Skip to content
Permalink
Browse files

Handle divisions by zero

  • Loading branch information
plusvic committed Jun 30, 2015
1 parent c666ae1 commit 6fff18a475cf021b273156342ef43482a7f7f7f6
Showing with 35 additions and 6 deletions.
  1. +6 −0 libyara/compiler.c
  2. +8 −2 libyara/exec.c
  3. +20 −4 libyara/grammar.y
  4. +1 −0 libyara/include/yara/error.h
@@ -871,6 +871,12 @@ YR_API char* yr_compiler_get_error_message(
buffer_size,
"internal fatal error");
break;
case ERROR_DIVISION_BY_ZERO:
snprintf(
buffer,
buffer_size,
"division by zero");
break;
}

return buffer;
@@ -340,7 +340,10 @@ int yr_execute_code(
pop(r1);
ensure_defined(r2);
ensure_defined(r1);
r1.i = r1.i % r2.i;
if (r2.i != 0)
r1.i = r1.i % r2.i;
else
r1.i = UNDEFINED;
push(r1);
break;

@@ -923,7 +926,10 @@ int yr_execute_code(
pop(r1);
ensure_defined(r2);
ensure_defined(r1);
r1.i = r1.i / r2.i;
if (r2.i != 0)
r1.i = r1.i / r2.i;
else
r1.i = UNDEFINED;
push(r1);
break;

@@ -1795,8 +1795,16 @@ primary_expression
if ($1.type == EXPRESSION_TYPE_INTEGER &&
$3.type == EXPRESSION_TYPE_INTEGER)
{
$$.value.integer = OPERATION(/, $1.value.integer, $3.value.integer);
$$.type = EXPRESSION_TYPE_INTEGER;
if ($3.value.integer != 0)
{
$$.value.integer = OPERATION(/, $1.value.integer, $3.value.integer);
$$.type = EXPRESSION_TYPE_INTEGER;
}
else
{
compiler->last_result = ERROR_DIVISION_BY_ZERO;
ERROR_IF(compiler->last_result != ERROR_SUCCESS);
}
}
else
{
@@ -1810,8 +1818,16 @@ primary_expression

yr_parser_emit(yyscanner, OP_MOD, NULL);

$$.type = EXPRESSION_TYPE_INTEGER;
$$.value.integer = OPERATION(%, $1.value.integer, $3.value.integer);
if ($3.value.integer != 0)
{
$$.value.integer = OPERATION(%, $1.value.integer, $3.value.integer);
$$.type = EXPRESSION_TYPE_INTEGER;
}
else
{
compiler->last_result = ERROR_DIVISION_BY_ZERO;
ERROR_IF(compiler->last_result != ERROR_SUCCESS);
}
}
| primary_expression '^' primary_expression
{
@@ -65,6 +65,7 @@ limitations under the License.
#define ERROR_WRONG_RETURN_TYPE 41
#define ERROR_DUPLICATED_STRUCTURE_MEMBER 42
#define ERROR_EMPTY_STRING 43
#define ERROR_DIVISION_BY_ZERO 44


#define FAIL_ON_ERROR(x) { \

4 comments on commit 6fff18a

@SegfaultMasters

This comment has been minimized.

Copy link

@SegfaultMasters SegfaultMasters replied Aug 21, 2018

Is there any CVE assigned to this issue?

@plusvic

This comment has been minimized.

Copy link
Owner Author

@plusvic plusvic replied Aug 22, 2018

No, AFAIK.

@SegfaultMasters

This comment has been minimized.

Copy link

@SegfaultMasters SegfaultMasters replied Aug 22, 2018

Most of the times division by zero leads to app crash which can be considered as a Denial of Service.
But in this case, I am not sure how it is exploitable. Do you think of any security aspect in here?

@plusvic

This comment has been minimized.

Copy link
Owner Author

@plusvic plusvic replied Aug 22, 2018

Well, that bug was fixed long ago. So, I'm not sure if it makes sense to open a CVE for this issue now.

Please sign in to comment.
You can’t perform that action at this time.