From d095a9d810a58151e38c5ee1d163015e766423ba Mon Sep 17 00:00:00 2001
From: Brian Carrier <carrier@sleuthkit.org>
Date: Thu, 21 Aug 2014 22:41:09 -0400
Subject: [PATCH] Added bounds check to attribute name processing.  Resolves
 issue #328

---
 tsk/fs/ntfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tsk/fs/ntfs.c b/tsk/fs/ntfs.c
index baa9b9ee2..f2702a465 100755
--- a/tsk/fs/ntfs.c
+++ b/tsk/fs/ntfs.c
@@ -1691,7 +1691,7 @@ ntfs_proc_attrseq(NTFS_INFO * ntfs,
         }
 
         /* Copy the name and convert it to UTF8 */
-        if (attr->nlen) {
+        if ((attr->nlen) && (tsk_getu16(fs->endian, attr->name_off) + attr->nlen * 2 < tsk_getu32(fs->endian, attr->len))) {
             int i;
             UTF8 *name8;
             UTF16 *name16;
-- 
GitLab