[Forensics-changes] [yara] 20/160: Fix wrong parsing of PE version info
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:29:13 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.4.0
in repository yara.
commit b382dc0040b52fcf0bdcec48807c533cac2d3f7c
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Mon Feb 16 11:44:34 2015 +0100
Fix wrong parsing of PE version info
---
libyara/modules/pe.c | 20 +++++++++++---------
1 file changed, 11 insertions(+), 9 deletions(-)
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index c038b36..cf95677 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -656,18 +656,20 @@ void pe_parse_version_info(
string->Length != 0 &&
string < string_table)
{
- char* string_value = (char*) ADD_OFFSET(
- string,
- sizeof(VERSION_INFO) + 2 * (strnlen_w(string->Key,
- available_space(pe, string->Key)) + 1));
+ if (string->ValueLength > 0)
+ {
+ char* string_value = (char*) ADD_OFFSET(string,
+ sizeof(VERSION_INFO) + 2 * (strnlen_w(string->Key,
+ available_space(pe, string->Key)) + 1));
- strlcpy_w(key, string->Key,
- min(sizeof(key), available_space(pe, string->Key)));
+ strlcpy_w(key, string->Key,
+ min(sizeof(key), available_space(pe, string->Key)));
- strlcpy_w(value, string_value,
- min(sizeof(value), available_space(pe, string_value)));
+ strlcpy_w(value, string_value,
+ min(sizeof(value), available_space(pe, string_value)));
- set_string(value, pe->object, "version_info[%s]", key);
+ set_string(value, pe->object, "version_info[%s]", key);
+ }
string = ADD_OFFSET(string, string->Length);
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list