Skip to content

Lz fix too many imports #917

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jan 25, 2021
Merged

Lz fix too many imports #917

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ebb96e0
Detection of invalid import directory will now be triggered by invali…
Jan 22, 2021
61abe99
Detection of corrupt import directories was made stricter
Jan 22, 2021
4f873a2
Refactored detection if invalid imports
Jan 25, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 35 additions & 1 deletion include/retdec/pelib/ImportDirectory.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -555,6 +555,31 @@ namespace PeLib
m_ordinalMask = (uint64_t)1 << ((pointerSize * 8) - 1);
}

inline bool isBadImportName(const std::string & importName)
{
unsigned char theFirstChar;

// The name must have some characters
if(importName.size() == 0)
return true;

// The first character of the name must not be an invalid ASCII char
theFirstChar = importName[0];
if(theFirstChar <= 0x20 || theFirstChar >= 0x80)
return true;

// Any string that is an array of equal chars is considered invalid.
// Sample: retdec-regression-tests\tools\fileinfo\features\malformed-imports-exports\7CE5BB5CA99B3570514AF03782545D41213A77A0F93D4AAC8269823A8D3A58EF.dat
for(unsigned char oneChar : importName)
{
if(oneChar != theFirstChar)
return false;
}

// If all the characters are equal, we consider this an invalid import directory
return true;
}

/**
* Read an import directory from a file.
* \todo Check if streams failed.
Expand Down Expand Up @@ -624,6 +649,15 @@ namespace PeLib
// Retrieve the library name from the image as ASCIIZ string
imageLoader.readString(iidCurr.name, iidCurr.impdesc.Name, IMPORT_LIBRARY_MAX_LENGTH);

// Sample: 0BBA9D483A5E26932C1BA5904EA8FA2E063E0419C7B8A6342814266E96E1CEA2
// 4 imports all invalid names. We stop parsing the imports at an invalid entry,
// but we won't say that the file is invalid
if (isBadImportName(iidCurr.name))
{
setLoaderError(LDR_ERROR_IMPDIR_NAME_RVA_INVALID);
break;
}

// Ignore too large import directories
// Sample: CCE461B6EB23728BA3B8A97B9BE84C0FB9175DB31B9949E64144198AB3F702CE, # of impdesc 0x6253 (invalid)
// Sample: 395e64e7071d35cb85d8312095aede5166db731aac44920679eee5c7637cc58c, # of impdesc 0x0131 (valid)
Expand Down Expand Up @@ -742,7 +776,7 @@ namespace PeLib
if(uiIndex >= PELIB_MAX_IMPORTED_FUNCTIONS)
{
setLoaderError(LDR_ERROR_IMPDIR_IMPORT_COUNT_EXCEEDED);
break;
return ERROR_INVALID_FILE;
}

// Check samples that have import name out of the image
Expand Down