[Forensics-changes] [yara] 09/11: New upstream version 3.6.2+dfsg
Hilko Bengen
bengen at moszumanska.debian.org
Wed Jun 28 07:22:17 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch master
in repository yara.
commit 897476fcae7df230db33d12aefb0ad4975717899
Author: Hilko Bengen <bengen at debian.org>
Date: Wed Jun 28 09:10:10 2017 +0200
New upstream version 3.6.2+dfsg
---
README.md | 3 +-
configure.ac | 14 ++++-
libyara/Makefile.am | 2 +-
libyara/include/yara/libyara.h | 2 +-
libyara/include/yara/limits.h | 2 +-
libyara/modules/pe.c | 2 +-
libyara/re.c | 43 ++++++++-------
libyara/re_lexer.c | 118 ++++++++++++++++++++++-------------------
libyara/re_lexer.l | 46 +++++++++-------
libyara/scan.c | 3 ++
tests/test-rules.c | 3 ++
11 files changed, 140 insertions(+), 98 deletions(-)
diff --git a/README.md b/README.md
index 499541f..a88a07d 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ rule silent_banker : banker
{
meta:
description = "This is just an example"
- thread_level = 3
+ threat_level = 3
in_the_wild = true
strings:
@@ -91,6 +91,7 @@ helpful extension to YARA developed and open-sourced by Bayshore Networks.
* [Thug](https://github.com/buffer/thug)
* [Trend Micro](http://www.trendmicro.com)
* [VirusTotal Intelligence](https://www.virustotal.com/intelligence/)
+* [VMRay](https://www.vmray.com/)
* [We Watch Your Website](http://www.wewatchyourwebsite.com/)
* [Websense](http://www.websense.com)
* [x64dbg](http://x64dbg.com)
diff --git a/configure.ac b/configure.ac
index 85cefba..18fd276 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([yara], [3.6.1], [vmalvarez at virustotal.com])
+AC_INIT([yara], [3.6.2], [vmalvarez at virustotal.com])
AC_CONFIG_SRCDIR([yara.c])
@@ -85,6 +85,8 @@ AC_ARG_ENABLE([cuckoo],
[AS_HELP_STRING([--enable-cuckoo], [enable cuckoo module])],
[if test x$enableval = xyes; then
build_cuckoo_module=true
+ AC_CHECK_HEADERS([jansson.h],,
+ AC_MSG_ERROR([please install Jansson library]))
AC_CHECK_LIB(jansson, json_loadb,,
AC_MSG_ERROR([please install Jansson library]))
CFLAGS="$CFLAGS -DCUCKOO_MODULE"
@@ -94,6 +96,8 @@ AC_ARG_ENABLE([magic],
[AS_HELP_STRING([--enable-magic], [enable magic module])],
[if test x$enableval = xyes; then
build_magic_module=true
+ AC_CHECK_HEADERS([magic.h],,
+ AC_MSG_ERROR([please install libmagic library]))
AC_CHECK_LIB(magic, magic_open,,
AC_MSG_ERROR([please install libmagic library]))
CFLAGS="$CFLAGS -DMAGIC_MODULE"
@@ -112,6 +116,14 @@ AC_ARG_WITH([crypto],
AS_IF([test "x$with_crypto" != "xno"],
[
+ AC_CHECK_HEADERS([openssl/md5.h],, [have_crypto=no])
+ AC_CHECK_HEADERS([openssl/sha.h],, [have_crypto=no])
+ AC_CHECK_HEADERS([openssl/asn1.h],, [have_crypto=no])
+ AC_CHECK_HEADERS([openssl/crypto.h],, [have_crypto=no])
+ AC_CHECK_HEADERS([openssl/bio.h],, [have_crypto=no])
+ AC_CHECK_HEADERS([openssl/pkcs7.h],, [have_crypto=no])
+ AC_CHECK_HEADERS([openssl/x509.h],, [have_crypto=no])
+ AC_CHECK_HEADERS([openssl/safestack.h],, [have_crypto=no])
AC_CHECK_LIB(crypto, MD5_Init,, [have_crypto=no])
AC_CHECK_LIB(crypto, MD5_Update,, [have_crypto=no])
AC_CHECK_LIB(crypto, MD5_Final,, [have_crypto=no])
diff --git a/libyara/Makefile.am b/libyara/Makefile.am
index 6c747ec..638c364 100644
--- a/libyara/Makefile.am
+++ b/libyara/Makefile.am
@@ -82,7 +82,7 @@ yarainclude_HEADERS = \
lib_LTLIBRARIES = libyara.la
-libyara_la_LDFLAGS = -version-number 3:6:1
+libyara_la_LDFLAGS = -version-number 3:6:2
libyara_la_SOURCES = \
$(MODULES) \
diff --git a/libyara/include/yara/libyara.h b/libyara/include/yara/libyara.h
index c0b2d00..b2c3314 100644
--- a/libyara/include/yara/libyara.h
+++ b/libyara/include/yara/libyara.h
@@ -34,7 +34,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#define YR_MAJOR_VERSION 3
#define YR_MINOR_VERSION 6
-#define YR_MICRO_VERSION 1
+#define YR_MICRO_VERSION 2
#define version_str(s) _version_str(s)
#define _version_str(s) #s
diff --git a/libyara/include/yara/limits.h b/libyara/include/yara/limits.h
index ae4d1ac..5bcaa9c 100644
--- a/libyara/include/yara/limits.h
+++ b/libyara/include/yara/limits.h
@@ -83,6 +83,6 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#define RE_MAX_FIBERS 1024
// Maximum number of levels in regexp's AST
-#define RE_MAX_AST_LEVELS 2000
+#define RE_MAX_AST_LEVELS 6000
#endif
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 93719c0..0c2fe8e 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -41,7 +41,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#include <openssl/bio.h>
#include <openssl/pkcs7.h>
#include <openssl/x509.h>
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#define X509_get_signature_nid(o) OBJ_obj2nid((o)->sig_alg->algorithm)
#endif
#endif
diff --git a/libyara/re.c b/libyara/re.c
index 959979b..6a98431 100644
--- a/libyara/re.c
+++ b/libyara/re.c
@@ -1421,7 +1421,6 @@ int _yr_re_fiber_exists(
int equal_stacks;
int i;
-
if (last_fiber == NULL)
return FALSE;
@@ -1618,20 +1617,18 @@ int _yr_re_fiber_sync(
RE_FIBER* fiber;
RE_FIBER* last;
- RE_FIBER* prev;
RE_FIBER* next;
RE_FIBER* branch_a;
RE_FIBER* branch_b;
fiber = fiber_to_sync;
- prev = fiber_to_sync->prev;
last = fiber_to_sync->next;
- while(fiber != last)
+ while (fiber != last)
{
uint8_t opcode = *fiber->ip;
- switch(opcode)
+ switch (opcode)
{
case RE_OPCODE_SPLIT_A:
case RE_OPCODE_SPLIT_B:
@@ -1803,10 +1800,7 @@ int _yr_re_fiber_sync(
break;
default:
- if (_yr_re_fiber_exists(fiber_list, fiber, prev))
- fiber = _yr_re_fiber_kill(fiber_list, fiber_pool, fiber);
- else
- fiber = fiber->next;
+ fiber = fiber->next;
}
}
@@ -1940,12 +1934,24 @@ int yr_re_exec(
{
fiber = fibers.head;
- while(fiber != NULL)
+ while (fiber != NULL)
+ {
+ next_fiber = fiber->next;
+
+ if (_yr_re_fiber_exists(&fibers, fiber, fiber->prev))
+ _yr_re_fiber_kill(&fibers, &storage->fiber_pool, fiber);
+
+ fiber = next_fiber;
+ }
+
+ fiber = fibers.head;
+
+ while (fiber != NULL)
{
ip = fiber->ip;
action = ACTION_NONE;
- switch(*ip)
+ switch (*ip)
{
case RE_OPCODE_ANY:
prolog;
@@ -2019,7 +2025,7 @@ int yr_re_exec(
prolog;
- switch(*input)
+ switch (*input)
{
case ' ':
case '\t':
@@ -2144,7 +2150,7 @@ int yr_re_exec(
assert(FALSE);
}
- switch(action)
+ switch (action)
{
case ACTION_KILL:
fiber = _yr_re_fiber_kill(&fibers, &storage->fiber_pool, fiber);
@@ -2244,7 +2250,7 @@ int yr_re_fast_exec(
bytes_matched = matches_stack[sp];
stop = FALSE;
- while(!stop)
+ while (!stop)
{
if (*ip == RE_OPCODE_MATCH)
{
@@ -2270,7 +2276,7 @@ int yr_re_fast_exec(
if (bytes_matched >= max_bytes_matched)
break;
- switch(*ip)
+ switch (*ip)
{
case RE_OPCODE_LITERAL:
@@ -2320,11 +2326,11 @@ int yr_re_fast_exec(
for (i = repeat_any_args->min + 1; i <= repeat_any_args->max; i++)
{
- next_input = input + i * input_incr;
-
if (bytes_matched + i >= max_bytes_matched)
break;
+ next_input = input + i * input_incr;
+
if ( *(next_opcode) != RE_OPCODE_LITERAL ||
(*(next_opcode) == RE_OPCODE_LITERAL &&
*(next_opcode + 1) == *next_input))
@@ -2341,6 +2347,7 @@ int yr_re_fast_exec(
input += input_incr * repeat_any_args->min;
bytes_matched += repeat_any_args->min;
+ bytes_matched = yr_min(bytes_matched, max_bytes_matched);
ip = next_opcode;
break;
@@ -2366,7 +2373,7 @@ void _yr_re_print_node(
if (re_node == NULL)
return;
- switch(re_node->type)
+ switch (re_node->type)
{
case RE_NODE_ALT:
printf("Alt(");
diff --git a/libyara/re_lexer.c b/libyara/re_lexer.c
index ca1d8ce..b223c44 100644
--- a/libyara/re_lexer.c
+++ b/libyara/re_lexer.c
@@ -573,8 +573,9 @@ static uint8_t word_chars[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
-uint8_t escaped_char_value(
- char* text);
+int escaped_char_value(
+ char* text,
+ uint8_t* value);
int read_escaped_char(
yyscan_t yyscanner,
@@ -582,7 +583,7 @@ int read_escaped_char(
#define YY_NO_UNISTD_H 1
-#line 586 "re_lexer.c"
+#line 587 "re_lexer.c"
#define INITIAL 0
#define char_class 1
@@ -856,10 +857,10 @@ YY_DECL
}
{
-#line 99 "re_lexer.l"
+#line 100 "re_lexer.l"
-#line 863 "re_lexer.c"
+#line 864 "re_lexer.c"
while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */
{
@@ -926,7 +927,7 @@ do_action: /* This label is used only to access EOF actions. */
case 1:
YY_RULE_SETUP
-#line 101 "re_lexer.l"
+#line 102 "re_lexer.l"
{
// Examples: {3,8} {0,5} {,5} {7,}
@@ -968,7 +969,7 @@ YY_RULE_SETUP
YY_BREAK
case 2:
YY_RULE_SETUP
-#line 141 "re_lexer.l"
+#line 142 "re_lexer.l"
{
// Example: {10}
@@ -994,7 +995,7 @@ YY_RULE_SETUP
YY_BREAK
case 3:
YY_RULE_SETUP
-#line 165 "re_lexer.l"
+#line 166 "re_lexer.l"
{
// Start of a negated character class. Example: [^abcd]
@@ -1006,7 +1007,7 @@ YY_RULE_SETUP
YY_BREAK
case 4:
YY_RULE_SETUP
-#line 174 "re_lexer.l"
+#line 175 "re_lexer.l"
{
// Start of character negated class containing a ].
@@ -1021,7 +1022,7 @@ YY_RULE_SETUP
YY_BREAK
case 5:
YY_RULE_SETUP
-#line 187 "re_lexer.l"
+#line 188 "re_lexer.l"
{
// Start of character class containing a ].
@@ -1036,7 +1037,7 @@ YY_RULE_SETUP
YY_BREAK
case 6:
YY_RULE_SETUP
-#line 200 "re_lexer.l"
+#line 201 "re_lexer.l"
{
// Start of character class. Example: [abcd]
@@ -1049,7 +1050,7 @@ YY_RULE_SETUP
case 7:
/* rule 7 can match eol */
YY_RULE_SETUP
-#line 210 "re_lexer.l"
+#line 211 "re_lexer.l"
{
// Any non-special character is passed as a CHAR token to the scanner.
@@ -1060,63 +1061,63 @@ YY_RULE_SETUP
YY_BREAK
case 8:
YY_RULE_SETUP
-#line 219 "re_lexer.l"
+#line 220 "re_lexer.l"
{
return _WORD_CHAR_;
}
YY_BREAK
case 9:
YY_RULE_SETUP
-#line 224 "re_lexer.l"
+#line 225 "re_lexer.l"
{
return _NON_WORD_CHAR_;
}
YY_BREAK
case 10:
YY_RULE_SETUP
-#line 229 "re_lexer.l"
+#line 230 "re_lexer.l"
{
return _SPACE_;
}
YY_BREAK
case 11:
YY_RULE_SETUP
-#line 234 "re_lexer.l"
+#line 235 "re_lexer.l"
{
return _NON_SPACE_;
}
YY_BREAK
case 12:
YY_RULE_SETUP
-#line 239 "re_lexer.l"
+#line 240 "re_lexer.l"
{
return _DIGIT_;
}
YY_BREAK
case 13:
YY_RULE_SETUP
-#line 244 "re_lexer.l"
+#line 245 "re_lexer.l"
{
return _NON_DIGIT_;
}
YY_BREAK
case 14:
YY_RULE_SETUP
-#line 249 "re_lexer.l"
+#line 250 "re_lexer.l"
{
return _WORD_BOUNDARY_;
}
YY_BREAK
case 15:
YY_RULE_SETUP
-#line 253 "re_lexer.l"
+#line 254 "re_lexer.l"
{
return _NON_WORD_BOUNDARY_;
}
YY_BREAK
case 16:
YY_RULE_SETUP
-#line 258 "re_lexer.l"
+#line 259 "re_lexer.l"
{
yyerror(yyscanner, lex_env, "backreferences are not allowed");
@@ -1125,7 +1126,7 @@ YY_RULE_SETUP
YY_BREAK
case 17:
YY_RULE_SETUP
-#line 265 "re_lexer.l"
+#line 266 "re_lexer.l"
{
uint8_t c;
@@ -1144,7 +1145,7 @@ YY_RULE_SETUP
YY_BREAK
case 18:
YY_RULE_SETUP
-#line 282 "re_lexer.l"
+#line 283 "re_lexer.l"
{
// End of character class.
@@ -1167,7 +1168,7 @@ YY_RULE_SETUP
case 19:
/* rule 19 can match eol */
YY_RULE_SETUP
-#line 303 "re_lexer.l"
+#line 304 "re_lexer.l"
{
// A range inside a character class.
@@ -1180,7 +1181,11 @@ YY_RULE_SETUP
if (start == '\\')
{
- start = escaped_char_value(yytext);
+ if (!escaped_char_value(yytext, &start))
+ {
+ yyerror(yyscanner, lex_env, "illegal escape sequence");
+ yyterminate();
+ }
if (yytext[1] == 'x')
end = yytext[5];
@@ -1211,7 +1216,7 @@ YY_RULE_SETUP
YY_BREAK
case 20:
YY_RULE_SETUP
-#line 345 "re_lexer.l"
+#line 350 "re_lexer.l"
{
int i;
@@ -1222,7 +1227,7 @@ YY_RULE_SETUP
YY_BREAK
case 21:
YY_RULE_SETUP
-#line 354 "re_lexer.l"
+#line 359 "re_lexer.l"
{
int i;
@@ -1233,7 +1238,7 @@ YY_RULE_SETUP
YY_BREAK
case 22:
YY_RULE_SETUP
-#line 363 "re_lexer.l"
+#line 368 "re_lexer.l"
{
LEX_ENV->class_vector[' ' / 8] |= 1 << ' ' % 8;
@@ -1242,7 +1247,7 @@ YY_RULE_SETUP
YY_BREAK
case 23:
YY_RULE_SETUP
-#line 370 "re_lexer.l"
+#line 375 "re_lexer.l"
{
int i;
@@ -1260,7 +1265,7 @@ YY_RULE_SETUP
YY_BREAK
case 24:
YY_RULE_SETUP
-#line 386 "re_lexer.l"
+#line 391 "re_lexer.l"
{
char c;
@@ -1271,7 +1276,7 @@ YY_RULE_SETUP
YY_BREAK
case 25:
YY_RULE_SETUP
-#line 395 "re_lexer.l"
+#line 400 "re_lexer.l"
{
int i;
@@ -1293,7 +1298,7 @@ YY_RULE_SETUP
YY_BREAK
case 26:
YY_RULE_SETUP
-#line 415 "re_lexer.l"
+#line 420 "re_lexer.l"
{
uint8_t c;
@@ -1311,7 +1316,7 @@ YY_RULE_SETUP
YY_BREAK
case 27:
YY_RULE_SETUP
-#line 431 "re_lexer.l"
+#line 436 "re_lexer.l"
{
if (yytext[0] >= 32 && yytext[0] < 127)
@@ -1329,7 +1334,7 @@ YY_RULE_SETUP
}
YY_BREAK
case YY_STATE_EOF(char_class):
-#line 448 "re_lexer.l"
+#line 453 "re_lexer.l"
{
// End of regexp reached while scanning a character class.
@@ -1340,7 +1345,7 @@ case YY_STATE_EOF(char_class):
YY_BREAK
case 28:
YY_RULE_SETUP
-#line 457 "re_lexer.l"
+#line 462 "re_lexer.l"
{
if (yytext[0] >= 32 && yytext[0] < 127)
@@ -1355,7 +1360,7 @@ YY_RULE_SETUP
}
YY_BREAK
case YY_STATE_EOF(INITIAL):
-#line 471 "re_lexer.l"
+#line 476 "re_lexer.l"
{
yyterminate();
@@ -1363,10 +1368,10 @@ case YY_STATE_EOF(INITIAL):
YY_BREAK
case 29:
YY_RULE_SETUP
-#line 476 "re_lexer.l"
+#line 481 "re_lexer.l"
ECHO;
YY_BREAK
-#line 1370 "re_lexer.c"
+#line 1375 "re_lexer.c"
case YY_END_OF_BUFFER:
{
@@ -2515,52 +2520,56 @@ void re_yyfree (void * ptr , yyscan_t yyscanner)
#define YYTABLES_NAME "yytables"
-#line 476 "re_lexer.l"
+#line 481 "re_lexer.l"
-uint8_t escaped_char_value(
- char* text)
+int escaped_char_value(
+ char* text,
+ uint8_t* value)
{
+ unsigned int hex_value;
char hex[3];
- int result;
assert(text[0] == '\\');
switch(text[1])
{
case 'x':
+ if (!isxdigit(text[2]) || !isxdigit(text[3]))
+ return 0;
hex[0] = text[2];
hex[1] = text[3];
hex[2] = '\0';
- sscanf(hex, "%x", &result);
+ sscanf(hex, "%x", &hex_value);
+ *value = (uint8_t) hex_value;
break;
case 'n':
- result = '\n';
+ *value = '\n';
break;
case 't':
- result = '\t';
+ *value = '\t';
break;
case 'r':
- result = '\r';
+ *value = '\r';
break;
case 'f':
- result = '\f';
+ *value = '\f';
break;
case 'a':
- result = '\a';
+ *value = '\a';
break;
default:
- result = text[1];
+ *value = text[1];
}
- return result;
+ return 1;
}
@@ -2587,18 +2596,16 @@ int read_escaped_char(
{
text[2] = RE_YY_INPUT(yyscanner);
- if (!isxdigit(text[2]))
+ if (text[2] == EOF || text[2] == 0)
return 0;
text[3] = RE_YY_INPUT(yyscanner);
- if (!isxdigit(text[3]))
+ if (text[3] == EOF || text[3] == 0)
return 0;
}
- *escaped_char = escaped_char_value(text);
-
- return 1;
+ return escaped_char_value(text, escaped_char);
}
@@ -2645,6 +2652,7 @@ int yr_parse_re_string(
RE_LEX_ENVIRONMENT lex_env;
lex_env.last_error_code = ERROR_SUCCESS;
+ lex_env.last_error_message[0] = '\0';
yr_thread_storage_set_value(&yr_recovery_state_key, &recovery_state);
diff --git a/libyara/re_lexer.l b/libyara/re_lexer.l
index 652c528..a88555e 100644
--- a/libyara/re_lexer.l
+++ b/libyara/re_lexer.l
@@ -69,8 +69,9 @@ static uint8_t word_chars[] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
-uint8_t escaped_char_value(
- char* text);
+int escaped_char_value(
+ char* text,
+ uint8_t* value);
int read_escaped_char(
yyscan_t yyscanner,
@@ -312,7 +313,11 @@ hex_digit [0-9a-fA-F]
if (start == '\\')
{
- start = escaped_char_value(yytext);
+ if (!escaped_char_value(yytext, &start))
+ {
+ yyerror(yyscanner, lex_env, "illegal escape sequence");
+ yyterminate();
+ }
if (yytext[1] == 'x')
end = yytext[5];
@@ -475,48 +480,52 @@ hex_digit [0-9a-fA-F]
%%
-uint8_t escaped_char_value(
- char* text)
+int escaped_char_value(
+ char* text,
+ uint8_t* value)
{
+ unsigned int hex_value;
char hex[3];
- int result;
assert(text[0] == '\\');
switch(text[1])
{
case 'x':
+ if (!isxdigit(text[2]) || !isxdigit(text[3]))
+ return 0;
hex[0] = text[2];
hex[1] = text[3];
hex[2] = '\0';
- sscanf(hex, "%x", &result);
+ sscanf(hex, "%x", &hex_value);
+ *value = (uint8_t) hex_value;
break;
case 'n':
- result = '\n';
+ *value = '\n';
break;
case 't':
- result = '\t';
+ *value = '\t';
break;
case 'r':
- result = '\r';
+ *value = '\r';
break;
case 'f':
- result = '\f';
+ *value = '\f';
break;
case 'a':
- result = '\a';
+ *value = '\a';
break;
default:
- result = text[1];
+ *value = text[1];
}
- return result;
+ return 1;
}
@@ -543,18 +552,16 @@ int read_escaped_char(
{
text[2] = RE_YY_INPUT(yyscanner);
- if (!isxdigit(text[2]))
+ if (text[2] == EOF || text[2] == 0)
return 0;
text[3] = RE_YY_INPUT(yyscanner);
- if (!isxdigit(text[3]))
+ if (text[3] == EOF || text[3] == 0)
return 0;
}
- *escaped_char = escaped_char_value(text);
-
- return 1;
+ return escaped_char_value(text, escaped_char);
}
@@ -601,6 +608,7 @@ int yr_parse_re_string(
RE_LEX_ENVIRONMENT lex_env;
lex_env.last_error_code = ERROR_SUCCESS;
+ lex_env.last_error_message[0] = '\0';
yr_thread_storage_set_value(&yr_recovery_state_key, &recovery_state);
diff --git a/libyara/scan.c b/libyara/scan.c
index a48c45e..619e64c 100644
--- a/libyara/scan.c
+++ b/libyara/scan.c
@@ -443,6 +443,9 @@ int _yr_scan_match_callback(
// total match length is the sum of backward and forward matches.
match_length += callback_args->forward_matches;
+ // make sure that match fits into the data.
+ assert(match_offset + match_length <= callback_args->data_size);
+
if (callback_args->full_word)
{
if (flags & RE_FLAGS_WIDE)
diff --git a/tests/test-rules.c b/tests/test-rules.c
index 2a28c00..cb15c68 100644
--- a/tests/test-rules.c
+++ b/tests/test-rules.c
@@ -1182,6 +1182,9 @@ void test_re()
assert_regexp_syntax_error("\\xxy");
+ // Test case for issue #682
+ assert_true_regexp("(a|\\b)[a]{1,}", "aaaa", "aaaa");
+
assert_error(
"rule test { strings: $a = /a\\/ condition: $a }",
ERROR_SYNTAX_ERROR);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list