On Thu, Apr 06, 2017 at 11:41:06PM +0300, Matteo Cafasso wrote:
+let non_daemon_functions = [
+ { defaults with
+ name = "yara_scan"; added = (1, 37, 9);
+ style = RStructList ("detections", "yara_detection"), [Pathname
"path"], [];
+ optional = Some "libyara";
+ progress = true; cancellable = true;
+ shortdesc = "scan a file with the loaded yara rules";
+ longdesc = "\
+Scan a file with the previously loaded Yara rules.
+
+For each matching rule, a C<yara_detection> structure is returned.
+
+The C<yara_detection> structure contains the following fields.
+
+=over 4
+
+=item 'yara_name'
...
+=item 'yara_rule'
You should use:
=item C<yara_name>
+static struct guestfs_yara_detection_list *parse_yara_detection_file
(guestfs_h *, const char *);
+static int deserialise_yara_detection_list (guestfs_h *, FILE *, struct
guestfs_yara_detection_list *);
+
+struct guestfs_yara_detection_list *
+guestfs_impl_yara_scan (guestfs_h *g, const char *path)
+{
+ int ret = 0;
s/ret/r/
+ CLEANUP_UNLINK_FREE char *tmpfile = NULL;
+
+ tmpfile = guestfs_int_make_temp_path (g, "yara_scan");
+ if (tmpfile == NULL)
+ return NULL;
+
+ ret = guestfs_internal_yara_scan (g, path, tmpfile);
+ if (ret < 0)
+ return NULL;
This function returns 0 or -1, so only need to check for r == -1.
+/* Parse the file content and return detections list.
+ * Return a list of yara_detection on success, NULL on error.
+ */
+static struct guestfs_yara_detection_list *
+parse_yara_detection_file (guestfs_h *g, const char *tmpfile)
+{
+ int ret = 0;
s/ret/r/
+ CLEANUP_FCLOSE FILE *fp = NULL;
+ struct guestfs_yara_detection_list *detections = NULL;
+
+ fp = fopen (tmpfile, "r");
+ if (fp == NULL) {
+ perrorf (g, "fopen: %s", tmpfile);
+ return NULL;
+ }
+
+ /* Initialise results array. */
+ detections = safe_malloc (g, sizeof (*detections));
+ detections->len = 8;
+ detections->val = safe_malloc (g, detections->len *
+ sizeof (*detections->val));
+
+ /* Deserialise buffer into detection list. */
+ ret = deserialise_yara_detection_list (g, fp, detections);
+ if (ret < 0) {
This returns 0 or -1, so check r == -1.
+ guestfs_free_yara_detection_list (detections);
+ return NULL;
There is no call to error/perrorf/etc along this path.
+ }
+
+ return detections;
+}
+
+/* Deserialise the file content and populate the detection list.
+ * Return the number of deserialised detections, -1 on error.
+ */
+static int
+deserialise_yara_detection_list (guestfs_h *g, FILE *fp,
+ struct guestfs_yara_detection_list *detections)
+{
+ XDR xdr;
+ int ret = 0;
s/ret/r/
+ uint32_t index = 0;
+ struct stat statbuf;
+
+ ret = fstat (fileno(fp), &statbuf);
+ if (ret == -1)
No call to perrorf.
+ return -1;
+
+ xdrstdio_create (&xdr, fp, XDR_DECODE);
+
+ for (index = 0; xdr_getpos (&xdr) < statbuf.st_size; index++) {
+ if (index == detections->len) {
+ detections->len = 2 * detections->len;
+ detections->val = safe_realloc (g, detections->val,
+ detections->len *
+ sizeof (*detections->val));
+ }
+
+ /* Clear the entry so xdr logic will allocate necessary memory. */
+ memset (&detections->val[index], 0, sizeof (*detections->val));
+ ret = xdr_guestfs_int_yara_detection (&xdr, (guestfs_int_yara_detection *)
+ &detections->val[index]);
+ if (ret == 0)
+ break;
+ }
+
+ xdr_destroy (&xdr);
+ detections->len = index;
+
+ return ret ? 0 : -1;
No call to error/perrorf along the error path.
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v