Fix buffer overflow in dotnet module.

Credit to OSS-Fuzz.
VirusTotal · Dec 19, 2018 · 7493247 · 7493247
1 parent a0ef13b
commit 7493247
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/libyara/modules/dotnet.c b/libyara/modules/dotnet.c
@@ -208,9 +208,13 @@ void dotnet_parse_us(
   const uint8_t* offset = pe->data + metadata_root + us_header->Offset;
   const uint8_t* end_of_header = offset + us_header->Size;
 
-  // Make sure end of header is not past end of PE, and the first entry MUST be
-  // a single NULL byte.
-  if (!fits_in_pe(pe, offset, us_header->Size) || *offset != 0x00)
+  // Make sure the header size is larger than 0 and its end is not past the
+  // end of PE.
+  if (us_header->Size == 0 || !fits_in_pe(pe, offset, us_header->Size))
+    return;
+
+  // The first entry MUST be single NULL byte.
+  if (*offset != 0x00)
     return;
 
   offset++;

diff --git a/...s-fuzz/dotnet_fuzzer_corpus/clusterfuzz-testcase-minimized-dotnet_fuzzer-5725060321509376 b/...s-fuzz/dotnet_fuzzer_corpus/clusterfuzz-testcase-minimized-dotnet_fuzzer-5725060321509376