[Forensics-changes] [yara] 20/407: Fix issue #171

[Hilko Bengen]

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.3.0
in repository yara.

commit b0b592ded8656037ae05ed671a9d5db988962a18
Author: Victor Manuel Alvarez <vmalvarez at virustotal.com>
Date:   Sat Sep 6 00:16:23 2014 +0200

    Fix issue #171
---
 libyara/scan.c       | 12 +++++++-----
 yara-python/tests.py |  4 ++++
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/libyara/scan.c b/libyara/scan.c
index abce84c..6966ecd 100644
--- a/libyara/scan.c
+++ b/libyara/scan.c
@@ -747,8 +747,6 @@ int _yr_scan_verify_literal_match(
   }
   else if (STRING_IS_NO_CASE(string))
   {
-    flags |= RE_FLAGS_NO_CASE;
-
     if (STRING_IS_ASCII(string))
     {
       forward_matches = _yr_scan_icompare(
@@ -760,7 +758,6 @@ int _yr_scan_verify_literal_match(
 
     if (STRING_IS_WIDE(string) && forward_matches == 0)
     {
-      flags |= RE_FLAGS_WIDE;
       forward_matches = _yr_scan_wicompare(
           data + offset,
           data_size - offset,
@@ -781,7 +778,6 @@ int _yr_scan_verify_literal_match(
 
     if (STRING_IS_WIDE(string) && forward_matches == 0)
     {
-      flags |= RE_FLAGS_WIDE;
       forward_matches = _yr_scan_wcompare(
           data + offset,
           data_size - offset,
@@ -794,7 +790,7 @@ int _yr_scan_verify_literal_match(
   {
     if (STRING_IS_FULL_WORD(string))
     {
-      if (flags & RE_FLAGS_WIDE)
+      if (STRING_IS_WIDE(string))
       {
         if (offset >= 2 &&
             *(data + offset - 1) == 0 &&
@@ -818,6 +814,12 @@ int _yr_scan_verify_literal_match(
       }
     }
 
+    if (STRING_IS_WIDE(string))
+      flags |= RE_FLAGS_WIDE;
+
+    if (STRING_IS_NO_CASE(string))
+      flags |= RE_FLAGS_NO_CASE;
+
     callback_args.string = string;
     callback_args.data = data;
     callback_args.data_size = data_size;
diff --git a/yara-python/tests.py b/yara-python/tests.py
index b56de87..648a7d3 100644
--- a/yara-python/tests.py
+++ b/yara-python/tests.py
@@ -359,6 +359,10 @@ class TestYara(unittest.TestCase):
         ], "x\x00a\x00b\x00c\x00x\x00")
 
         self.assertFalseRules([
+            'rule test { strings: $a = "ab" wide fullword condition: $a }',
+        ], "x\x00a\x00b\x00")
+
+        self.assertFalseRules([
             'rule test { strings: $a = "abc" wide fullword condition: $a }',
         ], "x\x00a\x00b\x00c\x00")
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git