[Forensics-changes] [yara] 13/17: Fix issue #674 for hex strings.
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:32:44 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.6.1
in repository yara.
commit 10e8bd3071677dd1fa76beeef4bc2fc427cea5e7
Author: Victor Manuel Alvarez <vmalvarez at vmalvarez-macbookpro.roam.corp.google.com>
Date: Thu Jun 1 16:10:05 2017 +0200
Fix issue #674 for hex strings.
---
libyara/hex_grammar.c | 136 ++++++++++++++++++++++++++++----------------------
libyara/hex_grammar.h | 4 +-
libyara/hex_grammar.y | 14 ++++++
3 files changed, 91 insertions(+), 63 deletions(-)
diff --git a/libyara/hex_grammar.c b/libyara/hex_grammar.c
index a6cfbf0..48f550a 100644
--- a/libyara/hex_grammar.c
+++ b/libyara/hex_grammar.c
@@ -93,6 +93,13 @@
#define mark_as_not_fast_regexp() \
((RE_AST*) yyget_extra(yyscanner))->flags &= ~RE_FLAGS_FAST_REGEXP
+#define incr_ast_levels() \
+ if (((RE_AST*) yyget_extra(yyscanner))->levels++ > RE_MAX_AST_LEVELS) \
+ { \
+ lex_env->last_error_code = ERROR_INVALID_HEX_STRING; \
+ YYABORT; \
+ }
+
#define ERROR_IF(x, error) \
if (x) \
{ \
@@ -107,7 +114,7 @@
} \
-#line 111 "hex_grammar.c" /* yacc.c:339 */
+#line 118 "hex_grammar.c" /* yacc.c:339 */
# ifndef YY_NULLPTR
# if defined __cplusplus && 201103L <= __cplusplus
@@ -157,12 +164,12 @@ extern int hex_yydebug;
union YYSTYPE
{
-#line 78 "hex_grammar.y" /* yacc.c:355 */
+#line 85 "hex_grammar.y" /* yacc.c:355 */
int64_t integer;
RE_NODE *re_node;
-#line 166 "hex_grammar.c" /* yacc.c:355 */
+#line 173 "hex_grammar.c" /* yacc.c:355 */
};
typedef union YYSTYPE YYSTYPE;
@@ -178,7 +185,7 @@ int hex_yyparse (void *yyscanner, HEX_LEX_ENVIRONMENT *lex_env);
/* Copy the second part of user declarations. */
-#line 182 "hex_grammar.c" /* yacc.c:358 */
+#line 189 "hex_grammar.c" /* yacc.c:358 */
#ifdef short
# undef short
@@ -476,9 +483,9 @@ static const yytype_uint8 yytranslate[] =
/* YYRLINE[YYN] -- Source line where rule number YYN was defined. */
static const yytype_uint16 yyrline[] =
{
- 0, 105, 105, 114, 118, 127, 189, 193, 206, 210,
- 219, 233, 232, 245, 268, 300, 322, 342, 346, 360,
- 368
+ 0, 112, 112, 121, 125, 136, 200, 204, 219, 223,
+ 232, 246, 245, 258, 281, 313, 335, 355, 359, 374,
+ 382
};
#endif
@@ -1017,45 +1024,45 @@ yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep, void *yyscanner, H
switch (yytype)
{
case 16: /* tokens */
-#line 94 "hex_grammar.y" /* yacc.c:1257 */
+#line 101 "hex_grammar.y" /* yacc.c:1257 */
{ yr_re_node_destroy(((*yyvaluep).re_node)); }
-#line 1023 "hex_grammar.c" /* yacc.c:1257 */
+#line 1030 "hex_grammar.c" /* yacc.c:1257 */
break;
case 17: /* token_sequence */
-#line 95 "hex_grammar.y" /* yacc.c:1257 */
+#line 102 "hex_grammar.y" /* yacc.c:1257 */
{ yr_re_node_destroy(((*yyvaluep).re_node)); }
-#line 1029 "hex_grammar.c" /* yacc.c:1257 */
+#line 1036 "hex_grammar.c" /* yacc.c:1257 */
break;
case 18: /* token_or_range */
-#line 96 "hex_grammar.y" /* yacc.c:1257 */
+#line 103 "hex_grammar.y" /* yacc.c:1257 */
{ yr_re_node_destroy(((*yyvaluep).re_node)); }
-#line 1035 "hex_grammar.c" /* yacc.c:1257 */
+#line 1042 "hex_grammar.c" /* yacc.c:1257 */
break;
case 19: /* token */
-#line 97 "hex_grammar.y" /* yacc.c:1257 */
+#line 104 "hex_grammar.y" /* yacc.c:1257 */
{ yr_re_node_destroy(((*yyvaluep).re_node)); }
-#line 1041 "hex_grammar.c" /* yacc.c:1257 */
+#line 1048 "hex_grammar.c" /* yacc.c:1257 */
break;
case 21: /* range */
-#line 100 "hex_grammar.y" /* yacc.c:1257 */
+#line 107 "hex_grammar.y" /* yacc.c:1257 */
{ yr_re_node_destroy(((*yyvaluep).re_node)); }
-#line 1047 "hex_grammar.c" /* yacc.c:1257 */
+#line 1054 "hex_grammar.c" /* yacc.c:1257 */
break;
case 22: /* alternatives */
-#line 99 "hex_grammar.y" /* yacc.c:1257 */
+#line 106 "hex_grammar.y" /* yacc.c:1257 */
{ yr_re_node_destroy(((*yyvaluep).re_node)); }
-#line 1053 "hex_grammar.c" /* yacc.c:1257 */
+#line 1060 "hex_grammar.c" /* yacc.c:1257 */
break;
case 23: /* byte */
-#line 98 "hex_grammar.y" /* yacc.c:1257 */
+#line 105 "hex_grammar.y" /* yacc.c:1257 */
{ yr_re_node_destroy(((*yyvaluep).re_node)); }
-#line 1059 "hex_grammar.c" /* yacc.c:1257 */
+#line 1066 "hex_grammar.c" /* yacc.c:1257 */
break;
@@ -1321,25 +1328,27 @@ yyreduce:
switch (yyn)
{
case 2:
-#line 106 "hex_grammar.y" /* yacc.c:1646 */
+#line 113 "hex_grammar.y" /* yacc.c:1661 */
{
RE_AST* re_ast = yyget_extra(yyscanner);
re_ast->root_node = (yyvsp[-1].re_node);
}
-#line 1330 "hex_grammar.c" /* yacc.c:1646 */
+#line 1337 "hex_grammar.c" /* yacc.c:1661 */
break;
case 3:
-#line 115 "hex_grammar.y" /* yacc.c:1646 */
+#line 122 "hex_grammar.y" /* yacc.c:1661 */
{
(yyval.re_node) = (yyvsp[0].re_node);
}
-#line 1338 "hex_grammar.c" /* yacc.c:1646 */
+#line 1345 "hex_grammar.c" /* yacc.c:1661 */
break;
case 4:
-#line 119 "hex_grammar.y" /* yacc.c:1646 */
+#line 126 "hex_grammar.y" /* yacc.c:1661 */
{
+ incr_ast_levels();
+
(yyval.re_node) = yr_re_node_create(RE_NODE_CONCAT, (yyvsp[-1].re_node), (yyvsp[0].re_node));
DESTROY_NODE_IF((yyval.re_node) == NULL, (yyvsp[-1].re_node));
@@ -1347,16 +1356,18 @@ yyreduce:
ERROR_IF((yyval.re_node) == NULL, ERROR_INSUFFICIENT_MEMORY);
}
-#line 1351 "hex_grammar.c" /* yacc.c:1646 */
+#line 1360 "hex_grammar.c" /* yacc.c:1661 */
break;
case 5:
-#line 128 "hex_grammar.y" /* yacc.c:1646 */
+#line 137 "hex_grammar.y" /* yacc.c:1661 */
{
RE_NODE* new_concat;
RE_NODE* leftmost_concat = NULL;
RE_NODE* leftmost_node = (yyvsp[-1].re_node);
+ incr_ast_levels();
+
(yyval.re_node) = NULL;
/*
@@ -1409,20 +1420,22 @@ yyreduce:
ERROR_IF((yyval.re_node) == NULL, ERROR_INSUFFICIENT_MEMORY);
}
-#line 1413 "hex_grammar.c" /* yacc.c:1646 */
+#line 1424 "hex_grammar.c" /* yacc.c:1661 */
break;
case 6:
-#line 190 "hex_grammar.y" /* yacc.c:1646 */
+#line 201 "hex_grammar.y" /* yacc.c:1661 */
{
(yyval.re_node) = (yyvsp[0].re_node);
}
-#line 1421 "hex_grammar.c" /* yacc.c:1646 */
+#line 1432 "hex_grammar.c" /* yacc.c:1661 */
break;
case 7:
-#line 194 "hex_grammar.y" /* yacc.c:1646 */
+#line 205 "hex_grammar.y" /* yacc.c:1661 */
{
+ incr_ast_levels();
+
(yyval.re_node) = yr_re_node_create(RE_NODE_CONCAT, (yyvsp[-1].re_node), (yyvsp[0].re_node));
DESTROY_NODE_IF((yyval.re_node) == NULL, (yyvsp[-1].re_node));
@@ -1430,28 +1443,28 @@ yyreduce:
ERROR_IF((yyval.re_node) == NULL, ERROR_INSUFFICIENT_MEMORY);
}
-#line 1434 "hex_grammar.c" /* yacc.c:1646 */
+#line 1447 "hex_grammar.c" /* yacc.c:1661 */
break;
case 8:
-#line 207 "hex_grammar.y" /* yacc.c:1646 */
+#line 220 "hex_grammar.y" /* yacc.c:1661 */
{
(yyval.re_node) = (yyvsp[0].re_node);
}
-#line 1442 "hex_grammar.c" /* yacc.c:1646 */
+#line 1455 "hex_grammar.c" /* yacc.c:1661 */
break;
case 9:
-#line 211 "hex_grammar.y" /* yacc.c:1646 */
+#line 224 "hex_grammar.y" /* yacc.c:1661 */
{
(yyval.re_node) = (yyvsp[0].re_node);
(yyval.re_node)->greedy = FALSE;
}
-#line 1451 "hex_grammar.c" /* yacc.c:1646 */
+#line 1464 "hex_grammar.c" /* yacc.c:1661 */
break;
case 10:
-#line 220 "hex_grammar.y" /* yacc.c:1646 */
+#line 233 "hex_grammar.y" /* yacc.c:1661 */
{
lex_env->token_count++;
@@ -1464,28 +1477,28 @@ yyreduce:
(yyval.re_node) = (yyvsp[0].re_node);
}
-#line 1468 "hex_grammar.c" /* yacc.c:1646 */
+#line 1481 "hex_grammar.c" /* yacc.c:1661 */
break;
case 11:
-#line 233 "hex_grammar.y" /* yacc.c:1646 */
+#line 246 "hex_grammar.y" /* yacc.c:1661 */
{
lex_env->inside_or++;
}
-#line 1476 "hex_grammar.c" /* yacc.c:1646 */
+#line 1489 "hex_grammar.c" /* yacc.c:1661 */
break;
case 12:
-#line 237 "hex_grammar.y" /* yacc.c:1646 */
+#line 250 "hex_grammar.y" /* yacc.c:1661 */
{
(yyval.re_node) = (yyvsp[-1].re_node);
lex_env->inside_or--;
}
-#line 1485 "hex_grammar.c" /* yacc.c:1646 */
+#line 1498 "hex_grammar.c" /* yacc.c:1661 */
break;
case 13:
-#line 246 "hex_grammar.y" /* yacc.c:1646 */
+#line 259 "hex_grammar.y" /* yacc.c:1661 */
{
if ((yyvsp[-1].integer) <= 0)
{
@@ -1508,11 +1521,11 @@ yyreduce:
(yyval.re_node)->start = (int) (yyvsp[-1].integer);
(yyval.re_node)->end = (int) (yyvsp[-1].integer);
}
-#line 1512 "hex_grammar.c" /* yacc.c:1646 */
+#line 1525 "hex_grammar.c" /* yacc.c:1661 */
break;
case 14:
-#line 269 "hex_grammar.y" /* yacc.c:1646 */
+#line 282 "hex_grammar.y" /* yacc.c:1661 */
{
if (lex_env->inside_or &&
((yyvsp[-3].integer) > STRING_CHAINING_THRESHOLD ||
@@ -1544,11 +1557,11 @@ yyreduce:
(yyval.re_node)->start = (int) (yyvsp[-3].integer);
(yyval.re_node)->end = (int) (yyvsp[-1].integer);
}
-#line 1548 "hex_grammar.c" /* yacc.c:1646 */
+#line 1561 "hex_grammar.c" /* yacc.c:1661 */
break;
case 15:
-#line 301 "hex_grammar.y" /* yacc.c:1646 */
+#line 314 "hex_grammar.y" /* yacc.c:1661 */
{
if (lex_env->inside_or)
{
@@ -1570,11 +1583,11 @@ yyreduce:
(yyval.re_node)->start = (int) (yyvsp[-2].integer);
(yyval.re_node)->end = INT_MAX;
}
-#line 1574 "hex_grammar.c" /* yacc.c:1646 */
+#line 1587 "hex_grammar.c" /* yacc.c:1661 */
break;
case 16:
-#line 323 "hex_grammar.y" /* yacc.c:1646 */
+#line 336 "hex_grammar.y" /* yacc.c:1661 */
{
if (lex_env->inside_or)
{
@@ -1590,21 +1603,22 @@ yyreduce:
(yyval.re_node)->start = 0;
(yyval.re_node)->end = INT_MAX;
}
-#line 1594 "hex_grammar.c" /* yacc.c:1646 */
+#line 1607 "hex_grammar.c" /* yacc.c:1661 */
break;
case 17:
-#line 343 "hex_grammar.y" /* yacc.c:1646 */
+#line 356 "hex_grammar.y" /* yacc.c:1661 */
{
(yyval.re_node) = (yyvsp[0].re_node);
}
-#line 1602 "hex_grammar.c" /* yacc.c:1646 */
+#line 1615 "hex_grammar.c" /* yacc.c:1661 */
break;
case 18:
-#line 347 "hex_grammar.y" /* yacc.c:1646 */
+#line 360 "hex_grammar.y" /* yacc.c:1661 */
{
mark_as_not_fast_regexp();
+ incr_ast_levels();
(yyval.re_node) = yr_re_node_create(RE_NODE_ALT, (yyvsp[-2].re_node), (yyvsp[0].re_node));
@@ -1613,11 +1627,11 @@ yyreduce:
ERROR_IF((yyval.re_node) == NULL, ERROR_INSUFFICIENT_MEMORY);
}
-#line 1617 "hex_grammar.c" /* yacc.c:1646 */
+#line 1631 "hex_grammar.c" /* yacc.c:1661 */
break;
case 19:
-#line 361 "hex_grammar.y" /* yacc.c:1646 */
+#line 375 "hex_grammar.y" /* yacc.c:1661 */
{
(yyval.re_node) = yr_re_node_create(RE_NODE_LITERAL, NULL, NULL);
@@ -1625,11 +1639,11 @@ yyreduce:
(yyval.re_node)->value = (int) (yyvsp[0].integer);
}
-#line 1629 "hex_grammar.c" /* yacc.c:1646 */
+#line 1643 "hex_grammar.c" /* yacc.c:1661 */
break;
case 20:
-#line 369 "hex_grammar.y" /* yacc.c:1646 */
+#line 383 "hex_grammar.y" /* yacc.c:1661 */
{
uint8_t mask = (uint8_t) ((yyvsp[0].integer) >> 8);
@@ -1649,11 +1663,11 @@ yyreduce:
(yyval.re_node)->mask = mask;
}
}
-#line 1653 "hex_grammar.c" /* yacc.c:1646 */
+#line 1667 "hex_grammar.c" /* yacc.c:1661 */
break;
-#line 1657 "hex_grammar.c" /* yacc.c:1646 */
+#line 1671 "hex_grammar.c" /* yacc.c:1661 */
default: break;
}
/* User semantic actions sometimes alter yychar, and that requires
@@ -1881,5 +1895,5 @@ yyreturn:
#endif
return yyresult;
}
-#line 390 "hex_grammar.y" /* yacc.c:1906 */
+#line 404 "hex_grammar.y" /* yacc.c:1906 */
diff --git a/libyara/hex_grammar.h b/libyara/hex_grammar.h
index 31e7fe2..d37c164 100644
--- a/libyara/hex_grammar.h
+++ b/libyara/hex_grammar.h
@@ -60,12 +60,12 @@ extern int hex_yydebug;
union YYSTYPE
{
-#line 78 "hex_grammar.y" /* yacc.c:1909 */
+#line 85 "hex_grammar.y" /* yacc.c:1915 */
int64_t integer;
RE_NODE *re_node;
-#line 69 "hex_grammar.h" /* yacc.c:1909 */
+#line 69 "hex_grammar.h" /* yacc.c:1915 */
};
typedef union YYSTYPE YYSTYPE;
diff --git a/libyara/hex_grammar.y b/libyara/hex_grammar.y
index f42e0b1..bf907e9 100644
--- a/libyara/hex_grammar.y
+++ b/libyara/hex_grammar.y
@@ -51,6 +51,13 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#define mark_as_not_fast_regexp() \
((RE_AST*) yyget_extra(yyscanner))->flags &= ~RE_FLAGS_FAST_REGEXP
+#define incr_ast_levels() \
+ if (((RE_AST*) yyget_extra(yyscanner))->levels++ > RE_MAX_AST_LEVELS) \
+ { \
+ lex_env->last_error_code = ERROR_INVALID_HEX_STRING; \
+ YYABORT; \
+ }
+
#define ERROR_IF(x, error) \
if (x) \
{ \
@@ -117,6 +124,8 @@ tokens
}
| token token
{
+ incr_ast_levels();
+
$$ = yr_re_node_create(RE_NODE_CONCAT, $1, $2);
DESTROY_NODE_IF($$ == NULL, $1);
@@ -130,6 +139,8 @@ tokens
RE_NODE* leftmost_concat = NULL;
RE_NODE* leftmost_node = $2;
+ incr_ast_levels();
+
$$ = NULL;
/*
@@ -192,6 +203,8 @@ token_sequence
}
| token_sequence token_or_range
{
+ incr_ast_levels();
+
$$ = yr_re_node_create(RE_NODE_CONCAT, $1, $2);
DESTROY_NODE_IF($$ == NULL, $1);
@@ -346,6 +359,7 @@ alternatives
| alternatives '|' tokens
{
mark_as_not_fast_regexp();
+ incr_ast_levels();
$$ = yr_re_node_create(RE_NODE_ALT, $1, $3);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list