goblin icon indicating copy to clipboard operation
goblin copied to clipboard
verified publisher icon m4b

Fix fail on malformed certificate table parsing

Open ideeockus opened this issue 1 year ago • 1 comments

Hello!

In some PE files Certificate Table can be malformed / contain invalid data. But if we use ParseOptions::parse_attribute_certificates = true, then whole parsing is failed.

I suggest use default CertificateDirectoryTable in case of error.

ideeockus avatar Jul 29 '24 13:07 ideeockus

So while this is an easy merge, I'm on the fence about whether we should; in general the malformed binary is kind of important to know, and in general, we choose to fail in those cases. However, sometimes we don't, and maybe this is one of those times, but it feels like it's just sort of skipping a malformed thing, and putting a default value in its place, which may be ok, but it also might not be.

So I'd like to understand more about:

  1. why binaries have malformed certificates, is it common
  2. is it not a big deal if they're malformed, e.g., it's safe to just supply a dummy/default/empty version of the table when bad ones are encountered, and continue going on?

thanks for your patience!

m4b avatar Aug 26 '24 07:08 m4b

in general the malformed binary is kind of important to know, and in general, we choose to fail in those cases. However, sometimes we don't, and maybe this is one of those times, but it feels like it's just sort of skipping a malformed thing

OK, that sounds reasonable.

What if we add something like ParseMode::Strict and ParseMode::Permissive to ParseOptions?

ideeockus avatar Oct 27 '24 12:10 ideeockus

@m4b can you review please

I think handling malformations may be related to #401

ideeockus avatar Dec 08 '24 13:12 ideeockus

NOTE: breaking change #434

m4b avatar Jan 05 '25 19:01 m4b