From 4a20f5c417ee5b8ac165863fdec4cd4014650912 Mon Sep 17 00:00:00 2001
From: Vincent Thiberville <vthib@pm.me>
Date: Sun, 19 May 2024 22:34:30 +0200
Subject: [PATCH] feat: limit size of version info key and value

Use the same limits as YARA for the strings used in version infos.
---
 boreal/src/module/pe/version_info.rs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/boreal/src/module/pe/version_info.rs b/boreal/src/module/pe/version_info.rs
index 76a06124..e98f0afd 100644
--- a/boreal/src/module/pe/version_info.rs
+++ b/boreal/src/module/pe/version_info.rs
@@ -175,8 +175,8 @@ fn read_string(mem: &[u8], offset: usize, out: &mut Vec<VersionInfo>) -> Option<
     // - convert it back to a String and thus a utf8 slice.
     // But yara simply strips the second byte of every pair (expecting it to always be 0). We could
     // differ here, but for the moment keep this broken behavior
-    let key = unwide(&mem[key_start..key_end]);
-    let value = unwide(&mem[value_start..value_end]);
+    let key = unwide(&mem[key_start..key_end], 63);
+    let value = unwide(&mem[value_start..value_end], 255);
 
     out.push(VersionInfo { key, value });
 
@@ -194,11 +194,11 @@ fn find_wide_nul(mem: &[u8]) -> usize {
     mem.len()
 }
 
-fn unwide(mem: &[u8]) -> Vec<u8> {
+fn unwide(mem: &[u8], max_size: usize) -> Vec<u8> {
     let mut res = Vec::new();
 
     let mut i = 0;
-    while i < mem.len() {
+    while i < mem.len() && res.len() < max_size {
         res.push(mem[i]);
         i += 2;
     }