fix AuthentiHash() out of bound access

Author: ayoubfaouzi

security.go

@@ -16,7 +16,6 @@ import (
 	"fmt"
 	"hash"
 	"io"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -72,7 +71,7 @@ type Certificate struct {
 	Header           WinCertificate      `json:"header"`
 	Content          pkcs7.PKCS7         `json:"-"`
 	SignatureContent AuthenticodeContent `json:"-"`
-	SignatureValid   bool                `json:"-"`
+	SignatureValid   bool                `json:"signature_valid"`
 	Raw              []byte              `json:"-"`
 	Info             CertInfo            `json:"info"`
 	Verified         bool                `json:"verified"`
@@ -245,7 +244,11 @@ func (pe *File) parseLocations() (map[string]*RelRange, error) {
 //   - The location of the entry of the Certificate Table in the Data Directory
 //   - The location of the Certificate Table.
 func (pe *File) Authentihash() []byte {
-	return pe.AuthentihashExt(crypto.SHA256.New())[0]
+	results := pe.AuthentihashExt(crypto.SHA256.New())
+	if len(results) > 0 {
+		return results[0]
+	}
+	return nil
 }
 
 // AuthentihashExt generates pe image file hashes using the given hashers.
@@ -494,7 +497,7 @@ func loadSystemRoots() (*x509.CertPool, error) {
 		}
 	}
 
-	files, err := ioutil.ReadDir(dir)
+	files, err := os.ReadDir(dir)
 	if err != nil {
 		return roots, err
 	}
@@ -504,7 +507,7 @@ func loadSystemRoots() (*x509.CertPool, error) {
 			continue
 		}
 		certPath := filepath.Join(dir, f.Name())
-		certData, err := ioutil.ReadFile(certPath)
+		certData, err := os.ReadFile(certPath)
 		if err != nil {
 			return roots, err
 		}

security_test.go

@@ -170,6 +170,8 @@ func TestAuthentihash(t *testing.T) {
 			"595e4eb556587a1363ff297df9f354a377963ecac0bed19230992b9601426aae"},
 		{getAbsoluteFilePath("test/mfc40u.dll"),
 			"5c8acdf9b2c7854c6b8e22e973d2fbae9c68fc22513d24c68c8e8010b1663e67"},
+		{getAbsoluteFilePath("test/000057fd78f66e64e15f5070364c824a8923b6216bd8bcf6368857fb9674c483"),
+			""},
 	}
 
 	for _, tt := range tests {