diff --git a/tsk/auto/auto_db.cpp b/tsk/auto/auto_db.cpp
index 92e932f8399d1e2da9f45f85afc676ea46e948c7..5eeab9381c0cd4dbf7a9e0aaa49a0f44fdc56180 100755
--- a/tsk/auto/auto_db.cpp
+++ b/tsk/auto/auto_db.cpp
@@ -222,62 +222,25 @@ TskAutoDb::addImageDetails(const char* deviceId)
sha1 = ewf_info->sha1hash;
}
- char * header_result = libewf_read_description(ewf_info->handle);
-
- collectionDetails.append(header_result);
- free(header_result);
-
- header_result = libewf_read_case_number(ewf_info->handle);
- collectionDetails.append(header_result);
- free(header_result);
-
- header_result = libewf_read_evidence_number(ewf_info->handle);
- collectionDetails.append(header_result);
- free(header_result);
-
- header_result = libewf_read_examiner_name(ewf_info->handle);
- collectionDetails.append(header_result);
- free(header_result);
-
- header_result = libewf_read_notes(ewf_info->handle);
- collectionDetails.append(header_result);
- free(header_result);
-
- header_result = libewf_read_model(ewf_info->handle);
- collectionDetails.append(header_result);
- free(header_result);
-
- header_result = libewf_read_serial_number(ewf_info->handle);
- collectionDetails.append(header_result);
- free(header_result);
-
- header_result = libewf_read_device_label(ewf_info->handle);
- collectionDetails.append(header_result);
- free(header_result);
-
- header_result = libewf_read_version(ewf_info->handle);
- collectionDetails.append(header_result);
- free(header_result);
-
- header_result = libewf_read_platform(ewf_info->handle);
- collectionDetails.append(header_result);
- free(header_result);
-
- header_result = libewf_read_acquired_date(ewf_info->handle);
- collectionDetails.append(header_result);
- free(header_result);
-
- header_result = libewf_read_system_date(ewf_info->handle);
- collectionDetails.append(header_result);
- free(header_result);
-
- header_result = libewf_read_acquiry_operating_system(ewf_info->handle);
- collectionDetails.append(header_result);
- free(header_result);
-
- header_result = libewf_read_acquiry_software_version(ewf_info->handle);
- collectionDetails.append(header_result);
- free(header_result);
+ //Need 1MB for libewf read and extra 100 bytes for header name and formatting
+ const size_t buffer_size = 1024100;
+ char result[buffer_size];
+
+ //Populate all of the libewf header values for the acquisition details column
+ collectionDetails.append(libewf_read_description(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_case_number(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_evidence_number(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_examiner_name(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_notes(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_model(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_serial_number(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_device_label(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_version(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_platform(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_acquired_date(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_system_date(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_acquiry_operating_system(ewf_info->handle, result, buffer_size));
+ collectionDetails.append(libewf_read_acquiry_software_version(ewf_info->handle, result, buffer_size));
}
#endif
diff --git a/tsk/img/ewf.c b/tsk/img/ewf.c
index f6f76589ab6831f513faa24a088ba8386a7f9123..35eec15548628289a718d5fab86689fcbdf4931b 100755
--- a/tsk/img/ewf.c
+++ b/tsk/img/ewf.c
@@ -400,7 +400,7 @@ ewf_open(int a_num_img,
tsk_img_free(ewf_info);
if (tsk_verbose != 0) {
- tsk_fprintf(stderr, "Error getting size of EWF file\n");
+ tsk_fprintf(stderr, "Error getting MD5 of EWF file\n");
}
return (NULL);
}
@@ -415,14 +415,14 @@ ewf_open(int a_num_img,
getError(ewf_error, error_string);
tsk_error_set_errstr("ewf_open file: %" PRIttocTSK
- ": Error getting MD5 of image (%s)", a_images[0],
+ ": Error getting SHA1 of image (%s)", a_images[0],
error_string);
libewf_error_free(&ewf_error);
tsk_img_free(ewf_info);
if (tsk_verbose != 0) {
- tsk_fprintf(stderr, "Error getting size of EWF file\n");
+ tsk_fprintf(stderr, "Error getting SHA1 of EWF file\n");
}
return (NULL);
}
diff --git a/tsk/img/tsk_img_i.h b/tsk/img/tsk_img_i.h
index ce7e6e86e0204f5d121cadcfc04374e04974c9cc..5a3c97c33588c423d5d5e0430aa1a71d54800deb 100755
--- a/tsk/img/tsk_img_i.h
+++ b/tsk/img/tsk_img_i.h
@@ -27,8 +27,6 @@
#include <fcntl.h>
#include <errno.h>
-#define BUFFER_SIZE 1024000
-
#ifdef __cplusplus
extern "C" {
#endif
@@ -46,88 +44,81 @@ inline int is_blank(const char* str) {
return 1;
}
-inline char* read_libewf_header_value(libewf_handle_t *handle, const uint8_t *identifier, size_t identifier_length, const char* key) {
- libewf_error_t *ewf_error = NULL;
- char* header_value = (char* )malloc(BUFFER_SIZE);
- header_value[0] = '\0';
- if (header_value == NULL) {
- return header_value;
- }
+/**
+* Reads the first 1 MB of the libewf header
+*/
+inline char* read_libewf_header_value(libewf_handle_t *handle, char* result_buffer, const size_t buffer_size, const uint8_t *identifier, size_t identifier_length, const char* key) {
+ result_buffer[0] = '\0';
- int result = libewf_handle_get_utf8_header_value(handle, identifier, identifier_length, (uint8_t *)header_value, BUFFER_SIZE, &ewf_error);
- if (result == -1 || is_blank(header_value)) {
- return header_value;
- }
+ strcpy(result_buffer, key);
+ libewf_error_t * ewf_error;
+ size_t key_len = strlen(key);
- //+ 2 for new line char and null byte
- char* result_str = (char*) malloc((strlen(key) + strlen(header_value) + 2) * sizeof(char));
- if (result_str == NULL) {
- return header_value;
- }
-
- strcpy(result_str, key);
- strcat(result_str, header_value);
- strcat(result_str, "\n");
-
- free(header_value);
+ int result = libewf_handle_get_utf8_header_value(handle, identifier, identifier_length, (uint8_t *)(result_buffer + key_len), buffer_size - key_len, &ewf_error);
+ if (result != -1 && !is_blank(result_buffer + key_len)) {
+ strcat(result_buffer, "\n");
+ } else {
+ //if blank or error, return nothing!
+ result_buffer[0] = '\0';
+ }
- return result_str;
+ return result_buffer;
}
-inline char* libewf_read_description(libewf_handle_t *handle) {
- return read_libewf_header_value(handle, (uint8_t *) "description", 11, "Description: ");
+inline char* libewf_read_description(libewf_handle_t *handle, char* result_buffer, const size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "description", 11, "Description: ");
}
-inline char* libewf_read_case_number(libewf_handle_t *handle) {
- return read_libewf_header_value(handle, (uint8_t *) "case_number", 11, "Case Number: ");
+inline char* libewf_read_case_number(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "case_number", 11, "Case Number: ");
}
-inline char* libewf_read_evidence_number(libewf_handle_t *handle) {
- return read_libewf_header_value(handle, (uint8_t *) "evidence_number", 15, "Evidence Number: ");
+inline char* libewf_read_evidence_number(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "evidence_number", 15, "Evidence Number: ");
}
-inline char* libewf_read_examiner_name(libewf_handle_t *handle) {
- return read_libewf_header_value(handle, (uint8_t *) "examiner_name", 13, "Examiner Name: ");
+inline char* libewf_read_examiner_name(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "examiner_name", 13, "Examiner Name: ");
}
-inline char* libewf_read_notes(libewf_handle_t *handle) {
- return read_libewf_header_value(handle, (uint8_t *) "notes", 5, "Notes: ");
+inline char* libewf_read_notes(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "notes", 5, "Notes: ");
}
-inline char* libewf_read_model(libewf_handle_t *handle) {
- return read_libewf_header_value(handle, (uint8_t *) "model", 5, "Model: ");
+inline char* libewf_read_model(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "model", 5, "Model: ");
}
-inline char* libewf_read_serial_number(libewf_handle_t *handle) {
- return read_libewf_header_value(handle, (uint8_t *) "serial_number", 13, "Serial Number: ");
+inline char* libewf_read_serial_number(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "serial_number", 13, "Serial Number: ");
}
-inline char* libewf_read_device_label(libewf_handle_t *handle) {
- return read_libewf_header_value(handle, (uint8_t *) "device_label", 12, "Device Label:");
+inline char* libewf_read_device_label(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "device_label", 12, "Device Label:");
}
-inline char* libewf_read_version(libewf_handle_t *handle) {
- return read_libewf_header_value(handle, (uint8_t *) "version", 7, "Version: ");
+inline char* libewf_read_version(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "version", 7, "Version: ");
}
-inline char* libewf_read_platform(libewf_handle_t *handle) {
- return read_libewf_header_value(handle, (uint8_t *) "platform", 8, "Platform: ");
+inline char* libewf_read_platform(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "platform", 8, "Platform: ");
}
-inline char* libewf_read_acquired_date(libewf_handle_t *handle) {
- return read_libewf_header_value(handle, (uint8_t *) "acquiry_date", 12, "Acquired Date: ");
+inline char* libewf_read_acquired_date(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "acquiry_date", 12, "Acquired Date: ");
}
-inline char* libewf_read_system_date(libewf_handle_t *handle) {
- return read_libewf_header_value(handle, (uint8_t *) "system_date", 11, "System Date: ");
+inline char* libewf_read_system_date(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "system_date", 11, "System Date: ");
}
-inline char* libewf_read_acquiry_operating_system(libewf_handle_t *handle) {
- return read_libewf_header_value(handle, (uint8_t *) "acquiry_operating_system", 24, "Acquiry Operating System: ");
+inline char* libewf_read_acquiry_operating_system(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "acquiry_operating_system", 24, "Acquiry Operating System: ");
}
-inline char* libewf_read_acquiry_software_version(libewf_handle_t *handle) {
- return read_libewf_header_value(handle, (uint8_t *) "acquiry_software_version", 24, "Acquiry Software Version: ");
+inline char* libewf_read_acquiry_software_version(libewf_handle_t *handle, char* result_buffer, size_t buffer_size) {
+ return read_libewf_header_value(handle, result_buffer, buffer_size, (uint8_t *) "acquiry_software_version", 24, "Acquiry Software Version: ");
}
#endif