4.2.x

Makefile.am

@@ -138,6 +138,12 @@ test_dotnet_SOURCES = tests/test-dotnet.c tests/util.c
 test_dotnet_LDADD = libyara/.libs/libyara.a
 endif
 
+if MAGIC_MODULE
+check_PROGRAMS+=test-magic
+test_magic_SOURCES = tests/test-magic.c tests/util.c
+test_magic_LDADD = libyara/.libs/libyara.a
+endif
+
 if PB_TESTS_MODULE
 check_PROGRAMS+=test-pb
 test_pb_SOURCES = tests/test-pb.c tests/util.c

bazel/yara.bzl

@@ -61,6 +61,7 @@ module_list = rule(
 def yara_library(
         name,
         defines = [],
+        includes = [],
         modules = [],
         modules_srcs = [],
         deps = [],
@@ -195,7 +196,7 @@ def yara_library(
             "libyara/include/yara/rules.h",
         ],
         copts = copts,
-        includes = [
+        includes = includes + [
             "libyara/modules",
             "libyara/include",
             "libyara",

bazel/yara_deps.bzl

@@ -36,9 +36,9 @@ def yara_deps():
     maybe(
         http_archive,
         name = "openssl",
-        url = "https://github.com/openssl/openssl/archive/OpenSSL_1_1_0h.tar.gz",
-        sha256 = "f56dd7d81ce8d3e395f83285bd700a1098ed5a4cb0a81ce9522e41e6db7e0389",
-        strip_prefix = "openssl-OpenSSL_1_1_0h",
+        url = "https://github.com/openssl/openssl/archive/refs/tags/OpenSSL_1_1_1n.tar.gz",
+        sha256 = "6b2d2440ced8c802aaa61475919f0870ec556694c466ebea460e35ea2b14839e",
+        strip_prefix = "openssl-OpenSSL_1_1_1n",
         build_file = "@com_github_virustotal_yara//:bazel/openssl.BUILD",
     )
     maybe(

cli/args.c

@@ -96,7 +96,7 @@ args_error_type_t args_parse_option(
     *(bool*) opt->value = !(*(bool*) opt->value);
     break;
 
-  case ARGS_OPT_INTEGER:
+  case ARGS_OPT_LONG:
     if (opt_arg == NULL)
       return ARGS_ERROR_REQUIRED_INTEGER_ARG;
 
@@ -110,6 +110,20 @@ args_error_type_t args_parse_option(
 
     break;
 
+  case ARGS_OPT_LONG_LONG:
+    if (opt_arg == NULL)
+      return ARGS_ERROR_REQUIRED_INTEGER_ARG;
+
+    *(long long*) opt->value = _tcstoll(opt_arg, &endptr, 0);
+
+    if (*endptr != '\0')
+      return ARGS_ERROR_REQUIRED_INTEGER_ARG;
+
+    if (opt_arg_was_used != NULL)
+      *opt_arg_was_used = 1;
+
+    break;
+
   case ARGS_OPT_STRING:
     if (opt_arg == NULL)
       return ARGS_ERROR_REQUIRED_STRING_ARG;
@@ -268,7 +282,8 @@ void args_print_usage(args_option_t* options, int help_alignment)
     if (options->long_name != NULL)
       len += _stprintf(buffer + len, _T("--%s"), options->long_name);
 
-    if (options->type == ARGS_OPT_STRING || options->type == ARGS_OPT_INTEGER)
+    if (options->type == ARGS_OPT_STRING || options->type == ARGS_OPT_LONG ||
+        options->type == ARGS_OPT_LONG_LONG)
     {
       len += _stprintf(
           buffer + len,

cli/args.h

@@ -33,57 +33,59 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #include <stdio.h>
 #include "unicode.h"
 
-
 #ifdef __cplusplus
 extern "C"
 {
 #endif
 
-typedef enum _args_error_type
-{
+  typedef enum _args_error_type
+  {
     ARGS_ERROR_OK,
     ARGS_ERROR_UNKNOWN_OPT,
     ARGS_ERROR_TOO_MANY,
     ARGS_ERROR_REQUIRED_INTEGER_ARG,
     ARGS_ERROR_REQUIRED_STRING_ARG,
     ARGS_ERROR_UNEXPECTED_ARG,
-} args_error_type_t;
-
-
-typedef enum _args_option_type
-{
-  // special
-  ARGS_OPT_END,
-  ARGS_OPT_GROUP,
-  // options with no arguments
-  ARGS_OPT_BOOLEAN,
-  // options with arguments (optional or required)
-  ARGS_OPT_INTEGER,
-  ARGS_OPT_STRING,
-} args_option_type_t;
-
-
-typedef struct _args_option
-{
-  args_option_type_t type;
-  const char_t short_name;
-  const char_t *long_name;
-  void *value;
-  int max_count;
-  const char_t *help;
-  const char_t *type_help;
-  int count;
-} args_option_t;
-
+  } args_error_type_t;
+
+  typedef enum _args_option_type
+  {
+    // special
+    ARGS_OPT_END,
+    ARGS_OPT_GROUP,
+    // options with no arguments
+    ARGS_OPT_BOOLEAN,
+    // options with arguments (optional or required)
+    ARGS_OPT_LONG,
+    ARGS_OPT_LONG_LONG,
+    ARGS_OPT_STRING,
+  } args_option_type_t;
+
+  typedef struct _args_option
+  {
+    args_option_type_t type;
+    const char_t short_name;
+    const char_t *long_name;
+    void *value;
+    int max_count;
+    const char_t *help;
+    const char_t *type_help;
+    int count;
+  } args_option_t;
 
 #define OPT_BOOLEAN(short_name, long_name, value, ...)             \
   {                                                                \
     ARGS_OPT_BOOLEAN, short_name, long_name, value, 1, __VA_ARGS__ \
   }
 
-#define OPT_INTEGER(short_name, long_name, value, ...)             \
-  {                                                                \
-    ARGS_OPT_INTEGER, short_name, long_name, value, 1, __VA_ARGS__ \
+#define OPT_LONG(short_name, long_name, value, ...)             \
+  {                                                             \
+    ARGS_OPT_LONG, short_name, long_name, value, 1, __VA_ARGS__ \
+  }
+
+#define OPT_LONG_LONG(short_name, long_name, value, ...)             \
+  {                                                                  \
+    ARGS_OPT_LONG_LONG, short_name, long_name, value, 1, __VA_ARGS__ \
   }
 
 #define OPT_STRING_MULTI(short_name, long_name, value, max_count, ...)    \
@@ -99,17 +101,11 @@ typedef struct _args_option
     ARGS_OPT_END, 0 \
   }
 
-int args_parse(
-    args_option_t *options,
-    int argc,
-    const char_t **argv);
+  int args_parse(args_option_t *options, int argc, const char_t **argv);
 
-void args_print_usage(
-    args_option_t *options,
-    int alignment);
+  void args_print_usage(args_option_t *options, int alignment);
 
-void args_free(
-	args_option_t *options);
+  void args_free(args_option_t *options);
 
 #ifdef __cplusplus
 }

cli/unicode.h

@@ -33,35 +33,36 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #ifdef _MSC_VER
 #include <tchar.h>
 #define char_t TCHAR
-#define PF_S "hs"
-#define PF_C "hc"
+#define PF_S   "hs"
+#define PF_C   "hc"
 
 #else
 #define char_t char
-#define _T(x) x
-#define PF_S "s"
-#define PF_C "c"
+#define _T(x)  x
+#define PF_S   "s"
+#define PF_C   "c"
 
 #ifdef __CYGWIN__
 #define _tcstok_s strtok_r
 #else
 #define _tcstok_s strtok_s
 #endif
 
-#define _tcscmp strcmp
-#define _tcsdup strdup
-#define _tcschr strchr
-#define _tcslen strlen
-#define _tcsstr strstr
-#define _tcstol strtol
-#define _tstoi atoi
-#define _tstof atof
-#define _tisdigit isdigit
-#define _tfopen fopen
-#define _ftprintf fprintf
-#define _stprintf sprintf
-#define _tprintf printf
-#define _tmain main
+#define _tcscmp    strcmp
+#define _tcsdup    strdup
+#define _tcschr    strchr
+#define _tcslen    strlen
+#define _tcsstr    strstr
+#define _tcstol    strtol
+#define _tcstoll   strtoll
+#define _tstoi     atoi
+#define _tstof     atof
+#define _tisdigit  isdigit
+#define _tfopen    fopen
+#define _ftprintf  fprintf
+#define _stprintf  sprintf
+#define _tprintf   printf
+#define _tmain     main
 #define _sntprintf snprintf
 #endif
 

cli/yara.c

@@ -161,10 +161,10 @@ static long total_count = 0;
 static long limit = 0;
 static long timeout = 1000000;
 static long stack_size = DEFAULT_STACK_SIZE;
-static long skip_larger = 0;
 static long threads = YR_MAX_THREADS;
 static long max_strings_per_rule = DEFAULT_MAX_STRINGS_PER_RULE;
 static long max_process_memory_chunk = DEFAULT_MAX_PROCESS_MEMORY_CHUNK;
+static long long skip_larger = 0;
 
 #define USAGE_STRING \
   "Usage: yara [OPTION]... [NAMESPACE:]RULES_FILE... FILE | DIR | PID"
@@ -215,22 +215,22 @@ args_option_t options[] = {
         _T("print only rules named IDENTIFIER"),
         _T("IDENTIFIER")),
 
-    OPT_INTEGER(
+    OPT_LONG(
         0,
         _T("max-process-memory-chunk"),
         &max_process_memory_chunk,
         _T("set maximum chunk size while reading process memory")
         _T(" (default=1073741824)"),
         _T("NUMBER")),
 
-    OPT_INTEGER(
+    OPT_LONG(
         'l',
         _T("max-rules"),
         &limit,
         _T("abort scanning after matching a NUMBER of rules"),
         _T("NUMBER")),
 
-    OPT_INTEGER(
+    OPT_LONG(
         0,
         _T("max-strings-per-rule"),
         &max_strings_per_rule,
@@ -310,14 +310,14 @@ args_option_t options[] = {
         &scan_list_search,
         _T("scan files listed in FILE, one per line")),
 
-    OPT_INTEGER(
+    OPT_LONG_LONG(
         'z',
         _T("skip-larger"),
         &skip_larger,
         _T("skip files larger than the given size when scanning a directory"),
         _T("NUMBER")),
 
-    OPT_INTEGER(
+    OPT_LONG(
         'k',
         _T("stack-size"),
         &stack_size,
@@ -332,14 +332,14 @@ args_option_t options[] = {
         _T("print only rules tagged as TAG"),
         _T("TAG")),
 
-    OPT_INTEGER(
+    OPT_LONG(
         'p',
         _T("threads"),
         &threads,
         _T("use the specified NUMBER of threads to scan a directory"),
         _T("NUMBER")),
 
-    OPT_INTEGER(
+    OPT_LONG(
         'a',
         _T("timeout"),
         &timeout,
@@ -478,7 +478,25 @@ static int scan_dir(const char_t* dir, SCAN_OPTIONS* scan_opts)
 
       if (!(FindFileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY))
       {
-        result = file_queue_put(path, scan_opts->deadline);
+        LARGE_INTEGER file_size;
+
+        file_size.HighPart = FindFileData.nFileSizeHigh;
+        file_size.LowPart = FindFileData.nFileSizeLow;
+
+        if (skip_larger > file_size.QuadPart || skip_larger <= 0)
+        {
+          result = file_queue_put(path, scan_opts->deadline);
+        }
+        else
+        {
+          _ftprintf(
+              stderr,
+              _T("skipping %s (%" PRIu64
+                 " bytes) because it's larger than %lld bytes.\n"),
+              path,
+              file_size.QuadPart,
+              skip_larger);
+        }
       }
       else if (
           scan_opts->recursive_search &&
@@ -670,7 +688,7 @@ static int scan_dir(const char* dir, SCAN_OPTIONS* scan_opts)
           {
             fprintf(
                 stderr,
-                "skipping %s (%" PRId64 " bytes) because it's larger than %ld"
+                "skipping %s (%" PRId64 " bytes) because it's larger than %lld"
                 " bytes.\n",
                 full_path,
                 st.st_size,
@@ -1199,7 +1217,7 @@ static int callback(
     return CALLBACK_CONTINUE;
 
   case CALLBACK_MSG_CONSOLE_LOG:
-    _tprintf(_T("%"PF_S"\n"), (char*) message_data);
+    _tprintf(_T("%" PF_S "\n"), (char*) message_data);
     return CALLBACK_CONTINUE;
   }
 
@@ -1393,10 +1411,10 @@ int _tmain(int argc, const char_t** argv)
     exit_with_code(EXIT_FAILURE);
   }
 
-  yr_set_configuration_uint32(YR_CONFIG_STACK_SIZE, stack_size);
+  yr_set_configuration_uint32(YR_CONFIG_STACK_SIZE, (uint32_t) stack_size);
 
   yr_set_configuration_uint32(
-      YR_CONFIG_MAX_STRINGS_PER_RULE, max_strings_per_rule);
+      YR_CONFIG_MAX_STRINGS_PER_RULE, (uint32_t) max_strings_per_rule);
 
   yr_set_configuration_uint64(
       YR_CONFIG_MAX_PROCESS_MEMORY_CHUNK, max_process_memory_chunk);

cli/yarac.c

@@ -103,7 +103,7 @@ args_option_t options[] = {
 
     OPT_BOOLEAN('h', _T("help"), &show_help, _T("show this help and exit")),
 
-    OPT_INTEGER(
+    OPT_LONG(
         0,
         _T("max-strings-per-rule"),
         &max_strings_per_rule,

configure.ac

@@ -1,4 +1,4 @@
-AC_INIT([yara], [4.2.0], [vmalvarez@virustotal.com])
+AC_INIT([yara], [4.2.3], [vmalvarez@virustotal.com])
 
 AM_SILENT_RULES([yes])
 AC_CONFIG_SRCDIR([cli/yara.c])