[Forensics-changes] [yara] 120/160: Fix bounds check for iterating over certificates
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:29:25 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.4.0
in repository yara.
commit 5f02d37a8e50a7f53b09216b08dfc530b7940be7
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Mon May 11 10:16:27 2015 +0200
Fix bounds check for iterating over certificates
---
libyara/modules/pe.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 228ba4d..4f807b1 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -1096,7 +1096,8 @@ void pe_parse_certificates(
// included).
//
- while ((uint8_t*) win_cert + sizeof(WIN_CERTIFICATE) <= eod &&
+ while (struct_fits_in_pe(pe, win_cert, WIN_CERTIFICATE) &&
+ (uint8_t*) win_cert + sizeof(WIN_CERTIFICATE) <= eod &&
(uint8_t*) win_cert->Certificate + win_cert->Length - 8 <= eod)
{
// Some sanity checks
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list