[Forensics-changes] [yara] 167/192: Handle malformed streams better. (#653)

[Hilko Bengen]

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.6.0
in repository yara.

commit 96b7a5a6ac8e8f08fc349c600aba7a1b8dcc17ee
Author: Wesley Shields <wxs at atarininja.org>
Date:   Sat May 6 14:44:09 2017 -0400

    Handle malformed streams better. (#653)
    
    When parsing the #~ stream it will require references to the #US and #Blob
    streams, so we need to make sure those are not NULL before attempting to parse
    the stream. It is possible to only do these checks in the place we need them but
    I'd rather declare the whole thing as malformed once and early.
    
    Fixes part of #650.
---
 libyara/modules/dotnet.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libyara/modules/dotnet.c b/libyara/modules/dotnet.c
index f5b74b3..9041ab9 100644
--- a/libyara/modules/dotnet.c
+++ b/libyara/modules/dotnet.c
@@ -1557,7 +1557,9 @@ void dotnet_parse_com(
     dotnet_parse_guid(pe, metadata_root, headers.guid);
 
   // Parse the #~ stream, which includes various tables of interest.
-  if (headers.tilde != NULL)
+  // These tables reference the blob and string streams, so we need to ensure
+  // those are not NULL also.
+  if (headers.tilde != NULL && headers.string != NULL && headers.blob != NULL)
     dotnet_parse_tilde(pe, metadata_root, cli_header, &headers);
 
   if (headers.us != NULL)

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git