[Forensics-changes] [yara] 325/368: Avoid redefinition of external variables with a different type
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:30:53 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.5.0
in repository yara.
commit 84198d99590690ffd18ff72b24cfc47799872f6d
Author: plusvic <plusvic at gmail.com>
Date: Thu Jun 16 12:44:45 2016 +0200
Avoid redefinition of external variables with a different type
Users can provides a value for an external variable when compiling a rule with "yarac", that value can be changed when using the compiled rules with "yara", but the new value must be of the same type. YARA wasn't enforcing that behavior and it resulted in a segmentation fault.
---
libyara/include/yara/error.h | 1 +
libyara/rules.c | 13 +++++++++++++
yara.c | 40 +++++++++++++++++++++++++++-------------
3 files changed, 41 insertions(+), 13 deletions(-)
diff --git a/libyara/include/yara/error.h b/libyara/include/yara/error.h
index 8bc1f42..468a435 100644
--- a/libyara/include/yara/error.h
+++ b/libyara/include/yara/error.h
@@ -73,6 +73,7 @@ limitations under the License.
#define ERROR_REGULAR_EXPRESSION_TOO_LARGE 45
#define ERROR_TOO_MANY_RE_FIBERS 46
#define ERROR_COULD_NOT_READ_PROCESS_MEMORY 47
+#define ERROR_INVALID_EXTERNAL_VARIABLE_TYPE 48
#define FAIL_ON_ERROR(x) { \
diff --git a/libyara/rules.c b/libyara/rules.c
index 293ed39..a67426e 100644
--- a/libyara/rules.c
+++ b/libyara/rules.c
@@ -51,6 +51,9 @@ YR_API int yr_rules_define_integer_variable(
{
if (strcmp(external->identifier, identifier) == 0)
{
+ if (external->type != EXTERNAL_VARIABLE_TYPE_INTEGER)
+ return ERROR_INVALID_EXTERNAL_VARIABLE_TYPE;
+
external->value.i = value;
return ERROR_SUCCESS;
}
@@ -75,6 +78,9 @@ YR_API int yr_rules_define_boolean_variable(
{
if (strcmp(external->identifier, identifier) == 0)
{
+ if (external->type != EXTERNAL_VARIABLE_TYPE_BOOLEAN)
+ return ERROR_INVALID_EXTERNAL_VARIABLE_TYPE;
+
external->value.i = value;
return ERROR_SUCCESS;
}
@@ -99,6 +105,9 @@ YR_API int yr_rules_define_float_variable(
{
if (strcmp(external->identifier, identifier) == 0)
{
+ if (external->type != EXTERNAL_VARIABLE_TYPE_FLOAT)
+ return ERROR_INVALID_EXTERNAL_VARIABLE_TYPE;
+
external->value.f = value;
return ERROR_SUCCESS;
}
@@ -123,6 +132,10 @@ YR_API int yr_rules_define_string_variable(
{
if (strcmp(external->identifier, identifier) == 0)
{
+ if (external->type != EXTERNAL_VARIABLE_TYPE_STRING &&
+ external->type != EXTERNAL_VARIABLE_TYPE_MALLOC_STRING)
+ return ERROR_INVALID_EXTERNAL_VARIABLE_TYPE;
+
if (external->type == EXTERNAL_VARIABLE_TYPE_MALLOC_STRING &&
external->value.s != NULL)
{
diff --git a/yara.c b/yara.c
index 36fbbe5..75e7122 100644
--- a/yara.c
+++ b/yara.c
@@ -492,6 +492,9 @@ void print_scanner_error(
fprintf(stderr, "stack overflow while evaluating condition "
"(see --stack-size argument).\n");
break;
+ case ERROR_INVALID_EXTERNAL_VARIABLE_TYPE:
+ fprintf(stderr, "invalid type for external variable.\n");
+ break;
default:
fprintf(stderr, "internal error: %d\n", error);
break;
@@ -823,6 +826,8 @@ int define_external_variables(
YR_RULES* rules,
YR_COMPILER* compiler)
{
+ int result = ERROR_SUCCESS;
+
for (int i = 0; ext_vars[i] != NULL; i++)
{
char* equal_sign = strchr(ext_vars[i], '=');
@@ -830,7 +835,7 @@ int define_external_variables(
if (!equal_sign)
{
fprintf(stderr, "error: wrong syntax for `-d` option.\n");
- return FALSE;
+ return ERROR_SUCCESS;
}
// Replace the equal sign with null character to split the external
@@ -842,17 +847,16 @@ int define_external_variables(
char* identifier = ext_vars[i];
char* value = equal_sign + 1;
-
if (is_float(value))
{
if (rules != NULL)
- yr_rules_define_float_variable(
+ result = yr_rules_define_float_variable(
rules,
identifier,
atof(value));
if (compiler != NULL)
- yr_compiler_define_float_variable(
+ result = yr_compiler_define_float_variable(
compiler,
identifier,
atof(value));
@@ -860,13 +864,13 @@ int define_external_variables(
else if (is_integer(value))
{
if (rules != NULL)
- yr_rules_define_integer_variable(
+ result = yr_rules_define_integer_variable(
rules,
identifier,
atoi(value));
if (compiler != NULL)
- yr_compiler_define_integer_variable(
+ result = yr_compiler_define_integer_variable(
compiler,
identifier,
atoi(value));
@@ -874,13 +878,13 @@ int define_external_variables(
else if (strcmp(value, "true") == 0 || strcmp(value, "false") == 0)
{
if (rules != NULL)
- yr_rules_define_boolean_variable(
+ result = yr_rules_define_boolean_variable(
rules,
identifier,
strcmp(value, "true") == 0);
if (compiler != NULL)
- yr_compiler_define_boolean_variable(
+ result = yr_compiler_define_boolean_variable(
compiler,
identifier,
strcmp(value, "true") == 0);
@@ -888,20 +892,20 @@ int define_external_variables(
else
{
if (rules != NULL)
- yr_rules_define_string_variable(
+ result = yr_rules_define_string_variable(
rules,
identifier,
value);
if (compiler != NULL)
- yr_compiler_define_string_variable(
+ result = yr_compiler_define_string_variable(
compiler,
identifier,
value);
}
}
- return TRUE;
+ return result;
}
@@ -1044,8 +1048,13 @@ int main(
if (result == ERROR_SUCCESS)
{
- if (!define_external_variables(rules, NULL))
+ result = define_external_variables(rules, NULL);
+
+ if (result != ERROR_SUCCESS)
+ {
+ print_scanner_error(result);
exit_with_code(EXIT_FAILURE);
+ }
}
else
{
@@ -1055,8 +1064,13 @@ int main(
if (yr_compiler_create(&compiler) != ERROR_SUCCESS)
exit_with_code(EXIT_FAILURE);
- if (!define_external_variables(NULL, compiler))
+ result = define_external_variables(NULL, compiler);
+
+ if (result != ERROR_SUCCESS)
+ {
+ print_scanner_error(result);
exit_with_code(EXIT_FAILURE);
+ }
yr_compiler_set_callback(compiler, print_compiler_error, NULL);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list