From b82c9308b87e032da2103d744ef526fb3702bc64 Mon Sep 17 00:00:00 2001
From: "Victor M. Alvarez" <vmalvarez@virustotal.com>
Date: Fri, 2 Aug 2024 17:43:20 +0200
Subject: [PATCH] fix: avoid crashes when scanning malformed files

Malformed PE files were making YARA-X crash due to unknown digest algorithms.
---
 lib/src/modules/pe/authenticode.rs | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/lib/src/modules/pe/authenticode.rs b/lib/src/modules/pe/authenticode.rs
index 66966e9cd..e848b915c 100644
--- a/lib/src/modules/pe/authenticode.rs
+++ b/lib/src/modules/pe/authenticode.rs
@@ -22,6 +22,9 @@ use x509_parser::certificate::X509Certificate;
 use x509_parser::der_parser::num_bigint::BigUint;
 use x509_parser::x509::{AlgorithmIdentifier, SubjectPublicKeyInfo, X509Name};
 
+#[cfg(feature = "logging")]
+use log::error;
+
 use crate::modules::pe::asn1::{
     oid, oid_to_object_identifier, oid_to_str, Attribute, Certificate,
     ContentInfo, DigestInfo, SignedData, SignerInfo, SpcIndirectDataContent,
@@ -749,7 +752,11 @@ fn verify_message_digest(
         rfc5912::ID_MD_5 | rfc5912::MD_5_WITH_RSA_ENCRYPTION => {
             Md5::digest(message).as_slice() == digest
         }
-        _ => unimplemented!("{:?}", algorithm.oid()),
+        _ => {
+            #[cfg(feature = "logging")]
+            error!("unknown digest algorithm: {:?}", algorithm.oid());
+            return false;
+        }
     }
 }
 
@@ -884,8 +891,11 @@ fn verify_signer_info(si: &SignerInfo, certs: &[Certificate<'_>]) -> bool {
             attrs_set.write_der(&mut sha512).unwrap();
             key.verify_digest::<Sha512>(sha512.finalize(), si.signature)
         }
-
-        oid => unimplemented!("{:?}", oid),
+        _ => {
+            #[cfg(feature = "logging")]
+            error!("unknown digest algorithm: {:?}", digest_algorithm);
+            false
+        }
     }
 }
 
@@ -1143,7 +1153,14 @@ impl PublicKey {
             | rfc5912::ECDSA_WITH_SHA_512 => {
                 self.verify_impl::<Sha512>(message, signature)
             }
-            _ => unimplemented!("{:?}", digest_algorithm.oid()),
+            _ => {
+                #[cfg(feature = "logging")]
+                error!(
+                    "unknown digest algorithm: {:?}",
+                    digest_algorithm.oid()
+                );
+                false
+            }
         }
     }