Fix error handling after calloc calls that may ask for 0 bytes

Close #1980
VirusTotal · Oct 3, 2023 · 8e5584b · 8e5584b
1 parent d399826
commit 8e5584b
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 10 deletions.
diff --git a/libyara/modules/console/console.c b/libyara/modules/console/console.c
@@ -46,9 +46,18 @@ define_function(log_string)
   // Assume the entire string is non-printable, so allocate 4 times the
   // space so that we can represent each byte as an escaped value. eg: \x00
   // Add an extra byte for the NULL terminator.
-  char* msg = (char*) yr_calloc((s->length * 4) + 1, sizeof(char));
-  if (msg == NULL)
-    return_integer(YR_UNDEFINED);
+  char* msg;
+  if (s->length == 0)
+  {
+    callback(ctx, CALLBACK_MSG_CONSOLE_LOG, (void*) "", ctx->user_data);
+    return_integer(1);
+  }
+  else
+  {
+    msg = (char*) yr_calloc((s->length * 4) + 1, sizeof(char));
+    if (msg == NULL)
+      return_integer(YR_UNDEFINED);
+  }
 
   char* p = msg;
   for (size_t i = 0; i < s->length; i++)
@@ -86,7 +95,7 @@ define_function(log_string_msg)
   // Add an extra byte for the NULL terminator.
   size_t msg_len = strlen(m) + (s->length * 4) + 1;
   char* msg = (char*) yr_calloc(msg_len, sizeof(char));
-  if (msg == NULL)
+  if (msg == NULL && msg_len > 0)
     return_integer(YR_UNDEFINED);
 
   char* p = msg;

diff --git a/libyara/modules/dotnet/dotnet.c b/libyara/modules/dotnet/dotnet.c
@@ -1179,7 +1179,7 @@ static bool parse_method_params(
   // Array to hold all the possible parameters
   PARAMETERS* params = yr_calloc(param_count, sizeof(PARAMETERS));
 
-  if (!params)
+  if (params == NULL && param_count > 0)
     return false;
 
   for (uint32_t idx = 0; idx < param_count; ++idx)

diff --git a/libyara/modules/elf/elf.c b/libyara/modules/elf/elf.c
@@ -82,7 +82,7 @@ define_function(telfhash)
   int symbol_count = 0;
   char** clean_names = yr_calloc(list->count, sizeof(*clean_names));
 
-  if (!clean_names)
+  if (clean_names == NULL && list->count > 0)
     return_string(YR_UNDEFINED);
 
   for (ELF_SYMBOL* i = list->symbols; i != NULL; i = i->next)

diff --git a/libyara/modules/pe/authenticode-parser/certificate.c b/libyara/modules/pe/authenticode-parser/certificate.c
@@ -141,7 +141,7 @@ CertificateArray* parse_signer_chain(X509* signCert, STACK_OF(X509) * certs)
     goto error;
 
   result->certs = (Certificate**) calloc(certCount, sizeof(Certificate*));
-  if (!result->certs)
+  if (!result->certs && certCount > 0)
     goto error;
 
   /* Convert each certificate to internal representation */

diff --git a/libyara/scanner.c b/libyara/scanner.c
@@ -283,8 +283,8 @@ YR_API int yr_scanner_create(YR_RULES* rules, YR_SCANNER** scanner)
       new_scanner->rule_evaluate_condition_flags == NULL ||
       new_scanner->ns_unsatisfied_flags == NULL ||
       new_scanner->strings_temp_disabled == NULL ||
-      new_scanner->matches == NULL ||  //
-      new_scanner->unconfirmed_matches == NULL)
+      (new_scanner->matches == NULL && rules->num_strings > 0) ||
+      (new_scanner->unconfirmed_matches == NULL && rules->num_strings > 0))
   {
     yr_scanner_destroy(new_scanner);
     return ERROR_INSUFFICIENT_MEMORY;
@@ -294,7 +294,7 @@ YR_API int yr_scanner_create(YR_RULES* rules, YR_SCANNER** scanner)
   new_scanner->profiling_info = yr_calloc(
       rules->num_rules, sizeof(YR_PROFILING_INFO));
 
-  if (new_scanner->profiling_info == NULL)
+  if (new_scanner->profiling_info == NULL && rules->num_rules > 0)
   {
     yr_scanner_destroy(new_scanner);
     return ERROR_INSUFFICIENT_MEMORY;