[Forensics-changes] [yara] 394/415: Fix bug causing strings with unbounded jumps not working properly with "x of them" condition

[Hilko Bengen]

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to branch debian
in repository yara.

commit cc118c479c8d613716bc8389e368129c008cede6
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Fri Feb 7 12:33:56 2014 +0100

    Fix bug causing strings with unbounded jumps not working properly with "x of them" condition
---
 libyara/parser.c     | 40 +++++++++++++++++++++++-----------------
 yara-python/tests.py |  4 ++++
 2 files changed, 27 insertions(+), 17 deletions(-)

diff --git a/libyara/parser.c b/libyara/parser.c
index 595ab4b..6ac72ed 100644
--- a/libyara/parser.c
+++ b/libyara/parser.c
@@ -111,27 +111,33 @@ void yr_parser_emit_pushes_for_strings(
 
   while(!STRING_IS_NULL(string))
   {
-    string_identifier = string->identifier;
-    target_identifier = identifier;
+    // Don't generate pushes for strings chained to another one, we are
+    // only interested in non-chained strings or the head of the chain.
 
-    while (*target_identifier != '\0' &&
-           *string_identifier != '\0' &&
-           *target_identifier == *string_identifier)
+    if (string->chained_to == NULL)
     {
-      target_identifier++;
-      string_identifier++;
-    }
+      string_identifier = string->identifier;
+      target_identifier = identifier;
 
-    if ((*target_identifier == '\0' && *string_identifier == '\0') ||
-         *target_identifier == '*')
-    {
-      yr_parser_emit_with_arg_reloc(
-          yyscanner,
-          PUSH,
-          PTR_TO_UINT64(string),
-          NULL);
+      while (*target_identifier != '\0' &&
+             *string_identifier != '\0' &&
+             *target_identifier == *string_identifier)
+      {
+        target_identifier++;
+        string_identifier++;
+      }
 
-      string->g_flags |= STRING_GFLAGS_REFERENCED;
+      if ((*target_identifier == '\0' && *string_identifier == '\0') ||
+           *target_identifier == '*')
+      {
+        yr_parser_emit_with_arg_reloc(
+            yyscanner,
+            PUSH,
+            PTR_TO_UINT64(string),
+            NULL);
+
+        string->g_flags |= STRING_GFLAGS_REFERENCED;
+      }
     }
 
     string = yr_arena_next_address(
diff --git a/yara-python/tests.py b/yara-python/tests.py
index 05a9378..a81beb1 100644
--- a/yara-python/tests.py
+++ b/yara-python/tests.py
@@ -393,6 +393,10 @@ class TestYara(unittest.TestCase):
           'rule test { strings: $a = { 31 32 [0-3] 34 35 [1-] 38 39 } condition: $a }',
         ], '123456789')
 
+        self.assertTrueRules([
+          'rule test { strings: $a = { 31 32 [-] 38 39 } condition: all of them }',
+        ], '123456789')
+
         self.assertFalseRules([
           'rule test { strings: $a = { 31 32 [-] 32 33 } condition: $a }',
           'rule test { strings: $a = { 35 36 [-] 31 32 } condition: $a }',

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git