[Forensics-changes] [yara] 125/407: Fix a NULL ptr deref.

Hilko Bengen bengen at moszumanska.debian.org
Sat Jul 1 10:28:17 UTC 2017


This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.3.0
in repository yara.

commit 37971073b89f068cf15c283a36ed97a0ea22ac6d
Author: Wesley Shields <wxs at atarininja.org>
Date:   Fri Oct 17 15:43:05 2014 -0400

    Fix a NULL ptr deref.
    
    While testing authenticode parsing I came across a binary which does
    not have a rich signature. Calling pe.rich_signature.hash() caused
    a NULL pointer dereference.
---
 libyara/modules/pe.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index b784ba5..4a36aef 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -2659,6 +2659,9 @@ define_function(richhash)
 
   SIZED_STRING *clear_data = get_string(parent, "clear_data");
 
+  if (!clear_data)
+    return_string(UNDEFINED);
+
   SHA256_Init(&ctx);
   SHA256_Update(&ctx, clear_data->c_string, clear_data->length);
   SHA256_Final(digest, &ctx);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git



More information about the forensics-changes mailing list