luisgulo/testdisk
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

src/file_lnk.c: better check filesize

Browse source
This commit is contained in:
Christophe Grenier 2020-09-19 10:42:09 +02:00
parent cec850223e
commit b345af5c80
2 changed files with 26 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
configure.ac
View file

@ -6,7 +6,7 @@ AC_INIT([testdisk],[7.2-WIP],[grenier@cgsecurity.org])
AC_LANG(C) AC_LANG(C)
sinclude(acx_pthread.m4) sinclude(acx_pthread.m4)
sinclude(mkdir.m4) sinclude(mkdir.m4)
TESTDISKDATE="August 2020" TESTDISKDATE="September 2020"
AC_SUBST(TESTDISKDATE) AC_SUBST(TESTDISKDATE)
AC_DEFINE_UNQUOTED([TESTDISKDATE],"$TESTDISKDATE",[Date of release]) AC_DEFINE_UNQUOTED([TESTDISKDATE],"$TESTDISKDATE",[Date of release])
AC_CONFIG_AUX_DIR(config) AC_CONFIG_AUX_DIR(config)

35
src/file_lnk.c
View file

@ -87,7 +87,8 @@ static unsigned int lnk_get_size(const unsigned char *buffer, const unsigned int
unsigned int len; unsigned int len;
if((flags&SCF_PIDL)!=0) if((flags&SCF_PIDL)!=0)
{ /* The Shell Item Id List */ { /* The Shell Item Id List */
len=buffer[i]+(buffer[i+1]<<8); const uint16_t *ptr=(const uint16_t *)&buffer[i];
len=le16(*ptr);
#ifdef DEBUG_LNK #ifdef DEBUG_LNK
log_debug("LNK Shell Item Id List at 0x%04x=%04x\n", log_debug("LNK Shell Item Id List at 0x%04x=%04x\n",
i, len); i, len);
@ -100,10 +101,14 @@ static unsigned int lnk_get_size(const unsigned char *buffer, const unsigned int
return 0; return 0;
if((flags&SCF_LOCATION)!=0) if((flags&SCF_LOCATION)!=0)
{ /* File location info */ { /* File location info */
len=buffer[i] + (buffer[i+1]<<8) + (buffer[i+2]<<16) + (buffer[i+3]<<24); const uint32_t *ptr=(const uint32_t *)&buffer[i];
len=le32(*ptr);
#ifdef DEBUG_LNK #ifdef DEBUG_LNK
log_debug("LNK File location info at 0x%04x=%04x\n", i, len); log_debug("LNK File location info at 0x%04x=%04x\n", i, len);
#endif #endif
/* Discard too big files, avoid overflow */
if(len >= 0x10000000)
return 0;
i+=2; i+=2;
i+=len; i+=len;
} }
@ -112,7 +117,8 @@ static unsigned int lnk_get_size(const unsigned char *buffer, const unsigned int
return 0; return 0;
if((flags&SCF_DESCRIPTION)!=0) if((flags&SCF_DESCRIPTION)!=0)
{ /* Description string */ { /* Description string */
len=buffer[i]+(buffer[i+1]<<8); const uint16_t *ptr=(const uint16_t *)&buffer[i];
len=le16(*ptr);
#ifdef DEBUG_LNK #ifdef DEBUG_LNK
log_debug("LNK description string at 0x%04x=%04x\n", i, len); log_debug("LNK description string at 0x%04x=%04x\n", i, len);
#endif #endif
@ -126,7 +132,8 @@ static unsigned int lnk_get_size(const unsigned char *buffer, const unsigned int
return 0; return 0;
if((flags&SCF_RELATIVE)!=0) if((flags&SCF_RELATIVE)!=0)
{ /* Relative path */ { /* Relative path */
len=buffer[i]+(buffer[i+1]<<8); const uint16_t *ptr=(const uint16_t *)&buffer[i];
len=le16(*ptr);
#ifdef DEBUG_LNK #ifdef DEBUG_LNK
log_debug("LNK relative path at 0x%04x=%04x\n", i, len); log_debug("LNK relative path at 0x%04x=%04x\n", i, len);
#endif #endif
@ -140,7 +147,8 @@ static unsigned int lnk_get_size(const unsigned char *buffer, const unsigned int
return 0; return 0;
if((flags&SCF_WORKDIR)!=0) if((flags&SCF_WORKDIR)!=0)
{ /* Working directory */ { /* Working directory */
len=buffer[i]+(buffer[i+1]<<8); const uint16_t *ptr=(const uint16_t *)&buffer[i];
len=le16(*ptr);
#ifdef DEBUG_LNK #ifdef DEBUG_LNK
log_debug("LNK Working directory at 0x%04x=%04x\n", i, len); log_debug("LNK Working directory at 0x%04x=%04x\n", i, len);
#endif #endif
@ -154,7 +162,8 @@ static unsigned int lnk_get_size(const unsigned char *buffer, const unsigned int
return 0; return 0;
if((flags&SCF_ARGS)!=0) if((flags&SCF_ARGS)!=0)
{ /* Command line string */ { /* Command line string */
len=buffer[i]+(buffer[i+1]<<8); const uint16_t *ptr=(const uint16_t *)&buffer[i];
len=le16(*ptr);
#ifdef DEBUG_LNK #ifdef DEBUG_LNK
log_debug("LNK Command line string at 0x%04x=%04x\n", i, len); log_debug("LNK Command line string at 0x%04x=%04x\n", i, len);
#endif #endif
@ -168,7 +177,8 @@ static unsigned int lnk_get_size(const unsigned char *buffer, const unsigned int
return 0; return 0;
if((flags&SCF_CUSTOMICON)!=0) if((flags&SCF_CUSTOMICON)!=0)
{ /* Icon filename string */ { /* Icon filename string */
len=buffer[i]+(buffer[i+1]<<8); const uint16_t *ptr=(const uint16_t *)&buffer[i];
len=le16(*ptr);
#ifdef DEBUG_LNK #ifdef DEBUG_LNK
log_debug("LNK Icon filename string at 0x%04x=%04x\n", i, len); log_debug("LNK Icon filename string at 0x%04x=%04x\n", i, len);
#endif #endif
@ -182,7 +192,8 @@ static unsigned int lnk_get_size(const unsigned char *buffer, const unsigned int
return 0; return 0;
if((flags&SCF_PRODUCT)!=0) if((flags&SCF_PRODUCT)!=0)
{ {
len=buffer[i]+(buffer[i+1]<<8); const uint16_t *ptr=(const uint16_t *)&buffer[i];
len=le16(*ptr);
#ifdef DEBUG_LNK #ifdef DEBUG_LNK
log_debug("LNK Icon product at 0x%04x=%04x\n", i, len); log_debug("LNK Icon product at 0x%04x=%04x\n", i, len);
#endif #endif
@ -194,7 +205,8 @@ static unsigned int lnk_get_size(const unsigned char *buffer, const unsigned int
return 0; return 0;
if((flags&SCF_COMPONENT)!=0) if((flags&SCF_COMPONENT)!=0)
{ {
len=buffer[i]+(buffer[i+1]<<8); const uint16_t *ptr=(const uint16_t *)&buffer[i];
len=le16(*ptr);
#ifdef DEBUG_LNK #ifdef DEBUG_LNK
log_debug("LNK Icon component at 0x%04x=%04x\n", i, len); log_debug("LNK Icon component at 0x%04x=%04x\n", i, len);
#endif #endif
@ -205,7 +217,10 @@ static unsigned int lnk_get_size(const unsigned char *buffer, const unsigned int
if(i >= buffer_size - 4) if(i >= buffer_size - 4)
return 0; return 0;
/* Extra stuff */ /* Extra stuff */
len=buffer[i] + (buffer[i+1]<<8) + (buffer[i+2]<<16) + (buffer[i+3]<<24); {
const uint32_t *ptr=(const uint32_t *)&buffer[i];
len=le32(*ptr);
}
#ifdef DEBUG_LNK #ifdef DEBUG_LNK
log_debug("LNK extra stuff at 0x%04x=%04x\n", i, len); log_debug("LNK extra stuff at 0x%04x=%04x\n", i, len);
#endif #endif