Skip to content

Commit

Permalink
fix: avoid crashes when scanning malformed files
Browse files Browse the repository at this point in the history 
Malformed PE files were making YARA-X crash due to unknown digest algorithms.
  • Loading branch information
@plusvic
plusvic committed Aug 2, 2024
1 parent 1dd3ade commit b82c930
Showing 1 changed file with 21 additions and 4 deletions.
25 changes: 21 additions & 4 deletions lib/src/modules/pe/authenticode.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,9 @@ use x509_parser::certificate::X509Certificate;
use x509_parser::der_parser::num_bigint::BigUint;
use x509_parser::x509::{AlgorithmIdentifier, SubjectPublicKeyInfo, X509Name};

#[cfg(feature = "logging")]
use log::error;

use crate::modules::pe::asn1::{
oid, oid_to_object_identifier, oid_to_str, Attribute, Certificate,
ContentInfo, DigestInfo, SignedData, SignerInfo, SpcIndirectDataContent,
Expand Down Expand Up @@ -749,7 +752,11 @@ fn verify_message_digest(
rfc5912::ID_MD_5 | rfc5912::MD_5_WITH_RSA_ENCRYPTION => {
Md5::digest(message).as_slice() == digest
}
_ => unimplemented!("{:?}", algorithm.oid()),
_ => {
#[cfg(feature = "logging")]
error!("unknown digest algorithm: {:?}", algorithm.oid());
return false;
}
}
}

Expand Down Expand Up @@ -884,8 +891,11 @@ fn verify_signer_info(si: &SignerInfo, certs: &[Certificate<'_>]) -> bool {
attrs_set.write_der(&mut sha512).unwrap();
key.verify_digest::<Sha512>(sha512.finalize(), si.signature)
}

oid => unimplemented!("{:?}", oid),
_ => {
#[cfg(feature = "logging")]
error!("unknown digest algorithm: {:?}", digest_algorithm);
false
}
}
}

Expand Down Expand Up @@ -1143,7 +1153,14 @@ impl PublicKey {
| rfc5912::ECDSA_WITH_SHA_512 => {
self.verify_impl::<Sha512>(message, signature)
}
_ => unimplemented!("{:?}", digest_algorithm.oid()),
_ => {
#[cfg(feature = "logging")]
error!(
"unknown digest algorithm: {:?}",
digest_algorithm.oid()
);
false
}
}
}

Expand Down

0 comments on commit b82c930

Please sign in to comment.