[Forensics-changes] [yara] 04/135: Fix buffer overflow
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:27:26 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.1.0
in repository yara.
commit 24d001d25d4446f53a3267523d9b4aa5d51c3b33
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Mon Mar 10 10:43:56 2014 +0100
Fix buffer overflow
---
libyara/re.c | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/libyara/re.c b/libyara/re.c
index 33835ec..cb142bf 100644
--- a/libyara/re.c
+++ b/libyara/re.c
@@ -1360,6 +1360,12 @@ int yr_re_exec(
#define ACTION_KILL 2
#define ACTION_KILL_TAIL 3
+ #define prolog if (count >= max_count) \
+ { \
+ action = ACTION_KILL; \
+ break; \
+ }
+
if (_yr_re_alloc_storage(&storage) != ERROR_SUCCESS)
return -2;
@@ -1392,12 +1398,14 @@ int yr_re_exec(
switch(*ip)
{
case RE_OPCODE_ANY:
+ prolog;
match = (*input != 0x0A || flags & RE_FLAGS_DOT_ALL);
action = match ? ACTION_NONE : ACTION_KILL;
fiber->ip += 1;
break;
case RE_OPCODE_LITERAL:
+ prolog;
if (flags & RE_FLAGS_NO_CASE)
match = lowercase[*input] == lowercase[*(ip + 1)];
else
@@ -1407,6 +1415,7 @@ int yr_re_exec(
break;
case RE_OPCODE_MASKED_LITERAL:
+ prolog;
value = *(int16_t*)(ip + 1) & 0xFF;
mask = *(int16_t*)(ip + 1) >> 8;
@@ -1420,6 +1429,7 @@ int yr_re_exec(
break;
case RE_OPCODE_CLASS:
+ prolog;
if (flags & RE_FLAGS_NO_CASE)
match = CHAR_IN_CLASS(*input, ip + 1) ||
CHAR_IN_CLASS(altercase[*input], ip + 1);
@@ -1430,36 +1440,42 @@ int yr_re_exec(
break;
case RE_OPCODE_WORD_CHAR:
+ prolog;
match = (isalnum(*input) || *input == '_');
action = match ? ACTION_NONE : ACTION_KILL;
fiber->ip += 1;
break;
case RE_OPCODE_NON_WORD_CHAR:
+ prolog;
match = (!isalnum(*input) && *input != '_');
action = match ? ACTION_NONE : ACTION_KILL;
fiber->ip += 1;
break;
case RE_OPCODE_SPACE:
+ prolog;
match = (*input == ' ' || *input == '\t');
action = match ? ACTION_NONE : ACTION_KILL;
fiber->ip += 1;
break;
case RE_OPCODE_NON_SPACE:
+ prolog;
match = (*input != ' ' && *input != '\t');
action = match ? ACTION_NONE : ACTION_KILL;
fiber->ip += 1;
break;
case RE_OPCODE_DIGIT:
+ prolog;
match = isdigit(*input);
action = match ? ACTION_NONE : ACTION_KILL;
fiber->ip += 1;
break;
case RE_OPCODE_NON_DIGIT:
+ prolog;
match = !isdigit(*input);
action = match ? ACTION_NONE : ACTION_KILL;
fiber->ip += 1;
@@ -1501,9 +1517,6 @@ int yr_re_exec(
assert(FALSE);
}
- if (count >= max_count && action == ACTION_NONE)
- action = ACTION_KILL;
-
switch(action)
{
case ACTION_KILL:
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list