAK)
iso.ctx = ctx;
tmp = cli_hashset_init(&iso.dir_blocks, 1024, 80);
if (tmp != CL_SUCCESS) {
return tmp;
}

tmp = iso_parse_dir(&iso, cli_readint32(privol + 156 + 2) + privol[156 + 1], cli_readint32(privol + 156 + 10));
cli_hashset_destroy(&iso.dir_blocks);
if ((tmp > ret) && (CL_VIRUS != ret)) {
ret = tmp;
}

privol = next;
next = NULL;

} while (privol);

if (ret == CL_BREAK) {
return CL_SUCCESS;
return i;
}
return ret;
}

0 comments on commit 5ea0a25

Please sign in to comment.