[Forensics-changes] [yara] 250/415: Fix bug in fullword matches due to an incorrect typecast
Hilko Bengen
bengen at moszumanska.debian.org
Thu Apr 3 05:43:11 UTC 2014
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch debian
in repository yara.
commit 8a0fa9ead7ad5520fb65566268e6acaca7ec96a5
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Mon Nov 25 17:01:11 2013 +0100
Fix bug in fullword matches due to an incorrect typecast
---
libyara/scan.c | 368 ++++++++++++++++++++++++++++-----------------------------
1 file changed, 184 insertions(+), 184 deletions(-)
diff --git a/libyara/scan.c b/libyara/scan.c
index 6afc766..deda8d7 100644
--- a/libyara/scan.c
+++ b/libyara/scan.c
@@ -75,17 +75,17 @@ int inline compare(char* str1, char* str2, int len)
result += c;
} while(c == 16);
-
+
return ((result==len) ? result : 0);
}
int inline icompare(char* str1, char* str2, int len)
-{
+{
__m128i s1, s2, ranges, zeroes, deltas, mask;
int c, result = 0;
- ranges = _mm_loadu_si128((const __m128i*) sranges);
+ ranges = _mm_loadu_si128((const __m128i*) sranges);
deltas = _mm_loadu_si128((const __m128i*) sdeltas);
zeroes = _mm_loadu_si128((const __m128i*) szeroes);
@@ -95,20 +95,20 @@ int inline icompare(char* str1, char* str2, int len)
s2 = _mm_lddqu_si128((const __m128i*) str2);
// producing mask, 0xFF for lowercases, 0x00 for the rest
- mask = _mm_cmpestrm(ranges, 2, s1, len - result, _SIDD_CMP_RANGES | _SIDD_UNIT_MASK);
-
+ mask = _mm_cmpestrm(ranges, 2, s1, len - result, _SIDD_CMP_RANGES | _SIDD_UNIT_MASK);
+
// producing mask, 0x20 for lowercases, 0x00 for the rest
- mask = _mm_blendv_epi8(zeroes, deltas, mask);
+ mask = _mm_blendv_epi8(zeroes, deltas, mask);
- s1 = _mm_sub_epi8(s1, mask);
+ s1 = _mm_sub_epi8(s1, mask);
// producing mask, 0xFF for lowercases, 0x00 for the rest
- mask = _mm_cmpestrm(ranges, 2, s2, 16, _SIDD_CMP_RANGES | _SIDD_UNIT_MASK);
-
+ mask = _mm_cmpestrm(ranges, 2, s2, 16, _SIDD_CMP_RANGES | _SIDD_UNIT_MASK);
+
// producing mask, 0x20 for lowercases, 0x00 for the rest
mask = _mm_blendv_epi8(zeroes, deltas, mask);
- s2 = _mm_sub_epi8(s2, mask);
+ s2 = _mm_sub_epi8(s2, mask);
c = _mm_cmpestri(s1, len - result, s2, 16, _SIDD_CMP_EQUAL_EACH | _SIDD_MASKED_NEGATIVE_POLARITY);
@@ -118,7 +118,7 @@ int inline icompare(char* str1, char* str2, int len)
result += c;
} while(c == 16);
-
+
return ((result==len) ? result : 0);
}
@@ -130,8 +130,8 @@ inline int compare(char* str1, char* str2, int len)
char* s1 = str1;
char* s2 = str2;
int i = 0;
-
- while (i < len && *s1++ == *s2++)
+
+ while (i < len && *s1++ == *s2++)
{
i++;
}
@@ -144,12 +144,12 @@ inline int icompare(char* str1, char* str2, int len)
char* s1 = str1;
char* s2 = str2;
int i = 0;
-
- while (i < len && lowercase[*s1++] == lowercase[*s2++])
+
+ while (i < len && lowercase[*s1++] == lowercase[*s2++])
{
i++;
}
-
+
return ((i==len) ? i : 0);
}
@@ -164,13 +164,13 @@ inline int wcompare(char* str1, char* str2, int len)
char* s2 = str2;
int i = 0;
- while (i < len && *s1 == *s2)
+ while (i < len && *s1 == *s2)
{
s1++;
s2+=2;
i++;
}
-
+
return ((i==len) ? i * 2 : 0);
}
@@ -180,18 +180,18 @@ inline int wicompare(char* str1, char* str2, int len)
char* s2 = str2;
int i = 0;
- while (i < len && lowercase[*s1] == lowercase[*s2])
+ while (i < len && lowercase[*s1] == lowercase[*s2])
{
s1++;
s2+=2;
i++;
}
-
+
return ((i==len) ? i * 2 : 0);
}
-
+
int hex_match(unsigned char* buffer, size_t buffer_size, unsigned char* pattern, int pattern_length, unsigned char* mask)
{
size_t b,p,m;
@@ -202,13 +202,13 @@ int hex_match(unsigned char* buffer, size_t buffer_size, unsigned char* pattern,
int longest_match;
int matches;
int i, tmp, tmp_b;
-
+
b = 0;
p = 0;
m = 0;
-
- matches = 0;
-
+
+ matches = 0;
+
while (b < (size_t) buffer_size && p < (size_t) pattern_length)
{
if (mask[m] == MASK_EXACT_SKIP)
@@ -225,9 +225,9 @@ int hex_match(unsigned char* buffer, size_t buffer_size, unsigned char* pattern,
delta = mask[m++] - distance;
b += distance;
matches += distance;
-
+
i = 0;
-
+
while (i <= delta && b + i < buffer_size)
{
if ((buffer[b + i] & mask[m]) == pattern[p] || mask[m] == MASK_OR)
@@ -238,53 +238,53 @@ int hex_match(unsigned char* buffer, size_t buffer_size, unsigned char* pattern,
{
tmp = 0;
}
-
- if (tmp > 0)
+
+ if (tmp > 0)
return b + i + tmp;
-
- i++;
+
+ i++;
}
-
- break;
+
+ break;
}
else if (mask[m] == MASK_OR)
- {
+ {
longest_match = 0;
-
+
while (mask[m] != MASK_OR_END)
{
tmp_b = b;
match = TRUE;
match_length = 0;
m++;
-
- while (tmp_b < (size_t) buffer_size &&
- mask[m] != MASK_OR &&
+
+ while (tmp_b < (size_t) buffer_size &&
+ mask[m] != MASK_OR &&
mask[m] != MASK_OR_END)
{
if ((buffer[tmp_b] & mask[m]) != pattern[p])
{
match = FALSE;
}
-
+
if (match)
{
match_length++;
}
-
+
tmp_b++;
m++;
- p++;
+ p++;
}
-
+
if (match && match_length > longest_match)
{
longest_match = match_length;
- }
+ }
}
-
+
m++;
-
+
if (longest_match > 0)
{
b += longest_match;
@@ -295,9 +295,9 @@ int hex_match(unsigned char* buffer, size_t buffer_size, unsigned char* pattern,
matches = 0;
break;
}
-
+
}
- else if ((buffer[b] & mask[m]) == pattern[p])
+ else if ((buffer[b] & mask[m]) == pattern[p])
{
b++;
m++;
@@ -310,20 +310,20 @@ int hex_match(unsigned char* buffer, size_t buffer_size, unsigned char* pattern,
break;
}
}
-
+
if (p < (size_t) pattern_length) /* did not reach the end of pattern because buffer was too small */
{
matches = 0;
}
-
+
return matches;
}
int regexp_match(unsigned char* buffer, size_t buffer_size, unsigned char* pattern, int pattern_length, REGEXP re, int file_beginning)
{
int result = 0;
-
- // if we are not at the beginning of the file, and
+
+ // if we are not at the beginning of the file, and
// the pattern begins with ^, the string doesn't match
if (file_beginning && pattern[0] == '^')
{
@@ -334,7 +334,7 @@ int regexp_match(unsigned char* buffer, size_t buffer_size, unsigned char* patte
if (result >= 0)
return result;
- else
+ else
return 0;
}
@@ -343,18 +343,18 @@ int populate_hash_table(HASH_TABLE* hash_table, RULE_LIST* rule_list)
RULE* rule;
STRING* string;
STRING_LIST_ENTRY* entry;
-
+
unsigned char first[256];
unsigned char second[2];
-
+
unsigned char f;
unsigned char s;
-
+
int fcount;
int scount;
-
+
int i, j;
-
+
for (i = 0; i < 256; i++)
{
lowercase[i] = tolower(i);
@@ -389,9 +389,9 @@ int populate_hash_table(HASH_TABLE* hash_table, RULE_LIST* rule_list)
isregexescapable['$'] = 1;
isregexescapable['|'] = 1;
isregexescapable['\\'] = 1;
-
+
rule = rule_list->head;
-
+
while (rule != NULL)
{
string = rule->string_list_head;
@@ -402,9 +402,9 @@ int populate_hash_table(HASH_TABLE* hash_table, RULE_LIST* rule_list)
scount = 0;
f = 0;
s = 0;
-
+
if (string->flags & STRING_FLAGS_REGEXP)
- {
+ {
int pos = 0;
if (string->string[0] == '^')
@@ -432,7 +432,7 @@ int populate_hash_table(HASH_TABLE* hash_table, RULE_LIST* rule_list)
}
}
}
-
+
if (f && string->length > pos)
{
// Get second character for hash map.
@@ -458,49 +458,49 @@ int populate_hash_table(HASH_TABLE* hash_table, RULE_LIST* rule_list)
if (f)
{
first[fcount++] = f;
-
+
if (string->flags & STRING_FLAGS_NO_CASE)
first[fcount++] = altercase[f];
-
+
if (s)
{
second[scount++] = s;
-
+
if (string->flags & STRING_FLAGS_NO_CASE)
second[scount++] = altercase[s];
}
}
-
+
if (fcount == 0)
{
fcount += regex_get_first_bytes(&(string->re), first);
}
-
+
}
else if (string->flags & STRING_FLAGS_HEXADECIMAL)
{
- if (string->mask[0] == 0xFF)
+ if (string->mask[0] == 0xFF)
first[fcount++] = string->string[0];
-
+
if (string->mask[1] == 0xFF)
second[scount++] = string->string[1];
}
- else
+ else
{
first[fcount++] = string->string[0];
-
+
if (string->length > 1)
second[scount++] = string->string[1];
-
+
if (string->flags & STRING_FLAGS_NO_CASE)
{
first[fcount++] = altercase[string->string[0]];
-
+
if (string->length > 1)
second[scount++] = altercase[string->string[1]];
}
}
-
+
for (i = 0; i < fcount; i++)
{
for (j = 0; j < scount; j++)
@@ -509,13 +509,13 @@ int populate_hash_table(HASH_TABLE* hash_table, RULE_LIST* rule_list)
if (entry == NULL)
return ERROR_INSUFICIENT_MEMORY;
-
+
entry->next = hash_table->hashed_strings_2b[first[i]][second[j]];
entry->string = string;
hash_table->hashed_strings_2b[first[i]][second[j]] = entry;
-
+
}
-
+
if (scount == 0)
{
entry = (STRING_LIST_ENTRY*) yr_malloc(sizeof(STRING_LIST_ENTRY));
@@ -528,7 +528,7 @@ int populate_hash_table(HASH_TABLE* hash_table, RULE_LIST* rule_list)
hash_table->hashed_strings_1b[first[i]] = entry;
}
}
-
+
if (fcount == 0)
{
entry = (STRING_LIST_ENTRY*) yr_malloc(sizeof(STRING_LIST_ENTRY));
@@ -537,18 +537,18 @@ int populate_hash_table(HASH_TABLE* hash_table, RULE_LIST* rule_list)
return ERROR_INSUFICIENT_MEMORY;
entry->next = hash_table->non_hashed_strings;
- entry->string = string;
+ entry->string = string;
hash_table->non_hashed_strings = entry;
}
-
+
string = string->next;
}
-
+
rule = rule->next;
}
-
+
hash_table->populated = TRUE;
-
+
return ERROR_SUCCESS;
}
@@ -556,47 +556,47 @@ int populate_hash_table(HASH_TABLE* hash_table, RULE_LIST* rule_list)
void clear_hash_table(HASH_TABLE* hash_table)
{
int i,j;
-
+
STRING_LIST_ENTRY* next_entry;
STRING_LIST_ENTRY* entry;
for (i = 0; i < 256; i++)
{
entry = hash_table->hashed_strings_1b[i];
-
+
while (entry != NULL)
{
next_entry = entry->next;
yr_free(entry);
entry = next_entry;
}
-
+
hash_table->hashed_strings_1b[i] = NULL;
-
+
for (j = 0; j < 256; j++)
{
entry = hash_table->hashed_strings_2b[i][j];
-
+
while (entry != NULL)
{
next_entry = entry->next;
yr_free(entry);
entry = next_entry;
}
-
+
hash_table->hashed_strings_2b[i][j] = NULL;
}
}
-
+
entry = hash_table->non_hashed_strings;
-
+
while (entry != NULL)
{
next_entry = entry->next;
yr_free(entry);
entry = next_entry;
}
-
+
hash_table->non_hashed_strings = NULL;
}
@@ -606,20 +606,20 @@ void clear_marks(RULE_LIST* rule_list)
STRING* string;
MATCH* match;
MATCH* next_match;
-
+
rule = rule_list->head;
-
+
while (rule != NULL)
- {
+ {
rule->flags &= ~RULE_FLAGS_MATCH;
string = rule->string_list_head;
-
+
while (string != NULL)
{
string->flags &= ~STRING_FLAGS_FOUND; /* clear found mark */
-
+
match = string->matches_head;
-
+
while (match != NULL)
{
next_match = match->next;
@@ -627,12 +627,12 @@ void clear_marks(RULE_LIST* rule_list)
yr_free(match);
match = next_match;
}
-
+
string->matches_head = NULL;
string->matches_tail = NULL;
string = string->next;
}
-
+
rule = rule->next;
}
}
@@ -642,159 +642,159 @@ inline int string_match(unsigned char* buffer, size_t buffer_size, STRING* strin
int match;
int i, len;
int is_wide_char;
-
+
unsigned char tmp_buffer[512];
unsigned char* tmp;
-
+
if (IS_HEX(string))
{
return hex_match(buffer, buffer_size, string->string, string->length, string->mask);
}
- else if (IS_REGEXP(string))
+ else if (IS_REGEXP(string))
{
if (IS_WIDE(string))
{
i = 0;
-
- while( i < buffer_size - 1 &&
- buffer[i] >= 32 && // buffer[i] is a ...
+
+ while( i < buffer_size - 1 &&
+ buffer[i] >= 32 && // buffer[i] is a ...
buffer[i] <= 126 && // ... printable character
buffer[i + 1] == 0)
{
i += 2;
}
-
+
len = i/2;
-
+
if (len > sizeof(tmp_buffer))
{
tmp = yr_malloc(len);
}
- else
+ else
{
tmp = tmp_buffer;
}
-
+
i = 0;
-
+
if (tmp != NULL)
- {
+ {
while(i < len)
{
tmp[i] = buffer[i*2];
i++;
}
-
+
match = regexp_match(tmp, len, string->string, string->length, string->re, (negative_size > 2));
-
+
if (len > sizeof(tmp_buffer))
{
- yr_free(tmp);
- }
-
+ yr_free(tmp);
+ }
+
return match * 2;
}
-
+
}
else
{
- return regexp_match(buffer, buffer_size, string->string, string->length, string->re, negative_size);
+ return regexp_match(buffer, buffer_size, string->string, string->length, string->re, negative_size);
}
}
-
+
if ((flags & STRING_FLAGS_WIDE) && IS_WIDE(string) && string->length * 2 <= buffer_size)
- {
+ {
if(IS_NO_CASE(string))
{
- match = wicompare((char*) string->string, (char*) buffer, string->length);
+ match = wicompare((char*) string->string, (char*) buffer, string->length);
}
else
{
- match = wcompare((char*) string->string, (char*) buffer, string->length);
+ match = wcompare((char*) string->string, (char*) buffer, string->length);
}
-
+
if (match > 0 && IS_FULL_WORD(string))
{
if (negative_size >= 2)
{
- is_wide_char = (buffer[-1] == 0 && isalphanum[(char) (buffer[-2])]);
-
+ is_wide_char = (buffer[-1] == 0 && isalphanum[(buffer[-2])]);
+
if (is_wide_char)
{
match = 0;
}
}
-
+
if (string->length * 2 < buffer_size - 1)
{
- is_wide_char = (isalphanum[(char) (buffer[string->length * 2])] && buffer[string->length * 2 + 1] == 0);
-
+ is_wide_char = (isalphanum[(buffer[string->length * 2])] && buffer[string->length * 2 + 1] == 0);
+
if (is_wide_char)
{
match = 0;
}
}
- }
-
+ }
+
if (match > 0)
return match;
}
-
+
if ((flags & STRING_FLAGS_ASCII) && IS_ASCII(string) && string->length <= buffer_size)
- {
+ {
if(IS_NO_CASE(string))
{
- match = icompare((char*) string->string, (char*) buffer, string->length);
+ match = icompare((char*) string->string, (char*) buffer, string->length);
}
else
{
- match = compare((char*) string->string, (char*) buffer, string->length);
+ match = compare((char*) string->string, (char*) buffer, string->length);
}
-
+
if (match > 0 && IS_FULL_WORD(string))
{
- if (negative_size >= 1 && isalphanum[(char) (buffer[-1])])
+ if (negative_size >= 1 && isalphanum[(buffer[-1])])
{
match = 0;
}
- else if (string->length < buffer_size && isalphanum[(char) (buffer[string->length])])
+ else if (string->length < buffer_size && isalphanum[(buffer[string->length])])
{
match = 0;
}
}
-
+
return match;
}
-
+
return 0;
}
-inline int find_matches_for_strings( STRING_LIST_ENTRY* first_string,
- unsigned char* buffer,
+inline int find_matches_for_strings( STRING_LIST_ENTRY* first_string,
+ unsigned char* buffer,
size_t buffer_size,
size_t current_offset,
- int flags,
+ int flags,
int negative_size)
{
int len;
-
+
STRING* string;
MATCH* match;
STRING_LIST_ENTRY* entry = first_string;
-
+
while (entry != NULL)
- {
+ {
string = entry->string;
entry = entry->next;
-
+
if ((string->flags & STRING_FLAGS_FOUND) && (string->flags & STRING_FLAGS_FAST_MATCH))
{
continue;
}
-
+
if ((string->flags & flags) && (len = string_match(buffer, buffer_size, string, flags, negative_size)))
- {
+ {
string->flags |= STRING_FLAGS_FOUND;
match = (MATCH*) yr_malloc(sizeof(MATCH));
match->data = (unsigned char*) yr_malloc(len);
@@ -804,77 +804,77 @@ inline int find_matches_for_strings( STRING_LIST_ENTRY* first_string,
match->offset = current_offset;
match->length = len;
match->next = NULL;
-
- memcpy(match->data, buffer, len);
-
+
+ memcpy(match->data, buffer, len);
+
if (string->matches_head == NULL)
{
string->matches_head = match;
}
-
+
if (string->matches_tail != NULL)
{
string->matches_tail->next = match;
}
-
+
string->matches_tail = match;
}
else
{
- if (match != NULL)
+ if (match != NULL)
yr_free(match);
-
+
return ERROR_INSUFICIENT_MEMORY;
}
- }
+ }
}
-
+
return ERROR_SUCCESS;
}
-int find_matches( unsigned char first_char,
- unsigned char second_char,
- unsigned char* buffer,
- size_t buffer_size,
+int find_matches( unsigned char first_char,
+ unsigned char second_char,
+ unsigned char* buffer,
+ size_t buffer_size,
size_t current_offset,
int flags,
- int negative_size,
+ int negative_size,
YARA_CONTEXT* context)
{
-
+
int result = ERROR_SUCCESS;
-
+
if (context->hash_table.hashed_strings_2b[first_char][second_char] != NULL)
{
- result = find_matches_for_strings( context->hash_table.hashed_strings_2b[first_char][second_char],
- buffer,
- buffer_size,
- current_offset,
- flags,
+ result = find_matches_for_strings( context->hash_table.hashed_strings_2b[first_char][second_char],
+ buffer,
+ buffer_size,
+ current_offset,
+ flags,
negative_size);
}
-
-
+
+
if (result == ERROR_SUCCESS && context->hash_table.hashed_strings_1b[first_char] != NULL)
{
- result = find_matches_for_strings( context->hash_table.hashed_strings_1b[first_char],
- buffer,
- buffer_size,
- current_offset,
- flags,
+ result = find_matches_for_strings( context->hash_table.hashed_strings_1b[first_char],
+ buffer,
+ buffer_size,
+ current_offset,
+ flags,
negative_size);
}
-
+
if (result == ERROR_SUCCESS && context->hash_table.non_hashed_strings != NULL)
{
- result = find_matches_for_strings( context->hash_table.non_hashed_strings,
- buffer,
- buffer_size,
- current_offset,
- flags,
+ result = find_matches_for_strings( context->hash_table.non_hashed_strings,
+ buffer,
+ buffer_size,
+ current_offset,
+ flags,
negative_size);
}
-
+
return result;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list