From beb68f543261a28ee25b945bb79d39213decd2cd Mon Sep 17 00:00:00 2001
From: Joachim Metz <joachim.metz@gmail.com>
Date: Fri, 18 Jun 2021 16:34:18 +0200
Subject: [PATCH] Fixed OOB reads in hfs_dir_open_meta_cb

---
 tsk/fs/hfs_dent.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tsk/fs/hfs_dent.c b/tsk/fs/hfs_dent.c
index b88627e53..54460f14b 100644
--- a/tsk/fs/hfs_dent.c
+++ b/tsk/fs/hfs_dent.c
@@ -295,6 +295,11 @@ hfs_dir_open_meta_cb(HFS_INFO * hfs, int8_t level_type,
 
         /* This is a normal file in the folder */
         else if (rec_type == HFS_FILE_RECORD) {
+            if ((nodesize < sizeof(hfs_file)) || (rec_off2 >= nodesize - sizeof(hfs_file))) {
+                tsk_error_set_errno(TSK_ERR_FS_GENFS);
+                tsk_error_set_errstr("hfs_dir_open_meta: nodesize value out of bounds");
+                return HFS_BTREE_CB_ERR;
+            }
             hfs_file *file = (hfs_file *) & rec_buf[rec_off2];
             // This could be a hard link.  We need to test this CNID, and follow it if necessary.
             unsigned char is_err;
-- 
2.33.0