return byte_offset;
}
-void OleFile :: get_file_data(char* file, uint8_t*& file_data, int32_t& data_len)
+uint32_t OleFile :: find_bytes_to_copy(uint32_t byte_offset, uint32_t data_len,
+ uint32_t stream_size, uint16_t sector_size)
+{
+ uint32_t remaining_bytes = stream_size - data_len;
+ uint32_t bytes_to_copy;
+
+ if ((byte_offset + sector_size) > buf_len)
+ {
+ bytes_to_copy = buf_len - byte_offset;
+ }
+ else
+ {
+ bytes_to_copy = sector_size;
+ }
+
+ if (bytes_to_copy > remaining_bytes)
+ bytes_to_copy = remaining_bytes;
+
+ return bytes_to_copy;
+}
+
+void OleFile :: get_file_data(char* file, uint8_t*& file_data, uint32_t& data_len)
{
FileProperty* node;
uint16_t sector_size,mini_sector_size;
if (node)
{
int32_t starting_sector;
- int64_t stream_size;
+ uint32_t stream_size;
sector_type is_fat = FAT_SECTOR;
uint32_t byte_offset, bytes_to_copy;
uint8_t* temp_data;
if (byte_offset > buf_len)
return;
- if ((byte_offset + sector_size)> buf_len)
- {
- memcpy(temp_data, (file_buf + byte_offset), (buf_len - byte_offset));
- data_len += buf_len - byte_offset;
- VBA_DEBUG(vba_data_trace, DEFAULT_TRACE_OPTION_ID, TRACE_INFO_LEVEL,
- CURRENT_PACKET, "Returning with partial data of %d bytes for the "
- "file %s.\n", data_len, file);
- return;
- }
- if ((data_len + sector_size) < stream_size)
- bytes_to_copy = sector_size;
- else
- bytes_to_copy = stream_size - data_len;
-
+ bytes_to_copy = find_bytes_to_copy(byte_offset, data_len,
+ stream_size, sector_size);
+
memcpy(temp_data, (file_buf + byte_offset), bytes_to_copy);
temp_data += sector_size;
data_len += bytes_to_copy;
if (byte_offset > buf_len)
return;
- if ((byte_offset + mini_sector_size) > buf_len)
- {
- memcpy(temp_data, (file_buf + byte_offset), (buf_len - byte_offset));
- data_len += buf_len - byte_offset;
- VBA_DEBUG(vba_data_trace, DEFAULT_TRACE_OPTION_ID, TRACE_INFO_LEVEL,
- CURRENT_PACKET, "Returning with partial data of %d bytes for "
- "the file %s.\n", data_len, file);
- return;
- }
- if ((data_len + mini_sector_size) < stream_size)
- bytes_to_copy = mini_sector_size;
- else
- bytes_to_copy = stream_size - data_len;
+ bytes_to_copy = find_bytes_to_copy(byte_offset, data_len,
+ stream_size, mini_sector_size);
memcpy(temp_data, (file_buf + byte_offset), bytes_to_copy);
temp_data += mini_sector_size;
// The vba code in a VBA macro file begins with the keyword "ATTRIBUT" .This
// keyword is used to calculate the offset of vba code and is decompressed using
// RLE algorithm.
-int32_t OleFile :: get_file_offset(const uint8_t* data, int32_t data_len)
+int32_t OleFile :: get_file_offset(const uint8_t* data, uint32_t data_len)
{
if (searcher == nullptr)
{
return offset;
}
-int32_t cli_readn(const uint8_t*& fd, int32_t& data_len, void* buff, int32_t count)
+int32_t cli_readn(const uint8_t*& fd, uint32_t& data_len, void* buff, int32_t count)
{
int32_t i;
// the output is a sequence of counts of consecutive data values in a row
// (i.e. "3A2B4C"). This type of data compression is lossless, meaning that
// when decompressed, all of the original data will be recovered when decoded.
-void OleFile :: decompression(const uint8_t* data, int32_t* data_len, uint8_t*& local_vba_buffer,
- uint32_t* vba_buffer_offset)
+void OleFile :: decompression(const uint8_t* data, uint32_t& data_len, uint8_t*& local_vba_buffer,
+ uint32_t& vba_buffer_offset)
{
int16_t header;
bool flagCompressed;
}
data += 3;
- *data_len -= 3;
+ data_len -= 3;
if (flagCompressed == 0)
{
- memcpy(&buffer, data, *data_len);
+ memcpy(&buffer, data, data_len);
return;
}
pos = 0;
clean = 1;
- int32_t size = *data_len;
+ uint32_t size = data_len;
while (cli_readn(data, size, &flag, 1))
{
for (mask = 1; mask < 0x100; mask <<= 1)
int32_t decomp_len = strlen((char*)buffer);
- if ((*vba_buffer_offset + decomp_len) > MAX_VBA_BUFFER_LEN)
+ if ((vba_buffer_offset + decomp_len) > MAX_VBA_BUFFER_LEN)
{
- decomp_len = MAX_VBA_BUFFER_LEN - *vba_buffer_offset;
+ decomp_len = MAX_VBA_BUFFER_LEN - vba_buffer_offset;
}
- memcpy((local_vba_buffer + *vba_buffer_offset), buffer, decomp_len);
- *vba_buffer_offset += decomp_len;
+ memcpy((local_vba_buffer + vba_buffer_offset), buffer, decomp_len);
+ vba_buffer_offset += decomp_len;
}
// Function to extract the VBA data and send it for RLE decompression.
{
FileProperty* node;
uint8_t* data = nullptr;
- int32_t data_len;
+ uint32_t data_len;
node = it->second;
++it;
if (node->get_file_type() == STREAM)
"offset %d bytes. First %d bytes will be processed\n",
node->get_name(), node->get_stream_size(), (offset - 4), data_len);
- decompression(data, &data_len, vba_buf, &vba_buffer_offset);
+ decompression(data, data_len, vba_buf, vba_buffer_offset);
delete[] data1;
if ( vba_buffer_offset >= MAX_VBA_BUFFER_LEN)
break;
MINIFAT_SECTOR = 1
};
-int32_t cli_readn(const uint8_t*& fd, int32_t& data_len, void* buff, int32_t count);
+int32_t cli_readn(const uint8_t*& fd, uint32_t& data_len, void* buff, int32_t count);
struct FileProperty
{
int32_t get_next_mini_fat_sector(int32_t sec_id);
int32_t get_fat_offset(int32_t sec_id);
int32_t get_mini_fat_offset(int32_t sec_id);
- int32_t get_file_offset(const uint8_t*, int32_t data_len);
- void get_file_data(char*, uint8_t*&, int32_t&);
+ int32_t get_file_offset(const uint8_t*, uint32_t data_len);
+ void get_file_data(char*, uint8_t*&, uint32_t&);
- void decompression(const uint8_t* data, int32_t* data_len, uint8_t*& buffer,
- uint32_t* buffer_ofset);
+ void decompression(const uint8_t* data, uint32_t& data_len, uint8_t*& buffer,
+ uint32_t& buffer_ofset);
+ uint32_t find_bytes_to_copy(uint32_t byte_offset, uint32_t data_len,
+ uint32_t stream_size, uint16_t sector_size);
int search_nocase(const uint8_t* buffer, unsigned buffer_len) const
{
{
uint8_t* ole_data = nullptr;
uint8_t* buf = nullptr;
- int32_t len = 0;
+ uint32_t len = 0;
+ uint32_t buf_len;
OleFile* olefile = new OleFile(nullptr, 0);
- olefile->decompression(ole_data, &len, buf, nullptr);
+ olefile->decompression(ole_data, len, buf, buf_len);
CHECK(buf == nullptr);
delete olefile;
}
{
uint8_t ole_data[10] = { 0 };
uint8_t* buf = nullptr;
- int32_t len = 10;
+ uint32_t len = 10;
+ uint32_t buf_len;
OleFile* olefile = new OleFile(nullptr, 0);
- olefile->decompression(ole_data,&len, buf, nullptr);
+ olefile->decompression(ole_data,len, buf, buf_len);
CHECK(buf == nullptr);
delete olefile;
}
{
uint8_t ole_data[10] ={ 0 };
uint8_t* buf = nullptr;
- int32_t len = 10;
+ uint32_t len = 10;
+ uint32_t buf_len;
ole_data[0] = 0x01;
OleFile* olefile = new OleFile(nullptr, 0);
- olefile->decompression(ole_data,&len, buf, nullptr);
+ olefile->decompression(ole_data, len, buf, buf_len);
CHECK(buf == nullptr);
delete olefile;
}
{
uint8_t ole_data[10] ={ 0 };
uint8_t* buf = nullptr;
- int32_t len = 10;
+ uint32_t len = 10;
+ uint32_t buf_len;
ole_data[0] = 0x01;
OleFile* olefile = new OleFile(nullptr, 0);
- olefile->decompression(ole_data,&len, buf, nullptr);
+ olefile->decompression(ole_data, len, buf, buf_len);
CHECK(buf == nullptr);
delete olefile;
}
CHECK(res == nullptr);
}
+TEST(Olefile_ole, bytes_to_copy_test)
+{
+ OleFile* olefile = new OleFile(nullptr, 100);
+ uint32_t bytes_to_copy;
+ bytes_to_copy = olefile->find_bytes_to_copy(70, 50, 60, 64);
+ CHECK(bytes_to_copy == 10);
+ delete olefile;
+}
+
TEST_GROUP(fat_mini_fat_list)
{
};
projects / thirdparty / snort3.git / commitdiff
