fix signature and magic strings in dex module

Several bytestring values in the dex module were not set properly, and were cut short due to the presence of a nul byte. This happened on: - all the dex.DEX_FILE_MAGIC_* constants, which were cut short by one byte (the last one is the nul byte). - the magic and signature field in the "header" object of the module. For all of those, the size is fixed and known, so use the right length and do not cut it short if a nul byte is present.
VirusTotal · Apr 24, 2024 · 6604b16 · 6604b16
1 parent 1be9811
commit 6604b16
Showing 1 changed file with 12 additions and 13 deletions.
diff --git a/libyara/modules/dex/dex.c b/libyara/modules/dex/dex.c
@@ -492,19 +492,13 @@ dex_header_t* dex_get_header(const uint8_t* data, size_t data_size)
 void dex_parse_header(dex_header_t* dex_header, YR_OBJECT* module_object)
 {
   yr_set_sized_string(
-      (char*) dex_header->magic,
-      strnlen((char*) dex_header->magic, 8 * sizeof(char)),
-      module_object,
-      "header.magic");
+      (char*) dex_header->magic, 8, module_object, "header.magic");
 
   yr_set_integer(
       yr_le32toh(dex_header->checksum), module_object, "header.checksum");
 
   yr_set_sized_string(
-      (char*) dex_header->signature,
-      strnlen((char*) dex_header->signature, 20 * sizeof(char)),
-      module_object,
-      "header.signature");
+      (char*) dex_header->signature, 20, module_object, "header.signature");
 
   yr_set_integer(
       yr_le32toh(dex_header->file_size), module_object, "header.file_size");
@@ -1461,11 +1455,16 @@ int module_load(
 
   dex_header_t* dex_header;
 
-  yr_set_string(DEX_FILE_MAGIC_035, module_object, "DEX_FILE_MAGIC_035");
-  yr_set_string(DEX_FILE_MAGIC_036, module_object, "DEX_FILE_MAGIC_036");
-  yr_set_string(DEX_FILE_MAGIC_037, module_object, "DEX_FILE_MAGIC_037");
-  yr_set_string(DEX_FILE_MAGIC_038, module_object, "DEX_FILE_MAGIC_038");
-  yr_set_string(DEX_FILE_MAGIC_039, module_object, "DEX_FILE_MAGIC_039");
+  yr_set_sized_string(
+      DEX_FILE_MAGIC_035, 8, module_object, "DEX_FILE_MAGIC_035");
+  yr_set_sized_string(
+      DEX_FILE_MAGIC_036, 8, module_object, "DEX_FILE_MAGIC_036");
+  yr_set_sized_string(
+      DEX_FILE_MAGIC_037, 8, module_object, "DEX_FILE_MAGIC_037");
+  yr_set_sized_string(
+      DEX_FILE_MAGIC_038, 8, module_object, "DEX_FILE_MAGIC_038");
+  yr_set_sized_string(
+      DEX_FILE_MAGIC_039, 8, module_object, "DEX_FILE_MAGIC_039");
 
   yr_set_integer(0x12345678, module_object, "ENDIAN_CONSTANT");
   yr_set_integer(0x78563412, module_object, "REVERSE_ENDIAN_CONSTANT");