[Forensics-changes] [yara] 15/192: Check error codes returned by json_unpack
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:31:41 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.6.0
in repository yara.
commit be8ed5ff51013fc8e9a5d9b80f2ee5e884e95c49
Author: plusvic <plusvic at gmail.com>
Date: Thu Aug 25 21:47:54 2016 +0200
Check error codes returned by json_unpack
This avoid segfaults with JSON files not conforming the expected format.
---
libyara/modules/cuckoo.c | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/libyara/modules/cuckoo.c b/libyara/modules/cuckoo.c
index 53d30f4..2351889 100644
--- a/libyara/modules/cuckoo.c
+++ b/libyara/modules/cuckoo.c
@@ -57,12 +57,13 @@ define_function(network_dns_lookup)
json_array_foreach(dns_json, index, value)
{
- json_unpack(value, "{s:s, s:s}", "ip", &ip, "hostname", &hostname);
-
- if (yr_re_match(regexp_argument(1), hostname) > 0)
+ if (json_unpack(value, "{s:s, s:s}", "ip", &ip, "hostname", &hostname) == 0)
{
- result = 1;
- break;
+ if (yr_re_match(regexp_argument(1), hostname) > 0)
+ {
+ result = 1;
+ break;
+ }
}
}
@@ -91,14 +92,15 @@ uint64_t http_request(
json_array_foreach(http_json, index, value)
{
- json_unpack(value, "{s:s, s:s}", "uri", &uri, "method", &method);
-
- if (((methods & METHOD_GET && strcasecmp(method, "get") == 0) ||
- (methods & METHOD_POST && strcasecmp(method, "post") == 0)) &&
- yr_re_match(uri_regexp, uri) > 0)
+ if (json_unpack(value, "{s:s, s:s}", "uri", &uri, "method", &method) == 0)
{
- result = 1;
- break;
+ if (((methods & METHOD_GET && strcasecmp(method, "get") == 0) ||
+ (methods & METHOD_POST && strcasecmp(method, "post") == 0)) &&
+ yr_re_match(uri_regexp, uri) > 0)
+ {
+ result = 1;
+ break;
+ }
}
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list