[Forensics-changes] [yara] 181/192: Ignore stream names with no NULL byte. (#664)
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:32:02 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.6.0
in repository yara.
commit 2ed629afff00fe523c8186f986264e658634136a
Author: Wesley Shields <wxs at atarininja.org>
Date: Tue May 16 03:23:30 2017 -0400
Ignore stream names with no NULL byte. (#664)
---
libyara/modules/dotnet.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/libyara/modules/dotnet.c b/libyara/modules/dotnet.c
index 9b5b63d..51f7dbd 100644
--- a/libyara/modules/dotnet.c
+++ b/libyara/modules/dotnet.c
@@ -255,6 +255,8 @@ STREAMS dotnet_parse_stream_headers(
PSTREAM_HEADER stream_header;
STREAMS headers;
+ char *start;
+ char *eos;
char stream_name[DOTNET_STREAM_NAME_SIZE + 1];
int i;
@@ -267,6 +269,14 @@ STREAMS dotnet_parse_stream_headers(
if (!struct_fits_in_pe(pe, stream_header, STREAM_HEADER))
break;
+ start = (char*) stream_header->Name;
+ if (!fits_in_pe(pe, start, DOTNET_STREAM_NAME_SIZE))
+ break;
+
+ eos = (char*) memmem((void*) start, DOTNET_STREAM_NAME_SIZE, "\0", 1);
+ if (eos == NULL)
+ break;
+
strncpy(stream_name, stream_header->Name, DOTNET_STREAM_NAME_SIZE);
stream_name[DOTNET_STREAM_NAME_SIZE] = '\0';
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list