From a0ac86600304652b85bb68ed4a32f362daf3c502 Mon Sep 17 00:00:00 2001 From: Christophe Grenier Date: Mon, 2 May 2011 22:19:44 +0200 Subject: [PATCH] PhotoRec: stricter check for BMP files --- src/file_bmp.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/src/file_bmp.c b/src/file_bmp.c index 29722988..5ec2cd79 100644 --- a/src/file_bmp.c +++ b/src/file_bmp.c @@ -29,6 +29,7 @@ #include #include "types.h" #include "filegen.h" +#include "common.h" static void register_header_check_bmp(file_stat_t *file_stat); static int header_check_bmp(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new); @@ -50,15 +51,28 @@ static void register_header_check_bmp(file_stat_t *file_stat) register_header_check(0, bmp_header,sizeof(bmp_header), &header_check_bmp, file_stat); } +struct bmp_header +{ + uint16_t magic; + uint32_t size; + uint32_t reserved; + uint32_t offset; +} __attribute__ ((__packed__)); + static int header_check_bmp(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new) { - if(buffer[0]=='B' && buffer[1]=='M' && - buffer[6]==0x00 && buffer[7]==0x00 && buffer[8]==0x00 && buffer[9]==0x00) + const struct bmp_header *bm=(const struct bmp_header *)buffer; + if(buffer[0]=='B' && buffer[1]=='M' && bm->reserved==0 && + (buffer[14]==12 || buffer[14]==64 || buffer[14]==40 || buffer[14]==52 || + buffer[14]==56 || buffer[14]==108 || buffer[14]==124) && + buffer[15]==0 && buffer[16]==0 && buffer[17]==0 && + le32(bm->offset) < le32(bm->size)) { + /* See http://en.wikipedia.org/wiki/BMP_file_format */ reset_file_recovery(file_recovery_new); file_recovery_new->extension=file_hint_bmp.extension; file_recovery_new->min_filesize=65; - file_recovery_new->calculated_file_size=(uint64_t)buffer[2]+(((uint64_t)buffer[3])<<8)+(((uint64_t)buffer[4])<<16)+(((uint64_t)buffer[5])<<24); + file_recovery_new->calculated_file_size=(uint64_t)le32(bm->size); file_recovery_new->data_check=&data_check_size; file_recovery_new->file_check=&file_check_size; return 1;