[Forensics-changes] [yara] 176/407: Use statically allocated buffer with X509_NAME_online.

Hilko Bengen bengen at moszumanska.debian.org
Sat Jul 1 10:28:23 UTC 2017 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.3.0
in repository yara.

commit 5f39dcc69dc5c53efbc5c6eb45acb3134097c50c
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Fri Oct 31 11:29:27 2014 +0100

    Use statically allocated buffer with X509_NAME_online.
    
    X509_NAME_oneline is probably using "malloc" to allocate the buffer, releasing the buffer with "yr_free" is not a good idea for two reasons:
    
    - It breaks tools used for detecting memory leaks as the buffer is not allocated with "yr_malloc" but is freed with "yr_free"
    - In Windows "yr_malloc/yr_free" use a different heap that the one used by standard "malloc/free", so you can not free with "yr_free" something allocated with "malloc"
---
 libyara/modules/pe.c | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 1b9e160..8a60507 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -782,7 +782,6 @@ void pe_parse_certificates(
   PE* pe)
 {
   int counter = 0;
-  char *p;
 
   PIMAGE_DATA_DIRECTORY directory = pe_get_directory_entry(
       pe, IMAGE_DIRECTORY_ENTRY_SECURITY);
@@ -841,23 +840,20 @@ void pe_parse_certificates(
 
     for (int i = 0; i < sk_X509_num(certs); i++)
     {
-      X509* cert = sk_X509_value(certs, i);
 
-      p = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0);
+      X509* cert = sk_X509_value(certs, i);
 
-      if (!p)
-        break;
+      char string[256];
 
-      set_string(p, pe->object, "signatures[%i].issuer", counter);
-      yr_free(p);
+      X509_NAME_oneline(
+          X509_get_issuer_name(cert), buffer, sizeof(buffer));
 
-      p = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
+      set_string(buffer, pe->object, "signatures[%i].issuer", counter);
 
-      if (!p)
-        break;
+      X509_NAME_oneline(
+          X509_get_subject_name(cert), buffer, sizeof(buffer));
 
-      set_string(p, pe->object, "signatures[%i].subject", counter);
-      yr_free(p);
+      set_string(buffer, pe->object, "signatures[%i].subject", counter);
 
       set_integer(
           X509_get_version(cert) + 1, // Versions are zero based, so add one.
@@ -879,7 +875,7 @@ void pe_parse_certificates(
         // byte is for the NULL terminator.
         //
 
-        p = (char *) yr_malloc((serial->length * 2) + (serial->length - 1) + 1);
+        char* p = (char *) yr_malloc((serial->length * 2) + (serial->length - 1) + 1);
 
         if (!p)
           break;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list