[Forensics-changes] [yara] 30/415: Bug fix: integer overflow
Hilko Bengen
bengen at moszumanska.debian.org
Thu Apr 3 05:42:40 UTC 2014
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch debian
in repository yara.
commit da854c4233186337502ec8ca152ba02e32c7bab2
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Fri Sep 11 22:04:33 2009 +0000
Bug fix: integer overflow
---
libyara/libyara.c | 5 ++++-
libyara/libyara.tmproj | 56 +++++++++++++++++++++++------------------------
libyara/scan.c | 19 +++++++++-------
yara-python/README | 56 ++++++++++++-----------------------------------
yara-python/setup.py | 3 ++-
yara-python/yara-python.c | 2 +-
6 files changed, 60 insertions(+), 81 deletions(-)
diff --git a/libyara/libyara.c b/libyara/libyara.c
index c67f0d2..732945d 100644
--- a/libyara/libyara.c
+++ b/libyara/libyara.c
@@ -176,6 +176,9 @@ int yr_scan_mem(unsigned char* buffer, unsigned int buffer_size, YARA_CONTEXT* c
RULE* rule;
EVALUATION_CONTEXT eval_context;
+ if (buffer_size < 2)
+ return ERROR_SUCCESS;
+
if (!context->hash_table.populated)
{
populate_hash_table(&context->hash_table, &context->rule_list);
@@ -209,7 +212,7 @@ int yr_scan_mem(unsigned char* buffer, unsigned int buffer_size, YARA_CONTEXT* c
return error;
/* search for wide strings */
- if (i < buffer_size - 3 && buffer[i + 1] == 0 && buffer[i + 3] == 0)
+ if ((buffer[i + 1] == 0) && (buffer_size > 3) && (i < buffer_size - 3) && (buffer[i + 3] == 0))
{
error = find_matches( buffer[i],
buffer[i + 2],
diff --git a/libyara/libyara.tmproj b/libyara/libyara.tmproj
index 604e60c..a81c751 100644
--- a/libyara/libyara.tmproj
+++ b/libyara/libyara.tmproj
@@ -3,7 +3,7 @@
<plist version="1.0">
<dict>
<key>currentDocument</key>
- <string>lex.l</string>
+ <string>scan.c</string>
<key>documents</key>
<array>
<dict>
@@ -13,13 +13,15 @@
<key>filename</key>
<string>scan.c</string>
<key>lastUsed</key>
- <date>2009-04-07T15:39:58Z</date>
+ <date>2009-07-17T09:00:59Z</date>
+ <key>selected</key>
+ <true/>
</dict>
<dict>
<key>filename</key>
<string>pefile.c</string>
<key>lastUsed</key>
- <date>2009-04-07T15:40:05Z</date>
+ <date>2009-06-23T09:46:58Z</date>
</dict>
<dict>
<key>filename</key>
@@ -37,33 +39,31 @@
<key>filename</key>
<string>ast.c</string>
<key>lastUsed</key>
- <date>2009-04-07T15:40:30Z</date>
+ <date>2009-07-17T09:00:57Z</date>
</dict>
<dict>
<key>filename</key>
<string>lex.l</string>
<key>lastUsed</key>
- <date>2009-04-16T14:58:37Z</date>
- <key>selected</key>
- <true/>
+ <date>2009-06-05T12:54:34Z</date>
</dict>
<dict>
<key>filename</key>
<string>grammar.y</string>
<key>lastUsed</key>
- <date>2009-04-16T13:30:47Z</date>
+ <date>2009-07-17T09:00:44Z</date>
</dict>
<dict>
<key>filename</key>
<string>../yara.c</string>
<key>lastUsed</key>
- <date>2009-04-16T14:58:37Z</date>
+ <date>2009-06-23T09:46:49Z</date>
</dict>
<dict>
<key>filename</key>
<string>mem.c</string>
<key>lastUsed</key>
- <date>2009-04-15T19:22:08Z</date>
+ <date>2009-07-17T09:00:59Z</date>
</dict>
<dict>
<key>filename</key>
@@ -84,13 +84,13 @@
<key>filename</key>
<string>yara.h</string>
<key>lastUsed</key>
- <date>2009-04-16T14:46:22Z</date>
+ <date>2009-06-05T12:53:33Z</date>
</dict>
<dict>
<key>filename</key>
<string>pefile.h</string>
<key>lastUsed</key>
- <date>2009-04-14T17:28:00Z</date>
+ <date>2009-06-23T09:46:56Z</date>
</dict>
<dict>
<key>filename</key>
@@ -120,7 +120,7 @@
<key>filename</key>
<string>sizedstr.h</string>
<key>lastUsed</key>
- <date>2009-04-07T15:41:12Z</date>
+ <date>2009-06-23T09:46:55Z</date>
</dict>
<dict>
<key>filename</key>
@@ -132,7 +132,7 @@
<key>filename</key>
<string>scan.h</string>
<key>lastUsed</key>
- <date>2009-04-14T15:33:34Z</date>
+ <date>2009-06-23T09:46:54Z</date>
</dict>
<dict>
<key>filename</key>
@@ -156,14 +156,14 @@
<key>caret</key>
<dict>
<key>column</key>
- <integer>10</integer>
+ <integer>2</integer>
<key>line</key>
- <integer>178</integer>
+ <integer>81</integer>
</dict>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>488</integer>
+ <integer>255</integer>
</dict>
<key>ast.c</key>
<dict>
@@ -177,7 +177,7 @@
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>732</integer>
+ <integer>63</integer>
</dict>
<key>ast.h</key>
<dict>
@@ -254,14 +254,14 @@
<key>caret</key>
<dict>
<key>column</key>
- <integer>48</integer>
+ <integer>23</integer>
<key>line</key>
- <integer>494</integer>
+ <integer>376</integer>
</dict>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>892</integer>
+ <integer>789</integer>
</dict>
<key>lex.h</key>
<dict>
@@ -282,14 +282,14 @@
<key>caret</key>
<dict>
<key>column</key>
- <integer>37</integer>
+ <integer>3</integer>
<key>line</key>
- <integer>127</integer>
+ <integer>132</integer>
</dict>
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>130</integer>
+ <integer>115</integer>
</dict>
<key>libyara.c</key>
<dict>
@@ -391,7 +391,7 @@
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>82</integer>
+ <integer>74</integer>
</dict>
<key>pefile.h</key>
<dict>
@@ -419,7 +419,7 @@
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>688</integer>
+ <integer>340</integer>
</dict>
<key>scan.h</key>
<dict>
@@ -463,7 +463,7 @@
<key>firstVisibleColumn</key>
<integer>0</integer>
<key>firstVisibleLine</key>
- <integer>48</integer>
+ <integer>197</integer>
<key>selectFrom</key>
<dict>
<key>column</key>
@@ -506,6 +506,6 @@
<key>showFileHierarchyDrawer</key>
<true/>
<key>windowFrame</key>
- <string>{{220, 40}, {1054, 919}}</string>
+ <string>{{158, 102}, {1060, 878}}</string>
</dict>
</plist>
diff --git a/libyara/scan.c b/libyara/scan.c
index f8b2e86..706f327 100644
--- a/libyara/scan.c
+++ b/libyara/scan.c
@@ -699,16 +699,19 @@ int find_matches( unsigned char first_char,
YARA_CONTEXT* context)
{
- int result;
+ int result = ERROR_SUCCESS;
- result = find_matches_for_strings( context->hash_table.hashed_strings[first_char][second_char],
- buffer,
- buffer_size,
- current_file_offset,
- flags,
- negative_size);
+ if (context->hash_table.hashed_strings[first_char][second_char] != NULL)
+ {
+ result = find_matches_for_strings( context->hash_table.hashed_strings[first_char][second_char],
+ buffer,
+ buffer_size,
+ current_file_offset,
+ flags,
+ negative_size);
+ }
- if (result == ERROR_SUCCESS)
+ if (result == ERROR_SUCCESS && context->hash_table.non_hashed_strings != NULL)
{
result = find_matches_for_strings( context->hash_table.non_hashed_strings,
buffer,
diff --git a/yara-python/README b/yara-python/README
index b133144..d76d361 100644
--- a/yara-python/README
+++ b/yara-python/README
@@ -14,13 +14,13 @@ yara-python depends on libyara, a library that implements YARA's core functions.
must build and install YARA in your system before building yara-python. The latest
YARA version can be downloaded from:
-http://yara.googlecode.com/files/yara-1.2.tar.gz
+http://yara.googlecode.com/files/yara-1.2.1.tar.gz
After installing YARA you can build yara-python this way:
-$ tar xzvf yara-python-1.2.0.tar.gz
-$ cd yara-python-1.2.0
+$ tar xzvf yara-python-1.2.1.tar.gz
+$ cd yara-python-1.2.1
$ python setup.py build
$ sudo python setup.py install
@@ -51,44 +51,16 @@ $ ldconfig
HOW TO USE
==========
-The first thing you need to do is importing the yara module:
-
-import yara
-
-Then you will need to compile the YARA rules before applying them to your data:
-
-rules = yara.compile('/foo/bar/myrules')
-
-The method "compile" of this module returns an instance of the class "Rules", which
-in turn has two methods: "matchfile" and "match". The first one applies the rules
-to a file given its path:
-
-matches = rules.matchfile('/foo/bar/myfile')
-
-The second one applies the rules to a string:
-
-f = fopen('/foo/bar/myfile', 'rb')
-data = f.read()
-f.close()
-
-matches = rules.match(data)
-
-Both methods return a list of instances of the class "Match". The instances of this
-class can be treated as text string containing the name of the matching YARA rule.
-For example you can print them:
-
-foreach m in matches:
- print "%s" % m
-
-In some circumstances you may need to explicitly convert the instance of "Match" to
-string, for example when comparing it with another string:
-
-if str(matches[0]) == 'SomeRuleName':
- ...
-
-The "Match" class have another two attributes: "tags" and "strings". The "tags"
-attribute is a list of strings containing the tags associated to the rule. The
-"strings" attribute is a dictionary whose values are those strings within the data
-that made the YARA rule match, and the keys are the offsets those strings were found.
+YARA can be also invoked from your own Python scripts. The yara-python extension is
+provided in order to make YARA functionality available to Python users. Once yara-python
+is built and installed on your system you can use it as shown below:
import yara
Then you will need to compile your YARA rules before applying them to your data, the
+rules can be compiled from a file path:
rules = yara.compile(filepath='/foo/bar/myrules')
The default argument is filepath, so you don't need to explicitly specify its name:
rules = yara.compile('/foo/bar/myrules')
You can also compile your rules from a file object:
fh = open('/foo/bar/myrules')
rules = yara.compile(file=fh)
fh.close()
Or you can compile them from a Python string:
rules = yara.compile(source='rule dummy { condition: true }')
In the three cases compile returns an instance of the class Rules, which in turn has
+a match method:
matches = rules.match('/foo/bar/myfile')
But you can also apply he rules to a Python string:
f = fopen('/foo/bar/myfile', 'rb')
matches = rules.match(data=f.read())
Both in both cases a list of instances of the class Match is returned. The instances
+of this class can be treated as text strings containing the name of the matching rule.
+For example you can print them:
foreach m in matches:
print "%s" % m
In some circumstances you may need to explicitly convert the instance of Match to string,
+for example when comparing it with another string:
if str(matches[0]) == 'SomeRuleName':
...
The Match class have another two attributes: tags and strings. The tags attribute is a
+list of strings containing the tags associated to the rule. The strings attribute is a
+dictionary whose values are those strings within the data that made the YARA rule match,
+and the keys are the offsets where those strings were found.
diff --git a/yara-python/setup.py b/yara-python/setup.py
index e25bbac..5bb1437 100644
--- a/yara-python/setup.py
+++ b/yara-python/setup.py
@@ -10,7 +10,8 @@ setup(name = "yara-python",
ext_modules = [ Extension(
name='yara',
sources=['yara-python.c'],
- libraries=['yara','pcre']
+ libraries=['yara','pcre'],
+ include_dirs=['/usr/local/include']
)])
diff --git a/yara-python/yara-python.c b/yara-python/yara-python.c
index d24e397..d8ed52b 100644
--- a/yara-python/yara-python.c
+++ b/yara-python/yara-python.c
@@ -19,7 +19,7 @@ GNU General Public License for more details.
#include <Python.h>
#include "structmember.h"
-#include "yara.h"
+#include <yara.h>
/* Module globals */
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list