diff options
| author | Cyrille Bagard <nocbos@gmail.com> | 2023-11-14 08:08:21 (GMT) |
|---|---|---|
| committer | Cyrille Bagard <nocbos@gmail.com> | 2023-11-14 08:08:21 (GMT) |
| commit | 192dff76e49b39794fe53eb92c9d9d852b76bf0a (patch) | |
| tree | f9f705504405074b178ac671a546f031085ba817 | |
| parent | 6f1f98b46c4753bbbb5b763c64ada556170185b4 (diff) | |
Handle small base64 encodings which may produce few patterns.
| -rw-r--r-- | plugins/encodings/rost/base64.c | 17 | ||||
| -rw-r--r-- | tests/analysis/scan/fuzzing.py | 18 |
2 files changed, 34 insertions, 1 deletions
diff --git a/plugins/encodings/rost/base64.c b/plugins/encodings/rost/base64.c index 5472ec0..adbb2fb 100644 --- a/plugins/encodings/rost/base64.c +++ b/plugins/encodings/rost/base64.c @@ -326,7 +326,22 @@ static bool g_scan_base64_modifier_transform(const GScanBase64Modifier *modifier result = base64_encode(&tmp_in, &tmp_out); if (!result) goto exit; - strip_base64_modifier_output(&tmp_in, &tmp_out, 1, binary++); + strip_base64_modifier_output(&tmp_in, &tmp_out, 1, binary); + + /** + * Lors qu'un unique octet est encodé, cet octet ne produit aucun + * caractère que ne dépend que de lui : + * + * | X | + * 1 2 3 4 5 6 | 7 8 1 2 3 4 | 5 6 7 8 1 2 | 3 4 5 6 7 8 + * + * Les compteurs sont alors diminués. + */ + + if (binary->len == 0) + (*dcount)--; + else + binary++; exit_szstr(&tmp_out); diff --git a/tests/analysis/scan/fuzzing.py b/tests/analysis/scan/fuzzing.py index 1957f72..1bebdd3 100644 --- a/tests/analysis/scan/fuzzing.py +++ b/tests/analysis/scan/fuzzing.py @@ -249,3 +249,21 @@ rule test { ''' self.check_rule_failure(rule) + + + def testSmallBase64(self): + """Handle small base64 encodings which may produce few patterns.""" + + rule = ''' +rule test { + + bytes: + $a = "0" base64 + + condition: + $a + +} +''' + + self.check_rule_failure(rule) |