Fixed parser bugs

18badfda · devttys0 · bc4adcd3 · 18badfda · 18badfda · 18badfda
Commit 18badfda authored 11 years ago by devttys0
Showing with 61 additions and 47 deletions

smart.py src/binwalk/core/smart.py +33 -21

binwalk src/binwalk/magic/binwalk +0 -0

signature.py src/binwalk/modules/signature.py +4 -2

archives src/magic/archives +24 -24

No files found.
--- a/src/binwalk/core/smart.py
+++ b/src/binwalk/core/smart.py
@@ -15,10 +15,16 @@ class Tag(object):
 		self.type = None
 		self.handler = None
 		self.tag = None
+		self.default = None

 		for (k,v) in iterator(kwargs):
 			setattr(self, k, v)

+		if self.type == int:
+			self.default = 0
+		elif self.type == str:
+			self.default = ''
+
 		if self.keyword is not None:
 			self.tag = self.TAG_DELIM_START + self.keyword
 			if self.type is None:
@@ -46,9 +52,9 @@ class Signature(object):
 	'''

 	TAGS = [
-		Tag(name='raw-string', keyword='raw-string', handler='parse_raw_string'),
-		Tag(name='string-len', keyword='string-len', handler='parse_string_len'),
-		Tag(name='math', keyword='math', handler='parse_math'),
+		Tag(name='raw-string', keyword='raw-string', type=str, handler='parse_raw_string'),
+		Tag(name='string-len', keyword='string-len', type=str, handler='parse_string_len'),
+		Tag(name='math', keyword='math', type=int, handler='parse_math'),
 		Tag(name='one-of-many', keyword='one-of-many', handler='one_of_many'),

 		Tag(name='jump', keyword='jump-to-offset', type=int),
@@ -59,7 +65,7 @@ class Signature(object):
 		Tag(name='year', keyword='file-year', type=str),
 		Tag(name='epoch', keyword='file-epoch', type=int),
 		
-		Tag(name='raw-size', keyword='raw-string-length'),
+		Tag(name='raw-size', keyword='raw-string-length', type=int),
 		Tag(name='raw-replace', keyword='raw-replace'),
 		Tag(name='string-len-replace', keyword='string-len'),
 	]
@@ -89,21 +95,27 @@ class Signature(object):
 		results = {}
 		self.valid = True

-		# If smart signatures are disabled, or the result data is not valid (i.e., potentially malicious), 
-		# don't parse anything, just return the raw data as the description.
-		if self.ignore_smart_signatures:
-			results['description'] = data
-		else:
+		if data:
 			for tag in self.TAGS:
 				if tag.handler is not None:
-					(data, arg) = getattr(self, tag.handler)(data, tag)
+					(d, arg) = getattr(self, tag.handler)(data, tag)
+					if not self.ignore_smart_signatures:
+						data = d

-					if isinstance(arg, type(False)) and arg == False:
+					if isinstance(arg, type(False)) and arg == False and not self.ignore_smart_signatures:
 						self.valid = False
 					elif tag.type is not None:
-						results[tag.name] = arg
+						if self.ignore_smart_signatures:
+							results[tag.name] = tag.default
+						else:
+							results[tag.name] = arg

-			results['description'] = self.strip_tags(data)
+			if self.ignore_smart_signatures:
+				results['description'] = data
+			else:
+				results['description'] = self.strip_tags(data)
+		else:
+			self.valid = False
 			
 		results['valid'] = self.valid

@@ -179,10 +191,10 @@ class Signature(object):
 		Returns a blank string on failure.
 		'''
 		arg = ''
-		data = self.safe_string(data)
+		safe_data = self.safe_string(data)

-		if tag.tag in data:
-			arg = data.split(tag.tag)[1].split(tag.TAG_DELIM_END)[0]
+		if tag.tag in safe_data:
+			arg = safe_data.split(tag.tag)[1].split(tag.TAG_DELIM_END)[0]
 			
 		return (data, arg)

@@ -231,18 +243,18 @@ class Signature(object):

 		Returns a parsed string.
 		'''
-		if not self.ignore_smart_signatures and self.is_valid(data):
-			raw_size_tag = self.tag_lookup('raw-size')
+		if self.is_valid(data):
+			raw_str_length_tag = self.tag_lookup('raw-string-length')
 			raw_replace_tag = self.tag_lookup('raw-replace')

 			# Get the raw string  keyword arg
 			(data, raw_string) = self.get_keyword_arg(data, raw_str_tag)
-
+			
 			# Was a raw string keyword specified?
 			if raw_string:
 				# Get the raw string length arg
-				(data, raw_size) = self.get_math_arg(data, raw_size_tag)
-	
+				(data, raw_size) = self.get_math_arg(data, raw_str_length_tag)
+
 				# Replace all instances of raw-replace in data with raw_string[:raw_size]
 				# Also strip out everything after the raw-string keyword, including the keyword itself.
 				# Failure to do so may (will) result in non-printable characters and this string will be 

--- a/src/binwalk/magic/binwalk
+++ b/src/binwalk/magic/binwalk
--- a/src/binwalk/modules/signature.py
+++ b/src/binwalk/modules/signature.py
@@ -117,9 +117,11 @@ class Signature(Module):
 				# In python3 we need a bytes object to pass to magic.buffer
 				candidate_data = str2bytes(data[candidate_offset:candidate_offset+fp.block_peek_size])
 			
-				# Pass the data to libmagic, and split out multiple results into a list
+				# Pass the data to libmagic for parsing
 				magic_result = self.magic.buffer(candidate_data)
-					
+				if not magic_result:
+					continue
+				
 				# The smart filter parser returns a binwalk.core.module.Result object
 				r = self.smart.parse(magic_result)


--- a/src/magic/archives
+++ b/src/magic/archives
@@ -26,30 +26,30 @@
 0       string          PK\x07\x08PK\x03\x04    Zip multi-volume archive data, at least PKZIP v2.50 to extract

 # ZIP compression (Greg Roelofs, c/o zip-bugs@wkuvx1.wku.edu)
-0       string          PK\003\004      Zip
->6	leshort		&0x01		encrypted
->0	byte		x		archive data,
->4      byte            0x00            v0.0
->4      byte            0x09            at least v0.9 to extract,
->4      byte            0x0a            at least v1.0 to extract,
->4      byte            0x0b            at least v1.1 to extract,
->0x161  string          WINZIP          WinZIP self-extracting,
->4      byte            0x14
->>30    ubelong         !0x6d696d65     at least v2.0 to extract,
->18	lelong		!0
->>18	lelong		<0		invalid
->>18	lelong		x		compressed size: %d,
->>18	lelong		x		{jump-to-offset:%d}
->22	lelong		!0
->>22	lelong		<0		invalid
->>22	lelong		x		uncompressed size: %d,{extract-delay:End of Zip archive}
->30	string		x		{file-name:{raw-replace}}name: {raw-replace}
->26	leshort		x		{raw-string-length:%d}
->30	string		x		{raw-string:%s
->61	string		x		\b%s
->92	string		x		\b%s
->123	string		x		\b%s
->154	string		x		\b%s}
+0		string		PK\003\004      Zip
+>6		leshort		&0x01			encrypted
+>0		byte		x				archive data,
+>4      byte		0x00            v0.0
+>4      byte		0x09            at least v0.9 to extract,
+>4      byte		0x0a            at least v1.0 to extract,
+>4      byte		0x0b            at least v1.1 to extract,
+>0x161  string		WINZIP          WinZIP self-extracting,
+>4      byte		0x14
+>>30    ubelong		!0x6d696d65     at least v2.0 to extract,
+>18		lelong		!0
+>>18	lelong		<0				invalid
+>>18	lelong		x				compressed size: %d,
+>>18	lelong		x				{jump-to-offset:%d}
+>22		lelong		!0
+>>22	lelong		<0				invalid
+>>22	lelong		x				uncompressed size: %d,{extract-delay:End of Zip archive}
+>30		string		x				name: {raw-replace}
+>26		leshort		x				{raw-string-length:%d}
+>30		string		x				{raw-string:%s
+>61		string		x				\b%s
+>92		string		x				\b%s
+>123	string		x				\b%s
+>154	string		x				\b%s}

 # ZIP footer
 0	string		PK\x05\x06	End of Zip archive