[Forensics-changes] [yara] 68/407: Fix bugs while parsing PE version information

Sat Jul 1 10:28:10 UTC 2017

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.3.0
in repository yara.

commit 7e99c644b27dbd1ba0e494b55cf65bd8417f297f
Author: Victor Manuel Alvarez <vmalvarez at virustotal.com>
Date:   Thu Sep 25 20:05:05 2014 +0200

    Fix bugs while parsing PE version information
---
 libyara/include/yara/pe.h |  5 -----
 libyara/modules/pe.c      | 19 ++++++++++++-------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/libyara/include/yara/pe.h b/libyara/include/yara/pe.h
index 7914088..850067a 100644
--- a/libyara/include/yara/pe.h
+++ b/libyara/include/yara/pe.h
@@ -27,11 +27,6 @@ typedef uint64_t  ULONGLONG;
 
 #define FIELD_OFFSET(type, field)    ((size_t)&(((type *)0)->field))
 
-#define ALIGN_NEXT_DWORD(ptr)  (typeof(ptr)) (((size_t) ptr + 3) & ~3)
-
-#define ADD_OFFSET(ptr, offset)  (typeof(ptr)) ((uint8_t*) (ptr) + (offset))
-
-
 #ifndef _MAC
 
 #pragma pack(push,4)                   // 4 byte packing is the default
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index f7b54e7..9318cfb 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -313,6 +313,12 @@ int pe_iterate_resources(
 }
 
 
+// Align offset to a 32-bit boundary and add it to a pointer
+
+#define ADD_OFFSET(ptr, offset) \
+    (typeof(ptr)) ((uint8_t*) (ptr) + ((offset + 3) & ~3))
+
+
 int pe_find_version_info_cb(
     PIMAGE_RESOURCE_DATA_ENTRY rsrc_data,
     int rsrc_type,
@@ -364,8 +370,6 @@ int pe_find_version_info_cb(
           string_file_info,
           string_file_info->Length);
 
-      string_file_info = ALIGN_NEXT_DWORD(string_file_info);
-
       while (string_table < string_file_info)
       {
         PVERSION_INFO string = ADD_OFFSET(
@@ -376,24 +380,25 @@ int pe_find_version_info_cb(
             string_table,
             string_table->Length);
 
-        string_table = ALIGN_NEXT_DWORD(string_table);
-
         while (string < string_table)
         {
           char* string_value = (char*) ADD_OFFSET(
               string,
               sizeof(VERSION_INFO) + 2 * (strlen_w(string->Key) + 1));
 
-          string_value = ALIGN_NEXT_DWORD(string_value);
-
           strlcpy_w(key, string->Key, sizeof(key));
           strlcpy_w(value, string_value, sizeof(value));
 
           set_string(value, pe->object, "version_info[%s]", key);
 
+          if (string->Length == 0)
+            break;
+
           string = ADD_OFFSET(string, string->Length);
-          string = ALIGN_NEXT_DWORD(string);
         }
+
+        if (string_table->Length == 0)
+          break;
       }
     }
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

