-
Notifications
You must be signed in to change notification settings - Fork 946
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fileinfo crashes when computing SHA-1 hash of PE digital signature #250
Comments
I looked into this for a bit and here is what I found. 1334 auto digestRanges = getDigestRanges();
1335 for (const auto& range : digestRanges)
1336 {
1337 const std::uint8_t* data = std::get<0>(range);
1338 std::size_t size = std::get<1>(range);
1339
1340 if (!hashCtx.addData(data, size))
1341 return {};
1342 } For the attached file, it reports the following ranges (
The last range is clearly off and should not be there. In more detail, if you subtract This fact and the size of the last range suggests that there is an overflow somewhere inside 1316 // Finish off the data if the last offset didn't end at the end of of all data
1317 if (lastOffset != bytes.size())
1318 result.emplace_back(bytes.data() + lastOffset, bytes.size() - lastOffset); In our case, 1287 std::size_t secDirSize = formatParser->getSecurityDirSize(); The 1293 std::vector<std::pair<...>> offsets = { [..], std::make_pair(secDirOffset, secDirSize) }; The size of the security directory is obtained from 1911 /**
1912 * Returns the size of the current file's security directory.
1913 * @return The size of the Security directory.
1914 **/
1915 template<int x>
1916 dword PeHeaderT<x>::getIddSecuritySize() const
1917 {
1918 return m_inthHeader.dataDirectories[PELIB_IMAGE_DIRECTORY_ENTRY_SECURITY].Size;
1919 }
1920 This function indeed returns
|
…en doing signature verification (#250)
Fixed in 714d69c. |
fileinfo
crashes when computing the SHA-1 hash of a digital signature of the attached PE file.Input
Run
where
FILE
is:Output
Expected output
fileinfo
does not crash during the analysis.Output from valgrind
Notes
This issue may be related to #87, but there are several differences:
verifySignature()
, but in this case, it crashes when verifying the digest by computing the SHA-1 hash.retdec-fileinfo --verbose
is able to parse the certificate table in this case:Configuration
master
)The text was updated successfully, but these errors were encountered: