X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Frootcheck%2Fcheck_rc_trojans.c;fp=src%2Frootcheck%2Fcheck_rc_trojans.c;h=5a07fc4d0ffcf48465e2b83f93d78ef763efc89d;hp=1ee24efa8cbc929f0e9d9e1d96193fb6bc28bf02;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b

diff --git a/src/rootcheck/check_rc_trojans.c b/src/rootcheck/check_rc_trojans.c
old mode 100755
new mode 100644
index 1ee24ef..5a07fc4
--- a/src/rootcheck/check_rc_trojans.c
+++ b/src/rootcheck/check_rc_trojans.c
@@ -1,6 +1,3 @@
-/* @(#) $Id: ./src/rootcheck/check_rc_trojans.c, 2011/09/08 dcid Exp $
- */
-
 /* Copyright (C) 2009 Trend Micro Inc.
  * All right reserved.
  *
@@ -10,64 +7,51 @@
  * Foundation
  */
 
-
 #include "shared.h"
 #include "rootcheck.h"
 
 
-/* check_rc_trojans:
- * Read the file pointer specified (rootkit_trojans)
- * and check if the any trojan entry is on the configured files
+/* Read the file pointer specified (rootkit_trojans)
+ * and check if any trojan entry is in the configured files
  */
-void check_rc_trojans(char *basedir, FILE *fp)
+void check_rc_trojans(const char *basedir, FILE *fp)
 {
     int i = 0, _errors = 0, _total = 0;
-    char buf[OS_SIZE_1024 +1];
-    char file_path[OS_SIZE_1024 +1];
-
+    char buf[OS_SIZE_1024 + 1];
+    char file_path[OS_SIZE_1024 + 1];
     char *file;
     char *string_to_look;
 
-    #ifndef WIN32
-    char *(all_paths[]) = {"bin","sbin","usr/bin","usr/sbin", NULL};
-    #else
-    char *(all_paths[]) = {"C:\\Windows\\", "D:\\Windows\\", NULL};
-    #endif
+#ifndef WIN32
+    const char *(all_paths[]) = {"bin", "sbin", "usr/bin", "usr/sbin", NULL};
+#else
+    const char *(all_paths[]) = {"C:\\Windows\\", "D:\\Windows\\", NULL};
+#endif
 
     debug1("%s: DEBUG: Starting on check_rc_trojans", ARGV0);
 
-
-    while(fgets(buf, OS_SIZE_1024, fp) != NULL)
-    {
+    while (fgets(buf, OS_SIZE_1024, fp) != NULL) {
         char *nbuf;
         char *message = NULL;
 
         i = 0;
-
-        /* Removing end of line */
+        /* Remove end of line */
         nbuf = strchr(buf, '\n');
-        if(nbuf)
-        {
+        if (nbuf) {
             *nbuf = '\0';
         }
 
-
-        /* Normalizing line */
         nbuf = normalize_string(buf);
 
-
-        if(*nbuf == '\0' || *nbuf == '#')
-        {
+        if (*nbuf == '\0' || *nbuf == '#') {
             continue;
         }
 
-
         /* File now may be valid */
         file = nbuf;
 
         string_to_look = strchr(file, '!');
-        if(!string_to_look)
-        {
+        if (!string_to_look) {
             continue;
         }
 
@@ -75,8 +59,7 @@ void check_rc_trojans(char *basedir, FILE *fp)
         string_to_look++;
 
         message = strchr(string_to_look, '!');
-        if(!message)
-        {
+        if (!message) {
             continue;
         }
         *message = '\0';
@@ -86,48 +69,39 @@ void check_rc_trojans(char *basedir, FILE *fp)
         file = normalize_string(file);
         message = normalize_string(message);
 
-
-        if(*file == '\0' || *string_to_look == '\0')
-        {
+        if (*file == '\0' || *string_to_look == '\0') {
             continue;
         }
 
         _total++;
 
-
-        /* Trying with all possible paths */
-        while(all_paths[i] != NULL)
-        {
-            if(*file != '/')
-            {
-                snprintf(file_path, OS_SIZE_1024, "%s/%s/%s",basedir,
-                        all_paths[i],
-                        file);
-            }
-            else
-            {
+        /* Try with all possible paths */
+        while (all_paths[i] != NULL) {
+            if (*file != '/') {
+                snprintf(file_path, OS_SIZE_1024, "%s/%s/%s", basedir,
+                         all_paths[i],
+                         file);
+            } else {
                 strncpy(file_path, file, OS_SIZE_1024);
-                file_path[OS_SIZE_1024 -1] = '\0';
+                file_path[OS_SIZE_1024 - 1] = '\0';
             }
 
-            /* Checking if entry is found */
-            if(is_file(file_path) && os_string(file_path, string_to_look))
-            {
-                char op_msg[OS_SIZE_1024 +1];
+            /* Check if entry is found */
+            if (is_file(file_path) && os_string(file_path, string_to_look)) {
+                char op_msg[OS_SIZE_1024 + 1];
                 _errors = 1;
 
                 snprintf(op_msg, OS_SIZE_1024, "Trojaned version of file "
-                        "'%s' detected. Signature used: '%s' (%s).",
-                                        file_path,
-                                        string_to_look,
-                                        *message == '\0'?
-                                        "Generic":message);
+                         "'%s' detected. Signature used: '%s' (%s).",
+                         file_path,
+                         string_to_look,
+                         *message == '\0' ?
+                         "Generic" : message);
 
                 notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
             }
 
-            if(*file == '/')
-            {
+            if (*file == '/') {
                 break;
             }
             i++;
@@ -135,15 +109,11 @@ void check_rc_trojans(char *basedir, FILE *fp)
         continue;
     }
 
-
-    if(_errors == 0)
-    {
-        char op_msg[OS_SIZE_1024 +1];
-        snprintf(op_msg,OS_SIZE_1024, "No binaries with any trojan detected. "
-                                    "Analyzed %d files.", _total);
+    if (_errors == 0) {
+        char op_msg[OS_SIZE_1024 + 1];
+        snprintf(op_msg, OS_SIZE_1024, "No binaries with any trojan detected. "
+                 "Analyzed %d files.", _total);
         notify_rk(ALERT_OK, op_msg);
     }
 }
 
-
-/* EOF */