[Forensics-changes] [yara] 135/407: Make length check bounded to directory.

[Hilko Bengen]

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.3.0
in repository yara.

commit 88624bcadfc1fa6950c87064a94cf52e82b733be
Author: Wesley Shields <wxs at atarininja.org>
Date:   Sun Oct 19 15:09:37 2014 -0400

    Make length check bounded to directory.
---
 libyara/modules/pe.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 07f76fe..60837ab 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -2392,7 +2392,8 @@ void pe_parse_certificates(
     //
     // Some malware will stuff config blocks onto the end of the file. This
     // is most often the cause of this check failing.
-    if ((sec_desc->Certificate + sec_desc->Length) - 8 > pe->data + pe->data_size) {
+    end = (uintptr_t) (sec_desc->Certificate + sec_desc->Length) - 8;
+    if (end > (uintptr_t) pe->data + directory->VirtualAddress + directory->Size) {
       break;
     }
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git