48 lines
1.6 KiB
Diff
48 lines
1.6 KiB
Diff
From f7a20cf162a02a4ce5301eb6b27bbc53fd5998b5 Mon Sep 17 00:00:00 2001
|
|
From: Brian Carrier <carrier@sleuthkit.org>
|
|
Date: Wed, 29 Apr 2020 15:47:01 -0400
|
|
Subject: [PATCH] Fix bug introduced with imap offset check
|
|
|
|
---
|
|
tsk/fs/ext2fs.c | 18 ++++++++++++++++--
|
|
1 file changed, 16 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/tsk/fs/ext2fs.c b/tsk/fs/ext2fs.c
|
|
index 45dd18c2..1f56c943 100755
|
|
--- a/tsk/fs/ext2fs.c
|
|
+++ b/tsk/fs/ext2fs.c
|
|
@@ -841,6 +841,20 @@ ext2fs_dinode_copy(EXT2FS_INFO * ext2fs, TSK_FS_META * fs_meta,
|
|
grp_num * tsk_getu32(fs->endian,
|
|
ext2fs->fs->s_inodes_per_group) + fs->first_inum;
|
|
|
|
+
|
|
+ /*
|
|
+ * Ensure that inum - ibase refers to a valid bit offset in imap_buf.
|
|
+ */
|
|
+ if ((inum - ibase) > fs->block_size*8) {
|
|
+ tsk_release_lock(&ext2fs->lock);
|
|
+ tsk_error_reset();
|
|
+ tsk_error_set_errno(TSK_ERR_FS_WALK_RNG);
|
|
+ tsk_error_set_errstr("ext2fs_dinode_copy: Invalid offset into imap_buf (inum %" PRIuINUM " - ibase %" PRIuINUM ")",
|
|
+ inum, ibase);
|
|
+ return 1;
|
|
+ }
|
|
+
|
|
+
|
|
/*
|
|
* Apply the allocated/unallocated restriction.
|
|
*/
|
|
@@ -1052,9 +1066,9 @@ ext2fs_inode_walk(TSK_FS_INFO * fs, TSK_INUM_T start_inum,
|
|
ext2fs->fs->s_inodes_per_group) + 1;
|
|
|
|
/*
|
|
- * Ensure that inum - ibase refers to a valid offset in imap_buf.
|
|
+ * Ensure that inum - ibase refers to a valid bit offset in imap_buf.
|
|
*/
|
|
- if ((inum - ibase) > fs->block_size) {
|
|
+ if ((inum - ibase) > fs->block_size*8) {
|
|
tsk_release_lock(&ext2fs->lock);
|
|
free(dino_buf);
|
|
tsk_error_reset();
|
|
--
|