[Forensics-changes] [yara] 404/415: Fix possible null pointer dereferences
Hilko Bengen
bengen at moszumanska.debian.org
Thu Apr 3 05:43:29 UTC 2014
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch debian
in repository yara.
commit 7bef5aa0713279aa071ec21a129a2e4e9f3cccff
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Tue Feb 25 11:23:31 2014 +0100
Fix possible null pointer dereferences
---
libyara/compiler.c | 10 ++++--
libyara/hash.c | 12 +++++++
libyara/lexer.c | 91 +++++++++++++++++++++++++++++++++++++-----------------
libyara/lexer.l | 35 +++++++++++++++++++++
libyara/mem.c | 13 +++++---
5 files changed, 126 insertions(+), 35 deletions(-)
diff --git a/libyara/compiler.c b/libyara/compiler.c
index 56663fc..bcfe781 100644
--- a/libyara/compiler.c
+++ b/libyara/compiler.c
@@ -182,6 +182,7 @@ int yr_compiler_push_file_name(
YR_COMPILER* compiler,
const char* file_name)
{
+ char* str;
int i;
for (i = 0; i < compiler->file_name_stack_ptr; i++)
@@ -195,9 +196,14 @@ int yr_compiler_push_file_name(
if (compiler->file_name_stack_ptr < MAX_INCLUDE_DEPTH)
{
- compiler->file_name_stack[compiler->file_name_stack_ptr] = yr_strdup(
- file_name);
+ str = yr_strdup(file_name);
+
+ if (str == NULL)
+ return ERROR_INSUFICIENT_MEMORY;
+
+ compiler->file_name_stack[compiler->file_name_stack_ptr] = str;
compiler->file_name_stack_ptr++;
+
return ERROR_SUCCESS;
}
else
diff --git a/libyara/hash.c b/libyara/hash.c
index 0b47c3f..92a76b3 100644
--- a/libyara/hash.c
+++ b/libyara/hash.c
@@ -190,9 +190,21 @@ int yr_hash_table_add(
}
if (ns != NULL)
+ {
entry->ns = yr_strdup(ns);
+
+ if (entry->ns == NULL)
+ {
+ yr_free(entry->key);
+ yr_free(entry);
+
+ return ERROR_INSUFICIENT_MEMORY;
+ }
+ }
else
+ {
entry->ns = NULL;
+ }
entry->value = value;
bucket_index = hash(0, (uint8_t*) key, strlen(key));
diff --git a/libyara/lexer.c b/libyara/lexer.c
index 1d7c1b7..87961ff 100644
--- a/libyara/lexer.c
+++ b/libyara/lexer.c
@@ -621,7 +621,7 @@ static yyconst flex_int32_t yy_rule_can_match_eol[79] =
#define YY_RESTORE_YY_MORE_OFFSET
#line 1 "lexer.l"
/*
-Copyright (c) 2007. Victor M. Alvarez [plusvic at gmail.com].
+Copyright (c) 2007-2013. The YARA Authors. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -1412,41 +1412,69 @@ YY_RULE_SETUP
{
yylval->c_string = yr_strdup(yytext);
+
+ if (yylval->c_string == NULL)
+ {
+ yyerror(yyscanner, "not enough memory");
+ yyterminate();
+ }
+
return _STRING_IDENTIFIER_WITH_WILDCARD_;
}
YY_BREAK
case 54:
YY_RULE_SETUP
-#line 278 "lexer.l"
+#line 285 "lexer.l"
{
yylval->c_string = yr_strdup(yytext);
+
+ if (yylval->c_string == NULL)
+ {
+ yyerror(yyscanner, "not enough memory");
+ yyterminate();
+ }
+
return _STRING_IDENTIFIER_;
}
YY_BREAK
case 55:
YY_RULE_SETUP
-#line 285 "lexer.l"
+#line 299 "lexer.l"
{
yylval->c_string = yr_strdup(yytext);
+
+ if (yylval->c_string == NULL)
+ {
+ yyerror(yyscanner, "not enough memory");
+ yyterminate();
+ }
+
yylval->c_string[0] = '$'; /* replace # by $*/
return _STRING_COUNT_;
}
YY_BREAK
case 56:
YY_RULE_SETUP
-#line 293 "lexer.l"
+#line 314 "lexer.l"
{
yylval->c_string = yr_strdup(yytext);
+
+ if (yylval->c_string == NULL)
+ {
+ yyerror(yyscanner, "not enough memory");
+ yyterminate();
+ }
+
yylval->c_string[0] = '$'; /* replace @ by $*/
return _STRING_OFFSET_;
}
YY_BREAK
case 57:
YY_RULE_SETUP
-#line 301 "lexer.l"
+#line 329 "lexer.l"
{
if (strlen(yytext) > 128)
@@ -1455,12 +1483,19 @@ YY_RULE_SETUP
}
yylval->c_string = yr_strdup(yytext);
+
+ if (yylval->c_string == NULL)
+ {
+ yyerror(yyscanner, "not enough memory");
+ yyterminate();
+ }
+
return _IDENTIFIER_;
}
YY_BREAK
case 58:
YY_RULE_SETUP
-#line 313 "lexer.l"
+#line 348 "lexer.l"
{
yylval->integer = (size_t) atol(yytext);
@@ -1478,7 +1513,7 @@ YY_RULE_SETUP
YY_BREAK
case 59:
YY_RULE_SETUP
-#line 329 "lexer.l"
+#line 364 "lexer.l"
{
yylval->integer = xtoi(yytext + 2);
@@ -1487,7 +1522,7 @@ YY_RULE_SETUP
YY_BREAK
case 60:
YY_RULE_SETUP
-#line 336 "lexer.l"
+#line 371 "lexer.l"
{ /* saw closing quote - all done */
SIZED_STRING* s;
@@ -1513,7 +1548,7 @@ YY_RULE_SETUP
YY_BREAK
case 61:
YY_RULE_SETUP
-#line 360 "lexer.l"
+#line 395 "lexer.l"
{
LEX_CHECK_SPACE_OK("\t", yyextra->lex_buf_len, LEX_BUF_SIZE);
@@ -1523,7 +1558,7 @@ YY_RULE_SETUP
YY_BREAK
case 62:
YY_RULE_SETUP
-#line 368 "lexer.l"
+#line 403 "lexer.l"
{
LEX_CHECK_SPACE_OK("\"", yyextra->lex_buf_len, LEX_BUF_SIZE);
@@ -1533,7 +1568,7 @@ YY_RULE_SETUP
YY_BREAK
case 63:
YY_RULE_SETUP
-#line 376 "lexer.l"
+#line 411 "lexer.l"
{
LEX_CHECK_SPACE_OK("\\", yyextra->lex_buf_len, LEX_BUF_SIZE);
@@ -1543,7 +1578,7 @@ YY_RULE_SETUP
YY_BREAK
case 64:
YY_RULE_SETUP
-#line 384 "lexer.l"
+#line 419 "lexer.l"
{
int result;
@@ -1556,13 +1591,13 @@ YY_RULE_SETUP
YY_BREAK
case 65:
YY_RULE_SETUP
-#line 395 "lexer.l"
+#line 430 "lexer.l"
{ YYTEXT_TO_BUFFER; }
YY_BREAK
case 66:
/* rule 66 can match eol */
YY_RULE_SETUP
-#line 398 "lexer.l"
+#line 433 "lexer.l"
{
yyerror(yyscanner, "unterminated string");
@@ -1572,7 +1607,7 @@ YY_RULE_SETUP
case 67:
/* rule 67 can match eol */
YY_RULE_SETUP
-#line 404 "lexer.l"
+#line 439 "lexer.l"
{
yyerror(yyscanner, "illegal escape sequence");
@@ -1580,7 +1615,7 @@ YY_RULE_SETUP
YY_BREAK
case 68:
YY_RULE_SETUP
-#line 410 "lexer.l"
+#line 445 "lexer.l"
{
SIZED_STRING* s;
@@ -1613,7 +1648,7 @@ YY_RULE_SETUP
YY_BREAK
case 69:
YY_RULE_SETUP
-#line 441 "lexer.l"
+#line 476 "lexer.l"
{
LEX_CHECK_SPACE_OK("/", yyextra->lex_buf_len, LEX_BUF_SIZE);
@@ -1623,7 +1658,7 @@ YY_RULE_SETUP
YY_BREAK
case 70:
YY_RULE_SETUP
-#line 449 "lexer.l"
+#line 484 "lexer.l"
{
LEX_CHECK_SPACE_OK("\\.", yyextra->lex_buf_len, LEX_BUF_SIZE);
@@ -1634,13 +1669,13 @@ YY_RULE_SETUP
YY_BREAK
case 71:
YY_RULE_SETUP
-#line 458 "lexer.l"
+#line 493 "lexer.l"
{ YYTEXT_TO_BUFFER; }
YY_BREAK
case 72:
/* rule 72 can match eol */
YY_RULE_SETUP
-#line 461 "lexer.l"
+#line 496 "lexer.l"
{
yyerror(yyscanner, "unterminated regular expression");
@@ -1649,7 +1684,7 @@ YY_RULE_SETUP
YY_BREAK
case 73:
YY_RULE_SETUP
-#line 468 "lexer.l"
+#line 503 "lexer.l"
{
yyextra->lex_buf_ptr = yyextra->lex_buf;
@@ -1659,7 +1694,7 @@ YY_RULE_SETUP
YY_BREAK
case 74:
YY_RULE_SETUP
-#line 476 "lexer.l"
+#line 511 "lexer.l"
{
yyextra->lex_buf_ptr = yyextra->lex_buf;
@@ -1670,7 +1705,7 @@ YY_RULE_SETUP
case 75:
/* rule 75 can match eol */
YY_RULE_SETUP
-#line 484 "lexer.l"
+#line 519 "lexer.l"
{
int len = strlen(yytext);
@@ -1688,12 +1723,12 @@ YY_RULE_SETUP
case 76:
/* rule 76 can match eol */
YY_RULE_SETUP
-#line 499 "lexer.l"
+#line 534 "lexer.l"
/* skip whitespace */
YY_BREAK
case 77:
YY_RULE_SETUP
-#line 501 "lexer.l"
+#line 536 "lexer.l"
{
if (yytext[0] >= 32 && yytext[0] < 127)
@@ -1709,10 +1744,10 @@ YY_RULE_SETUP
YY_BREAK
case 78:
YY_RULE_SETUP
-#line 514 "lexer.l"
+#line 549 "lexer.l"
ECHO;
YY_BREAK
-#line 1716 "lexer.c"
+#line 1751 "lexer.c"
case YY_END_OF_BUFFER:
{
@@ -2845,7 +2880,7 @@ void yara_yyfree (void * ptr , yyscan_t yyscanner)
#define YYTABLES_NAME "yytables"
-#line 514 "lexer.l"
+#line 549 "lexer.l"
diff --git a/libyara/lexer.l b/libyara/lexer.l
index b6233ad..2e1acac 100644
--- a/libyara/lexer.l
+++ b/libyara/lexer.l
@@ -271,6 +271,13 @@ include[ \t]+\" {
$({letter}|{digit}|_)*"*" {
yylval->c_string = yr_strdup(yytext);
+
+ if (yylval->c_string == NULL)
+ {
+ yyerror(yyscanner, "not enough memory");
+ yyterminate();
+ }
+
return _STRING_IDENTIFIER_WITH_WILDCARD_;
}
@@ -278,6 +285,13 @@ $({letter}|{digit}|_)*"*" {
$({letter}|{digit}|_)* {
yylval->c_string = yr_strdup(yytext);
+
+ if (yylval->c_string == NULL)
+ {
+ yyerror(yyscanner, "not enough memory");
+ yyterminate();
+ }
+
return _STRING_IDENTIFIER_;
}
@@ -285,6 +299,13 @@ $({letter}|{digit}|_)* {
#({letter}|{digit}|_)* {
yylval->c_string = yr_strdup(yytext);
+
+ if (yylval->c_string == NULL)
+ {
+ yyerror(yyscanner, "not enough memory");
+ yyterminate();
+ }
+
yylval->c_string[0] = '$'; /* replace # by $*/
return _STRING_COUNT_;
}
@@ -293,6 +314,13 @@ $({letter}|{digit}|_)* {
@({letter}|{digit}|_)* {
yylval->c_string = yr_strdup(yytext);
+
+ if (yylval->c_string == NULL)
+ {
+ yyerror(yyscanner, "not enough memory");
+ yyterminate();
+ }
+
yylval->c_string[0] = '$'; /* replace @ by $*/
return _STRING_OFFSET_;
}
@@ -306,6 +334,13 @@ $({letter}|{digit}|_)* {
}
yylval->c_string = yr_strdup(yytext);
+
+ if (yylval->c_string == NULL)
+ {
+ yyerror(yyscanner, "not enough memory");
+ yyterminate();
+ }
+
return _IDENTIFIER_;
}
diff --git a/libyara/mem.c b/libyara/mem.c
index c902f8a..d4eaaf0 100644
--- a/libyara/mem.c
+++ b/libyara/mem.c
@@ -50,12 +50,15 @@ void yr_free(void* ptr)
}
-char* yr_strdup(const char *s)
+char* yr_strdup(const char *str)
{
- size_t len = strlen(s);
- char *r = yr_malloc(len + 1);
- strcpy(r, s);
- return r;
+ size_t len = strlen(str);
+ char *dup = yr_malloc(len + 1);
+
+ if (dup != NULL)
+ strcpy(dup, str);
+
+ return dup;
}
#else
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list