Fixed resource issue

2025-03-06 20:47:19 +00:00 · 2021-07-15 13:51:44 +02:00 · 2021-07-15 13:51:44 +02:00 · 5df3bd2d6e
commit 5df3bd2d6e
parent 4b1915f8c8
2 changed files with 28 additions and 13 deletions
--- a/include/retdec/pelib/PeLibAux.h
+++ b/include/retdec/pelib/PeLibAux.h
@ -40,7 +40,8 @@ namespace PeLib
 		ERROR_ENTRY_NOT_FOUND = -7,
 		ERROR_DUPLICATE_ENTRY = -8,
 		ERROR_DIRECTORY_DOES_NOT_EXIST = -9,
-		ERROR_COFF_SYMBOL_TABLE_DOES_NOT_EXIST = -10
+		ERROR_COFF_SYMBOL_TABLE_DOES_NOT_EXIST = -10,
+		ERROR_SKIP_RESOURCE = -11
 	};

 	enum LoaderError
--- a/src/pelib/ResourceDirectory.cpp
+++ b/src/pelib/ResourceDirectory.cpp
@ -636,6 +636,10 @@ namespace PeLib
 			std::uint32_t sizeOfImage,
 			ResourceDirectory* resDir)
 	{
+		//
+		// Any error handling here must be in syn with YARA (Module: pe.c, Function: _pe_iterate_resources)
+		//
+
 		// Enough space to be a valid node?
 		std::uint32_t uiRva = uiRsrcRva + uiOffset;
 		if(uiRva > sizeOfImage)
@ -645,15 +649,19 @@ namespace PeLib
 		if(imageLoader.readImage(&header, uiRva, PELIB_IMAGE_RESOURCE_DIRECTORY::size()) != PELIB_IMAGE_RESOURCE_DIRECTORY::size())
 			return ERROR_INVALID_FILE;

-		// FE015EB24B7EEA2907698A6D7142198644A757066DA4EB8D3A4B63900008CF5E: Invalid root resource directory
-		// We artificially limit the allowed number of resource entries
-		if((header.NumberOfNamedEntries > PELIB_MAX_RESOURCE_ENTRIES) || (header.NumberOfIdEntries > PELIB_MAX_RESOURCE_ENTRIES))
-			return ERROR_INVALID_FILE;
-
-		// More checks for number of entries
+		// FE015EB24B7EEA2907698A6D7142198644A757066DA4EB8D3A4B63900008CF5E
+		//  * Invalid root resource directory
+		// 7dfc75ade04a0deb55dfbf87baff2306e625c5280748856f69f2f43599615249
+		//  * IMAGE_RESOURCE_DIRECTORY::Characteristics != 0
+		//  * IMAGE_RESOURCE_DIRECTORY::NumberOfIdEntries == 0x8000
+		// We artificially limit the allowed number of resource entries.
+		// If exceeded, we don't stop resource parsing, but rather ignore the resource and move on
+		// in order to be in sync with YARA
 		unsigned int uiNumberOfEntries = header.NumberOfNamedEntries + header.NumberOfIdEntries;
-		if(uiNumberOfEntries > PELIB_MAX_RESOURCE_ENTRIES)
-			return ERROR_INVALID_FILE;
+		if((header.NumberOfNamedEntries > PELIB_MAX_RESOURCE_ENTRIES) ||
+		   (header.NumberOfIdEntries > PELIB_MAX_RESOURCE_ENTRIES) ||
+		   (uiNumberOfEntries > PELIB_MAX_RESOURCE_ENTRIES))
+			return ERROR_SKIP_RESOURCE;

 		// Add the total number of entries to the occupied range
 		resDir->addOccupiedAddressRange(uiRva, uiRva + PELIB_IMAGE_RESOURCE_DIRECTORY::size() - 1);
@ -756,12 +764,18 @@ namespace PeLib

 			// Read the child node
 			childError = rc.child->read(imageLoader, uiRsrcRva, rc.entry.irde.OffsetToData & PELIB_IMAGE_RESOURCE_RVA_MASK, sizeOfImage, resDir);
-			if (childError != ERROR_NONE)
+			switch(childError)
 			{
-				return childError;
-			}
+				case ERROR_NONE:             // If the resource was found to be OK, insert it to the list of children
+					children.push_back(rc);
+					break;

-			children.push_back(rc);
+				case ERROR_SKIP_RESOURCE:    // Do not insert invalid resources; do not stop processing either
+					break;
+
+				default:
+					return childError;
+			}
 		}

 		return ERROR_NONE;