luisgulo/testdisk
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

ntfs.c,ntfs_adv.c: ntfs_getattributedata() may return NULL, avoid potential NULL dereference

Browse source
This commit is contained in:
Christophe Grenier 2020-04-21 17:48:45 +02:00
parent 0fea045597
commit 3840fa62b3
2 changed files with 13 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
src/ntfs.c
View file

@ -305,6 +305,7 @@ static void ntfs_get_volume_name(disk_t *disk_car, partition_t *partition, const
unsigned char *buffer; unsigned char *buffer;
uint64_t mft_pos; uint64_t mft_pos;
unsigned int mft_record_size; unsigned int mft_record_size;
partition->fsname[0]='\0';
if(ntfs_header->clusters_per_mft_record>0) if(ntfs_header->clusters_per_mft_record>0)
mft_record_size=ntfs_header->clusters_per_mft_record * ntfs_header->sectors_per_cluster * ntfs_sector_size(ntfs_header); mft_record_size=ntfs_header->clusters_per_mft_record * ntfs_header->sectors_per_cluster * ntfs_sector_size(ntfs_header);
else else
@ -334,13 +335,19 @@ static void ntfs_get_volume_name(disk_t *disk_car, partition_t *partition, const
const ntfs_attribresident *attrib=(const ntfs_attribresident *)ntfs_findattribute((const ntfs_recordheader*)buffer, 0x60, (char*)buffer+mft_record_size); const ntfs_attribresident *attrib=(const ntfs_attribresident *)ntfs_findattribute((const ntfs_recordheader*)buffer, 0x60, (char*)buffer+mft_record_size);
if(attrib && attrib->header.bNonResident==0) /* attribute is resident */ if(attrib && attrib->header.bNonResident==0) /* attribute is resident */
{ {
char *dest=partition->fsname; char *dest;
const char *name_it; const char *name_it;
unsigned int volume_name_length=le32(attrib->cbAttribData); unsigned int volume_name_length=le32(attrib->cbAttribData);
volume_name_length/=2; /* Unicode */ volume_name_length/=2; /* Unicode */
if(volume_name_length>sizeof(partition->fsname)-1) if(volume_name_length>sizeof(partition->fsname)-1)
volume_name_length=sizeof(partition->fsname)-1; volume_name_length=sizeof(partition->fsname)-1;
for(name_it=ntfs_getattributedata(attrib, (char*)(buffer+mft_record_size)); name_it=ntfs_getattributedata(attrib, (char*)(buffer+mft_record_size));
if(name_it==NULL)
{
free(buffer);
return;
}
for(dest=partition->fsname;
volume_name_length>0 && *name_it!='\0' && name_it[1]=='\0'; volume_name_length>0 && *name_it!='\0' && name_it[1]=='\0';
name_it+=2,volume_name_length--) name_it+=2,volume_name_length--)
*dest++=*name_it; *dest++=*name_it;

6
src/ntfs_adv.c
View file

@ -451,7 +451,8 @@ int rebuild_NTFS_BS(disk_t *disk_car, partition_t *partition, const int verbose,
if(attr30 && attr30->bNonResident==0) if(attr30 && attr30->bNonResident==0)
{ {
const TD_FILE_NAME_ATTR *file_name_attr=(const TD_FILE_NAME_ATTR *)ntfs_getattributedata((const ntfs_attribresident *)attr30, buffer+0x400); const TD_FILE_NAME_ATTR *file_name_attr=(const TD_FILE_NAME_ATTR *)ntfs_getattributedata((const ntfs_attribresident *)attr30, buffer+0x400);
if(file_name_attr->file_name_length==4 && if(file_name_attr!=NULL &&
file_name_attr->file_name_length==4 &&
(const char*)&file_name_attr->file_name[0]+8 <= buffer+0x400 && (const char*)&file_name_attr->file_name[0]+8 <= buffer+0x400 &&
memcmp(file_name_attr->file_name,"$\0M\0F\0T\0", 8)==0) memcmp(file_name_attr->file_name,"$\0M\0F\0T\0", 8)==0)
res=1; res=1;
@ -518,7 +519,8 @@ int rebuild_NTFS_BS(disk_t *disk_car, partition_t *partition, const int verbose,
if(attr30 && attr30->bNonResident==0) if(attr30 && attr30->bNonResident==0)
{ {
const TD_FILE_NAME_ATTR *file_name_attr=(const TD_FILE_NAME_ATTR *)ntfs_getattributedata((const ntfs_attribresident *)attr30, buffer+0x400); const TD_FILE_NAME_ATTR *file_name_attr=(const TD_FILE_NAME_ATTR *)ntfs_getattributedata((const ntfs_attribresident *)attr30, buffer+0x400);
if(file_name_attr->file_name_length==4 && if(file_name_attr!=NULL &&
file_name_attr->file_name_length==4 &&
(const char*)&file_name_attr->file_name[0]+8 <= buffer+0x400 && (const char*)&file_name_attr->file_name[0]+8 <= buffer+0x400 &&
memcmp(file_name_attr->file_name,"$\0M\0F\0T\0", 8)==0) memcmp(file_name_attr->file_name,"$\0M\0F\0T\0", 8)==0)
res=1; res=1;