[Forensics-changes] [yara] 123/407: Fix serial handling.

[Hilko Bengen]

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.3.0
in repository yara.

commit 7e3156f36bc110f200a877e0c2a772389055c585
Author: Wesley Shields <wxs at atarininja.org>
Date:   Thu Oct 16 11:33:30 2014 -0400

    Fix serial handling.
    
    Rather than "continue" the loop if there is no serial length. This allows
    us to get other things later in the loop.
---
 libyara/modules/pe.c | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index caba9a9..f7a47ad 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -2413,26 +2413,26 @@ void pe_parse_certificates(
       set_string(sig_alg, pe->object, "signature.algorithm");
 
       serial = X509_get_serialNumber(cert);
-      if (serial->length <= 0)
-        continue;
-      //
-      // Convert serial number to "common" string format: 00:01:02:03:04...
-      // The (length * 2) is for each of the bytes in the integer to convert
-      // to hexlified format. The (length - 1) is for the colons. The extra
-      // byte is for the NULL terminator.
-      //
-      p = (char *) yr_malloc((serial->length * 2) + (serial->length - 1) + 1);
-      if (!p)
-        break;
-      for (j = 0; j < serial->length; j++) {
+      if (serial->length > 0) {
+        //
+        // Convert serial number to "common" string format: 00:01:02:03:04...
+        // The (length * 2) is for each of the bytes in the integer to convert
+        // to hexlified format. The (length - 1) is for the colons. The extra
+        // byte is for the NULL terminator.
+        //
+        p = (char *) yr_malloc((serial->length * 2) + (serial->length - 1) + 1);
+        if (!p)
+          break;
+        for (j = 0; j < serial->length; j++) {
         // Don't put the colon on the last one.
-        if (j < serial->length - 1)
-          snprintf(p + 3 * j, 4, "%02x:", serial->data[j]);
-        else
-          snprintf(p + 3 * j, 3, "%02x", serial->data[j]);
+          if (j < serial->length - 1)
+            snprintf(p + 3 * j, 4, "%02x:", serial->data[j]);
+          else
+            snprintf(p + 3 * j, 3, "%02x", serial->data[j]);
+        }
+        set_string(p, pe->object, "signature.serial");
+        yr_free(p);
       }
-      set_string(p, pe->object, "signature.serial");
-      yr_free(p);
 
       //
       // Use a single BIO for notBefore and notAfter. Saves from having

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git