What steps will reproduce the problem?
1. Mount an image of OS X Mountain Lion
2. yara -r customrule.yar /mnt/macpart
3.
What is the expected output? What do you see instead?
No buffer overflow, but I get buffer overflow.
What version of the product are you using? On what operating system?
Using Yara 1.7 on Ubuntu 12.04 LTS
Please provide any additional information below.
I have located the error to a symbolic link that goes into a never ending loop,
thus writes more information than the yara file path buffer can hold.
linlab@linlab-System-Product-Name:/mnt/macpart/System/Library/Java/Support/Deplo
y.bundle/Contents/Resources/JavaPlugin2_NPAPI.plugin/Contents$ ls -l
totalt 4
-rw-r--r-- 1 root root 0 mai 19 14:45 Info.plist
drwxr-xr-x 1 root root 3 mai 19 14:45 MacOS
lrwxr-xr-x 1 root root 18 mai 19 14:45 Resources -> ../../../Resources
-rw-r--r-- 1 root root 0 mai 19 14:45 version.plist
Could be fixed if an option to not follow symbolic links existed. Or if the
filepath is to long, then skip the file... Implement code that checks the
boundaries of the buffer.
Original issue reported on code.google.com by Nordvik....@gmail.com on 15 Jun 2013 at 12:05
Original issue reported on code.google.com by
Nordvik....@gmail.comon 15 Jun 2013 at 12:05Attachments: