Fix dex module inconsistencies (#2069)

* fix signature and magic strings in dex module

Several bytestring values in the dex module were not set properly,
and were cut short due to the presence of a nul byte.

This happened on:
- all the dex.DEX_FILE_MAGIC_* constants, which were cut short by one
  byte (the last one is the nul byte).
- the magic and signature field in the "header" object of the module.

For all of those, the size is fixed and known, so use the right length
and do not cut it short if a nul byte is present.

* fix declared fields in the dex module

There was some mismatch between the declared fields and the ones filled
by the module:

- `dex.field[*].static` and `dex.field[*].instance` were defined, but
  not declared, making their use impossible. They are now properly
  declared.

- several fields in `dex.method[*].code_item` were declared but never
  defined: `padding`, `tries` and `handlers`. Those are removed since
  they couldn't have been used.

libyara/modules/dex/dex.c

@@ -328,6 +328,8 @@ begin_declarations
     declare_string("class_name");
     declare_string("name");
     declare_string("proto");
+    declare_integer("static");
+    declare_integer("instance");
     declare_integer("field_idx_diff");
     declare_integer("access_flags");
   end_struct_array("field")
@@ -358,11 +360,6 @@ begin_declarations
       declare_integer("debug_info_off");
       declare_integer("insns_size");
       declare_string("insns");
-      declare_integer("padding");
-      begin_struct("tries")
-      end_struct("tries");
-      begin_struct_array("handlers")
-      end_struct_array("handlers");
     end_struct("code_item")
   end_struct_array("method")
 end_declarations
@@ -492,19 +489,13 @@ dex_header_t* dex_get_header(const uint8_t* data, size_t data_size)
 void dex_parse_header(dex_header_t* dex_header, YR_OBJECT* module_object)
 {
   yr_set_sized_string(
-      (char*) dex_header->magic,
-      strnlen((char*) dex_header->magic, 8 * sizeof(char)),
-      module_object,
-      "header.magic");
+      (char*) dex_header->magic, 8, module_object, "header.magic");
 
   yr_set_integer(
       yr_le32toh(dex_header->checksum), module_object, "header.checksum");
 
   yr_set_sized_string(
-      (char*) dex_header->signature,
-      strnlen((char*) dex_header->signature, 20 * sizeof(char)),
-      module_object,
-      "header.signature");
+      (char*) dex_header->signature, 20, module_object, "header.signature");
 
   yr_set_integer(
       yr_le32toh(dex_header->file_size), module_object, "header.file_size");
@@ -1461,11 +1452,16 @@ int module_load(
 
   dex_header_t* dex_header;
 
-  yr_set_string(DEX_FILE_MAGIC_035, module_object, "DEX_FILE_MAGIC_035");
-  yr_set_string(DEX_FILE_MAGIC_036, module_object, "DEX_FILE_MAGIC_036");
-  yr_set_string(DEX_FILE_MAGIC_037, module_object, "DEX_FILE_MAGIC_037");
-  yr_set_string(DEX_FILE_MAGIC_038, module_object, "DEX_FILE_MAGIC_038");
-  yr_set_string(DEX_FILE_MAGIC_039, module_object, "DEX_FILE_MAGIC_039");
+  yr_set_sized_string(
+      DEX_FILE_MAGIC_035, 8, module_object, "DEX_FILE_MAGIC_035");
+  yr_set_sized_string(
+      DEX_FILE_MAGIC_036, 8, module_object, "DEX_FILE_MAGIC_036");
+  yr_set_sized_string(
+      DEX_FILE_MAGIC_037, 8, module_object, "DEX_FILE_MAGIC_037");
+  yr_set_sized_string(
+      DEX_FILE_MAGIC_038, 8, module_object, "DEX_FILE_MAGIC_038");
+  yr_set_sized_string(
+      DEX_FILE_MAGIC_039, 8, module_object, "DEX_FILE_MAGIC_039");
 
   yr_set_integer(0x12345678, module_object, "ENDIAN_CONSTANT");
   yr_set_integer(0x78563412, module_object, "REVERSE_ENDIAN_CONSTANT");