Fix null derefrences while loading compiled rules (#1727)

* Fix null derefrences while loading compiled rules * Fix nulldereference in yr_object_create * Fix assert to explicitly catch null identifier in yr_object_create
VirusTotal · Jun 14, 2022 · e23ac0d · e23ac0d
1 parent 929af6e
commit e23ac0d
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 1 deletion.
diff --git a/libyara/arena.c b/libyara/arena.c
@@ -597,7 +597,8 @@ int yr_arena_load_stream(YR_STREAM* stream, YR_ARENA** arena)
     YR_ARENA_BUFFER* b = &new_arena->buffers[reloc_ref.buffer_id];
 
     if (reloc_ref.buffer_id >= new_arena->num_buffers ||
-        reloc_ref.offset > b->used - sizeof(void*))
+        reloc_ref.offset > b->used - sizeof(void*) ||
+        b->data == NULL)
     {
       yr_arena_release(new_arena);
       return ERROR_CORRUPT_FILE;

diff --git a/libyara/object.c b/libyara/object.c
@@ -57,6 +57,7 @@ int yr_object_create(
   size_t object_size = 0;
 
   assert(parent != NULL || object != NULL);
+  assert(identifier != NULL);
 
   switch (type)
   {

diff --git a/libyara/rules.c b/libyara/rules.c
@@ -333,6 +333,9 @@ int yr_rules_from_arena(YR_ARENA* arena, YR_RULES** rules)
   YR_SUMMARY* summary = (YR_SUMMARY*) yr_arena_get_ptr(
       arena, YR_SUMMARY_SECTION, 0);
 
+  if (summary == NULL)
+    return ERROR_CORRUPT_FILE;
+
   // Now YR_RULES relies on this arena, let's increment the arena's
   // reference count so that if the original owner of the arena calls
   // yr_arena_destroy the arena is not destroyed.