[Forensics-changes] [yara] 162/415: Multiple changes and bug fixes
Hilko Bengen
bengen at moszumanska.debian.org
Thu Apr 3 05:43:00 UTC 2014
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch debian
in repository yara.
commit 7404e2e0e4073e7fb8216520288559d9efe07dd9
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Mon May 27 16:34:41 2013 +0000
Multiple changes and bug fixes
---
libyara/arena.c | 9 ++++++++
libyara/exec.c | 1 +
libyara/exefiles.c | 58 ++++++++++++++++++++++++-----------------------
libyara/exefiles.h | 20 ++++++++--------
libyara/mem.c | 10 ++++++++
libyara/rules.c | 25 ++++++++++----------
libyara/yara.h | 4 ++--
yara-python/yara-python.c | 5 ++--
8 files changed, 77 insertions(+), 55 deletions(-)
diff --git a/libyara/arena.c b/libyara/arena.c
index 86440b7..6234731 100644
--- a/libyara/arena.c
+++ b/libyara/arena.c
@@ -14,6 +14,15 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
+/*
+
+This module implements a data structure "arena". An arena is a data
+container composed of a set of pages. The arena grows automatically
+when needed, by adding new pages to hold new data if required. Arenas
+can be saved and loaded from files.
+
+*/
+
#include <string.h>
#include <assert.h>
#include <stdlib.h>
diff --git a/libyara/exec.c b/libyara/exec.c
index 4a160ac..9d47906 100644
--- a/libyara/exec.c
+++ b/libyara/exec.c
@@ -26,6 +26,7 @@ limitations under the License.
if (sp < STACK_SIZE) stack[sp++] = (x); \
else return ERROR_STACK_OVERFLOW
+
#define pop(x) x = stack[--sp]
diff --git a/libyara/exefiles.c b/libyara/exefiles.c
index a0c7a9b..86d1614 100644
--- a/libyara/exefiles.c
+++ b/libyara/exefiles.c
@@ -36,13 +36,13 @@ limitations under the License.
PIMAGE_NT_HEADERS yr_get_pe_header(
- unsigned char* buffer,
- unsigned int buffer_length)
+ uint8_t* buffer,
+ size_t buffer_length)
{
PIMAGE_DOS_HEADER mz_header;
PIMAGE_NT_HEADERS pe_header;
- unsigned int headers_size = 0;
+ size_t headers_size = 0;
if (buffer_length < sizeof(IMAGE_DOS_HEADER))
return NULL;
@@ -79,10 +79,10 @@ PIMAGE_NT_HEADERS yr_get_pe_header(
}
-unsigned long long yr_pe_rva_to_offset(
+uint64_t yr_pe_rva_to_offset(
PIMAGE_NT_HEADERS pe_header,
- unsigned long long rva,
- unsigned int buffer_length)
+ uint64_t rva,
+ size_t buffer_length)
{
int i = 0;
PIMAGE_SECTION_HEADER section;
@@ -91,7 +91,8 @@ unsigned long long yr_pe_rva_to_offset(
while(i < MIN(pe_header->FileHeader.NumberOfSections, 60))
{
- if ((unsigned char*) section - (unsigned char*) pe_header + sizeof(IMAGE_SECTION_HEADER) < buffer_length)
+ if ((uint8_t*) section - \
+ (uint8_t*) pe_header + sizeof(IMAGE_SECTION_HEADER) < buffer_length)
{
if (rva >= section->VirtualAddress &&
rva < section->VirtualAddress + section->SizeOfRawData)
@@ -113,8 +114,8 @@ unsigned long long yr_pe_rva_to_offset(
int yr_get_elf_type(
- unsigned char* buffer,
- unsigned int buffer_length)
+ uint8_t* buffer,
+ size_t buffer_length)
{
Elf32_Ehdr* elf_header;
@@ -137,10 +138,10 @@ int yr_get_elf_type(
}
-unsigned long long yr_elf_rva_to_offset_32(
+uint64_t yr_elf_rva_to_offset_32(
Elf32_Ehdr* elf_header,
- unsigned long long rva,
- unsigned int buffer_length)
+ uint64_t rva,
+ size_t buffer_length)
{
int i;
Elf32_Shdr* section;
@@ -152,7 +153,8 @@ unsigned long long yr_elf_rva_to_offset_32(
if(ULONG_MAX - elf_header->e_shoff < sizeof(Elf32_Shdr) * elf_header->e_shnum)
return 0;
- if (elf_header->e_shoff + sizeof(Elf32_Shdr) * elf_header->e_shnum > buffer_length)
+ if (elf_header->e_shoff + \
+ sizeof(Elf32_Shdr) * elf_header->e_shnum > buffer_length)
return 0;
section = (Elf32_Shdr*) ((unsigned char*) elf_header + elf_header->e_shoff);
@@ -179,10 +181,10 @@ unsigned long long yr_elf_rva_to_offset_32(
}
-unsigned long long yr_elf_rva_to_offset_64(
+uint64_t yr_elf_rva_to_offset_64(
Elf64_Ehdr* elf_header,
- unsigned long long rva,
- unsigned int buffer_length)
+ uint64_t rva,
+ size_t buffer_length)
{
int i;
Elf64_Shdr* section;
@@ -194,7 +196,7 @@ unsigned long long yr_elf_rva_to_offset_64(
buffer_length)
return 0;
- section = (Elf64_Shdr*) ((unsigned char*) elf_header + elf_header->e_shoff);
+ section = (Elf64_Shdr*) ((uint8_t*) elf_header + elf_header->e_shoff);
for (i = 0; i < elf_header->e_shnum; i++)
{
@@ -213,9 +215,9 @@ unsigned long long yr_elf_rva_to_offset_64(
}
-unsigned long long yr_get_entry_point_offset(
- unsigned char* buffer,
- unsigned int buffer_length)
+uint64_t yr_get_entry_point_offset(
+ uint8_t* buffer,
+ size_t buffer_length)
{
PIMAGE_NT_HEADERS pe_header;
Elf32_Ehdr* elf_header32;
@@ -228,7 +230,7 @@ unsigned long long yr_get_entry_point_offset(
return yr_pe_rva_to_offset(
pe_header,
pe_header->OptionalHeader.AddressOfEntryPoint,
- buffer_length - ((unsigned char*) pe_header - buffer));
+ buffer_length - ((uint8_t*) pe_header - buffer));
}
switch(yr_get_elf_type(buffer, buffer_length))
@@ -252,9 +254,9 @@ unsigned long long yr_get_entry_point_offset(
}
-unsigned long long yr_get_entry_point_address(
- unsigned char* buffer,
- unsigned int buffer_length,
+uint64_t yr_get_entry_point_address(
+ uint8_t* buffer,
+ size_t buffer_length,
size_t base_address)
{
PIMAGE_NT_HEADERS pe_header;
@@ -296,16 +298,16 @@ unsigned long long yr_get_entry_point_address(
int yr_file_is_pe(
- unsigned char* buffer,
- unsigned int buffer_length)
+ uint8_t* buffer,
+ size_t buffer_length)
{
return (yr_get_pe_header(buffer, buffer_length) != NULL);
}
int yr_file_is_elf(
- unsigned char* buffer,
- unsigned int buffer_length)
+ uint8_t* buffer,
+ size_t buffer_length)
{
int type = yr_get_elf_type(buffer, buffer_length);
diff --git a/libyara/exefiles.h b/libyara/exefiles.h
index ff78849..ccd4144 100644
--- a/libyara/exefiles.h
+++ b/libyara/exefiles.h
@@ -18,23 +18,23 @@ limitations under the License.
#define _EXEFILES_H
int yr_file_is_pe(
- unsigned char* buffer,
- unsigned int buffer_length);
+ uint8_t* buffer,
+ size_t buffer_length);
int yr_file_is_elf(
- unsigned char* buffer,
- unsigned int buffer_length);
+ uint8_t* buffer,
+ size_t buffer_length);
-unsigned long long yr_get_entry_point_offset(
- unsigned char* buffer,
- unsigned int buffer_length);
+uint64_t yr_get_entry_point_offset(
+ uint8_t* buffer,
+ size_t buffer_length);
-unsigned long long yr_get_entry_point_address(
- unsigned char* buffer,
- unsigned int buffer_length,
+uint64_t yr_get_entry_point_address(
+ uint8_t* buffer,
+ size_t buffer_length,
size_t base_address);
#endif
diff --git a/libyara/mem.c b/libyara/mem.c
index 2d80ee3..3193f0b 100644
--- a/libyara/mem.c
+++ b/libyara/mem.c
@@ -25,26 +25,31 @@ void yr_heap_alloc()
hHeap = HeapCreate(0, 0x8000, 0);
}
+
void yr_heap_free()
{
HeapDestroy(hHeap);
}
+
void* yr_malloc(size_t size)
{
return (void*) HeapAlloc(hHeap, HEAP_ZERO_MEMORY, size);
}
+
void* yr_realloc(void* ptr, size_t size)
{
return (void*) HeapReAlloc(hHeap, HEAP_ZERO_MEMORY, ptr, size);
}
+
void yr_free(void* ptr)
{
HeapFree(hHeap, 0, ptr);
}
+
char* yr_strdup(const char *s)
{
size_t len;
@@ -71,12 +76,14 @@ void yr_heap_alloc()
return;
}
+
void yr_heap_free()
{
printf("malloc count: %d\n", count);
return;
}
+
void* yr_malloc(size_t size)
{
void* result;
@@ -86,6 +93,7 @@ void* yr_malloc(size_t size)
return result;
}
+
void* yr_realloc(void* ptr, size_t size)
{
void* result;
@@ -94,6 +102,7 @@ void* yr_realloc(void* ptr, size_t size)
return result;
}
+
void yr_free(void *ptr)
{
count--;
@@ -101,6 +110,7 @@ void yr_free(void *ptr)
free(ptr);
}
+
char* yr_strdup(const char *str)
{
void* result;
diff --git a/libyara/rules.c b/libyara/rules.c
index 5bd74f2..ff32b60 100644
--- a/libyara/rules.c
+++ b/libyara/rules.c
@@ -30,14 +30,14 @@ int _yr_scan_compare(
uint8_t* str2,
int len)
{
- uint8_t* s1 = str1;
- uint8_t* s2 = str2;
- int i = 0;
+ uint8_t* s1 = str1;
+ uint8_t* s2 = str2;
+ int i = 0;
- while (i < len && *s1++ == *s2++)
- i++;
+ while (i < len && *s1++ == *s2++)
+ i++;
- return ((i == len) ? i : 0);
+ return ((i == len) ? i : 0);
}
@@ -46,14 +46,14 @@ int _yr_scan_icompare(
uint8_t* str2,
int len)
{
- uint8_t* s1 = str1;
- uint8_t* s2 = str2;
- int i = 0;
+ uint8_t* s1 = str1;
+ uint8_t* s2 = str2;
+ int i = 0;
- while (i < len && lowercase[*s1++] == lowercase[*s2++])
- i++;
+ while (i < len && lowercase[*s1++] == lowercase[*s2++])
+ i++;
- return ((i == len) ? i : 0);
+ return ((i == len) ? i : 0);
}
@@ -523,6 +523,7 @@ void yr_rules_free_matches(
while (!RULE_IS_NULL(rule))
{
+ rule->flags &= ~RULE_FLAGS_MATCH;
string = rule->strings;
while (!STRING_IS_NULL(string))
diff --git a/libyara/yara.h b/libyara/yara.h
index f3a3b93..6124404 100644
--- a/libyara/yara.h
+++ b/libyara/yara.h
@@ -106,7 +106,7 @@ limitations under the License.
#define META_TYPE_BOOLEAN 3
#define META_IS_NULL(x) \
- ((x) == NULL || ((x)->type) == META_TYPE_NULL)
+ ((x) != NULL ? (x)->type == META_TYPE_NULL : TRUE)
#define EXTERNAL_VARIABLE_TYPE_NULL 0
#define EXTERNAL_VARIABLE_TYPE_ANY 1
@@ -115,7 +115,7 @@ limitations under the License.
#define EXTERNAL_VARIABLE_TYPE_BOOLEAN 4
#define EXTERNAL_VARIABLE_IS_NULL(x) \
- ((x) == NULL || ((x)->type) == EXTERNAL_VARIABLE_TYPE_NULL)
+ ((x) != NULL ? (x)->type == EXTERNAL_VARIABLE_TYPE_NULL : TRUE)
#define CALLBACK_CONTINUE 0
#define CALLBACK_ABORT 1
diff --git a/yara-python/yara-python.c b/yara-python/yara-python.c
index b0d67cd..3670ffa 100644
--- a/yara-python/yara-python.c
+++ b/yara-python/yara-python.c
@@ -1004,7 +1004,6 @@ static PyObject * yara_compile(
PyExc_TypeError,
"keys and values of the 'sources' dictionary must be "
"of string type");
- break;
}
}
}
@@ -1040,6 +1039,7 @@ static PyObject * yara_compile(
else
{
result = PyErr_SetFromErrno(YaraError);
+ break;
}
}
else
@@ -1048,7 +1048,6 @@ static PyObject * yara_compile(
PyExc_TypeError,
"keys and values of the filepaths dictionary must be of "
"string type");
- break;
}
}
}
@@ -1066,7 +1065,7 @@ static PyObject * yara_compile(
"compile() takes 1 argument");
}
- if (result == NULL)
+ if (PyErr_Occurred() == NULL)
{
if (compile_result > 0)
{
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list