4.2.x #1776
Open
4.2.x #1776
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Memory-mapped files from tmpfs (major number = 0) are no longer ignored.
Also allow a 64 bits integer as the argument to --skip-larger both in Linux and Windows.
… to NULL. As @1ndahous3 highlighted in #1674, not setting the pointer to NULL leads to a dangling pointer.
The previous version enters an infinite loop when calling d2i_PKCS7 with PE file 11203b5a4f18f40a86d74738c31a59c4ec1e838c177a415c46a372da49d4a51a.
In ARM the pointer returned by yr_notebook_alloc was being rounded up to a 4-bytes boundary, but the size of the buffer was not increased accordingly. This means the caller of yr_notebook_alloc could receive a buffer that is 1 to 3 bytes smaller than the requested sized.
Fix memory leaks described in #1703.
* test: Relax pe32 condition in magic tests Turns out different versions of libmagic return different file identification for the PE32 sample in magic tests. Relax this condition to the common part of the identification to make tests less reliant on the testing platform. * test: Relax macho condition in magic tests
* Fix null derefrences while loading compiled rules * Fix nulldereference in yr_object_create * Fix assert to explicitly catch null identifier in yr_object_create
* Fix compiler warnings with dex debug mode. * Fix crashes in dex module. This commit fixes a few crashes in the dex module. There are actually three of them: The first is incorrect usage of "struct_fits_in_dex" caused by passing "sizeof(code_item_t)" instead of just "code_item_t" as the third argument. In the test case the pointer for code_item started in the bounds of the dex but only the first 8 bytes were within bounds, and since "sizeof(sizeof(code_item_t))" is less than 8 the check was passing. The fix here is to pass just the struct type as the third argument. The second crash was an off-by-one error when parsing a string. The check ensured the string fits in the dex but was not including an extra byte which was copied in the call to set_sized_string. Just like before, this was a case of a string falling right on the end of a dex file. The third crash was due to a missing "struct_fits_in_dex" check. We ended up with a pointer to a map_item_t which was off the ends of the dex bounds. With this commit all the test cases provided in the report are now passing. I did a quick sweep of the module to make sure there were no other cases where we were incorrectly using "struct_fits_in_dex" and didn't find any. These were all documented at a private report via huntr.dev (https://huntr.dev/bounties/007a7784-c211-4847-9cc3-aec38e7d5157/) Found by @sudhackar. Fixes #1726.
* Fix negative indexing in dex module. When attempting to call dex_get_integer() or dex_get_string() with a negative index we would eventually land in the assert() at https://github.com/VirusTotal/yara/blob/master/libyara/object.c#L497 failing. Instead of doing that let's check for negative values before going any further, which will at least allow the module to continue processing. * YR_UNDEFINED is < 0 already. Simplify the logic when checking for negative index. * Revert "YR_UNDEFINED is < 0 already. Simplify the logic when checking for negative index." This reverts commit 38af38f.
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Is it feasible?