[Forensics-changes] [yara] 177/407: Simplify the serial number length computation

Hilko Bengen bengen at moszumanska.debian.org
Sat Jul 1 10:28:23 UTC 2017 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.3.0
in repository yara.

commit bcabb68665ad793087c2fa32d025ee072f9da0ef
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Fri Oct 31 11:36:59 2014 +0100

    Simplify the serial number length computation
---
 libyara/modules/pe.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 8a60507..80d78c6 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -870,27 +870,27 @@ void pe_parse_certificates(
       {
         //
         // Convert serial number to "common" string format: 00:01:02:03:04...
-        // The (length * 2) is for each of the bytes in the integer to convert
-        // to hexlified format. The (length - 1) is for the colons. The extra
-        // byte is for the NULL terminator.
-        //
+        // For each byte in the integer to convert to hexlified format we
+        // need three bytes, two for the byte itself and one for colon. The
+        // last one doesn't have the colon, but the extra byte is used for the
+        // NULL terminator.
 
-        char* p = (char *) yr_malloc((serial->length * 2) + (serial->length - 1) + 1);
+        char* serial_number = (char *) yr_malloc(serial->length * 3);
 
-        if (!p)
+        if (!serial_number)
           break;
 
         for (int j = 0; j < serial->length; j++)
         {
           // Don't put the colon on the last one.
           if (j < serial->length - 1)
-            snprintf(p + 3 * j, 4, "%02x:", serial->data[j]);
+            snprintf(serial_number + 3 * j, 4, "%02x:", serial->data[j]);
           else
-            snprintf(p + 3 * j, 3, "%02x", serial->data[j]);
+            snprintf(serial_number + 3 * j, 3, "%02x", serial->data[j]);
         }
 
-        set_string(p, pe->object, "signatures[%i].serial", counter);
-        yr_free(p);
+        set_string(serial_number, pe->object, "signatures[%i].serial", counter);
+        yr_free(serial_number);
       }
 
       time_t date_time = ASN1_get_time_t(X509_get_notBefore(cert));

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list