[Forensics-changes] [yara] 15/17: Initialize local variable to avoid random bytes from the stack from being saved to compiled rules in 32 bits mode.
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:32:44 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.6.1
in repository yara.
commit 11ffa8817fec31021fccc3e22d5a41e8bc968539
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Mon Jun 5 18:38:57 2017 +0200
Initialize local variable to avoid random bytes from the stack from being saved to compiled rules in 32 bits mode.
DECLARE_REFERENCE force variables to be 64bit long even when YARA is compiled in 32bit mode, but in that case the higher 4 bytes are unused. Those 4 bytes weren't being initialized and random values from the stack were saved into compiled rules files. This was actually innocuous unless you used rules files compiled by 32-bit yarac with 64-bit yara.
---
libyara/parser.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/libyara/parser.c b/libyara/parser.c
index f20df7d..7e68457 100644
--- a/libyara/parser.c
+++ b/libyara/parser.c
@@ -118,8 +118,10 @@ int yr_parser_emit_with_arg_reloc(
int64_t* ptr = NULL;
int result;
- DECLARE_REFERENCE(void*, argument) a;
- a.argument = argument;
+ DECLARE_REFERENCE(void*, ptr) arg;
+
+ memset(&arg, 0, sizeof(arg));
+ arg.ptr = argument;
result = yr_arena_write_data(
yyget_extra(yyscanner)->code_arena,
@@ -130,8 +132,8 @@ int yr_parser_emit_with_arg_reloc(
if (result == ERROR_SUCCESS)
result = yr_arena_write_data(
yyget_extra(yyscanner)->code_arena,
- &a,
- sizeof(int64_t),
+ &arg,
+ sizeof(arg),
(void**) &ptr);
if (result == ERROR_SUCCESS)
@@ -142,7 +144,7 @@ int yr_parser_emit_with_arg_reloc(
EOL);
if (argument_address != NULL)
- *argument_address = (void*)ptr;
+ *argument_address = (void*) ptr;
return result;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list