summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCyrille Bagard <nocbos@gmail.com>2023-10-18 07:18:33 (GMT)
committerCyrille Bagard <nocbos@gmail.com>2023-10-18 07:18:33 (GMT)
commit3402b000429c6189b0103ed549edd811d68e7d5e (patch)
tree4ece4a7146bc6e29fe8449353576c66a40f60022
parent178e0de0a8962def1a4b1d612f86b0ca5f3bed3f (diff)
Fix (one again) matches for base64 encodings.
-rw-r--r--plugins/encodings/rost/base64.c42
-rw-r--r--tests/analysis/scan/pyapi.py6
2 files changed, 20 insertions, 28 deletions
diff --git a/plugins/encodings/rost/base64.c b/plugins/encodings/rost/base64.c
index 15a3ec1..5472ec0 100644
--- a/plugins/encodings/rost/base64.c
+++ b/plugins/encodings/rost/base64.c
@@ -61,7 +61,7 @@ static void g_scan_base64_modifier_finalize(GScanBase64Modifier *);
static char *g_scan_base64_modifier_get_name(const GScanBase64Modifier *);
/* Finalise l'encoddage en Base64 d'un motif transformé. */
-static void strip_base64_modifier_output(const sized_binary_t *, size_t, sized_binary_t *);
+static void strip_base64_modifier_output(const sized_binary_t *, const sized_binary_t *, size_t, sized_binary_t *);
/* Transforme une séquence d'octets pour motif de recherche. */
static bool g_scan_base64_modifier_transform(const GScanBase64Modifier *, const sized_binary_t *, size_t, sized_binary_t **, size_t *);
@@ -230,7 +230,8 @@ static char *g_scan_base64_modifier_get_name(const GScanBase64Modifier *modifier
/******************************************************************************
* *
-* Paramètres : input = encodage en Base64 obtenu. *
+* Paramètres : input = contenu brut d'origine. *
+* tmpput = encodage en Base64 intermédiaire obtenu. *
* skip = nombre de caractères initiaux à sauter. *
* output = encodage en Base64 final à conserver. *
* *
@@ -242,32 +243,23 @@ static char *g_scan_base64_modifier_get_name(const GScanBase64Modifier *modifier
* *
******************************************************************************/
-static void strip_base64_modifier_output(const sized_binary_t *input, size_t skip, sized_binary_t *output)
+static void strip_base64_modifier_output(const sized_binary_t *input, const sized_binary_t *tmpput, size_t skip, sized_binary_t *output)
{
- size_t final_len; /* Taille de représentation */
+ size_t keep; /* Nombre d'octets immuables */
- final_len = input->len;
+ keep = (input->len * 8) / 6;
- if (final_len > 0 && input->bin_data[final_len - 1] == '=')
- {
- while (final_len > 0 && input->bin_data[final_len - 1] == '=')
- final_len--;
-
- final_len--;
-
- }
+ assert(keep >= skip);
if (skip > 0)
skip++;
- assert(final_len >= skip);
-
- final_len -= skip;
+ keep -= skip;
- output->len = final_len;
- output->bin_data = malloc(final_len * sizeof(bin_t));
+ output->len = keep;
+ output->bin_data = malloc(keep * sizeof(bin_t));
- memcpy(output->bin_data, input->static_bin_data + skip, final_len);
+ memcpy(output->bin_data, tmpput->static_bin_data + skip, keep);
}
@@ -320,7 +312,7 @@ static bool g_scan_base64_modifier_transform(const GScanBase64Modifier *modifier
result = base64_encode(_src, &tmp_out);
if (!result) goto exit;
- strip_base64_modifier_output(&tmp_out, 0, binary++);
+ strip_base64_modifier_output(_src, &tmp_out, 0, binary++);
exit_szstr(&tmp_out);
@@ -334,7 +326,7 @@ static bool g_scan_base64_modifier_transform(const GScanBase64Modifier *modifier
result = base64_encode(&tmp_in, &tmp_out);
if (!result) goto exit;
- strip_base64_modifier_output(&tmp_out, 1, binary++);
+ strip_base64_modifier_output(&tmp_in, &tmp_out, 1, binary++);
exit_szstr(&tmp_out);
@@ -349,7 +341,7 @@ static bool g_scan_base64_modifier_transform(const GScanBase64Modifier *modifier
result = base64_encode(&tmp_in, &tmp_out);
if (!result) goto exit;
- strip_base64_modifier_output(&tmp_out, 2, binary++);
+ strip_base64_modifier_output(&tmp_in, &tmp_out, 2, binary++);
exit_szstr(&tmp_out);
@@ -459,7 +451,7 @@ static bool g_scan_base64_modifier_transform_with_arg(const GScanBase64Modifier
result = _base64_encode(_src, &tmp_out, &arg->value.string);
if (!result) goto exit;
- strip_base64_modifier_output(&tmp_out, 0, binary++);
+ strip_base64_modifier_output(_src, &tmp_out, 0, binary++);
exit_szstr(&tmp_out);
@@ -473,7 +465,7 @@ static bool g_scan_base64_modifier_transform_with_arg(const GScanBase64Modifier
result = _base64_encode(&tmp_in, &tmp_out, &arg->value.string);
if (!result) goto exit;
- strip_base64_modifier_output(&tmp_out, 1, binary++);
+ strip_base64_modifier_output(&tmp_in, &tmp_out, 1, binary++);
exit_szstr(&tmp_out);
@@ -488,7 +480,7 @@ static bool g_scan_base64_modifier_transform_with_arg(const GScanBase64Modifier
result = _base64_encode(&tmp_in, &tmp_out, &arg->value.string);
if (!result) goto exit;
- strip_base64_modifier_output(&tmp_out, 2, binary++);
+ strip_base64_modifier_output(&tmp_in, &tmp_out, 2, binary++);
exit_szstr(&tmp_out);
diff --git a/tests/analysis/scan/pyapi.py b/tests/analysis/scan/pyapi.py
index abc6265..0574d2c 100644
--- a/tests/analysis/scan/pyapi.py
+++ b/tests/analysis/scan/pyapi.py
@@ -127,9 +127,9 @@ class TestRostPythonAPI(ChrysalideTestCase):
transformed = mod.transform(source)
self.assertEqual(len(transformed), 3)
- # self.assertEqual(transformed[0], b'QUJD')
- # self.assertEqual(transformed[1], b'FCQw')
- # self.assertEqual(transformed[2], b'BQkM')
+ self.assertEqual(transformed[0], b'QUJD')
+ self.assertEqual(transformed[1], b'FCQ')
+ self.assertEqual(transformed[2], b'BQk')
def testClassicalAPIHashing(self):