Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

`lief.PE.parse' function throws an out-of-range exception #1046

Closed
yuki-mogi-ffri opened this issue Apr 23, 2024 · 0 comments · Fixed by #1047
Closed

`lief.PE.parse' function throws an out-of-range exception #1046

yuki-mogi-ffri opened this issue Apr 23, 2024 · 0 comments · Fixed by #1047
Assignees
@romainthomas

Comments

@yuki-mogi-ffri
Copy link
Contributor

yuki-mogi-ffri commented Apr 23, 2024
edited

test.zip
Describe the bug
The `lief.PE.parse' function throws an out-of-range exception for some signature-corrupted PE binaries.

To Reproduce

  1. Build LIEF and the pe_reader example.
  2. Run pe_reader for the (unzipped) attached sample.
  3. You will then see the following output and the exception will be thrown:
PE Reader
padding: 0
Checksum               : 0x00f823
OptionalHeader.checksum: 0x011f4c
DOS stub: @0x40:0xc0
Parsing rich header
Offset to rich header: 0xa0
XOR key: 0xed389f2d
ID:           0x0102
Build Number: 0x6c36
Count:        0x1
ID:           0x00ff
Build Number: 0x6c36
Count:        0x1
ID:           0x0109
Build Number: 0x6c36
Count:        0x1
ID:           0x0001
Build Number: 0x0000
Count:        0x65
ID:           0x0101
Build Number: 0x6665
Count:        0x2
ID:           0x0101
Build Number: 0x6b81
Count:        0x5
ID:           0x0103
Build Number: 0x6b81
Count:        0x2
ID:           0x0104
Build Number: 0x6b81
Count:        0x10
ID:           0x0105
Build Number: 0x6b81
Count:        0x17
ID:           0x0093
Build Number: 0x7809
Count:        0x10
Parsing sections
Number of sections that could be added: #5
Processing Import Table
Parsing signature
Signature Offset: 0x3000
Signature Size:   0x1c18
Signature 32r0x1 (0x20 bytes)
terminate called after throwing an instance of 'std::out_of_range'
  what():  basic_string::substr: __pos (which is 3) > this->size() (which is 0)
Aborted

Expected behavior
pe_reader does not throw the std::out_of_range exception.

Environment (please complete the following information):
System and Version : Ubuntu 22.04 on WSL2 on Windows 10
Target format: PE (AMD64)
LIEF commit version: 0.15.0-573c885d

Additional context
The cause seems to be that the substr function in the std::string ASN1Reader::tag2str function does not take into account the case where the string may be an empty string.
So I suggest adding a string length check before executing substr.

I will make the pull request to fix this.

The attached sample is not a malware, but was created (by me) with reference to the structure of the following sample:
https://www.virustotal.com/gui/file/c90b935c9ee9f0ef186fd170055ae6ad32a2350d24f3d7c766b41066fe2d6cba

NOTICE

If the issue does not contain enough information to be reproduced,
it will be flagged as incomplete
and closed.

/NOTICE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@romainthomas romainthomas

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix ASN1Reader::tag2str FFRI/LIEF
2 participants
@romainthomas @yuki-mogi-ffri