[Forensics-changes] [yara] 154/368: Some style changes in commit 5b5a0795db2238be4ed079d9583c2fb0b79866cf

Sat Jul 1 10:30:22 UTC 2017

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.5.0
in repository yara.

commit 744e311dec1ce8d91823095bbee7d9e1d790c587
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Fri Jan 22 10:07:26 2016 +0100

    Some style changes in commit 5b5a0795db2238be4ed079d9583c2fb0b79866cf
---
 libyara/modules/pe.c | 38 ++++++++++++++++++--------------------
 1 file changed, 18 insertions(+), 20 deletions(-)

diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index fce9f4e..c32fc47 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -1127,7 +1127,7 @@ void pe_parse_certificates(
   // Make sure WIN_CERTIFICATE fits within the directory.
   // Make sure the Length specified fits within directory too.
   //
-  // The docs say that the length is only for the Certificate, but the next 
+  // The docs say that the length is only for the Certificate, but the next
   // paragraph contradicts that. All the binaries I've seen have the Length
   // being the entire structure (Certificate included).
   //
@@ -1254,13 +1254,13 @@ void pe_parse_certificates(
             // need three bytes, two for the byte itself and one for colon.
             // The last one doesn't have the colon, but the extra byte is used
             // for the NULL terminator.
-            
+
             char *serial_ascii = (char*) yr_malloc(bytes * 3);
 
             if (serial_ascii)
             {
               int j;
-             
+
               for (j = 0; j < bytes; j++)
               {
                 // Don't put the colon on the last one.
@@ -1273,9 +1273,9 @@ void pe_parse_certificates(
               }
 
               set_string(
-                  (char*) serial_ascii, 
+                  (char*) serial_ascii,
                   pe->object,
-                  "signatures[%i].serial", 
+                  "signatures[%i].serial",
                   counter);
 
               yr_free(serial_ascii);
@@ -1518,7 +1518,7 @@ define_function(section_index_name)
 
 define_function(exports)
 {
-  char* function_name = string_argument(1);
+  SIZED_STRING* function_name = sized_string_argument(1);
 
   YR_OBJECT* module = module();
   PE* pe = (PE*) module->data;
@@ -1530,7 +1530,6 @@ define_function(exports)
   int64_t offset;
   uint32_t i;
   size_t remaining;
-  size_t searchlen;
 
   // If not a PE file, return UNDEFINED
 
@@ -1565,7 +1564,6 @@ define_function(exports)
       exports->NumberOfNames * sizeof(DWORD) > pe->data_size - offset)
     return_integer(0);
 
-  searchlen = strlen(function_name);
   names = (DWORD*)(pe->data + offset);
 
   for (i = 0; i < exports->NumberOfNames; i++)
@@ -1577,13 +1575,13 @@ define_function(exports)
       return_integer(0);
 
     remaining = pe->data_size - (size_t) offset;
-    if (remaining < searchlen)
-      continue;
-
     name = (char*)(pe->data + offset);
 
-    if (strncmp(name, function_name, pe->data_size - (size_t) offset) == 0)
+    if (remaining >= function_name->length &&
+        strncmp(name, function_name->c_string, remaining) == 0)
+    {
       return_integer(1);
+    }
   }
 
   return_integer(0);
@@ -1905,8 +1903,8 @@ define_function(is_64bit)
 
 
 static uint64_t rich_internal(
-    YR_OBJECT* module, 
-    uint64_t version, 
+    YR_OBJECT* module,
+    uint64_t version,
     uint64_t toolid)
 {
     size_t rich_len;
@@ -1941,17 +1939,17 @@ static uint64_t rich_internal(
     for (i = 0; i < rich_signature_count; i++)
     {
         DWORD id_version = clear_rich_signature->versions[i].id_version;
-        
+
         int match_version = version == RICH_VERSION_VERSION(id_version);
         int match_toolid = toolid == RICH_VERSION_ID(id_version);
 
-        if (version != UNDEFINED && toolid != UNDEFINED) 
+        if (version != UNDEFINED && toolid != UNDEFINED)
         {
           // check version and toolid
           if (match_version && match_toolid)
             return TRUE;
         }
-        else if (version != UNDEFINED) 
+        else if (version != UNDEFINED)
         {
           // check only version
           if (match_version)
@@ -2151,7 +2149,7 @@ begin_declarations;
   declare_function("is_64bit", "", "i", is_64bit);
 
   declare_integer("resource_timestamp");
-  
+
   begin_struct("resource_version");
     declare_integer("major");
     declare_integer("minor");
@@ -2167,7 +2165,7 @@ begin_declarations;
     declare_string("name_string");
     declare_string("language_string");
   end_struct_array("resources");
-  
+
   declare_integer("number_of_resources");
 
   #if defined(HAVE_LIBCRYPTO)
@@ -2181,7 +2179,7 @@ begin_declarations;
     declare_integer("not_after");
     declare_function("valid_on", "i", "i", valid_on);
   end_struct_array("signatures");
-  
+
   declare_integer("number_of_signatures");
   #endif
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

