[Forensics-changes] [yara] 176/407: Use statically allocated buffer with X509_NAME_online.
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:28:23 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.3.0
in repository yara.
commit 5f39dcc69dc5c53efbc5c6eb45acb3134097c50c
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Fri Oct 31 11:29:27 2014 +0100
Use statically allocated buffer with X509_NAME_online.
X509_NAME_oneline is probably using "malloc" to allocate the buffer, releasing the buffer with "yr_free" is not a good idea for two reasons:
- It breaks tools used for detecting memory leaks as the buffer is not allocated with "yr_malloc" but is freed with "yr_free"
- In Windows "yr_malloc/yr_free" use a different heap that the one used by standard "malloc/free", so you can not free with "yr_free" something allocated with "malloc"
---
libyara/modules/pe.c | 22 +++++++++-------------
1 file changed, 9 insertions(+), 13 deletions(-)
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 1b9e160..8a60507 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -782,7 +782,6 @@ void pe_parse_certificates(
PE* pe)
{
int counter = 0;
- char *p;
PIMAGE_DATA_DIRECTORY directory = pe_get_directory_entry(
pe, IMAGE_DIRECTORY_ENTRY_SECURITY);
@@ -841,23 +840,20 @@ void pe_parse_certificates(
for (int i = 0; i < sk_X509_num(certs); i++)
{
- X509* cert = sk_X509_value(certs, i);
- p = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0);
+ X509* cert = sk_X509_value(certs, i);
- if (!p)
- break;
+ char string[256];
- set_string(p, pe->object, "signatures[%i].issuer", counter);
- yr_free(p);
+ X509_NAME_oneline(
+ X509_get_issuer_name(cert), buffer, sizeof(buffer));
- p = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
+ set_string(buffer, pe->object, "signatures[%i].issuer", counter);
- if (!p)
- break;
+ X509_NAME_oneline(
+ X509_get_subject_name(cert), buffer, sizeof(buffer));
- set_string(p, pe->object, "signatures[%i].subject", counter);
- yr_free(p);
+ set_string(buffer, pe->object, "signatures[%i].subject", counter);
set_integer(
X509_get_version(cert) + 1, // Versions are zero based, so add one.
@@ -879,7 +875,7 @@ void pe_parse_certificates(
// byte is for the NULL terminator.
//
- p = (char *) yr_malloc((serial->length * 2) + (serial->length - 1) + 1);
+ char* p = (char *) yr_malloc((serial->length * 2) + (serial->length - 1) + 1);
if (!p)
break;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list