VirusTotal / yara

The pattern matching swiss knife
https://virustotal.github.io/yara/
BSD 3-Clause "New" or "Revised" License
8.26k stars 1.44k forks source link

Fix out-of-memory issue in "dotnet" module. #1875

Closed plusvic closed 1 year ago

plusvic commented 1 year ago

The "dotnet" module was causing OOM errors when scanning file d4bdf9ce870cef7650b0e9990ada30b9c62a4df3085792ac74c3cba08484b0e4.

The primary issue was that the value for param_count was not being validated, and had a very large value. As a result, the module entered a for loop which called sstr_appendf(ss, ", ") on every iteration. Besides aborting when param_count is larger than MAX_PARAM_COUNT. The for loop has been modified so that it doesn't call sstr_appendf when param_type is NULL.