From 93ad730eed6a80079146264a7a1f1b5a70d31351 Mon Sep 17 00:00:00 2001 From: "Victor M. Alvarez" Date: Wed, 19 Jun 2024 11:12:53 +0200 Subject: [PATCH 1/3] Replace all instances of `MAX_PATH` with `YR_MAX_PATH`. --- cli/yara.c | 12 ++++-------- cli/yarac.c | 4 ---- libyara/include/yara/compiler.h | 9 +++++---- libyara/include/yara/limits.h | 7 +++---- libyara/modules/pe/pe.c | 4 ++-- libyara/proc/linux.c | 4 ++-- 6 files changed, 16 insertions(+), 24 deletions(-) diff --git a/cli/yara.c b/cli/yara.c index 032757f994..34e88eda6e 100644 --- a/cli/yara.c +++ b/cli/yara.c @@ -63,10 +63,6 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #define ERROR_COULD_NOT_CREATE_THREAD 100 -#ifndef MAX_PATH -#define MAX_PATH 256 -#endif - #ifndef min #define min(x, y) ((x < y) ? (x) : (y)) #endif @@ -491,9 +487,9 @@ static bool is_directory(const char_t* path) static int scan_dir(const char_t* dir, SCAN_OPTIONS* scan_opts) { int result = ERROR_SUCCESS; - char_t path[MAX_PATH]; + char_t path[YR_MAX_PATH]; - _sntprintf(path, MAX_PATH, _T("%s\\*"), dir); + _sntprintf(path, YR_MAX_PATH, _T("%s\\*"), dir); WIN32_FIND_DATA FindFileData; HANDLE hFind = FindFirstFile(path, &FindFileData); @@ -502,7 +498,7 @@ static int scan_dir(const char_t* dir, SCAN_OPTIONS* scan_opts) { do { - _sntprintf(path, MAX_PATH, _T("%s\\%s"), dir, FindFileData.cFileName); + _sntprintf(path, YR_MAX_PATH, _T("%s\\%s"), dir, FindFileData.cFileName); if (!(FindFileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)) { @@ -673,7 +669,7 @@ static int scan_dir(const char* dir, SCAN_OPTIONS* scan_opts) while (de && result != ERROR_SCAN_TIMEOUT) { - char full_path[MAX_PATH]; + char full_path[YR_MAX_PATH]; struct stat st; snprintf(full_path, sizeof(full_path), "%s/%s", dir, de->d_name); diff --git a/cli/yarac.c b/cli/yarac.c index c8ecaad323..6903b6ec6e 100644 --- a/cli/yarac.c +++ b/cli/yarac.c @@ -49,10 +49,6 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include "args.h" #include "common.h" -#ifndef MAX_PATH -#define MAX_PATH 256 -#endif - #define MAX_ARGS_EXT_VAR 32 #define exit_with_code(code) \ diff --git a/libyara/include/yara/compiler.h b/libyara/include/yara/compiler.h index a2f5f50796..43c726f62d 100644 --- a/libyara/include/yara/compiler.h +++ b/libyara/include/yara/compiler.h @@ -93,9 +93,10 @@ typedef struct _YR_EXPRESSION YR_ARENA_REF sized_string_ref; } value; - // Boolean expressions can hold a string count. If not empty, this indicates that the condition - // can only be fulfilled if at least so many strings match. - struct { + // Boolean expressions can hold a string count. If not empty, this indicates + // that the condition can only be fulfilled if at least so many strings match. + struct + { int count; } required_strings; @@ -288,7 +289,7 @@ typedef struct _YR_COMPILER char* lex_buf_ptr; unsigned short lex_buf_len; - char include_base_dir[MAX_PATH]; + char include_base_dir[YR_MAX_PATH]; void* user_data; void* incl_clbk_user_data; void* re_ast_clbk_user_data; diff --git a/libyara/include/yara/limits.h b/libyara/include/yara/limits.h index 7ef95495da..1e2c78236b 100644 --- a/libyara/include/yara/limits.h +++ b/libyara/include/yara/limits.h @@ -36,10 +36,9 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include "utils.h" -// Maximum length of file paths. This is the only limit that doesn't have the -// YR_ prefix. The intention is using the default MAX_PATH if defined. -#ifndef MAX_PATH -#define MAX_PATH 1024 +// Maximum length of file paths. +#ifndef YR_MAX_PATH +#define YR_MAX_PATH 4096 #endif // Maximum number of threads that can use a YR_RULES structure simultaneously. diff --git a/libyara/modules/pe/pe.c b/libyara/modules/pe/pe.c index 3540a92f4e..cb7d1010e1 100644 --- a/libyara/modules/pe/pe.c +++ b/libyara/modules/pe/pe.c @@ -366,9 +366,9 @@ static void pe_parse_debug_directory(PE* pe) if (pdb_path != NULL) { pdb_path_len = strnlen( - pdb_path, yr_min(available_space(pe, pdb_path), MAX_PATH)); + pdb_path, yr_min(available_space(pe, pdb_path), YR_MAX_PATH)); - if (pdb_path_len >= 0 && pdb_path_len < MAX_PATH) + if (pdb_path_len >= 0 && pdb_path_len < YR_PATH_MAX) { yr_set_sized_string(pdb_path, pdb_path_len, pe->object, "pdb_path"); break; diff --git a/libyara/proc/linux.c b/libyara/proc/linux.c index 9947d02001..37f18ddd5e 100644 --- a/libyara/proc/linux.c +++ b/libyara/proc/linux.c @@ -57,7 +57,7 @@ typedef struct _YR_PROC_INFO uint64_t map_offset; uint64_t next_block_end; int page_size; - char map_path[PATH_MAX]; + char map_path[YR_MAX_PATH]; uint64_t map_dmaj; uint64_t map_dmin; uint64_t map_ino; @@ -327,7 +327,7 @@ YR_API YR_MEMORY_BLOCK* yr_process_get_next_memory_block( YR_PROC_ITERATOR_CTX* context = (YR_PROC_ITERATOR_CTX*) iterator->context; YR_PROC_INFO* proc_info = (YR_PROC_INFO*) context->proc_info; - char buffer[PATH_MAX]; + char buffer[YR_MAX_PATH]; char perm[5]; uint64_t begin, end; From 2cd11a49b14d4ec23494418cdaae85885bb250be Mon Sep 17 00:00:00 2001 From: "Victor M. Alvarez" Date: Wed, 19 Jun 2024 11:17:30 +0200 Subject: [PATCH 2/3] Add missing include. --- libyara/modules/pe/pe.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libyara/modules/pe/pe.c b/libyara/modules/pe/pe.c index cb7d1010e1..51f937660f 100644 --- a/libyara/modules/pe/pe.c +++ b/libyara/modules/pe/pe.c @@ -39,6 +39,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include #include +#include #include #include #include From eec5d27f8c3fced0d6ef1c9bade48a1a1549c754 Mon Sep 17 00:00:00 2001 From: "Victor M. Alvarez" Date: Wed, 19 Jun 2024 11:22:21 +0200 Subject: [PATCH 3/3] Fix wrong identifier --- libyara/modules/pe/pe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libyara/modules/pe/pe.c b/libyara/modules/pe/pe.c index 51f937660f..4d6998e446 100644 --- a/libyara/modules/pe/pe.c +++ b/libyara/modules/pe/pe.c @@ -369,7 +369,7 @@ static void pe_parse_debug_directory(PE* pe) pdb_path_len = strnlen( pdb_path, yr_min(available_space(pe, pdb_path), YR_MAX_PATH)); - if (pdb_path_len >= 0 && pdb_path_len < YR_PATH_MAX) + if (pdb_path_len >= 0 && pdb_path_len < YR_MAX_PATH) { yr_set_sized_string(pdb_path, pdb_path_len, pe->object, "pdb_path"); break;