[Forensics-changes] [yara] 09/160: PE module: Corrected size of strings in checks
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:29:12 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.4.0
in repository yara.
commit 4b72a544ec98c90e1a506bed28420d7eb7298557
Author: Moritz Kroll <moritz.kroll at avira.com>
Date: Thu Feb 12 08:45:27 2015 +0100
PE module: Corrected size of strings in checks
---
libyara/modules/pe.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 2b26de5..be445bf 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -619,7 +619,7 @@ void pe_parse_version_info(
version_info = (PVERSION_INFO) (pe->data + version_info_offset);
- if (!fits_in_pe(pe, version_info->Key, sizeof("VS_VERSION_INFO")))
+ if (!fits_in_pe(pe, version_info->Key, sizeof("VS_VERSION_INFO") * 2))
return;
if (strcmp_w(version_info->Key, "VS_VERSION_INFO") != 0)
@@ -627,7 +627,7 @@ void pe_parse_version_info(
string_file_info = ADD_OFFSET(version_info, sizeof(VERSION_INFO) + 86);
- while(fits_in_pe(pe, string_file_info->Key, sizeof("StringFileInfo")) &&
+ while(fits_in_pe(pe, string_file_info->Key, sizeof("StringFileInfo") * 2) &&
strcmp_w(string_file_info->Key, "StringFileInfo") == 0)
{
PVERSION_INFO string_table = ADD_OFFSET(
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list