Remove ZydisPE #257

athre0z · 2021-10-22T15:03:40Z

The PE parsing code is wildly unsafe and doesn't perform any input validation.
It was originally written as an example on how to use our formatter API for
using custom symbols in disassembly output. However, living in the tools
directory incorrectly suggested to users that it's a safe tool intended for
actual public use.

Following a security report, we decided to just delete it for the time being,
possibly bringing it back later.

We intentionally never defined install rules for it (it's not installed on
make install) and also don't ship it in the packages of any package manager
repository, so the practical security impact should be low.

The PE parsing code is wildly unsafe and doesn't perform any input validation. It was originally written as an example on how to use our formatter API for using custom symbols in disassembly output. However, living in the `tools` directory incorrectly suggested to users that it's a safe tool intended for actual public use. Following a security report, we decided to just delete it for the time being, possibly bringing it back later. We intentionally never defined install rules for it (it's not installed on `make install`) and also don't ship it in the packages of any package manager repository, so the practical security impact should be low.

athre0z added C-cleanup Category: Cleanup of code and refactoring work P-high Priority: High A-utils Area: Utilities (tools, examples, fuzzing) labels Oct 22, 2021

athre0z requested a review from flobernd October 22, 2021 15:03

flobernd approved these changes Oct 22, 2021

View reviewed changes

athre0z merged commit 869dfb4 into master Oct 22, 2021

athre0z deleted the joel/remove-zydispe branch October 22, 2021 15:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Remove ZydisPE #257

Remove ZydisPE #257

athre0z commented Oct 22, 2021

Remove ZydisPE #257

Remove ZydisPE #257

Conversation

athre0z commented Oct 22, 2021