variable in range using the offset of another variable as last parameter in range will hit even if the second variable does not exists

odin1314 / yara-project

Automatically exported from code.google.com/p/yara-project

Apache License 2.0

0 stars 0 forks source link

variable in range using the offset of another variable as last parameter in range will hit even if the second variable does not exists #77

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

I have noticed that when a offset of variable ie. @variable[1] is used with the 
range (in) like this: $variable2 in (0..@variable[1])

rule test_range : test {
strings:
$a = "Yara rulez!"
$b = "TOFIND"
condition:
$b and $b in (0..@a[1])
}

a Text file like this:
<BEGIN>
sdfsf
TOFIND
sdfsf
<END>

The rule "test_range" will hit even if the string $a
doesn't exist in the file.

Original issue reported on code.google.com by golgotr...@gmail.com on 18 Mar 2013 at 2:47

GoogleCodeExporter commented 9 years ago

Fixed in r165

Original comment by plus...@gmail.com on 22 Mar 2013 at 1:35

Changed state: Fixed