Add support for UDF files

Add support for specifically for Beginning Extended Area Descriptor
(BEA01) type of UDF files.

libclamav/CMakeLists.txt

@@ -395,6 +395,8 @@ set(LIBCLAMAV_SOURCES
     tiff.c              tiff.h
     # GIF image format checker
     gif.c               gif.h
+    # UDF partition
+    udf.c               udf.h
 )
 
 if(ENABLE_SHARED_LIB)

libclamav/dconf.c

@@ -106,6 +106,7 @@ static struct dconf_module modules[] = {
     {"ARCHIVE", "GPT", ARCH_CONF_GPT, 1},
     {"ARCHIVE", "APM", ARCH_CONF_APM, 1},
     {"ARCHIVE", "EGG", ARCH_CONF_EGG, 1},
+    {"ARCHIVE", "UDF", ARCH_CONF_UDF, 1},
 
     {"DOCUMENT", "HTML", DOC_CONF_HTML, 1},
     {"DOCUMENT", "RTF", DOC_CONF_RTF, 1},
@@ -406,6 +407,7 @@ int cli_dconf_load(FILE *fs, struct cl_engine *engine, unsigned int options, str
         if (!strncmp(buffer, "ARCHIVE:", 8) && chkflevel(buffer, 2)) {
             if (sscanf(buffer + 8, "0x%x", &val) == 1) {
                 engine->dconf->archive = val;
+                fprintf(stderr, "%s::%d::%x\n", __FUNCTION__, __LINE__, val);
             } else {
                 ret = CL_EMALFDB;
                 break;

libclamav/dconf.h

@@ -96,6 +96,7 @@ struct cli_dconf {
 #define ARCH_CONF_GPT     0x1000000
 #define ARCH_CONF_APM     0x2000000
 #define ARCH_CONF_EGG     0x4000000
+#define ARCH_CONF_UDF     0x8000000
 
 /* Document flags */
 #define DOC_CONF_HTML         0x1

libclamav/filetypes.c

@@ -137,6 +137,7 @@ static const struct ftmap_s {
     { "CL_TYPE_LNK",          CL_TYPE_LNK          },
     { "CL_TYPE_EGG",          CL_TYPE_EGG          },
     { "CL_TYPE_EGGSFX",       CL_TYPE_EGGSFX       },
+    { "CL_TYPE_UDF",      CL_TYPE_UDF      },
     { NULL,                   CL_TYPE_IGNORED      }
 };
 // clang-format on

libclamav/filetypes.h

@@ -124,6 +124,7 @@ typedef enum cli_file {
     CL_TYPE_LNK,
 
     CL_TYPE_OTHER,  /* on-the-fly, used for target 14 (OTHER) */
+    CL_TYPE_UDF,
     CL_TYPE_IGNORED /* please don't add anything below */
 } cli_file_t;
 

libclamav/filetypes_int.h

@@ -149,6 +149,7 @@ static const char *ftypes_int[] = {
     "0:0:4d53434600000000:MS CAB:CL_TYPE_ANY:CL_TYPE_MSCAB",
     "1:*:4d53434600000000:CAB-SFX:CL_TYPE_ANY:CL_TYPE_CABSFX",
     "1:*:014344303031{2043-2443}4344303031:ISO9660:CL_TYPE_ANY:CL_TYPE_ISO9660:71",
+    "1:*:004245413031:UDF:CL_TYPE_ANY:CL_TYPE_UDF:180",
     "0:0:5b616c69617365735d:TAR-POSIX-CVE-2012-1419:CL_TYPE_ANY:CL_TYPE_POSIX_TAR",
     "1:8,12:19040010:SIS:CL_TYPE_ANY:CL_TYPE_SIS",
     "1:0,1024:44656c6976657265642d546f3a{-256}52656365697665643a:Mail file:CL_TYPE_ANY:CL_TYPE_MAIL",

libclamav/scanners.c

@@ -3496,6 +3496,18 @@ static cl_error_t scanraw(cli_ctx *ctx, cli_file_t type, uint8_t typercg, cli_fi
                         }
                         break;
 
+                    case CL_TYPE_UDF:
+                        if (SCAN_PARSE_ARCHIVE && (DCONF_ARCH & ARCH_CONF_UDF)) {
+                            {
+                                // Reassign type of current layer based on what we discovered
+                                cli_recursion_stack_change_type(ctx, fpt->type);
+
+                                cli_dbgmsg("DMG signature found at %u\n", (unsigned int)fpt->offset);
+                                nret = cli_scanudf(ctx, fpt->offset);
+                            }
+                        }
+                        break;
+
                     case CL_TYPE_MBR:
                         if (SCAN_PARSE_ARCHIVE) {
                             // TODO: determine all types that GPT or MBR may start with