From f302160f8e9b7f66574a033aad6dbcce9964f951 Mon Sep 17 00:00:00 2001
From: Brian Carrier <carrier@sleuthkit.org>
Date: Sat, 11 Apr 2009 21:07:42 +0000
Subject: [PATCH] Addressed issue 2677069 regarding VS type collisions with GPT
and the DOS safety partition.
---
CHANGES.txt | 7 ++++++-
tsk3/vs/mm_open.c | 48 +++++++++++++++++++++++++++++++++++------------
2 files changed, 42 insertions(+), 13 deletions(-)
diff --git a/CHANGES.txt b/CHANGES.txt
index 68732c583..302066958 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -49,8 +49,13 @@ attributes. Reported and patch by Jamie Butler (Mandiant).
4/8/09: Fixed typo bugs in sorter as reported by Drew Hunt.
-4/11/09: Feature. Addressed issue 2734458 regarding slow NTFS listing time by adding a orphan cache map.
+4/11/09: Feature. Addressed issue 2734458 regarding slow NTFS listing
+time by adding a orphan cache map.
+4/11/09: Feature. Addressed issue 2677069 regarding VS type
+collisions with GPT and the DOS safety partition table. DOS partition
+table ignored if it seems to be the safety partition. Based on a
+variation of a patch submitted by Aaron Burghardt.
---------------- VERSION 3.0.0 --------------
0/00/00: Update: Many, many, many API changes.
diff --git a/tsk3/vs/mm_open.c b/tsk3/vs/mm_open.c
index 3fb6ce1e9..273616c3d 100644
--- a/tsk3/vs/mm_open.c
+++ b/tsk3/vs/mm_open.c
@@ -76,19 +76,43 @@ tsk_vs_open(TSK_IMG_INFO * img_info, TSK_DADDR_T offset,
tsk_error_reset();
}
if ((vs = tsk_vs_gpt_open(img_info, offset)) != NULL) {
- if (set == NULL) {
- set = "GPT";
- vs_set = vs;
- }
- else {
- vs_set->close(vs_set);
- vs->close(vs);
- tsk_error_reset();
- tsk_errno = TSK_ERR_VS_UNKTYPE;
- snprintf(tsk_errstr, TSK_ERRSTR_L,
- "GPT or %s at %" PRIuDADDR, set, offset);
- return NULL;
+ if (set != NULL) {
+ /* GPT drives have a DOS Safety partition table.
+ * Test to see if we can ignore one */
+ if ((strcmp(set, "DOS"))
+ && (vs_set->part_count == 1)
+ && (vs_set->part_list)
+ && (vs_set->part_list->start <= 63)
+ && (vs_set->part_list->desc)
+ && (strncmp(vs_set->part_list->desc, "GPT", 3))) {
+ TSK_VS_PART_INFO *tmp;
+ /* see if we can find a GPT partition that ends at the same
+ * location as the DOS (we should be testing for the last GPT partition...) */
+ for (tmp = vs->part_list; tmp; tmp = tmp->next) {
+ if ((vs_set->part_list->start +
+ vs_set->part_list->len) ==
+ (tmp->start + tmp->len)) {
+ if (tsk_verbose)
+ tsk_fprintf(stderr,
+ "mm_open: Ignoring DOS Safety GPT Partition\n");
+ set = NULL;
+ vs_set = NULL;
+ }
+ }
+ }
+
+ if (set != NULL) {
+ vs_set->close(vs_set);
+ vs->close(vs);
+ tsk_error_reset();
+ tsk_errno = TSK_ERR_VS_UNKTYPE;
+ snprintf(tsk_errstr, TSK_ERRSTR_L,
+ "GPT or %s at %" PRIuDADDR, set, offset);
+ return NULL;
+ }
}
+ set = "GPT";
+ vs_set = vs;
}
else {
tsk_error_reset();
--
GitLab