diff options
author | Cyrille Bagard <nocbos@gmail.com> | 2023-10-24 22:30:12 (GMT) |
---|---|---|
committer | Cyrille Bagard <nocbos@gmail.com> | 2023-10-24 22:30:12 (GMT) |
commit | 4eebf4a8752464691053fa3706ea6be9413676fa (patch) | |
tree | 40dc0f44835629729ca7fbf6858789b67825e72d | |
parent | aae46fab1f41df0cce9da9fc3c17eea776e487b1 (diff) |
Ensure patterns found at the edges of scanned content do not crash the scanner.
-rw-r--r-- | src/analysis/scan/patterns/tokens/nodes/plain.c | 14 | ||||
-rw-r--r-- | tests/analysis/scan/fuzzing.py | 20 |
2 files changed, 34 insertions, 0 deletions
diff --git a/src/analysis/scan/patterns/tokens/nodes/plain.c b/src/analysis/scan/patterns/tokens/nodes/plain.c index 7309574..cca0258 100644 --- a/src/analysis/scan/patterns/tokens/nodes/plain.c +++ b/src/analysis/scan/patterns/tokens/nodes/plain.c @@ -484,6 +484,13 @@ static bool check_scan_token_node_plain_content(const sized_binary_t *raw, const { ptr = g_binary_content_get_raw_access(content, &pos, atom->pos); + /** + * Si la partion atomique recherchée est trouvée en début de contenu, + * le reste du motif de recherche va déborder. L'accès correspondant + * est donc refusé, et cette situation est prise en compte ici. + */ + if (ptr == NULL) goto done; + if (nocase) ret = memcasecmp(raw->data, ptr, atom->pos); else @@ -501,6 +508,13 @@ static bool check_scan_token_node_plain_content(const sized_binary_t *raw, const ptr = g_binary_content_get_raw_access(content, &pos, atom->rem); + /** + * Si la partion atomique recherchée est trouvée en fin de contenu, + * le reste du motif de recherche va déborder. L'accès correspondant + * est donc refusé, et cette situation est prise en compte ici. + */ + if (ptr == NULL) goto done; + if (nocase) ret = memcasecmp(raw->data + atom->pos + atom->len, ptr, atom->rem); else diff --git a/tests/analysis/scan/fuzzing.py b/tests/analysis/scan/fuzzing.py index e26c496..5d99c35 100644 --- a/tests/analysis/scan/fuzzing.py +++ b/tests/analysis/scan/fuzzing.py @@ -192,3 +192,23 @@ rule test { ''' % ("0" * (256 * 2 + 8), "0" * (256 * 2 + 8)) self.check_rule_success(rule) + + + def testFileFinalAccess(self): + """Ensure patterns found at the edges of scanned content do not crash the scanner.""" + + cnt = MemoryContent(bytes([ 0 for i in range(16) ])) + + rule = ''' +rule test { + + bytes: + $a = { 00 00 00 00 00 00 00 00 } + + condition: + $a + +} +''' + + self.check_rule_success(rule, cnt) |