Browse code
cid 12197 & 12168 - tighten restrictions and checks for valid ranges
Kevin Lin authored on 2015/08/18 05:07:59Showing 1 changed files
| ... | ... |
@@ -3358,7 +3358,10 @@ static int yara_altstr_verify(const char *hexstr, int lvl, const char **end) |
| 3358 | 3358 |
cli_warnmsg("load_oneyara[verify]: string has unsupported alternating sequence (variable ranged wildcard)\n");
|
| 3359 | 3359 |
return CL_EMALFDB; |
| 3360 | 3360 |
case '}': |
| 3361 |
- sscanf(track, "{%d}", &range);
|
|
| 3361 |
+ if (sscanf(track, "{%3d}", &range) != 1) {
|
|
| 3362 |
+ cli_warnmsg("load_oneyara[verify]: string has unsupported alternating sequence (invalid wildcard)\n");
|
|
| 3363 |
+ return CL_EMALFDB; |
|
| 3364 |
+ } |
|
| 3362 | 3365 |
if (range >= 128) {
|
| 3363 | 3366 |
cli_warnmsg("load_oneyara[verify]: string has unsupported alternating sequence (128+ ranged wildcard)\n");
|
| 3364 | 3367 |
return CL_EMALFDB; |