[Forensics-changes] [yara] 63/160: Stop iterating on resources when resource tables are corrupt.

[Hilko Bengen]

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.4.0
in repository yara.

commit 29d7c628170b3a42a89ebbeb45c04c2f780ed2e5
Author: Shane Huntley <shuntley at google.com>
Date:   Wed Mar 25 18:00:32 2015 -0700

    Stop iterating on resources when resource tables are corrupt.
---
 libyara/modules/pe.c | 60 ++++++++++++++++++++++++++++------------------------
 1 file changed, 32 insertions(+), 28 deletions(-)

diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 1eb3069..34ab1d1 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -476,7 +476,9 @@ int _pe_iterate_resources(
   for (int i = 0; i < total_entries; i++)
   {
     if (!struct_fits_in_pe(pe, entry, IMAGE_RESOURCE_DIRECTORY_ENTRY))
-      break;
+    {
+      return RESOURCE_ITERATOR_ABORTED;
+    }
 
     switch(rsrc_tree_level)
     {
@@ -499,43 +501,45 @@ int _pe_iterate_resources(
       PIMAGE_RESOURCE_DIRECTORY directory = (PIMAGE_RESOURCE_DIRECTORY) \
           (rsrc_data + RESOURCE_OFFSET(entry));
 
-      if (struct_fits_in_pe(pe, directory, IMAGE_RESOURCE_DIRECTORY))
+      if (!struct_fits_in_pe(pe, directory, IMAGE_RESOURCE_DIRECTORY))
       {
-        result = _pe_iterate_resources(
-            pe,
-            directory,
-            rsrc_data,
-            rsrc_tree_level + 1,
-            type,
-            id,
-            language,
-            type_string,
-            name_string,
-            lang_string,
-            callback,
-            callback_data);
-
-        if (result == RESOURCE_ITERATOR_ABORTED)
-          return RESOURCE_ITERATOR_ABORTED;
+        return RESOURCE_ITERATOR_ABORTED;
       }
+
+      result = _pe_iterate_resources(
+          pe,
+          directory,
+          rsrc_data,
+          rsrc_tree_level + 1,
+          type,
+          id,
+          language,
+          type_string,
+          name_string,
+          lang_string,
+          callback,
+          callback_data);
+      if (result == RESOURCE_ITERATOR_ABORTED)
+        return RESOURCE_ITERATOR_ABORTED;
     }
     else
     {
       PIMAGE_RESOURCE_DATA_ENTRY data_entry = (PIMAGE_RESOURCE_DATA_ENTRY) \
           (rsrc_data + RESOURCE_OFFSET(entry));
 
-      if (struct_fits_in_pe(pe, data_entry, IMAGE_RESOURCE_DATA_ENTRY))
+      if (!struct_fits_in_pe(pe, data_entry, IMAGE_RESOURCE_DATA_ENTRY))
       {
-        result = callback(
-            data_entry,
-            *type,
-            *id,
-            *language,
-            type_string,
-            name_string,
-            lang_string,
-            callback_data);
+        return RESOURCE_ITERATOR_ABORTED;
       }
+      result = callback(
+          data_entry,
+          *type,
+          *id,
+          *language,
+          type_string,
+          name_string,
+          lang_string,
+          callback_data);
 
       if (result == RESOURCE_CALLBACK_ABORT)
         return RESOURCE_ITERATOR_ABORTED;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git