Check avalable allocated space before attempting to case to a hfs_btree_key_ext.

Signed-off-by: cherry530 <xuping33@huawei.com>
2021-12-13 17:22:39 +08:00 · 2021-12-13 17:22:39 +08:00 · 6342ab363b
commit 6342ab363b
parent d1c6c012b7
2 changed files with 41 additions and 1 deletions
--- a/Check-avalable-allocated-space-before-attempting-to.patch
+++ b/Check-avalable-allocated-space-before-attempting-to.patch
@ -0,0 +1,36 @@
+From 716095714d159077258bcb8822e377e32b01e50d Mon Sep 17 00:00:00 2001
+From: esaunders <esaunders@basistech.com>
+Date: Tue, 3 Dec 2019 15:12:47 -0500
+Subject: [PATCH] Check avaalable allocated space before attempting to case to
+ a hfs_btree_key_ext.
+
+---
+ tsk/fs/hfs.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/tsk/fs/hfs.c b/tsk/fs/hfs.c
+index 8c268a53e..2c82bb971 100755
+--- a/tsk/fs/hfs.c
+++ b/tsk/fs/hfs.c
+@@ -697,6 +697,18 @@ hfs_ext_find_extent_record_attr(HFS_INFO * hfs, uint32_t cnid,
+                     free(node);
+                     return 1;
+                 }
+
+                // Check that the whole hfs_btree_key_ext structure is set
+                if (sizeof(hfs_btree_key_ext) > nodesize - rec_off) {
+                    tsk_error_set_errno(TSK_ERR_FS_GENFS);
+                    tsk_error_set_errstr
+                    ("hfs_ext_find_extent_record_attr: record %d in leaf node %d truncated (have %d vs %"
+                        PRIu16 " bytes)", rec, cur_node, nodesize - (int)rec_off,
+                        sizeof(hfs_btree_key_ext));
+                    free(node);
+                    return 1;
+                }
+
+                 key = (hfs_btree_key_ext *) & node[rec_off];
+ 
+                 if (tsk_verbose)
+-- 
+2.27.0
+
--- a/sleuthkit.spec
+++ b/sleuthkit.spec
@ -1,6 +1,6 @@
 Name:           sleuthkit
 Version:        4.6.7
-Release:        8
+Release:        9
 Summary:        Tools for file system and volume forensic analysis
 License:        CPL and IBM and GPLv2+
 URL:            http://www.sleuthkit.org
@ -15,6 +15,7 @@ Patch6:         0006-Add-attributes-file-nodesize-check.patch
 Patch7:         0007-Fixed-OOB-reads-in-hfs_cat_traverse.patch
 Patch8:         0008-left-shift.patch
 Patch9:         fix-memleak-in-ntfs.patch
+Patch10:        Check-avalable-allocated-space-before-attempting-to.patch

 BuildRequires:  gcc-c++ afflib-devel >= 3.3.4 libewf-devel perl-generators sqlite-devel

@ -89,6 +90,9 @@ sed -i.rpath 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
 %{_mandir}/man1/*

 %changelog
+* Mon Dec 13 2021 xu_ping <xuping33@huawei.com> - 4.6.7-9
+- Check avalable allocated space before attempting to case to a hfs_btree_key_ext.
+
 * Thu Aug 26 2021 sunguoshuai <sunguoshuai@huawei.com> - 4.6.7-8
 - Fix memleak in ntfs