From 06fd4ce982a4e37b6521e09645eeaa33835b88da Mon Sep 17 00:00:00 2001
From: Tomasz Kojm <tkojm@clamav.net>
Date: Mon, 18 Aug 2008 10:09:56 +0000
Subject: [PATCH] libclamunrar_iface, libclamav: improve detection of encrypted
 RAR archives (bb#1134)

git-svn: trunk@4117
---
 ChangeLog                        |  5 +++
 libclamav/scanners.c             | 15 ++++++-
 libclamunrar_iface/unrar_iface.c | 76 ++++++++++++++------------------
 libclamunrar_iface/unrar_iface.h |  1 +
 4 files changed, 53 insertions(+), 44 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8d124e3f6..90da44c65 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Mon Aug 18 12:01:10 CEST 2008 (tk)
+----------------------------------
+  * libclamunrar_iface, libclamav: improve detection of encrypted RAR archives
+  (bb#1134)
+
 Sun Aug 17 19:30:25 CEST 2008 (tk)
 ----------------------------------
   * clamd/server-th.c: add missing proto for cli_initengine() (bb#1136)
diff --git a/libclamav/scanners.c b/libclamav/scanners.c
index bbce8e149..7f2b97fd9 100644
--- a/libclamav/scanners.c
+++ b/libclamav/scanners.c
@@ -292,10 +292,21 @@ static int cli_scanrar(int desc, cli_ctx *ctx, off_t sfx_offset, uint32_t *sfx_c
 	if(!cli_leavetemps_flag)
 	    cli_rmdirs(dir);
 	free(dir);
-	if(ret == UNRAR_EMEM)
+	if(ret == UNRAR_PASSWD) {
+	    cli_dbgmsg("RAR: Encrypted main header\n");
+	    if(DETECT_ENCRYPTED) {
+		lseek(desc, 0, SEEK_SET);
+		ret = cli_scandesc(desc, ctx, 0, 0, NULL, AC_SCAN_VIR);
+		if(ret != CL_VIRUS)
+		    *ctx->virname = "Encrypted.RAR";
+		return CL_VIRUS;
+	    }
+	    return CL_CLEAN;
+	} if(ret == UNRAR_EMEM) {
 	    return CL_EMEM;
-	else
+	} else {
 	    return CL_ERAR;
+	}
     }
 
     do {
diff --git a/libclamunrar_iface/unrar_iface.c b/libclamunrar_iface/unrar_iface.c
index e7f6d8f7c..1cf54484e 100644
--- a/libclamunrar_iface/unrar_iface.c
+++ b/libclamunrar_iface/unrar_iface.c
@@ -264,8 +264,42 @@ int unrar_open(int fd, const char *dirname, unrar_state_t *state)
     if(!is_rar_archive(fd))
 	return UNRAR_ERR;
 
+    main_hdr = read_header(fd, MAIN_HEAD);
+    if(!main_hdr)
+	return UNRAR_ERR;
+
+    unrar_dbgmsg("UNRAR: Head CRC: %.4x\n", main_hdr->head_crc);
+    unrar_dbgmsg("UNRAR: Head Type: %.2x\n", main_hdr->head_type);
+    unrar_dbgmsg("UNRAR: Flags: %.4x\n", main_hdr->flags);
+    unrar_dbgmsg("UNRAR: Head Size: %.4x\n", main_hdr->head_size);
+
+    if(main_hdr->flags & MHD_PASSWORD) {
+	free(main_hdr);
+	return UNRAR_PASSWD;
+    }
+
+    snprintf(filename,1024,"%s/comments", dirname);
+    if(mkdir(filename,0700)) {
+	unrar_dbgmsg("UNRAR: Unable to create comment temporary directory\n");
+	free(main_hdr);
+	return UNRAR_ERR;
+    }
+    state->comment_dir = strdup(filename);
+    if(!state->comment_dir) {
+	free(main_hdr);
+	return UNRAR_EMEM;
+    }
+
+    if(main_hdr->head_size < SIZEOF_NEWMHD) {
+	free(main_hdr);
+	free(state->comment_dir);
+	return UNRAR_ERR;
+    }
+
     unpack_data = (unpack_data_t *) malloc(sizeof(unpack_data_t));
     if(!unpack_data) {
+	free(main_hdr);
+	free(state->comment_dir);
 	unrar_dbgmsg("UNRAR: malloc failed for unpack_data\n");
 	return UNRAR_EMEM;
     }
@@ -276,48 +310,6 @@ int unrar_open(int fd, const char *dirname, unrar_state_t *state)
     unpack_data->unp_crc = 0xffffffff;
 
     ppm_constructor(&unpack_data->ppm_data);
-    main_hdr = read_header(fd, MAIN_HEAD);
-    if(!main_hdr) {
-	ppm_destructor(&unpack_data->ppm_data);
-	rar_init_filters(unpack_data);
-	unpack_free_data(unpack_data);
-	free(unpack_data);
-	return UNRAR_ERR;
-    }
-    unrar_dbgmsg("UNRAR: Head CRC: %.4x\n", main_hdr->head_crc);
-    unrar_dbgmsg("UNRAR: Head Type: %.2x\n", main_hdr->head_type);
-    unrar_dbgmsg("UNRAR: Flags: %.4x\n", main_hdr->flags);
-    unrar_dbgmsg("UNRAR: Head Size: %.4x\n", main_hdr->head_size);
-
-    snprintf(filename,1024,"%s/comments", dirname);
-    if(mkdir(filename,0700)) {
-	unrar_dbgmsg("UNRAR: Unable to create comment temporary directory\n");
-	free(main_hdr);
-	ppm_destructor(&unpack_data->ppm_data);
-	rar_init_filters(unpack_data);
-	unpack_free_data(unpack_data);
-	free(unpack_data);
-	return UNRAR_ERR;
-    }
-    state->comment_dir = strdup(filename);
-    if(!state->comment_dir) {
-	free(main_hdr);
-	ppm_destructor(&unpack_data->ppm_data);
-	rar_init_filters(unpack_data);
-	unpack_free_data(unpack_data);
-	free(unpack_data);
-	return UNRAR_EMEM;
-    }
-
-    if(main_hdr->head_size < SIZEOF_NEWMHD) {
-	free(main_hdr);
-	ppm_destructor(&unpack_data->ppm_data);
-	rar_init_filters(unpack_data);
-	unpack_free_data(unpack_data);
-	free(unpack_data);
-	free(state->comment_dir);
-	return UNRAR_ERR;
-    }
 
     if(main_hdr->flags & MHD_COMMENT) {
 	unrar_comment_header_t *comment_header;
diff --git a/libclamunrar_iface/unrar_iface.h b/libclamunrar_iface/unrar_iface.h
index 5f200fef5..1804d2da3 100644
--- a/libclamunrar_iface/unrar_iface.h
+++ b/libclamunrar_iface/unrar_iface.h
@@ -38,6 +38,7 @@
 
 #define UNRAR_OK	 0
 #define UNRAR_BREAK	 1
+#define UNRAR_PASSWD	 2
 #define UNRAR_EMEM	-1
 #define UNRAR_ERR	-2