[Forensics-changes] [yara] 02/15: Fix buffer overrun (issue #678). Add assert for detecting this kind of issues earlier.
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:33:21 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.6.2
in repository yara.
commit f0a98fba38802552147b602c84ebe3616bb460cc
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Tue Jun 6 19:07:27 2017 +0200
Fix buffer overrun (issue #678). Add assert for detecting this kind of issues earlier.
---
libyara/re.c | 5 +++--
libyara/scan.c | 3 +++
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/libyara/re.c b/libyara/re.c
index 959979b..1b767ff 100644
--- a/libyara/re.c
+++ b/libyara/re.c
@@ -2320,11 +2320,11 @@ int yr_re_fast_exec(
for (i = repeat_any_args->min + 1; i <= repeat_any_args->max; i++)
{
- next_input = input + i * input_incr;
-
if (bytes_matched + i >= max_bytes_matched)
break;
+ next_input = input + i * input_incr;
+
if ( *(next_opcode) != RE_OPCODE_LITERAL ||
(*(next_opcode) == RE_OPCODE_LITERAL &&
*(next_opcode + 1) == *next_input))
@@ -2341,6 +2341,7 @@ int yr_re_fast_exec(
input += input_incr * repeat_any_args->min;
bytes_matched += repeat_any_args->min;
+ bytes_matched = yr_min(bytes_matched, max_bytes_matched);
ip = next_opcode;
break;
diff --git a/libyara/scan.c b/libyara/scan.c
index a48c45e..619e64c 100644
--- a/libyara/scan.c
+++ b/libyara/scan.c
@@ -443,6 +443,9 @@ int _yr_scan_match_callback(
// total match length is the sum of backward and forward matches.
match_length += callback_args->forward_matches;
+ // make sure that match fits into the data.
+ assert(match_offset + match_length <= callback_args->data_size);
+
if (callback_args->full_word)
{
if (flags & RE_FLAGS_WIDE)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list