[Forensics-changes] [yara] 30/368: Fix bug when section's name is IMAGE_SIZEOF_SHORT_NAME long
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:30:07 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.5.0
in repository yara.
commit 6ad11828a8d9784777f50236930112f8d3360f1b
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Thu Jul 30 19:17:59 2015 +0200
Fix bug when section's name is IMAGE_SIZEOF_SHORT_NAME long
In those cases the name doesn't end in a null character and the section name reported by PE module contains spurious characters. This could also cause a buffer overrun.
---
libyara/modules/pe.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 848822d..9577e7f 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -1304,7 +1304,12 @@ void pe_parse_header(
if (!struct_fits_in_pe(pe, section, IMAGE_SECTION_HEADER))
break;
- strlcpy(section_name, (char*) section->Name, IMAGE_SIZEOF_SHORT_NAME + 1);
+ int n = 0;
+
+ for (; n < IMAGE_SIZEOF_SHORT_NAME && section->Name[n]; n++)
+ section_name[n] = section->Name[n];
+
+ section_name[n] = '\0';
set_string(
section_name,
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list