[Forensics-changes] [yara] 134/415: Fix issue 51

Hilko Bengen bengen at moszumanska.debian.org
Thu Apr 3 05:42:55 UTC 2014 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to branch debian
in repository yara.

commit 79143fe43d6212be70abb7218b5d8006f9059637
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Tue May 22 10:14:55 2012 +0000

    Fix issue 51
---
 libyara/scan.c       | 6 ++++--
 yara-python/tests.py | 1 +
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/libyara/scan.c b/libyara/scan.c
index 8c7cbea..099fb10 100644
--- a/libyara/scan.c
+++ b/libyara/scan.c
@@ -190,6 +190,8 @@ inline int wicompare(char* str1, char* str2, int len)
 	return ((i==len) ? i * 2 : 0);
 }
 
+
+#define MIN(x,y)  ((x<y)?(x):(y))
  
 int hex_match(unsigned char* buffer, size_t buffer_size, unsigned char* pattern, int pattern_length, unsigned char* mask)
 {
@@ -207,7 +209,7 @@ int hex_match(unsigned char* buffer, size_t buffer_size, unsigned char* pattern,
 	m = 0;
 	
 	matches = 0;	
-	
+		
 	while (b < (size_t) buffer_size && p < (size_t) pattern_length)
 	{
 		if (mask[m] == MASK_EXACT_SKIP)
@@ -229,7 +231,7 @@ int hex_match(unsigned char* buffer, size_t buffer_size, unsigned char* pattern,
                         
             while (i <= delta && b + i < buffer_size)
             {
-                if ((buffer[b + i] & mask[m]) == pattern[p])
+                if ((buffer[b + i] & mask[m]) == pattern[p] || mask[m] == MASK_OR)
                 {
        			    tmp = hex_match(buffer + b + i, buffer_size - b - i,  pattern + p, pattern_length - p, mask + m);
        			}
diff --git a/yara-python/tests.py b/yara-python/tests.py
index 4d1e366..b2d44c8 100644
--- a/yara-python/tests.py
+++ b/yara-python/tests.py
@@ -137,6 +137,7 @@ class TestYara(unittest.TestCase):
             'rule test { strings: $a = { 64 01 00 00 60 01 } condition: $a }',
             'rule test { strings: $a = { 64 0? 00 00 ?0 01 } condition: $a }',
             'rule test { strings: $a = { 64 01 [1-3] 60 01 } condition: $a }',
+            'rule test { strings: $a = { 64 01 [1-3] (60|61) 01 } condition: $a }',
         ], PE32_FILE)
         
     def testCount(self):

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list