Fixed potential bug in smart signature parser.

65ea6d1d · devttys0 · 4102d1f0 · 65ea6d1d · 65ea6d1d · 65ea6d1d
Commit 65ea6d1d authored Dec 21, 2013 by devttys0
Show whitespace changes
Inline Side-by-side

Showing with 16 additions and 7 deletions

smart.py src/binwalk/core/smart.py +12 -2

heuristics.py src/binwalk/modules/heuristics.py +2 -4

signature.py src/binwalk/modules/signature.py +2 -1

No files found.
--- a/src/binwalk/core/smart.py
+++ b/src/binwalk/core/smart.py
@@ -76,13 +76,13 @@ class SmartSignature:
 		# If smart signatures are disabled, or the result data is not valid (i.e., potentially malicious), 
 		# don't parse anything, just return the raw data as the description.
-		if self.ignore_smart_signatures or not self._is_valid(data):
+		if self.ignore_smart_signatures:
 			results['description'] = data
 		else:
 			# Calculate and replace special keywords/values
-			data = self._replace_maths(data)
 			data = self._parse_raw_strings(data)
 			data = self._parse_string_len(data)
+			data = self._replace_maths(data)
 			# Parse the offset-adjust value. This is used to adjust the reported offset at which 
 			# a signature was located due to the fact that MagicParser.match expects all signatures
@@ -152,6 +152,15 @@ class SmartSignature:
 					return False
 		return True
+	def _safe_string(self, data):
+		'''
+		Strips out quoted data (i.e., data taken directly from a file).
+		'''
+		quoted_string = get_quoted_strings(data)
+		if quoted_string:
+			data = data.replace(quoted_string, "")
+		return data
 	def _one_of_many(self, data):
 		'''
 		Determines if a given data string is one result of many.
@@ -184,6 +193,7 @@ class SmartSignature:
 		Returns a blank string on failure.
 		'''
 		arg = ''
+		data = self._safe_string(data)
 		if has_key(self.KEYWORDS, keyword) and self.KEYWORDS[keyword] in data:
 			arg = data.split(self.KEYWORDS[keyword])[1].split(self.KEYWORD_DELIM_END)[0]

--- a/src/binwalk/modules/heuristics.py
+++ b/src/binwalk/modules/heuristics.py
@@ -64,7 +64,7 @@ class ChiSquare(object):
 		return self.xc2
-class EntropicBlock(object):
+class EntropyBlock(object):
 	def __init__(self, **kwargs):
 		self.start = None
@@ -95,8 +95,6 @@ class HeuristicCompressionAnalyzer(Module):
 					   kwargs={'enabled' : True, 'do_plot' : False, 'display_results' : False, 'block_size' : ENTROPY_BLOCK_SIZE}),
 	]
-	{'config' : 'Configuration', 'entropy' : 'Entropy'}
 	CLI = [
 			Option(short='H',
 				   long='heuristic',
@@ -129,7 +127,7 @@ class HeuristicCompressionAnalyzer(Module):
 				self.blocks[result.file.name] = []
 			if result.entropy >= self.trigger_level and (not self.blocks[result.file.name] or self.blocks[result.file.name][-1].end is not None):
-				self.blocks[result.file.name].append(EntropicBlock(start=result.offset + self.BLOCK_OFFSET))
+				self.blocks[result.file.name].append(EntropyBlock(start=result.offset + self.BLOCK_OFFSET))
 			elif result.entropy < self.trigger_level and self.blocks[result.file.name] and self.blocks[result.file.name][-1].end is None:
 				self.blocks[result.file.name][-1].end = result.offset - self.BLOCK_OFFSET

--- a/src/binwalk/modules/signature.py
+++ b/src/binwalk/modules/signature.py
@@ -116,10 +116,11 @@ class Signature(Module):
 				# Pass the data to libmagic, and split out multiple results into a list
 				magic_result = self.magic.buffer(candidate_data)
-				if self.config.filter.valid_result(magic_result):
 				# The smart filter parser returns a binwalk.core.module.Result object
 				r = self.smart.parse(magic_result)
+				if self.config.filter.valid_result(r.description):
 					# Set the absolute offset inside the target file
 					r.offset = block_start + candidate_offset + r.adjust