-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
4.2.x #1776
base: master
Are you sure you want to change the base?
4.2.x #1776
Commits on Mar 17, 2022
-
Fix logic error in Linux memory scanning (#1662)
Memory-mapped files from tmpfs (major number = 0) are no longer ignored.
Configuration menu - View commit details
-
Copy full SHA for e60ab54 - Browse repository at this point
Copy the full SHA e60ab54View commit details -
Configuration menu - View commit details
-
Copy full SHA for 8b5d27b - Browse repository at this point
Copy the full SHA 8b5d27bView commit details
Commits on Apr 1, 2022
-
Configuration menu - View commit details
-
Copy full SHA for 18ae3fd - Browse repository at this point
Copy the full SHA 18ae3fdView commit details
Commits on Apr 6, 2022
-
Configuration menu - View commit details
-
Copy full SHA for 0674712 - Browse repository at this point
Copy the full SHA 0674712View commit details -
Configuration menu - View commit details
-
Copy full SHA for db2de26 - Browse repository at this point
Copy the full SHA db2de26View commit details -
Configuration menu - View commit details
-
Copy full SHA for a66532c - Browse repository at this point
Copy the full SHA a66532cView commit details -
iterator->last_error is now initialized to ERROR_SUCCESS in yr_process_open_iterator. Additionally if yr_process_get_first_memory_block returns, NULL, iterator->last_error is set to ERROR_COULD_NOT_READ_PROCESS_MEMORY.
Configuration menu - View commit details
-
Copy full SHA for 90c44dd - Browse repository at this point
Copy the full SHA 90c44ddView commit details -
Configuration menu - View commit details
-
Copy full SHA for f1007df - Browse repository at this point
Copy the full SHA f1007dfView commit details -
Implement the --skip-larger command-line option in Windows. (#1678)
Also allow a 64 bits integer as the argument to --skip-larger both in Linux and Windows.
Configuration menu - View commit details
-
Copy full SHA for cf3e556 - Browse repository at this point
Copy the full SHA cf3e556View commit details -
In case of error in yr_parse_(re|hex)_string set the returned pointer…
… to NULL. As @1ndahous3 highlighted in #1674, not setting the pointer to NULL leads to a dangling pointer.
Configuration menu - View commit details
-
Copy full SHA for bbd854e - Browse repository at this point
Copy the full SHA bbd854eView commit details
Commits on Apr 11, 2022
-
Upgrade openssl to a more recent version when building YARA with Bazel.
The previous version enters an infinite loop when calling d2i_PKCS7 with PE file 11203b5a4f18f40a86d74738c31a59c4ec1e838c177a415c46a372da49d4a51a.
Configuration menu - View commit details
-
Copy full SHA for 1891cf1 - Browse repository at this point
Copy the full SHA 1891cf1View commit details
Commits on Apr 25, 2022
-
Regular expressions with a character class followed by a dash (-) failed with "bad character range". For example, /[0-9]-2/ was not accepted as a valid regexp.
Configuration menu - View commit details
-
Copy full SHA for 995af95 - Browse repository at this point
Copy the full SHA 995af95View commit details -
Configuration menu - View commit details
-
Copy full SHA for 457a03a - Browse repository at this point
Copy the full SHA 457a03aView commit details
Commits on Apr 26, 2022
-
In ARM the pointer returned by yr_notebook_alloc was being rounded up to a 4-bytes boundary, but the size of the buffer was not increased accordingly. This means the caller of yr_notebook_alloc could receive a buffer that is 1 to 3 bytes smaller than the requested sized.
Configuration menu - View commit details
-
Copy full SHA for 037c536 - Browse repository at this point
Copy the full SHA 037c536View commit details
Commits on May 10, 2022
-
Fix memory leaks in hash module. (#1705)
Fix memory leaks described in #1703.
Configuration menu - View commit details
-
Copy full SHA for ea0af88 - Browse repository at this point
Copy the full SHA ea0af88View commit details -
Configuration menu - View commit details
-
Copy full SHA for 32faec6 - Browse repository at this point
Copy the full SHA 32faec6View commit details
Commits on Jun 30, 2022
-
* test: Relax pe32 condition in magic tests Turns out different versions of libmagic return different file identification for the PE32 sample in magic tests. Relax this condition to the common part of the identification to make tests less reliant on the testing platform. * test: Relax macho condition in magic tests
Configuration menu - View commit details
-
Copy full SHA for dc523c0 - Browse repository at this point
Copy the full SHA dc523c0View commit details -
* Fix issue #1708 * Add test case for #1708 Build a dotnet pe that triggers this issue: https://github.com/dangodangodango/BadDotnetPe
Configuration menu - View commit details
-
Copy full SHA for ee65486 - Browse repository at this point
Copy the full SHA ee65486View commit details -
Configuration menu - View commit details
-
Copy full SHA for 89bc2c7 - Browse repository at this point
Copy the full SHA 89bc2c7View commit details -
Fix null derefrences while loading compiled rules (#1727)
* Fix null derefrences while loading compiled rules * Fix nulldereference in yr_object_create * Fix assert to explicitly catch null identifier in yr_object_create
Configuration menu - View commit details
-
Copy full SHA for 9560b20 - Browse repository at this point
Copy the full SHA 9560b20View commit details -
* Fix compiler warnings with dex debug mode. * Fix crashes in dex module. This commit fixes a few crashes in the dex module. There are actually three of them: The first is incorrect usage of "struct_fits_in_dex" caused by passing "sizeof(code_item_t)" instead of just "code_item_t" as the third argument. In the test case the pointer for code_item started in the bounds of the dex but only the first 8 bytes were within bounds, and since "sizeof(sizeof(code_item_t))" is less than 8 the check was passing. The fix here is to pass just the struct type as the third argument. The second crash was an off-by-one error when parsing a string. The check ensured the string fits in the dex but was not including an extra byte which was copied in the call to set_sized_string. Just like before, this was a case of a string falling right on the end of a dex file. The third crash was due to a missing "struct_fits_in_dex" check. We ended up with a pointer to a map_item_t which was off the ends of the dex bounds. With this commit all the test cases provided in the report are now passing. I did a quick sweep of the module to make sure there were no other cases where we were incorrectly using "struct_fits_in_dex" and didn't find any. These were all documented at a private report via huntr.dev (https://huntr.dev/bounties/007a7784-c211-4847-9cc3-aec38e7d5157/) Found by @sudhackar. Fixes #1726.
Configuration menu - View commit details
-
Copy full SHA for da831c2 - Browse repository at this point
Copy the full SHA da831c2View commit details -
Fix negative indexing in dex module. (#1730)
* Fix negative indexing in dex module. When attempting to call dex_get_integer() or dex_get_string() with a negative index we would eventually land in the assert() at https://github.com/VirusTotal/yara/blob/master/libyara/object.c#L497 failing. Instead of doing that let's check for negative values before going any further, which will at least allow the module to continue processing. * YR_UNDEFINED is < 0 already. Simplify the logic when checking for negative index. * Revert "YR_UNDEFINED is < 0 already. Simplify the logic when checking for negative index." This reverts commit 38af38f.
Configuration menu - View commit details
-
Copy full SHA for 9b4372f - Browse repository at this point
Copy the full SHA 9b4372fView commit details -
Configuration menu - View commit details
-
Copy full SHA for d5a7565 - Browse repository at this point
Copy the full SHA d5a7565View commit details
Commits on Jul 29, 2022
-
Configuration menu - View commit details
-
Copy full SHA for 7310992 - Browse repository at this point
Copy the full SHA 7310992View commit details
Commits on Aug 4, 2022
-
Configuration menu - View commit details
-
Copy full SHA for 7a99e6d - Browse repository at this point
Copy the full SHA 7a99e6dView commit details
Commits on Aug 8, 2022
-
Configuration menu - View commit details
-
Copy full SHA for 1113899 - Browse repository at this point
Copy the full SHA 1113899View commit details -
Configuration menu - View commit details
-
Copy full SHA for cc02b4f - Browse repository at this point
Copy the full SHA cc02b4fView commit details -
Configuration menu - View commit details
-
Copy full SHA for ba94b4f - Browse repository at this point
Copy the full SHA ba94b4fView commit details