Skip to content

Commit

Permalink
blah
Browse files Browse the repository at this point in the history
  • Loading branch information
@ragusaa
ragusaa committed Jun 6, 2024
1 parent b198d85 commit 57e0fec
Showing 1 changed file with 12 additions and 38 deletions.
50 changes: 12 additions & 38 deletions libclamav/ole2_extract.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -748,7 +748,7 @@ fprintf(stderr, "%s::%d::NOT MINISTREAM!!!!!!!!!!\n", __FUNCTION__, __LINE__);
}


static bool test_for_encryption(cli_ctx * ctx, const property_t * word_block, ole2_header_t * hdr, encryption_status_t * pEncryptionStatus) {
static void test_for_encryption(cli_ctx * ctx, const property_t * word_block, ole2_header_t * hdr, encryption_status_t * pEncryptionStatus) {

const uint8_t * ptr = NULL;
fib_base_t fib = {0};
Expand All @@ -757,21 +757,21 @@ static bool test_for_encryption(cli_ctx * ctx, const property_t * word_block, ol

if ((size_t)(hdr->m_length) < (size_t)(fib_offset + sizeof(fib_base_t))) {
cli_dbgmsg("ERROR: Invalid offset for File Information Block %d (0x%x)\n", fib_offset, fib_offset);
return false;
return;
}

ptr = fmap_need_off_once(hdr->map, fib_offset, sizeof(fib_base_t));
if (NULL == ptr){
cli_dbgmsg("ERROR: Invalid offset for File Information Block %d (0x%x)\n", fib_offset, fib_offset);
return false;
return;
}
copy_fib_base(&fib, ptr);

#define FIB_BASE_IDENTIFIER 0xa5ec

if (FIB_BASE_IDENTIFIER != fib.wIdent){
cli_dbgmsg("ERROR: Invalid identifier for File Information Block %d (0x%x)\n", fib.wIdent, fib.wIdent);
return false;
return;
}

/*TODO: Look into whether or not it's possible to determine the xor key when
Expand All @@ -794,7 +794,6 @@ static bool test_for_encryption(cli_ctx * ctx, const property_t * word_block, ol
pEncryptionStatus->encryption_type = XOR_OBFUSCATION;
}

return pEncryptionStatus->encrypted;
#endif

}
Expand Down Expand Up @@ -840,7 +839,7 @@ static bool find_file_pass(const uint8_t * const ptr, uint32_t ptr_size, uint32_
* Search for the FilePass structure.
* https://learn.microsoft.com/en-us/openspecs/office_file_formats/ms-xls/cf9ae8d5-4e8c-40a2-95f1-3b31f16b5529
*/
static bool test_for_xls_encryption(cli_ctx * ctx, const property_t * word_block, ole2_header_t * hdr, encryption_status_t * pEncryptionStatus) {
static void test_for_xls_encryption(cli_ctx * ctx, const property_t * word_block, ole2_header_t * hdr, encryption_status_t * pEncryptionStatus) {
uint16_t tmp16;
uint32_t idx;

Expand All @@ -850,33 +849,33 @@ static bool test_for_xls_encryption(cli_ctx * ctx, const property_t * word_block
const uint8_t * const ptr = fmap_need_off_once(hdr->map, stream_data_offset, block_size);
if (NULL == ptr){
cli_dbgmsg("ERROR: Invalid offset for File Information Block %d (0x%x)\n", stream_data_offset, stream_data_offset);
return false;
return;
}

/*Validate keyword*/
idx = 0;
if (!read_uint16(ptr, block_size, &idx, &tmp16)){
return false;
return;
}

/*Invalid keyword*/
if (2057 != tmp16){
return false;
return;
}

/*Skip past this size.*/
memcpy(&tmp16, &(ptr[idx]), 2);
if (!read_uint16(ptr, block_size, &idx, &tmp16)){
return false;
return;
}
idx += tmp16;

if (!find_file_pass(ptr, block_size, &idx)){
return false;
return;
}

if (!read_uint16(ptr, block_size, &idx, &tmp16)){
return false;
return;
}

#define XLS_XOR_OBFUSCATION 0
Expand All @@ -900,9 +899,6 @@ static bool test_for_xls_encryption(cli_ctx * ctx, const property_t * word_block
pEncryptionStatus->encryption_type = XOR_OBFUSCATION;
pEncryptionStatus->encrypted = true;
}


return (NULL != pEncryptionStatus->encryption_type);
#endif
}

Expand Down Expand Up @@ -2908,27 +2904,6 @@ cl_error_t cli_ole2_extract(const char *dirname, cli_ctx *ctx, struct uniq **fil
size_t encryption_offset = 0;
encryption_status_t encryption_status = {0};

fprintf(stderr, "%s::%d::create a structure to pass to walk_property_tree that keeps track of if the file is encrpyted and if it is VelvetSweatshop\n", __FUNCTION__, __LINE__);
fprintf(stderr, "%s::%d::create a structure to pass to walk_property_tree that keeps track of if the file is encrpyted and if it is VelvetSweatshop\n", __FUNCTION__, __LINE__);
fprintf(stderr, "%s::%d::create a structure to pass to walk_property_tree that keeps track of if the file is encrpyted and if it is VelvetSweatshop\n", __FUNCTION__, __LINE__);
fprintf(stderr, "%s::%d::create a structure to pass to walk_property_tree that keeps track of if the file is encrpyted and if it is VelvetSweatshop\n", __FUNCTION__, __LINE__);
fprintf(stderr, "%s::%d::create a structure to pass to walk_property_tree that keeps track of if the file is encrpyted and if it is VelvetSweatshop\n", __FUNCTION__, __LINE__);
fprintf(stderr, "%s::%d::create a structure to pass to walk_property_tree that keeps track of if the file is encrpyted and if it is VelvetSweatshop\n", __FUNCTION__, __LINE__);
fprintf(stderr, "%s::%d::create a structure to pass to walk_property_tree that keeps track of if the file is encrpyted and if it is VelvetSweatshop\n", __FUNCTION__, __LINE__);
fprintf(stderr, "%s::%d::create a structure to pass to walk_property_tree that keeps track of if the file is encrpyted and if it is VelvetSweatshop\n", __FUNCTION__, __LINE__);
fprintf(stderr, "%s::%d::create a structure to pass to walk_property_tree that keeps track of if the file is encrpyted and if it is VelvetSweatshop\n", __FUNCTION__, __LINE__);
fprintf(stderr, "%s::%d::create a structure to pass to walk_property_tree that keeps track of if the file is encrpyted and if it is VelvetSweatshop\n", __FUNCTION__, __LINE__);
fprintf(stderr, "%s::%d::create a structure to pass to walk_property_tree that keeps track of if the file is encrpyted and if it is VelvetSweatshop\n", __FUNCTION__, __LINE__);
fprintf(stderr, "%s::%d::create a structure to pass to walk_property_tree that keeps track of if the file is encrpyted and if it is VelvetSweatshop\n", __FUNCTION__, __LINE__);
fprintf(stderr, "%s::%d::create a structure to pass to walk_property_tree that keeps track of if the file is encrpyted and if it is VelvetSweatshop\n", __FUNCTION__, __LINE__);
fprintf(stderr, "%s::%d::create a structure to pass to walk_property_tree that keeps track of if the file is encrpyted and if it is VelvetSweatshop\n", __FUNCTION__, __LINE__);
fprintf(stderr, "%s::%d::create a structure to pass to walk_property_tree that keeps track of if the file is encrpyted and if it is VelvetSweatshop\n", __FUNCTION__, __LINE__);
fprintf(stderr, "%s::%d::create a structure to pass to walk_property_tree that keeps track of if the file is encrpyted and if it is VelvetSweatshop\n", __FUNCTION__, __LINE__);
fprintf(stderr, "%s::%d::create a structure to pass to walk_property_tree that keeps track of if the file is encrpyted and if it is VelvetSweatshop\n", __FUNCTION__, __LINE__);
fprintf(stderr, "%s::%d::create a structure to pass to walk_property_tree that keeps track of if the file is encrpyted and if it is VelvetSweatshop\n", __FUNCTION__, __LINE__);
fprintf(stderr, "%s::%d::create a structure to pass to walk_property_tree that keeps track of if the file is encrpyted and if it is VelvetSweatshop\n", __FUNCTION__, __LINE__);
fprintf(stderr, "%s::%d::create a structure to pass to walk_property_tree that keeps track of if the file is encrpyted and if it is VelvetSweatshop\n", __FUNCTION__, __LINE__);

cli_dbgmsg("in cli_ole2_extract()\n");
if (!ctx) {
return CL_ENULLARG;
Expand Down Expand Up @@ -3105,9 +3080,8 @@ cl_error_t cli_ole2_extract(const char *dirname, cli_ctx *ctx, struct uniq **fil

if (encryption_status.encryption_type) {
insert_metadata(ctx, encryption_status.encryption_type, true);
} else if (!encryption_status.velvet_sweatshop) {
insert_metadata(ctx, "Encrypted", encryption_status.encrypted);
}
insert_metadata(ctx, "Encrypted", encryption_status.encrypted);
insert_metadata(ctx, "EncryptedWithVelvetSweatshop", encryption_status.velvet_sweatshop);

if (encryption_status.velvet_sweatshop){
Expand Down

0 comments on commit 57e0fec

Please sign in to comment.