Fix null derefrences while loading compiled rules (#1727)

* Fix null derefrences while loading compiled rules * Fix nulldereference in yr_object_create * Fix assert to explicitly catch null identifier in yr_object_create
VirusTotal · Jun 30, 2022 · 9560b20 · 9560b20
1 parent 89bc2c7
commit 9560b20
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 3 deletions.
diff --git a/libyara/arena.c b/libyara/arena.c
@@ -434,8 +434,8 @@ int yr_arena_ptr_to_ref(YR_ARENA* arena, const void* address, YR_ARENA_REF* ref)
         (uint8_t*) address < arena->buffers[i].data + arena->buffers[i].used)
     {
       ref->buffer_id = i;
-      ref->offset = (yr_arena_off_t)(
-          (uint8_t*) address - arena->buffers[i].data);
+      ref->offset =
+          (yr_arena_off_t) ((uint8_t*) address - arena->buffers[i].data);
 
       return 1;
     }
@@ -583,7 +583,7 @@ int yr_arena_load_stream(YR_STREAM* stream, YR_ARENA** arena)
     YR_ARENA_BUFFER* b = &new_arena->buffers[ref.buffer_id];
 
     if (ref.buffer_id >= new_arena->num_buffers ||
-        ref.offset > b->used - sizeof(void*))
+        ref.offset > b->used - sizeof(void*) || b->data == NULL)
     {
       yr_arena_release(new_arena);
       return ERROR_CORRUPT_FILE;

diff --git a/libyara/object.c b/libyara/object.c
@@ -57,6 +57,7 @@ int yr_object_create(
   size_t object_size = 0;
 
   assert(parent != NULL || object != NULL);
+  assert(identifier != NULL);
 
   switch (type)
   {

diff --git a/libyara/rules.c b/libyara/rules.c
@@ -333,6 +333,9 @@ int yr_rules_from_arena(YR_ARENA* arena, YR_RULES** rules)
   YR_SUMMARY* summary = (YR_SUMMARY*) yr_arena_get_ptr(
       arena, YR_SUMMARY_SECTION, 0);
 
+  if (summary == NULL)
+    return ERROR_CORRUPT_FILE;
+
   // Now YR_RULES relies on this arena, let's increment the arena's
   // reference count so that if the original owner of the arena calls
   // yr_arena_destroy the arena is not destroyed.