diff options
-rw-r--r-- | plugins/encodings/rost/base64.c | 17 | ||||
-rw-r--r-- | tests/analysis/scan/fuzzing.py | 18 |
2 files changed, 34 insertions, 1 deletions
diff --git a/plugins/encodings/rost/base64.c b/plugins/encodings/rost/base64.c index 5472ec0..adbb2fb 100644 --- a/plugins/encodings/rost/base64.c +++ b/plugins/encodings/rost/base64.c @@ -326,7 +326,22 @@ static bool g_scan_base64_modifier_transform(const GScanBase64Modifier *modifier result = base64_encode(&tmp_in, &tmp_out); if (!result) goto exit; - strip_base64_modifier_output(&tmp_in, &tmp_out, 1, binary++); + strip_base64_modifier_output(&tmp_in, &tmp_out, 1, binary); + + /** + * Lors qu'un unique octet est encodé, cet octet ne produit aucun + * caractère que ne dépend que de lui : + * + * | X | + * 1 2 3 4 5 6 | 7 8 1 2 3 4 | 5 6 7 8 1 2 | 3 4 5 6 7 8 + * + * Les compteurs sont alors diminués. + */ + + if (binary->len == 0) + (*dcount)--; + else + binary++; exit_szstr(&tmp_out); diff --git a/tests/analysis/scan/fuzzing.py b/tests/analysis/scan/fuzzing.py index 1957f72..1bebdd3 100644 --- a/tests/analysis/scan/fuzzing.py +++ b/tests/analysis/scan/fuzzing.py @@ -249,3 +249,21 @@ rule test { ''' self.check_rule_failure(rule) + + + def testSmallBase64(self): + """Handle small base64 encodings which may produce few patterns.""" + + rule = ''' +rule test { + + bytes: + $a = "0" base64 + + condition: + $a + +} +''' + + self.check_rule_failure(rule) |