[Forensics-changes] [yara] 229/407: Fix segfault in PE module

Hilko Bengen bengen at moszumanska.debian.org
Sat Jul 1 10:28:29 UTC 2017 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.3.0
in repository yara.

commit 08f98711db7551e130c2270b440a902b3bfd553d
Author: Victor Manuel Alvarez <vmalvarez at virustotal.com>
Date:   Sat Nov 22 23:44:55 2014 +0100

    Fix segfault in PE module
---
 libyara/modules/pe.c | 48 ++++++++++++++++++++++++++++--------------------
 1 file changed, 28 insertions(+), 20 deletions(-)

diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index e4433c6..ff81134 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -624,7 +624,8 @@ IMPORTED_FUNCTION* pe_parse_import_descriptor(
           if (struct_fits_in_pe(pe, import, IMAGE_IMPORT_BY_NAME))
           {
             name = (char *) yr_strndup(
-                (char*) import->Name, available_space(pe, import->Name));
+                (char*) import->Name,
+                max(available_space(pe, import->Name), 512));
           }
         }
       }
@@ -634,19 +635,22 @@ IMPORTED_FUNCTION* pe_parse_import_descriptor(
         name = ord_lookup(dll_name, thunks64->u1.Ordinal & 0xFFFF);
       }
 
-      IMPORTED_FUNCTION* imported_func = (IMPORTED_FUNCTION*)
-          yr_calloc(1, sizeof(IMPORTED_FUNCTION));
+      if (name != NULL)
+      {
+        IMPORTED_FUNCTION* imported_func = (IMPORTED_FUNCTION*)
+            yr_calloc(1, sizeof(IMPORTED_FUNCTION));
 
-      imported_func->name = name;
-      imported_func->next = NULL;
+        imported_func->name = name;
+        imported_func->next = NULL;
 
-      if (head == NULL)
-        head = imported_func;
+        if (head == NULL)
+          head = imported_func;
 
-      if (tail != NULL)
-        tail->next = imported_func;
+        if (tail != NULL)
+          tail->next = imported_func;
 
-      tail = imported_func;
+        tail = imported_func;
+      }
 
       thunks64++;
     }
@@ -673,7 +677,8 @@ IMPORTED_FUNCTION* pe_parse_import_descriptor(
           if (struct_fits_in_pe(pe, import, IMAGE_IMPORT_BY_NAME))
           {
             name = (char *) yr_strndup(
-                (char*) import->Name, available_space(pe, import->Name));
+                (char*) import->Name,
+                max(available_space(pe, import->Name), 512));
           }
         }
       }
@@ -683,19 +688,22 @@ IMPORTED_FUNCTION* pe_parse_import_descriptor(
         name = ord_lookup(dll_name, thunks32->u1.Ordinal & 0xFFFF);
       }
 
-      IMPORTED_FUNCTION* imported_func = (IMPORTED_FUNCTION*)
-          yr_calloc(1, sizeof(IMPORTED_FUNCTION));
+      if (name != NULL)
+      {
+        IMPORTED_FUNCTION* imported_func = (IMPORTED_FUNCTION*)
+            yr_calloc(1, sizeof(IMPORTED_FUNCTION));
 
-      imported_func->name = name;
-      imported_func->next = NULL;
+        imported_func->name = name;
+        imported_func->next = NULL;
 
-      if (head == NULL)
-        head = imported_func;
+        if (head == NULL)
+          head = imported_func;
 
-      if (tail != NULL)
-        tail->next = imported_func;
+        if (tail != NULL)
+          tail->next = imported_func;
 
-      tail = imported_func;
+        tail = imported_func;
+      }
 
       thunks32++;
     }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list