#!/usr/bin/perl # find-zlib - scan for zlib tables in compiled code # Copyright (C) 2002 RUS-CERT, University of Stuttgart. # Written by Florian Weimer . # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. if (@ARGV == 0) { print "usage: find-zlib filename...\n"; exit 1; } use strict; $/ = undef; my @inflate_table = (3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0); sub table_to_re (@) { my $be = ""; my $le = ""; my $e; foreach $e (@_) { $be .= pack "N", $e; $le .= pack "V", $e; } return (quotemeta($be), quotemeta($le)); } sub table_to_re_config (@) { my $be = ""; my $le = ""; my $e; foreach $e (@_) { $be .= pack "n", $e; $le .= pack "v", $e; } return (quotemeta($be), quotemeta($le)); } my ($inflate_table_be, $inflate_table_le) = table_to_re (@inflate_table); my $line; my (@config_table_le, @config_table_be) = (); foreach $line ([8, 32, 128, 256], [32, 128, 258, 1024], [32, 258, 258, 4096]) { my ($be, $le) = table_to_re_config(@$line); push @config_table_be, $be; push @config_table_le, $le; } my ($config_table_be_32, $config_table_be_64, $config_table_le_32, $config_table_le_64) = (join("....", @config_table_be), join("........", @config_table_be), join("....", @config_table_le), join("........", @config_table_le)); my $file; my $found = 1; for $file (@ARGV) { open (FILE, "<$file"); my $data = ; close FILE; if ($data =~ /$config_table_le_32/o) { print "$file: zlib configuration table, little endian, 32 bit\n"; $found = 0; } if ($data =~ /$config_table_be_32/o) { print "$file: zlib configuration table, big endian, 32 bit\n"; $found = 0; } if ($data =~ /$config_table_le_64/o) { print "$file: zlib configuration table, little endian, 64 bit\n"; $found = 0; } if ($data =~ /$config_table_be_64/o) { print "$file: zlib configuration table, big endian, 64bit\n"; } if ($data =~ /$inflate_table_le/o) { print "$file: zlib inflate table, little endian\n"; $found = 0; } if ($data =~ /$inflate_table_be/o) { print "$file: zlib inflate table, big endian\n"; $found = 0; } } exit $found;