[Forensics-changes] [yara] 296/407: Check function arguments for undefined values before calling the function.

Hilko Bengen bengen at moszumanska.debian.org
Sat Jul 1 10:28:38 UTC 2017 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.3.0
in repository yara.

commit e275dcb6d5a8d7da0f9bce6a2137167866d94ec0
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Fri Jan 2 19:55:37 2015 +0100

    Check function arguments for undefined values before calling the function.
    
    If some argument was undefined the function is not called at all and the result is undefined.
---
 libyara/exec.c          | 15 +++++++++++++++
 libyara/modules/hash.c  | 30 ++----------------------------
 libyara/modules/tests.c | 14 +++++---------
 3 files changed, 22 insertions(+), 37 deletions(-)

diff --git a/libyara/exec.c b/libyara/exec.c
index 32820cf..1aff8bc 100644
--- a/libyara/exec.c
+++ b/libyara/exec.c
@@ -490,12 +490,17 @@ int yr_execute_code(
         ip += sizeof(uint64_t);
 
         i = strlen(args_fmt);
+        count = 0;
 
         // pop arguments from stack and copy them to args array
 
         while (i > 0)
         {
           pop(r1);
+
+          if (is_undef(r1))  // count the number of undefined args
+            count++;
+
           args[i - 1] = r1.i;
           i--;
         }
@@ -503,6 +508,16 @@ int yr_execute_code(
         pop(r2);
         ensure_defined(r2);
 
+        if (count > 0)
+        {
+          // if there are undefined args, result for function call
+          // is undefined as well.
+
+          r1.i = UNDEFINED;
+          push(r1);
+          break;
+        }
+
         function = UINT64_TO_PTR(YR_OBJECT_FUNCTION*, r2.i);
         result = ERROR_INTERNAL_FATAL_ERROR;
 
diff --git a/libyara/modules/hash.c b/libyara/modules/hash.c
index 5b3213d..05d211c 100644
--- a/libyara/modules/hash.c
+++ b/libyara/modules/hash.c
@@ -45,10 +45,6 @@ void digest_to_ascii(
 define_function(string_md5)
 {
   SIZED_STRING* s = sized_string_argument(1);
-
-  if (IS_UNDEFINED(s))
-    return_string(UNDEFINED);
-
   MD5_CTX md5_context;
 
   unsigned char digest[MD5_DIGEST_LENGTH];
@@ -67,11 +63,8 @@ define_function(string_md5)
 define_function(string_sha256)
 {
   SIZED_STRING* s = sized_string_argument(1);
-
-  if (IS_UNDEFINED(s))
-    return_string(UNDEFINED);
-
   SHA256_CTX sha256_context;
+
   unsigned char digest[SHA256_DIGEST_LENGTH];
   char digest_ascii[SHA256_DIGEST_LENGTH * 2 + 1];
 
@@ -88,11 +81,8 @@ define_function(string_sha256)
 define_function(string_sha1)
 {
   SIZED_STRING* s = sized_string_argument(1);
-
-  if (IS_UNDEFINED(s))
-    return_string(UNDEFINED);
-
   SHA_CTX sha_context;
+
   unsigned char digest[SHA_DIGEST_LENGTH];
   char digest_ascii[SHA_DIGEST_LENGTH * 2 + 1];
 
@@ -109,10 +99,6 @@ define_function(string_sha1)
 define_function(string_checksum32)
 {
   SIZED_STRING* s = sized_string_argument(1);
-
-  if (IS_UNDEFINED(s))
-    return_integer(UNDEFINED);
-
   uint32_t checksum = 0;
 
   for (int i = 0; i < s->length; i++)
@@ -127,9 +113,6 @@ define_function(data_md5)
   int64_t offset = integer_argument(1);   // offset where to start
   int64_t length = integer_argument(2);   // length of bytes we want hash on
 
-  if (IS_UNDEFINED(offset) || IS_UNDEFINED(length))
-    return_string(UNDEFINED);
-
   YR_SCAN_CONTEXT* context = scan_context();
   YR_MEMORY_BLOCK* block = NULL;
 
@@ -194,9 +177,6 @@ define_function(data_sha1)
   int64_t offset = integer_argument(1);   // offset where to start
   int64_t length = integer_argument(2);   // length of bytes we want hash on
 
-  if (IS_UNDEFINED(offset) || IS_UNDEFINED(length))
-    return_string(UNDEFINED);
-
   YR_SCAN_CONTEXT* context = scan_context();
   YR_MEMORY_BLOCK* block = NULL;
 
@@ -260,9 +240,6 @@ define_function(data_sha256)
   int64_t offset = integer_argument(1);   // offset where to start
   int64_t length = integer_argument(2);   // length of bytes we want hash on
 
-  if (IS_UNDEFINED(offset) || IS_UNDEFINED(length))
-    return_string(UNDEFINED);
-
   YR_SCAN_CONTEXT* context = scan_context();
   YR_MEMORY_BLOCK* block = NULL;
 
@@ -326,9 +303,6 @@ define_function(data_checksum32)
   int64_t offset = integer_argument(1);   // offset where to start
   int64_t length = integer_argument(2);   // length of bytes we want hash on
 
-  if (IS_UNDEFINED(offset) || IS_UNDEFINED(length))
-    return_integer(UNDEFINED);
-
   YR_SCAN_CONTEXT* context = scan_context();
   YR_MEMORY_BLOCK* block = NULL;
 
diff --git a/libyara/modules/tests.c b/libyara/modules/tests.c
index 93b6ee6..9481e54 100644
--- a/libyara/modules/tests.c
+++ b/libyara/modules/tests.c
@@ -24,9 +24,6 @@ define_function(double_sum)
   double a = double_argument(1);
   double b = double_argument(2);
 
-  if (a == UNDEFINED || b == UNDEFINED)
-    return_double(UNDEFINED);
-
   return_double(a + b);
 }
 
@@ -35,9 +32,6 @@ define_function(sum_2)
   int64_t a = integer_argument(1);
   int64_t b = integer_argument(2);
 
-  if (a == UNDEFINED || b == UNDEFINED)
-    return_integer(UNDEFINED);
-
   return_integer(a + b);
 }
 
@@ -48,9 +42,6 @@ define_function(sum_3)
   int64_t b = integer_argument(2);
   int64_t c = integer_argument(3);
 
-  if (a == UNDEFINED || b == UNDEFINED || c == UNDEFINED)
-    return_integer(UNDEFINED);
-
   return_integer(a + b + c);
 }
 
@@ -70,6 +61,11 @@ begin_declarations;
     declare_string("foo");
   end_struct("constants");
 
+  begin_struct("undefined");
+    declare_integer("i");
+    declare_double("d");
+  end_struct("undefined");
+
   declare_integer_array("integer_array");
   declare_string_array("string_array");
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list