[Forensics-changes] [yara] 136/415: Fix buffer overrun (issue 55)
Hilko Bengen
bengen at moszumanska.debian.org
Thu Apr 3 05:42:55 UTC 2014
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch debian
in repository yara.
commit 28c731583ed0e0b0c3331ed0aaf9338bb3f92947
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Tue Jun 26 13:18:56 2012 +0000
Fix buffer overrun (issue 55)
---
libyara/scan.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libyara/scan.c b/libyara/scan.c
index f0ad915..6ac1387 100644
--- a/libyara/scan.c
+++ b/libyara/scan.c
@@ -258,7 +258,9 @@ int hex_match(unsigned char* buffer, size_t buffer_size, unsigned char* pattern,
match_length = 0;
m++;
- while (mask[m] != MASK_OR && mask[m] != MASK_OR_END)
+ while (tmp_b < (size_t) buffer_size &&
+ mask[m] != MASK_OR &&
+ mask[m] != MASK_OR_END)
{
if ((buffer[tmp_b] & mask[m]) != pattern[p])
{
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list