fix for invalid shift

2021-12-16 07:09:28 +00:00 · 2021-12-16 07:09:28 +00:00 · 21809d1959
commit 21809d1959
parent 08eca74366
2 changed files with 46 additions and 1 deletions
--- a/Fix-for-invalid-shift-issue-1088.patch
+++ b/Fix-for-invalid-shift-issue-1088.patch
@ -0,0 +1,41 @@
+From f279cbffbdb462a85438d648d5d18790c0b2b3a0 Mon Sep 17 00:00:00 2001
+From: esaunders <esaunders@basistech.com>
+Date: Mon, 30 Dec 2019 13:17:30 -0500
+Subject: [PATCH] Fix for invalid shift issue 1088.
+
+---
+ tsk/fs/ntfs.c | 16 ++++++++++++++--
+ 1 file changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/tsk/fs/ntfs.c b/tsk/fs/ntfs.c
+index 93ce4802d..837033ea5 100755
+--- a/tsk/fs/ntfs.c
+++ b/tsk/fs/ntfs.c
+@@ -652,10 +652,22 @@ ntfs_make_data_run(NTFS_INFO * ntfs, TSK_OFF_T start_vcn,
+         if (totlen)
+             *totlen += (data_run->len * ntfs->csize_b);
+ 
+-        /* Get the address of this run */
+        /* Get the address offset of this run.
+         * An address offset of more than eight bytes will not fit in the
+         * 64-bit addr_offset field (and is likely corrupt)
+         */
+        if (NTFS_RUNL_LENSZ(run) > 8) {
+            tsk_error_reset();
+            tsk_error_set_errno(TSK_ERR_FS_INODE_COR);
+            tsk_error_set_errstr
+            ("ntfs_make_run: Run address offset is too large to process");
+            tsk_fs_attr_run_free(*a_data_run_head);
+            *a_data_run_head = NULL;
+            return TSK_COR;
+        }
+         for (i = 0, data_run->addr = 0; i < NTFS_RUNL_OFFSZ(run); i++) {
+             //data_run->addr |= (run->buf[idx++] << (i * 8));
+-            addr_offset |= (run->buf[idx++] << (i * 8));
+            addr_offset |= ((int64_t)(run->buf[idx++]) << (i * 8));
+             if (tsk_verbose)
+                 tsk_fprintf(stderr,
+                     "ntfs_make_data_run: Off idx: %i cur: %"
+-- 
+2.30.0
+
--- a/sleuthkit.spec
+++ b/sleuthkit.spec
@ -1,6 +1,6 @@
 Name:           sleuthkit
 Version:        4.6.7
-Release:        9
+Release:        10
 Summary:        Tools for file system and volume forensic analysis
 License:        CPL and IBM and GPLv2+
 URL:            http://www.sleuthkit.org
@ -16,6 +16,7 @@ Patch7:         0007-Fixed-OOB-reads-in-hfs_cat_traverse.patch
 Patch8:         0008-left-shift.patch
 Patch9:         fix-memleak-in-ntfs.patch
 Patch10:        Check-avalable-allocated-space-before-attempting-to.patch
+Patch11:	Fix-for-invalid-shift-issue-1088.patch

 BuildRequires:  gcc-c++ afflib-devel >= 3.3.4 libewf-devel perl-generators sqlite-devel

@ -90,6 +91,9 @@ sed -i.rpath 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 %{_mandir}/man1/*

 %changelog
+* Thu Dec 16 2021 chenchen <chen_aka_jan@163.com> - 4.6.7-10
+- fix for invalid shift
+
 * Mon Dec 13 2021 xu_ping <xuping33@huawei.com> - 4.6.7-9
 - Check avalable allocated space before attempting to case to a hfs_btree_key_ext.