luisgulo/testdisk
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

src/file_asf.c: stricter check in header_check_asf()

Browse source
This commit is contained in:
Christophe Grenier 2020-06-18 19:05:19 +02:00
parent fa497bec61
commit 1fc9388c0d
1 changed files with 28 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
src/file_asf.c
View file

@ -66,24 +66,29 @@ struct asf_stream_prop_s {
unsigned char stream_type[16];
} __attribute__ ((gcc_struct, __packed__));
static const char *extension_wma="wma";
static const char *extension_wmv="wmv";
static int header_check_asf(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
{
const struct asf_header_obj_s *hdr=(const struct asf_header_obj_s*)buffer;
unsigned int i;
const struct asf_file_prop_s *prop=(const struct asf_file_prop_s*)(hdr+1);
const char *extension=file_hint_asf.extension;
const unsigned int nbr_header_obj=le32(hdr->nbr_header_obj);
uint64_t size=0;
time_t time=0;
const char *extension=file_hint_asf.extension;
unsigned int i;
uint64_t offset_prop=sizeof(struct asf_header_obj_s);
/* Header + File Properties + Stream Properties + Header Extension */
if(le64(hdr->object_size)<30 ||
le64(hdr->object_size)>buffer_size ||
le32(hdr->nbr_header_obj)<4)
nbr_header_obj<4)
return 0;
for(i=0;
i<le32(hdr->nbr_header_obj) &&
(const unsigned char *)prop+0x28 < buffer + buffer_size;
i++, prop=(const struct asf_file_prop_s *)((const char *)prop + le64(prop->object_size)))
i < nbr_header_obj && offset_prop + 0x28 < buffer_size;
i++)
{
const struct asf_file_prop_s *prop=(const struct asf_file_prop_s*)&buffer[offset_prop];
const uint64_t object_size=le64(prop->object_size);
// ASF_File_Properties_Object // 8CABDCA1-A947-11CF-8EE4-00C00C205365
// ASF_Stream_Properties_Object // B7DC0791-A9B7-11CF-8EE6-00C00C205365
static const unsigned char asf_file_prop_id[16]= {
@ -94,18 +99,20 @@ static int header_check_asf(const unsigned char *buffer, const unsigned int buff
0x91, 0x07, 0xdc, 0xb7, 0xb7, 0xa9, 0xcf, 0x11,
0x8e, 0xe6, 0x00, 0xc0, 0x0c, 0x20, 0x53, 0x65
};
if(le64(prop->object_size) < 0x18)
if(object_size < 0x18)
{
log_info("header_check_asf object_size too small %llu\n", (long long unsigned)le64(prop->object_size));
log_info("header_check_asf object_size too small %llu\n", (long long unsigned)object_size);
return 0;
}
if(object_size > 0x8000000000000000)
return 0;
if(memcmp(prop->object_id, asf_file_prop_id, sizeof(asf_file_prop_id))==0)
{
if(le64(prop->object_size) < 0x28)
return 0;
if(le64(prop->file_size) < sizeof(struct asf_header_obj_s) + sizeof(struct asf_file_prop_s))
if(object_size < 0x28)
return 0;
size=le64(prop->file_size);
if(size < sizeof(struct asf_header_obj_s) + sizeof(struct asf_file_prop_s))
return 0;
time=td_ntfs2utc(le64(prop->file_date));
}
else if(memcmp(prop->object_id, asf_stream_prop_s, sizeof(asf_stream_prop_s))==0)
@ -117,25 +124,27 @@ static int header_check_asf(const unsigned char *buffer, const unsigned int buff
const char wmv[16]={
0xc0, 0xef, 0x19, 0xbc, 0x4d, 0x5b, 0xcf, 0x11, 0xa8, 0xfd, 0x00, 0x80, 0x5f, 0x5c, 0x44, 0x2b
};
if(le64(prop->object_size) < 0x28)
if(object_size < 0x28)
return 0;
if(memcmp(stream->stream_type, wma, sizeof(wma))==0)
extension="wma";
extension=extension_wma;
else if(memcmp(stream->stream_type, wmv, sizeof(wmv))==0)
extension="wmv";
extension=extension_wmv;
}
if(le64(prop->object_size) > buffer_size)
break;
offset_prop+=object_size;
}
if(size > 0 && size < offset_prop)
return 0;
reset_file_recovery(file_recovery_new);
file_recovery_new->extension=extension;
file_recovery_new->min_filesize=offset_prop;
file_recovery_new->time=time;
if(size > 0)
{
file_recovery_new->calculated_file_size=le64(size);
file_recovery_new->calculated_file_size=size;
file_recovery_new->data_check=&data_check_size;
file_recovery_new->file_check=&file_check_size;
}
file_recovery_new->time=time;
return 1;
}