0534e4cbef
Signed-off-by: cherry530 <xuping33@huawei.com> (cherry picked from commit 56613e9603253a85c9bb19ca099ff6973043122c)
29 lines
1.1 KiB
Diff
29 lines
1.1 KiB
Diff
From beb68f543261a28ee25b945bb79d39213decd2cd Mon Sep 17 00:00:00 2001
|
|
From: Joachim Metz <joachim.metz@gmail.com>
|
|
Date: Fri, 18 Jun 2021 16:34:18 +0200
|
|
Subject: [PATCH] Fixed OOB reads in hfs_dir_open_meta_cb
|
|
|
|
---
|
|
tsk/fs/hfs_dent.c | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/tsk/fs/hfs_dent.c b/tsk/fs/hfs_dent.c
|
|
index b88627e53..54460f14b 100644
|
|
--- a/tsk/fs/hfs_dent.c
|
|
+++ b/tsk/fs/hfs_dent.c
|
|
@@ -295,6 +295,11 @@ hfs_dir_open_meta_cb(HFS_INFO * hfs, int8_t level_type,
|
|
|
|
/* This is a normal file in the folder */
|
|
else if (rec_type == HFS_FILE_RECORD) {
|
|
+ if ((nodesize < sizeof(hfs_file)) || (rec_off2 >= nodesize - sizeof(hfs_file))) {
|
|
+ tsk_error_set_errno(TSK_ERR_FS_GENFS);
|
|
+ tsk_error_set_errstr("hfs_dir_open_meta: nodesize value out of bounds");
|
|
+ return HFS_BTREE_CB_ERR;
|
|
+ }
|
|
hfs_file *file = (hfs_file *) & rec_buf[rec_off2];
|
|
// This could be a hard link. We need to test this CNID, and follow it if necessary.
|
|
unsigned char is_err;
|
|
--
|
|
2.33.0
|
|
|