[Forensics-changes] [yara] 44/160: Stricter boundary checks in PE module
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:29:16 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.4.0
in repository yara.
commit 497cd85088f53ca82231511087d67a354c97ad97
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Fri Mar 13 11:08:46 2015 +0100
Stricter boundary checks in PE module
---
libyara/include/yara/strutils.h | 3 +--
libyara/modules/pe.c | 39 +++++++++++++++++++++++++++++----------
libyara/strutils.c | 6 ++----
3 files changed, 32 insertions(+), 16 deletions(-)
diff --git a/libyara/include/yara/strutils.h b/libyara/include/yara/strutils.h
index 62dd497..f12125a 100644
--- a/libyara/include/yara/strutils.h
+++ b/libyara/include/yara/strutils.h
@@ -60,8 +60,7 @@ void* memmem(
int strnlen_w(
- const char* w_str,
- size_t maxbytes);
+ const char* w_str);
int strcmp_w(
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index ee225bf..6280956 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -153,6 +153,25 @@ typedef struct _PE
} PE;
+int wide_string_fits_in_pe(
+ PE* pe,
+ char* data)
+{
+ size_t i = 0;
+ size_t space_left = available_space(pe, data);
+
+ while (space_left >= 2)
+ {
+ if (data[i] == 0 && data[i + 1] == 0)
+ return 1;
+ space_left -= 2;
+ i += 2;
+ }
+
+ return 0;
+}
+
+
PIMAGE_NT_HEADERS32 pe_get_header(
uint8_t* data,
size_t data_size)
@@ -644,35 +663,35 @@ void pe_parse_version_info(
string_file_info->Length);
while (struct_fits_in_pe(pe, string_table, VERSION_INFO) &&
+ wide_string_fits_in_pe(pe, string_table->Key) &&
string_table->Length != 0 &&
string_table < string_file_info)
{
PVERSION_INFO string = ADD_OFFSET(
string_table,
- sizeof(VERSION_INFO) + 2 * (strnlen_w(string_table->Key,
- available_space(pe, string_table->Key)) + 1));
+ sizeof(VERSION_INFO) + 2 * (strnlen_w(string_table->Key) + 1));
string_table = ADD_OFFSET(
string_table,
string_table->Length);
while (struct_fits_in_pe(pe, string, VERSION_INFO) &&
+ wide_string_fits_in_pe(pe, string->Key) &&
string->Length != 0 &&
string < string_table)
{
if (string->ValueLength > 0)
{
char* string_value = (char*) ADD_OFFSET(string,
- sizeof(VERSION_INFO) + 2 * (strnlen_w(string->Key,
- available_space(pe, string->Key)) + 1));
+ sizeof(VERSION_INFO) + 2 * (strnlen_w(string->Key) + 1));
- strlcpy_w(key, string->Key,
- min(sizeof(key), available_space(pe, string->Key)));
-
- strlcpy_w(value, string_value,
- min(sizeof(value), available_space(pe, string_value)));
+ if (wide_string_fits_in_pe(pe, string_value))
+ {
+ strlcpy_w(key, string->Key, sizeof(key));
+ strlcpy_w(value, string_value, sizeof(value));
- set_string(value, pe->object, "version_info[%s]", key);
+ set_string(value, pe->object, "version_info[%s]", key);
+ }
}
string = ADD_OFFSET(string, string->Length);
diff --git a/libyara/strutils.c b/libyara/strutils.c
index 0d047e2..6e5e4e5 100644
--- a/libyara/strutils.c
+++ b/libyara/strutils.c
@@ -154,16 +154,14 @@ size_t strlcat(
int strnlen_w(
- const char* w_str,
- size_t maxbytes)
+ const char* w_str)
{
int len = 0;
- while (maxbytes >= 2 && (w_str[0] || w_str[1]))
+ while (w_str[0] || w_str[1])
{
w_str += 2;
len += 1;
- maxbytes -= 2;
}
return len;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list