PR to fix the unintended BufferOverflowError (#12)

* Add binary security checks. * Some Refactors * Use the Function pointer syntax to map errors * Check if we need the libc and handle it gracefully * Update the `readme.md`. * Provide security checks options as cmdline arguments * Remove the `cmdline` module * Fix the smda extractor to read the rest of the bytes present in the buffer if the buffer length exceeds the end of file. * Fix the smda extractor to read the rest of the bytes present in the buffer if the buffer length exceeds the end of file. * Remove the no_libc param from the cli.
marirs · Mar 27, 2024 · f17ea45 · f17ea45
1 parent 6160b5b
commit f17ea45
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 27 deletions.
diff --git a/examples/capa_cli.rs b/examples/capa_cli.rs
@@ -2,8 +2,8 @@ use std::fs;
 use std::time::Instant;
 
 use clap::Parser;
-use prettytable::{color, format::Alignment, Attr, Cell, Row, Table};
-use serde_json::{to_value, Map, Value};
+use prettytable::{Attr, Cell, color, format::Alignment, Row, Table};
+use serde_json::{Map, to_value, Value};
 
 use capa::{BinarySecurityCheckOptions, FileCapabilities};
 
@@ -50,10 +50,6 @@ struct CliOpts {
     /// Use an internal list of checked functions as specified by a specification. Provide the version of the specification. eg 3.2.0
     #[clap(long, value_name = "LIBC_SPEC")]
     libc_spec: Option<String>,
-
-    /// Assume that input files do not use any C runtime libraries.
-    #[clap(long, default_value = "false", value_name = "NO_LIBC")]
-    no_libc: bool,
 }
 
 fn main() {
@@ -66,8 +62,7 @@ fn main() {
     let libc = cli.libc.map(|s| s.into());
     let sysroot = cli.sysroot.map(|s| s.into());
     let libc_spec = cli.libc_spec.map(|s| s.into());
-    let no_libc = cli.no_libc;
-    let security_check_opts = BinarySecurityCheckOptions::new(libc, sysroot, libc_spec, no_libc);
+    let security_check_opts = BinarySecurityCheckOptions::new(libc, sysroot, libc_spec);
 
     let start = Instant::now();
     match FileCapabilities::from_file(

diff --git a/src/extractor/smda.rs b/src/extractor/smda.rs
@@ -1,15 +1,18 @@
 #![allow(dead_code, clippy::to_string_in_format_args)]
+
+use std::collections::HashMap;
+
+use smda::{
+    Disassembler,
+    function::{Function, Instruction},
+    report::DisassemblyReport,
+};
+
 use crate::{
     consts::{FileFormat, Os},
     error::Error,
     Result,
 };
-use smda::{
-    function::{Function, Instruction},
-    report::DisassemblyReport,
-    Disassembler,
-};
-use std::collections::HashMap;
 
 #[derive(Debug, Clone)]
 struct InstructionS {
@@ -1083,10 +1086,10 @@ pub fn read_bytes<'a>(
     let buffer_end = report.buffer.len();
     let end_of_string = rva + num_bytes as u64;
     if end_of_string > buffer_end as u64 {
-        return Err(Error::BufferOverflowError);
+        Ok(&report.buffer[rva as usize..])
+    } else {
+        Ok(&report.buffer[rva as usize..end_of_string as usize])
     }
-
-    Ok(&report.buffer[rva as usize..end_of_string as usize])
 }
 
 pub fn read_string(report: &DisassemblyReport, offset: &u64) -> Result<String> {

diff --git a/src/lib.rs b/src/lib.rs
@@ -2,21 +2,23 @@
 
 extern crate core;
 
-use crate::security::options::status::SecurityCheckStatus;
-use consts::{FileFormat, Os};
 use core::fmt;
-use sede::{from_hex, to_hex};
-use serde::{Deserialize, Serialize};
-use serde_json::{json, Value};
-use smda::FileArchitecture;
 use std::{
     collections::{BTreeMap, BTreeSet, HashMap, HashSet},
     path::PathBuf,
     thread::spawn,
 };
+
+use serde::{Deserialize, Serialize};
+use serde_json::{json, Value};
+use smda::FileArchitecture;
 use yaml_rust::Yaml;
 
+use consts::{FileFormat, Os};
+use sede::{from_hex, to_hex};
+
 pub use crate::error::Error;
+use crate::security::options::status::SecurityCheckStatus;
 
 pub(crate) mod consts;
 mod error;
@@ -151,8 +153,7 @@ impl BinarySecurityCheckOptions {
     pub fn new(
         libc: Option<PathBuf>,
         sysroot: Option<PathBuf>,
-        libc_spec: Option<LibCSpec>,
-        no_libc: bool,
+        libc_spec: Option<LibCSpec>
     ) -> Self {
         //!
         //! Create some options to configure binary security checks.
@@ -164,15 +165,15 @@ impl BinarySecurityCheckOptions {
             libc,
             sysroot,
             libc_spec,
-            no_libc,
+            no_libc: false,
             input_file: PathBuf::new(),
         }
     }
 }
 
 impl Default for BinarySecurityCheckOptions {
     fn default() -> Self {
-        Self::new(None, None, None, false)
+        Self::new(None, None, None)
     }
 }