From 0954034dc1ac757cfc125539c41cc2b42525b303 Mon Sep 17 00:00:00 2001 From: Joachim Metz Date: Tue, 27 Apr 2021 06:22:02 +0200 Subject: [PATCH] Fixed HFS BTree key OOB read --- tsk/fs/hfs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tsk/fs/hfs.c b/tsk/fs/hfs.c index 2935fc50e3..d3b92aaad7 100644 --- a/tsk/fs/hfs.c +++ b/tsk/fs/hfs.c @@ -976,7 +976,9 @@ hfs_cat_traverse(HFS_INFO * hfs, rec_off = tsk_getu16(fs->endian, &node[nodesize - (rec + 1) * 2]); - if (rec_off >= nodesize) { + + // Need at least 2 bytes for key_len + if (rec_off >= nodesize - 2) { tsk_error_set_errno(TSK_ERR_FS_GENFS); tsk_error_set_errstr ("hfs_cat_traverse: offset of record %d in leaf node %d too large (%d vs %"