[Forensics-changes] [yara] 361/368: Default to 0 signatures until otherwise known. (#476)
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:30:58 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.5.0
in repository yara.
commit f38ac770b8e87548623cfbe3a67c6ff1ae68633b
Author: Wesley Shields <wxs at atarininja.org>
Date: Wed Jul 13 03:22:34 2016 -0400
Default to 0 signatures until otherwise known. (#476)
---
libyara/modules/pe.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 20103de..1797007 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -1173,8 +1173,10 @@ void pe_parse_certificates(
PIMAGE_DATA_DIRECTORY directory = pe_get_directory_entry(
pe, IMAGE_DIRECTORY_ENTRY_SECURITY);
- // directory->VirtualAddress is a file offset. Don't call pe_rva_to_offset().
+ // Default to 0 signatures until we know otherwise.
+ set_integer(0, pe->object, "number_of_signatures");
+ // directory->VirtualAddress is a file offset. Don't call pe_rva_to_offset().
if (directory->VirtualAddress == 0 ||
directory->VirtualAddress > pe->data_size ||
directory->Size > pe->data_size ||
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list