Apply stricter sanity checks while parsing PE resources.

plusvic · plusvic · commit c009195c1e08 · 2024-03-08T12:28:57.000+01:00
Corrupted file `c10a733e4899dbd03d537d7832efa71016f618e9fd1bffa35b8265df359a91f8` was producing tons of invalid resource entries.
diff --git a/libyara/modules/pe/pe.c b/libyara/modules/pe/pe.c
@@ -451,11 +451,12 @@ static int _pe_iterate_resources(
 
   entry = (PIMAGE_RESOURCE_DIRECTORY_ENTRY) (resource_dir + 1);
 
+  if (!fits_in_pe(
+          pe, entry, total_entries * sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY)))
+    return result;
+
   for (i = 0; i < total_entries; i++)
   {
-    if (!struct_fits_in_pe(pe, entry, IMAGE_RESOURCE_DIRECTORY_ENTRY))
-      break;
-
     switch (rsrc_tree_level)
     {
     case 0:

Original file line number	Diff line number	Diff line change
`@@ -451,11 +451,12 @@ static int _pe_iterate_resources(`
`451`	`451`
`452`	`452`	`entry = (PIMAGE_RESOURCE_DIRECTORY_ENTRY) (resource_dir + 1);`
`453`	`453`
	`454`	`+ if (!fits_in_pe(`
	`455`	`+ pe, entry, total_entries * sizeof(IMAGE_RESOURCE_DIRECTORY_ENTRY)))`
	`456`	`+ return result;`
	`457`	`+`
`454`	`458`	`for (i = 0; i < total_entries; i++)`
`455`	`459`	`{`
`456`		`- if (!struct_fits_in_pe(pe, entry, IMAGE_RESOURCE_DIRECTORY_ENTRY))`
`457`		`- break;`
`458`		`-`
`459`	`460`	`switch (rsrc_tree_level)`
`460`	`461`	`{`
`461`	`462`	`case 0:`