From f7a20cf162a02a4ce5301eb6b27bbc53fd5998b5 Mon Sep 17 00:00:00 2001 From: Brian Carrier <carrier@sleuthkit.org> Date: Wed, 29 Apr 2020 15:47:01 -0400 Subject: [PATCH] Fix bug introduced with imap offset check --- tsk/fs/ext2fs.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/tsk/fs/ext2fs.c b/tsk/fs/ext2fs.c index 45dd18c27..1f56c9430 100755 --- a/tsk/fs/ext2fs.c +++ b/tsk/fs/ext2fs.c @@ -841,6 +841,20 @@ ext2fs_dinode_copy(EXT2FS_INFO * ext2fs, TSK_FS_META * fs_meta, grp_num * tsk_getu32(fs->endian, ext2fs->fs->s_inodes_per_group) + fs->first_inum; + + /* + * Ensure that inum - ibase refers to a valid bit offset in imap_buf. + */ + if ((inum - ibase) > fs->block_size*8) { + tsk_release_lock(&ext2fs->lock); + tsk_error_reset(); + tsk_error_set_errno(TSK_ERR_FS_WALK_RNG); + tsk_error_set_errstr("ext2fs_dinode_copy: Invalid offset into imap_buf (inum %" PRIuINUM " - ibase %" PRIuINUM ")", + inum, ibase); + return 1; + } + + /* * Apply the allocated/unallocated restriction. */ @@ -1052,9 +1066,9 @@ ext2fs_inode_walk(TSK_FS_INFO * fs, TSK_INUM_T start_inum, ext2fs->fs->s_inodes_per_group) + 1; /* - * Ensure that inum - ibase refers to a valid offset in imap_buf. + * Ensure that inum - ibase refers to a valid bit offset in imap_buf. */ - if ((inum - ibase) > fs->block_size) { + if ((inum - ibase) > fs->block_size*8) { tsk_release_lock(&ext2fs->lock); free(dino_buf); tsk_error_reset(); -- GitLab