From d10857039edb66fe2869bc87f833113ad56e26e7 Mon Sep 17 00:00:00 2001
From: Brian Carrier <carrier@sleuthkit.org>
Date: Fri, 15 Sep 2017 11:26:24 -0400
Subject: [PATCH] Added sector_size 0 checks before using img_info. Fixes:
#953
---
tsk/fs/ext2fs.c | 7 +++++++
tsk/fs/fatfs.c | 7 +++++++
tsk/fs/ffs.c | 7 +++++++
tsk/fs/iso9660.c | 9 ++++++++-
tsk/fs/ntfs.c | 7 +++++++
tsk/fs/rawfs.c | 7 +++++++
tsk/fs/swapfs.c | 7 +++++++
tsk/fs/yaffs.cpp | 9 +++++++++
tsk/vs/bsd.c | 7 +++++++
tsk/vs/dos.c | 8 ++++++++
tsk/vs/gpt.c | 7 +++++++
tsk/vs/mac.c | 7 +++++++
tsk/vs/sun.c | 7 +++++++
13 files changed, 95 insertions(+), 1 deletion(-)
diff --git a/tsk/fs/ext2fs.c b/tsk/fs/ext2fs.c
index d1d755375..7feec4810 100644
--- a/tsk/fs/ext2fs.c
+++ b/tsk/fs/ext2fs.c
@@ -3160,6 +3160,13 @@ ext2fs_open(TSK_IMG_INFO * img_info, TSK_OFF_T offset,
return NULL;
}
+ if (img_info->sector_size == 0) {
+ tsk_error_reset();
+ tsk_error_set_errno(TSK_ERR_FS_ARG);
+ tsk_error_set_errstr("ext2fs_open: sector size is 0");
+ return NULL;
+ }
+
if ((ext2fs = (EXT2FS_INFO *) tsk_fs_malloc(sizeof(*ext2fs))) == NULL)
return NULL;
diff --git a/tsk/fs/fatfs.c b/tsk/fs/fatfs.c
index f368f64fd..d26f259cd 100644
--- a/tsk/fs/fatfs.c
+++ b/tsk/fs/fatfs.c
@@ -48,6 +48,13 @@ fatfs_open(TSK_IMG_INFO *a_img_info, TSK_OFF_T a_offset, TSK_FS_TYPE_ENUM a_ftyp
return NULL;
}
+ if (a_img_info->sector_size == 0) {
+ tsk_error_reset();
+ tsk_error_set_errno(TSK_ERR_FS_ARG);
+ tsk_error_set_errstr("fatfs_open: sector size is 0");
+ return NULL;
+ }
+
// Allocate an FATFS_INFO and initialize its generic TSK_FS_INFO members.
if ((fatfs = (FATFS_INFO*)tsk_fs_malloc(sizeof(FATFS_INFO))) == NULL) {
return NULL;
diff --git a/tsk/fs/ffs.c b/tsk/fs/ffs.c
index 44cd1eed0..fd2e6ca6a 100644
--- a/tsk/fs/ffs.c
+++ b/tsk/fs/ffs.c
@@ -2019,6 +2019,13 @@ ffs_open(TSK_IMG_INFO * img_info, TSK_OFF_T offset, TSK_FS_TYPE_ENUM ftype, uint
return NULL;
}
+ if (img_info->sector_size == 0) {
+ tsk_error_reset();
+ tsk_error_set_errno(TSK_ERR_FS_ARG);
+ tsk_error_set_errstr("ffs_open: sector size is 0");
+ return NULL;
+ }
+
if ((ffs = (FFS_INFO *) tsk_fs_malloc(sizeof(*ffs))) == NULL)
return NULL;
diff --git a/tsk/fs/iso9660.c b/tsk/fs/iso9660.c
index 8232d3e5b..4d4684974 100644
--- a/tsk/fs/iso9660.c
+++ b/tsk/fs/iso9660.c
@@ -639,7 +639,7 @@ iso9660_load_inodes_dir(TSK_FS_INFO * fs, TSK_OFF_T a_offs, int count,
in_node->offset =
tsk_getu32(fs->endian, dentry->ext_loc_m) * fs->block_size;
- if (tsk_getu32(fs->endian, in_node->inode.dr.data_len_m) + in_node->offset > fs->block_count * fs->block_size) {
+ if (tsk_getu32(fs->endian, in_node->inode.dr.data_len_m) + in_node->offset > (TSK_OFF_T)(fs->block_count * fs->block_size)) {
if (tsk_verbose)
tsk_fprintf(stderr,
"iso9660_load_inodes_dir: file ends past end of image (%"PRIu32" bytes). bailing\n",
@@ -2505,6 +2505,13 @@ iso9660_open(TSK_IMG_INFO * img_info, TSK_OFF_T offset,
return NULL;
}
+ if (img_info->sector_size == 0) {
+ tsk_error_reset();
+ tsk_error_set_errno(TSK_ERR_FS_ARG);
+ tsk_error_set_errstr("iso9660_open: sector size is 0");
+ return NULL;
+ }
+
if (tsk_verbose) {
tsk_fprintf(stderr, "iso9660_open img_info: %" PRIu64
" ftype: %" PRIu8 " test: %" PRIu8 "\n", (uint64_t) img_info,
diff --git a/tsk/fs/ntfs.c b/tsk/fs/ntfs.c
index a68f88971..c42cdfb00 100755
--- a/tsk/fs/ntfs.c
+++ b/tsk/fs/ntfs.c
@@ -4837,6 +4837,13 @@ ntfs_open(TSK_IMG_INFO * img_info, TSK_OFF_T offset,
return NULL;
}
+ if (img_info->sector_size == 0) {
+ tsk_error_reset();
+ tsk_error_set_errno(TSK_ERR_FS_ARG);
+ tsk_error_set_str("ntfs_open: sector size is 0");
+ return NULL;
+ }
+
if ((ntfs = (NTFS_INFO *) tsk_fs_malloc(sizeof(*ntfs))) == NULL) {
goto on_error;
}
diff --git a/tsk/fs/rawfs.c b/tsk/fs/rawfs.c
index 79142761d..c38a09b46 100644
--- a/tsk/fs/rawfs.c
+++ b/tsk/fs/rawfs.c
@@ -41,6 +41,13 @@ rawfs_open(TSK_IMG_INFO * img_info, TSK_OFF_T offset)
// clean up any error messages that are lying around
tsk_error_reset();
+ if (img_info->sector_size == 0) {
+ tsk_error_reset();
+ tsk_error_set_errno(TSK_ERR_FS_ARG);
+ tsk_error_set_errstr("rawfs_open: sector size is 0");
+ return NULL;
+ }
+
fs = (TSK_FS_INFO *) tsk_fs_malloc(sizeof(TSK_FS_INFO));
if (fs == NULL)
return NULL;
diff --git a/tsk/fs/swapfs.c b/tsk/fs/swapfs.c
index 722d2636b..1b6e4c322 100644
--- a/tsk/fs/swapfs.c
+++ b/tsk/fs/swapfs.c
@@ -40,6 +40,13 @@ swapfs_open(TSK_IMG_INFO * img_info, TSK_OFF_T offset)
// clean up any error messages that are lying around
tsk_error_reset();
+ if (img_info->sector_size == 0) {
+ tsk_error_reset();
+ tsk_error_set_errno(TSK_ERR_FS_ARG);
+ tsk_error_set_errstr("swapfs_open: sector size is 0");
+ return NULL;
+ }
+
fs = (TSK_FS_INFO *) tsk_fs_malloc(sizeof(*fs));
if (fs == NULL)
return NULL;
diff --git a/tsk/fs/yaffs.cpp b/tsk/fs/yaffs.cpp
index 3cb74580e..9cbc0058e 100644
--- a/tsk/fs/yaffs.cpp
+++ b/tsk/fs/yaffs.cpp
@@ -3010,6 +3010,15 @@ TSK_FS_INFO *
return NULL;
}
+ if (img_info->sector_size == 0) {
+ tsk_error_reset();
+ tsk_error_set_errno(TSK_ERR_FS_ARG);
+ tsk_error_set_errstr("yaffs2_open: sector size is 0");
+ return NULL;
+ }
+
+
+
if ((yaffsfs = (YAFFSFS_INFO *) tsk_fs_malloc(sizeof(YAFFSFS_INFO))) == NULL)
return NULL;
yaffsfs->cache_objects = NULL;
diff --git a/tsk/vs/bsd.c b/tsk/vs/bsd.c
index d04e7e33c..fd94d292f 100644
--- a/tsk/vs/bsd.c
+++ b/tsk/vs/bsd.c
@@ -219,6 +219,13 @@ tsk_vs_bsd_open(TSK_IMG_INFO * img_info, TSK_DADDR_T offset)
// clean up any errors that are lying around
tsk_error_reset();
+ if (img_info->sector_size == 0) {
+ tsk_error_reset();
+ tsk_error_set_errno(TSK_ERR_VS_ARG);
+ tsk_error_set_errstr("tsk_vs_bsd_open: sector size is 0");
+ return NULL;
+ }
+
vs = (TSK_VS_INFO *) tsk_malloc(sizeof(*vs));
if (vs == NULL)
return NULL;
diff --git a/tsk/vs/dos.c b/tsk/vs/dos.c
index 3a3bcf677..06e95027b 100644
--- a/tsk/vs/dos.c
+++ b/tsk/vs/dos.c
@@ -1042,6 +1042,13 @@ tsk_vs_dos_open(TSK_IMG_INFO * img_info, TSK_DADDR_T offset, uint8_t test)
// clean up any errors that are lying around
tsk_error_reset();
+ if (img_info->sector_size == 0) {
+ tsk_error_reset();
+ tsk_error_set_errno(TSK_ERR_VS_ARG);
+ tsk_error_set_errstr("tsk_vs_dos_open: sector size is 0");
+ return NULL;
+ }
+
vs = (TSK_VS_INFO *) tsk_malloc(sizeof(*vs));
if (vs == NULL)
return NULL;
@@ -1057,6 +1064,7 @@ tsk_vs_dos_open(TSK_IMG_INFO * img_info, TSK_DADDR_T offset, uint8_t test)
vs->part_count = 0;
vs->endian = 0;
vs->block_size = img_info->sector_size;
+
/* Assign functions */
vs->close = dos_close;
diff --git a/tsk/vs/gpt.c b/tsk/vs/gpt.c
index 67ea92e6e..6a1ba05e2 100644
--- a/tsk/vs/gpt.c
+++ b/tsk/vs/gpt.c
@@ -309,6 +309,13 @@ tsk_vs_gpt_open(TSK_IMG_INFO * img_info, TSK_DADDR_T offset)
// clean up any errors that are lying around
tsk_error_reset();
+ if (img_info->sector_size == 0) {
+ tsk_error_reset();
+ tsk_error_set_errno(TSK_ERR_VS_ARG);
+ tsk_error_set_errstr("tsk_vs_gpt_open: sector size is 0");
+ return NULL;
+ }
+
vs = (TSK_VS_INFO *) tsk_malloc(sizeof(*vs));
if (vs == NULL)
return NULL;
diff --git a/tsk/vs/mac.c b/tsk/vs/mac.c
index d37443eef..8853165c2 100644
--- a/tsk/vs/mac.c
+++ b/tsk/vs/mac.c
@@ -195,6 +195,13 @@ tsk_vs_mac_open(TSK_IMG_INFO * img_info, TSK_DADDR_T offset)
// clean up any errors that are lying around
tsk_error_reset();
+ if (img_info->sector_size == 0) {
+ tsk_error_reset();
+ tsk_error_set_errno(TSK_ERR_VS_ARG);
+ tsk_error_set_errstr("tsk_vs_mac_open: sector size is 0");
+ return NULL;
+ }
+
vs = (TSK_VS_INFO *) tsk_malloc(sizeof(*vs));
if (vs == NULL)
return NULL;
diff --git a/tsk/vs/sun.c b/tsk/vs/sun.c
index f10097f0f..8371cfff8 100644
--- a/tsk/vs/sun.c
+++ b/tsk/vs/sun.c
@@ -358,6 +358,13 @@ tsk_vs_sun_open(TSK_IMG_INFO * img_info, TSK_DADDR_T offset)
// clean up any errors that are lying around
tsk_error_reset();
+ if (img_info->sector_size == 0) {
+ tsk_error_reset();
+ tsk_error_set_errno(TSK_ERR_VS_ARG);
+ tsk_error_set_errstr("tsk_vs_sun_open: sector size is 0");
+ return NULL;
+ }
+
vs = (TSK_VS_INFO *) tsk_malloc(sizeof(*vs));
if (vs == NULL)
return NULL;
--
GitLab