[Forensics-changes] [yara] 124/192: Remove unnecessary complexity.
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:31:55 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.6.0
in repository yara.
commit 6cec3932270e9395992deb2722dc743f1566e1b0
Author: plusvic <plusvic at gmail.com>
Date: Thu Mar 16 13:22:23 2017 +0100
Remove unnecessary complexity.
If a function name is truncated at the end of the new code still adds the truncated name it to the imported functions list. But we can live with that in favor of a simpler code.
---
libyara/modules/pe.c | 12 ++----------
1 file changed, 2 insertions(+), 10 deletions(-)
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index fafecae..b23bd88 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -968,7 +968,7 @@ IMPORT_EXPORT_FUNCTION* pe_parse_exports(
if (yr_le32toh(directory->VirtualAddress) == 0)
return NULL;
- offset = pe_rva_to_offset(pe, directory->VirtualAddress);
+ offset = pe_rva_to_offset(pe, yr_le32toh(directory->VirtualAddress));
if (offset < 0)
return NULL;
@@ -1008,16 +1008,8 @@ IMPORT_EXPORT_FUNCTION* pe_parse_exports(
if (offset < 0)
return head;
- // The name is a NULL terminated string of variable length, so search for it
- // but be sure not to go too far.
remaining = pe->data_size - (size_t) offset;
- eos = (uint8_t*) memmem((void*) (pe->data + offset), remaining, "\0", 1);
- if (eos == NULL)
- // No NULL terminator found. Abort!
- continue;
- else
- // NULL found. Save the string!
- name = (char *) yr_strndup((char*) (pe->data + offset), (size_t) (eos - (pe->data + offset)));
+ name = yr_strndup((char*) (pe->data + offset), remaining);
// Get the corresponding ordinal. Note that we are not subtracting the
// ordinal base here as we don't intend to index into the export address
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list