summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCyrille Bagard <nocbos@gmail.com>2023-11-14 08:08:21 (GMT)
committerCyrille Bagard <nocbos@gmail.com>2023-11-14 08:08:21 (GMT)
commit192dff76e49b39794fe53eb92c9d9d852b76bf0a (patch)
treef9f705504405074b178ac671a546f031085ba817
parent6f1f98b46c4753bbbb5b763c64ada556170185b4 (diff)
Handle small base64 encodings which may produce few patterns.
-rw-r--r--plugins/encodings/rost/base64.c17
-rw-r--r--tests/analysis/scan/fuzzing.py18
2 files changed, 34 insertions, 1 deletions
diff --git a/plugins/encodings/rost/base64.c b/plugins/encodings/rost/base64.c
index 5472ec0..adbb2fb 100644
--- a/plugins/encodings/rost/base64.c
+++ b/plugins/encodings/rost/base64.c
@@ -326,7 +326,22 @@ static bool g_scan_base64_modifier_transform(const GScanBase64Modifier *modifier
result = base64_encode(&tmp_in, &tmp_out);
if (!result) goto exit;
- strip_base64_modifier_output(&tmp_in, &tmp_out, 1, binary++);
+ strip_base64_modifier_output(&tmp_in, &tmp_out, 1, binary);
+
+ /**
+ * Lors qu'un unique octet est encodé, cet octet ne produit aucun
+ * caractère que ne dépend que de lui :
+ *
+ * | X |
+ * 1 2 3 4 5 6 | 7 8 1 2 3 4 | 5 6 7 8 1 2 | 3 4 5 6 7 8
+ *
+ * Les compteurs sont alors diminués.
+ */
+
+ if (binary->len == 0)
+ (*dcount)--;
+ else
+ binary++;
exit_szstr(&tmp_out);
diff --git a/tests/analysis/scan/fuzzing.py b/tests/analysis/scan/fuzzing.py
index 1957f72..1bebdd3 100644
--- a/tests/analysis/scan/fuzzing.py
+++ b/tests/analysis/scan/fuzzing.py
@@ -249,3 +249,21 @@ rule test {
'''
self.check_rule_failure(rule)
+
+
+ def testSmallBase64(self):
+ """Handle small base64 encodings which may produce few patterns."""
+
+ rule = '''
+rule test {
+
+ bytes:
+ $a = "0" base64
+
+ condition:
+ $a
+
+}
+'''
+
+ self.check_rule_failure(rule)