[Forensics-changes] [yara] 97/407: Address concerns around set_string().
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:28:14 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.3.0
in repository yara.
commit 8b56f40d02a0155c3d156353712fedff5330f59e
Author: Wesley Shields <wxs at atarininja.org>
Date: Fri Oct 10 13:59:48 2014 -0400
Address concerns around set_string().
Add set_sized_string(), which is to be used when working with strings which
could have embedded NULL bytes.
Make set_string() use set_sized_string() internally. It just calculates the
length of the string and calls set_sized_string(). Under the hood everything
is stored as SIZED_STRING still.
Address every place that was using the old set_string() with a length. There
is now no need to pass a length. Only exceptions are around the rich
signature pieces which can contain NULL bytes so they are now using the new
set_sized_string().
---
libyara/include/yara/modules.h | 6 +++++-
libyara/modules/demo.c | 2 +-
libyara/modules/elf.c | 4 +---
libyara/modules/pe.c | 8 ++++----
libyara/modules/tests.c | 15 ++++++++-------
5 files changed, 19 insertions(+), 16 deletions(-)
diff --git a/libyara/include/yara/modules.h b/libyara/include/yara/modules.h
index eb7d5bd..8874f7a 100644
--- a/libyara/include/yara/modules.h
+++ b/libyara/include/yara/modules.h
@@ -254,10 +254,14 @@ limitations under the License.
yr_object_set_integer(value, object, __VA_ARGS__)
-#define set_string(value, len, object, ...) \
+#define set_sized_string(value, len, object, ...) \
yr_object_set_string(value, len, object, __VA_ARGS__)
+#define set_string(value, object, ...) \
+ set_sized_string(value, strlen(value), object, __VA_ARGS__)
+
+
#define return_integer(integer) { \
assertf( \
__function_obj->return_obj->type == OBJECT_TYPE_INTEGER, \
diff --git a/libyara/modules/demo.c b/libyara/modules/demo.c
index 2579f45..1906a2f 100644
--- a/libyara/modules/demo.c
+++ b/libyara/modules/demo.c
@@ -45,7 +45,7 @@ int module_load(
void* module_data,
size_t module_data_size)
{
- set_string("Hello World!", 12, module_object, "greeting");
+ set_string("Hello World!", module_object, "greeting");
return ERROR_SUCCESS;
}
diff --git a/libyara/modules/elf.c b/libyara/modules/elf.c
index 4950ebe..5b92916 100644
--- a/libyara/modules/elf.c
+++ b/libyara/modules/elf.c
@@ -103,7 +103,6 @@ void parse_elf_header_##bits( \
YR_OBJECT* elf_obj) \
{ \
char* str_table; \
- size_t name_len; \
elf##bits##_section_header_t* section; \
\
set_integer(elf->type, elf_obj, "type"); \
@@ -134,8 +133,7 @@ void parse_elf_header_##bits( \
set_integer(section->flags, elf_obj, "sections[%i].flags", i); \
set_integer(section->size, elf_obj, "sections[%i].size", i); \
set_integer(section->offset, elf_obj, "sections[%i].offset", i); \
- name_len = strlen(str_table + section->name); \
- set_string(str_table + section->name, name_len, elf_obj, "sections[%i].name", i); \
+ set_string(str_table + section->name, elf_obj, "sections[%i].name", i); \
\
section++; \
} \
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 41aa153..516570a 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -1804,8 +1804,8 @@ void *pe_get_rich_signature(
*rich_ptr ^= rich_signature->key1;
}
- set_string((char *) raw_data, rich_len, pe_obj, "rich_signature.raw_data");
- set_string((char *) clear_data, rich_len, pe_obj, "rich_signature.clear_data");
+ set_sized_string((char *) raw_data, rich_len, pe_obj, "rich_signature.raw_data");
+ set_sized_string((char *) clear_data, rich_len, pe_obj, "rich_signature.clear_data");
return NULL;
}
@@ -2089,7 +2089,7 @@ int pe_find_version_info_cb(
strlcpy_w(key, string->Key, sizeof(key));
strlcpy_w(value, string_value, sizeof(value));
- set_string(value, sizeof(value), pe->object, "version_info[%s]", key);
+ set_string(value, pe->object, "version_info[%s]", key);
if (string->Length == 0)
break;
@@ -2203,7 +2203,7 @@ void pe_parse(
str_size = strlcpy(section_name, (char*) section->Name, IMAGE_SIZEOF_SHORT_NAME + 1);
set_string(
- section_name, str_size,
+ section_name,
pe->object, "sections[%i].name", i);
set_integer(
diff --git a/libyara/modules/tests.c b/libyara/modules/tests.c
index fa6ea01..0aaae57 100644
--- a/libyara/modules/tests.c
+++ b/libyara/modules/tests.c
@@ -94,7 +94,7 @@ int module_load(
{
set_integer(1, module_object, "constants.one");
set_integer(2, module_object, "constants.two");
- set_string("foo", 3, module_object, "constants.foo");
+ set_string("foo", module_object, "constants.foo");
set_integer(1, module_object, "struct_array[1].i");
@@ -102,14 +102,15 @@ int module_load(
set_integer(1, module_object, "integer_array[%i]", 1);
set_integer(2, module_object, "integer_array[%i]", 2);
- set_string("foo", 3, module_object, "string_array[%i]", 0);
- set_string("bar", 3, module_object, "string_array[%i]", 1);
- set_string("baz", 3, module_object, "string_array[%i]", 2);
+ set_string("foo", module_object, "string_array[%i]", 0);
+ set_string("bar", module_object, "string_array[%i]", 1);
+ set_string("baz", module_object, "string_array[%i]", 2);
+ set_sized_string("foo\x00bar", 7, module_object, "string_array[%i]", 3);
- set_string("foo", 3, module_object, "string_dict[%s]", "foo");
- set_string("bar", 3, module_object, "string_dict[\"bar\"]");
+ set_string("foo", module_object, "string_dict[%s]", "foo");
+ set_string("bar", module_object, "string_dict[\"bar\"]");
- set_string("foo", 3, module_object, "struct_dict[%s].s", "foo");
+ set_string("foo", module_object, "struct_dict[%s].s", "foo");
set_integer(1, module_object, "struct_dict[%s].i", "foo");
return ERROR_SUCCESS;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list