Lz fix too many imports (#917)

* Detection of invalid import directory will now be triggered by invalid import names * Detection of corrupt import directories was made stricter * Refactored detection if invalid imports Co-authored-by: Ladislav Zezula <[email protected]>
avast · Jan 25, 2021 · 60c94e5 · 60c94e5
1 parent 57bd397
commit 60c94e5
Showing 1 changed file with 33 additions and 1 deletion.
diff --git a/include/retdec/pelib/ImportDirectory.h b/include/retdec/pelib/ImportDirectory.h
@@ -555,6 +555,29 @@ namespace PeLib
 		m_ordinalMask = (uint64_t)1 << ((pointerSize * 8) - 1);
 	}
 
+	inline bool isBadImportName(const std::string & importName)
+	{
+		// The name be of nonzero length
+		if(importName.size() == 0)
+			return true;
+
+		// We don't accept space as the first character, but we accept space in the middle
+		// retdec-regression-tests\tools\fileinfo\bugs\issue-460-hash-from-empty-string\000b1f22029c979c27c7310712cae66b8ade37378023487277ad7c86d59a34f6 
+		if(importName[0] <= 0x20)
+			return true;
+
+		// All characters of the name must be a valid (printable) ASCII char
+		// Sample: retdec-regression-tests\tools\fileinfo\features\malformed-imports-exports\7CE5BB5CA99B3570514AF03782545D41213A77A0F93D4AAC8269823A8D3A58EF.dat 
+		for(unsigned char singleChar : importName)
+		{
+			if(singleChar < 0x20 || singleChar >= 0x7f)
+				return true;
+		}
+
+		// We didn't find any reason to consider this import invalid
+		return false;
+	}
+
 	/**
 	* Read an import directory from a file.
 	* \todo Check if streams failed.
@@ -624,6 +647,15 @@ namespace PeLib
 			// Retrieve the library name from the image as ASCIIZ string
 			imageLoader.readString(iidCurr.name, iidCurr.impdesc.Name, IMPORT_LIBRARY_MAX_LENGTH);
 
+			// Sample: 0BBA9D483A5E26932C1BA5904EA8FA2E063E0419C7B8A6342814266E96E1CEA2
+			// 4 imports all invalid names. We stop parsing the imports at an invalid entry,
+			// but we won't say that the file is invalid
+			if (isBadImportName(iidCurr.name))
+			{
+				setLoaderError(LDR_ERROR_IMPDIR_NAME_RVA_INVALID);
+				break;
+			}
+
 			// Ignore too large import directories
 			// Sample: CCE461B6EB23728BA3B8A97B9BE84C0FB9175DB31B9949E64144198AB3F702CE, # of impdesc 0x6253 (invalid)
 			// Sample: 395e64e7071d35cb85d8312095aede5166db731aac44920679eee5c7637cc58c, # of impdesc 0x0131 (valid)
@@ -742,7 +774,7 @@ namespace PeLib
 				if(uiIndex >= PELIB_MAX_IMPORTED_FUNCTIONS)
 				{
 					setLoaderError(LDR_ERROR_IMPDIR_IMPORT_COUNT_EXCEEDED);
-					break;
+					return ERROR_INVALID_FILE;
 				}
 
 				// Check samples that have import name out of the image