[Forensics-changes] [yara] 94/415: Prevent some potential integer overflow conditions.
Hilko Bengen
bengen at moszumanska.debian.org
Thu Apr 3 05:42:49 UTC 2014
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch debian
in repository yara.
commit 4c5810213b706d1a2a06e2efa3b4c9a5ff0bd89f
Author: Mike Wiacek <mjwiacek at google.com>
Date: Tue Mar 29 22:35:32 2011 +0000
Prevent some potential integer overflow conditions.
---
libyara/exe.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/libyara/exe.c b/libyara/exe.c
index 9eec779..59712e2 100644
--- a/libyara/exe.c
+++ b/libyara/exe.c
@@ -14,8 +14,11 @@ GNU General Public License for more details.
*/
+#include <limits.h>
+
#ifdef WIN32
#include <windows.h>
+#define ULLONG_MAX _UI64_MAX
#else
#include "pe.h"
#endif
@@ -131,6 +134,10 @@ unsigned long long elf_rva_to_offset_32(Elf32_Ehdr* elf_header, unsigned long lo
if (elf_header->e_shoff == 0 || elf_header->e_shnum == 0)
return 0;
+
+ // check to prevent integer wraps
+ if(ULLONG_MAX - elf_header->e_shoff < sizeof(Elf64_Shdr) * elf_header->e_shnum)
+ return 0;
if (elf_header->e_shoff + sizeof(Elf32_Shdr) * elf_header->e_shnum > buffer_length)
return 0;
@@ -144,7 +151,11 @@ unsigned long long elf_rva_to_offset_32(Elf32_Ehdr* elf_header, unsigned long lo
rva >= section->sh_addr &&
rva < section->sh_addr + section->sh_size)
{
- return section->sh_offset + (rva - section->sh_addr);
+ // prevent integer wrapping with the return value
+ if (ULLONG_MAX - section->sh_offset < (rva - section->sh_addr))
+ return 0;
+ else
+ return section->sh_offset + (rva - section->sh_addr);
}
section++;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list