From 85019629199060dcc0992e10505914b1420760a7 Mon Sep 17 00:00:00 2001
From: "Victor M. Alvarez" <vmalvarez@virustotal.com>
Date: Mon, 6 May 2024 10:46:46 +0200
Subject: [PATCH] Ignore Authenticode signatures that are somehow corrupt.

---
 libyara/modules/pe/pe.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/libyara/modules/pe/pe.c b/libyara/modules/pe/pe.c
index dbbc12be84..9511787721 100644
--- a/libyara/modules/pe/pe.c
+++ b/libyara/modules/pe/pe.c
@@ -1758,6 +1758,22 @@ void _process_authenticode(
   for (size_t i = 0; i < auth_array->count; ++i)
   {
     const Authenticode* authenticode = auth_array->signatures[i];
+
+    if (authenticode->verify_flags & AUTHENTICODE_VFY_CANT_PARSE)
+      continue;
+
+    if (authenticode->verify_flags & AUTHENTICODE_VFY_WRONG_PKCS7_TYPE)
+      continue;
+
+    if (authenticode->verify_flags & AUTHENTICODE_VFY_NO_SIGNER_INFO)
+      continue;
+
+    if (authenticode->verify_flags & AUTHENTICODE_VFY_NO_SIGNER_CERT)
+      continue;
+
+    if (authenticode->verify_flags & AUTHENTICODE_VFY_INTERNAL_ERROR)
+      continue;
+
     bool verified = authenticode->verify_flags == AUTHENTICODE_VFY_VALID;
 
     /* If any signature is valid -> file is correctly signed */