yara: update to 3.9.0.

2019-03-20 10:15:20 -03:00 · 2019-03-20 10:15:20 -03:00 · 543ff82eb8
parent 12c51153bf
commit 543ff82eb8
3 changed files with 3 additions and 147 deletions
--- a/srcpkgs/yara/patches/0001-Fix-buffer-overflow-in-dotnet-module.patch
+++ b/srcpkgs/yara/patches/0001-Fix-buffer-overflow-in-dotnet-module.patch
@ -1,36 +0,0 @@
 From 7290feb9ee04c2e212b705dc2627a92382367595 Mon Sep 17 00:00:00 2001
 From: "Victor M. Alvarez" <vmalvarez@virustotal.com>
 Date: Wed, 19 Dec 2018 12:34:12 +0100
 Subject: [PATCH] Fix buffer overflow in dotnet module.
 Credit to OSS-Fuzz.
 ---
 libyarmodules/dotnet.c                         |  10 +++++++---
 ...case-minimized-dotnet_fuzzer-5725060321509376 | Bin 0 -> 1024 bytes
 2 files changed, 7 insertions(+), 3 deletions(-)
 create mode 100644 tests/oss-fuzz/dotnet_fuzzer_corpus/clusterfuzz-testcase-minimized-dotnet_fuzzer-5725060321509376
 diff --git libyara/modules/dotnet.c libyara/modules/dotnet.c
 index 1fb1f0e..4a5f1a1 100644
 --- libyara/modules/dotnet.c
 +++ libyarmodules/dotnet.c
@@ -208,9 +208,13 @@ void dotnet_parse_us(
   const uint8_t* offset = pe->data + metadata_root + us_header->Offset;
   const uint8_t* end_of_header = offset + us_header->Size;
 -  // Make sure end of header is not past end of PE, and the first entry MUST be
 -  // a single NULL byte.
 -  if (!fits_in_pe(pe, offset, us_header->Size) || *offset != 0x00)
 +  // Make sure the header size is larger than 0 and its end is not past the
 +  // end of PE.
 +  if (us_header->Size == 0 || !fits_in_pe(pe, offset, us_header->Size))
 +    return;
 +
 +  // The first entry MUST be single NULL byte.
 +  if (*offset != 0x00)
     return;
   offset++;
 -- 
 2.20.1
--- a/srcpkgs/yara/patches/CVE-2018-1997{4-6}.patch
+++ b/srcpkgs/yara/patches/CVE-2018-1997{4-6}.patch
@ -1,108 +0,0 @@
 From 0a3ede0125c8b88a020fa4c98df78f6eea7eb9ab Mon Sep 17 00:00:00 2001
 From: "Victor M. Alvarez" <plusvic@gmail.com>
 Date: Thu, 13 Dec 2018 12:23:09 +0100
 Subject: [PATCH] Fix issue #999 (#1001)
 * Add additional check in OP_COUNT for making sure that the string pointer is not a fake one.
 * Initialize scratch memory in order to avoid maliciously crafted YARA rules from reading values left in the stack.
 ---
 libyararena.c              | 10 +++++-----
 libyarexec.c               | 11 +++++++++++
 libyarinclude/yara/arena.h |  5 +++++
 3 files changed, 21 insertions(+), 5 deletions(-)
 diff --git libyara/arena.c libyara/arena.c
 index 34a374ef..805f6d70 100644
 --- libyara/arena.c
 +++ libyararena.c
@@ -109,7 +109,7 @@ static YR_ARENA_PAGE* _yr_arena_new_page(
 //
 -// _yr_arena_page_for_address
 +// yr_arena_page_for_address
 //
 // Returns the page within the arena where an address reside.
 //
@@ -122,7 +122,7 @@ static YR_ARENA_PAGE* _yr_arena_new_page(
 //    resides.
 //
 -static YR_ARENA_PAGE* _yr_arena_page_for_address(
 +YR_ARENA_PAGE* yr_arena_page_for_address(
     YR_ARENA* arena,
     void* address)
 {
@@ -184,7 +184,7 @@ static int _yr_arena_make_ptr_relocatable(
   // If the arena must be relocatable.
   assert(arena->flags & ARENA_FLAGS_RELOCATABLE);
 -  page = _yr_arena_page_for_address(arena, base);
 +  page = yr_arena_page_for_address(arena, base);
   assert(page != NULL);
@@ -361,7 +361,7 @@ void* yr_arena_next_address(
 {
   YR_ARENA_PAGE* page;
 -  page = _yr_arena_page_for_address(arena, address);
 +  page = yr_arena_page_for_address(arena, address);
   assert(page != NULL);
@@ -482,7 +482,7 @@ int yr_arena_coalesce(
     if (reloc_target != NULL)
     {
 -      page = _yr_arena_page_for_address(arena, reloc_target);
 +      page = yr_arena_page_for_address(arena, reloc_target);
       assert(page != NULL);
       *reloc_address = page->new_address + (reloc_target - page->address);
     }
 diff --git libyara/exec.c libyara/exec.c
 index a0cf138d..9f0ba8fa 100644
 --- libyara/exec.c
 +++ libyarexec.c
@@ -246,6 +246,10 @@ int yr_execute_code(
   start_time = yr_stopwatch_elapsed_us(&context->stopwatch);
   #endif
 +  #if PARANOID_EXEC
 +  memset(mem, 0, MEM_SIZE * sizeof(mem[0]));
 +  #endif
 +
   while(!stop)
   {
     opcode = *ip;
@@ -779,6 +783,13 @@ int yr_execute_code(
       case OP_COUNT:
         pop(r1);
 +
 +        #if PARANOID_EXEC
 +        // Make sure that the string pointer is within the rules arena.
 +        if (yr_arena_page_for_address(context->rules->arena, r1.p) == NULL)
 +          return ERROR_INTERNAL_FATAL_ERROR;
 +        #endif
 +
         r1.i = r1.s->matches[tidx].count;
         push(r1);
         break;
 diff --git libyara/include/yara/arena.h libyara/include/yara/arena.h
 index 51f2d8cf..a42e594b 100644
 --- libyara/include/yara/arena.h
 +++ libyarinclude/yara/arena.h
@@ -101,6 +101,11 @@ void* yr_arena_base_address(
     YR_ARENA* arena);
 +YR_ARENA_PAGE* yr_arena_page_for_address(
 +    YR_ARENA* arena,
 +    void* address);
 +
 +
 void* yr_arena_next_address(
     YR_ARENA* arena,
     void* address,
--- a/srcpkgs/yara/template
+++ b/srcpkgs/yara/template
@ -1,7 +1,7 @@
 # Template file for 'yara'
 pkgname=yara
-version=3.8.1
+version=3.9.0
-revision=4
+revision=1
 build_style=gnu-configure
 configure_args="--enable-magic --enable-cuckoo"
 hostmakedepends="automake libtool"
@ -11,7 +11,7 @@ maintainer="Orphaned <orphan@voidlinux.org>"
 license="BSD-3-Clause"
 homepage="https://virustotal.github.io/yara/"
 distfiles="https://github.com/VirusTotal/yara/archive/v${version}.tar.gz"
-checksum=283527711269354d3c60e2705f7f74b1f769d2d35ddba8f7f9ce97d0fd5cb1ca
+checksum=ebe7fab0abadb90449a62afbd24e196e18b177efe71ffd8bf22df95c5386f64d
 pre_configure() {
 	autoreconf -fi