[Forensics-changes] [yara] 17/368: More integrity checks while loading compiled rules
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:30:06 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.5.0
in repository yara.
commit 15d249b4d58b496e485c4f8da5f1b4de799d6608
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Thu Jul 2 14:00:43 2015 +0200
More integrity checks while loading compiled rules
---
libyara/arena.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/libyara/arena.c b/libyara/arena.c
index 738ab15..7f70bb4 100644
--- a/libyara/arena.c
+++ b/libyara/arena.c
@@ -176,6 +176,7 @@ int _yr_arena_make_relocatable(
while (offset != -1)
{
+ assert(page->used >= sizeof(int64_t));
assert(base_offset + offset <= page->used - sizeof(int64_t));
reloc = (YR_RELOC*) yr_malloc(sizeof(YR_RELOC));
@@ -916,6 +917,9 @@ int yr_arena_load_stream(
return ERROR_INVALID_FILE;
}
+ if (header.size < 2048) // compiled rules are always larger than 2KB
+ return ERROR_CORRUPT_FILE;
+
if (header.version != ARENA_FILE_VERSION)
return ERROR_UNSUPPORTED_FILE_VERSION;
@@ -942,6 +946,12 @@ int yr_arena_load_stream(
while (reloc_offset != -1)
{
+ if (reloc_offset > header.size - sizeof(uint8_t*))
+ {
+ yr_arena_destroy(new_arena);
+ return ERROR_CORRUPT_FILE;
+ }
+
yr_arena_make_relocatable(new_arena, page->address, reloc_offset, EOL);
reloc_address = (uint8_t**) (page->address + reloc_offset);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list