[Forensics-changes] [yara] 154/368: Some style changes in commit 5b5a0795db2238be4ed079d9583c2fb0b79866cf
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:30:22 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.5.0
in repository yara.
commit 744e311dec1ce8d91823095bbee7d9e1d790c587
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Fri Jan 22 10:07:26 2016 +0100
Some style changes in commit 5b5a0795db2238be4ed079d9583c2fb0b79866cf
---
libyara/modules/pe.c | 38 ++++++++++++++++++--------------------
1 file changed, 18 insertions(+), 20 deletions(-)
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index fce9f4e..c32fc47 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -1127,7 +1127,7 @@ void pe_parse_certificates(
// Make sure WIN_CERTIFICATE fits within the directory.
// Make sure the Length specified fits within directory too.
//
- // The docs say that the length is only for the Certificate, but the next
+ // The docs say that the length is only for the Certificate, but the next
// paragraph contradicts that. All the binaries I've seen have the Length
// being the entire structure (Certificate included).
//
@@ -1254,13 +1254,13 @@ void pe_parse_certificates(
// need three bytes, two for the byte itself and one for colon.
// The last one doesn't have the colon, but the extra byte is used
// for the NULL terminator.
-
+
char *serial_ascii = (char*) yr_malloc(bytes * 3);
if (serial_ascii)
{
int j;
-
+
for (j = 0; j < bytes; j++)
{
// Don't put the colon on the last one.
@@ -1273,9 +1273,9 @@ void pe_parse_certificates(
}
set_string(
- (char*) serial_ascii,
+ (char*) serial_ascii,
pe->object,
- "signatures[%i].serial",
+ "signatures[%i].serial",
counter);
yr_free(serial_ascii);
@@ -1518,7 +1518,7 @@ define_function(section_index_name)
define_function(exports)
{
- char* function_name = string_argument(1);
+ SIZED_STRING* function_name = sized_string_argument(1);
YR_OBJECT* module = module();
PE* pe = (PE*) module->data;
@@ -1530,7 +1530,6 @@ define_function(exports)
int64_t offset;
uint32_t i;
size_t remaining;
- size_t searchlen;
// If not a PE file, return UNDEFINED
@@ -1565,7 +1564,6 @@ define_function(exports)
exports->NumberOfNames * sizeof(DWORD) > pe->data_size - offset)
return_integer(0);
- searchlen = strlen(function_name);
names = (DWORD*)(pe->data + offset);
for (i = 0; i < exports->NumberOfNames; i++)
@@ -1577,13 +1575,13 @@ define_function(exports)
return_integer(0);
remaining = pe->data_size - (size_t) offset;
- if (remaining < searchlen)
- continue;
-
name = (char*)(pe->data + offset);
- if (strncmp(name, function_name, pe->data_size - (size_t) offset) == 0)
+ if (remaining >= function_name->length &&
+ strncmp(name, function_name->c_string, remaining) == 0)
+ {
return_integer(1);
+ }
}
return_integer(0);
@@ -1905,8 +1903,8 @@ define_function(is_64bit)
static uint64_t rich_internal(
- YR_OBJECT* module,
- uint64_t version,
+ YR_OBJECT* module,
+ uint64_t version,
uint64_t toolid)
{
size_t rich_len;
@@ -1941,17 +1939,17 @@ static uint64_t rich_internal(
for (i = 0; i < rich_signature_count; i++)
{
DWORD id_version = clear_rich_signature->versions[i].id_version;
-
+
int match_version = version == RICH_VERSION_VERSION(id_version);
int match_toolid = toolid == RICH_VERSION_ID(id_version);
- if (version != UNDEFINED && toolid != UNDEFINED)
+ if (version != UNDEFINED && toolid != UNDEFINED)
{
// check version and toolid
if (match_version && match_toolid)
return TRUE;
}
- else if (version != UNDEFINED)
+ else if (version != UNDEFINED)
{
// check only version
if (match_version)
@@ -2151,7 +2149,7 @@ begin_declarations;
declare_function("is_64bit", "", "i", is_64bit);
declare_integer("resource_timestamp");
-
+
begin_struct("resource_version");
declare_integer("major");
declare_integer("minor");
@@ -2167,7 +2165,7 @@ begin_declarations;
declare_string("name_string");
declare_string("language_string");
end_struct_array("resources");
-
+
declare_integer("number_of_resources");
#if defined(HAVE_LIBCRYPTO)
@@ -2181,7 +2179,7 @@ begin_declarations;
declare_integer("not_after");
declare_function("valid_on", "i", "i", valid_on);
end_struct_array("signatures");
-
+
declare_integer("number_of_signatures");
#endif
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list