Skip to content
Snippets Groups Projects
Commit f7a20cf1 authored by Brian Carrier's avatar Brian Carrier
Browse files

Fix bug introduced with imap offset check

parent 619b0d9b
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 16 additions and 2 deletions
tsk/fs/ext2fs.c
+ 16
2
View file @ f7a20cf1
...@@ -841,6 +841,20 @@ ext2fs_dinode_copy(EXT2FS_INFO * ext2fs, TSK_FS_META * fs_meta, ...@@ -841,6 +841,20 @@ ext2fs_dinode_copy(EXT2FS_INFO * ext2fs, TSK_FS_META * fs_meta,
grp_num * tsk_getu32(fs->endian, grp_num * tsk_getu32(fs->endian,
ext2fs->fs->s_inodes_per_group) + fs->first_inum; ext2fs->fs->s_inodes_per_group) + fs->first_inum;
/*
* Ensure that inum - ibase refers to a valid bit offset in imap_buf.
*/
if ((inum - ibase) > fs->block_size*8) {
tsk_release_lock(&ext2fs->lock);
tsk_error_reset();
tsk_error_set_errno(TSK_ERR_FS_WALK_RNG);
tsk_error_set_errstr("ext2fs_dinode_copy: Invalid offset into imap_buf (inum %" PRIuINUM " - ibase %" PRIuINUM ")",
inum, ibase);
return 1;
}
/* /*
* Apply the allocated/unallocated restriction. * Apply the allocated/unallocated restriction.
*/ */
...@@ -1052,9 +1066,9 @@ ext2fs_inode_walk(TSK_FS_INFO * fs, TSK_INUM_T start_inum, ...@@ -1052,9 +1066,9 @@ ext2fs_inode_walk(TSK_FS_INFO * fs, TSK_INUM_T start_inum,
ext2fs->fs->s_inodes_per_group) + 1; ext2fs->fs->s_inodes_per_group) + 1;
/* /*
* Ensure that inum - ibase refers to a valid offset in imap_buf. * Ensure that inum - ibase refers to a valid bit offset in imap_buf.
*/ */
if ((inum - ibase) > fs->block_size) { if ((inum - ibase) > fs->block_size*8) {
tsk_release_lock(&ext2fs->lock); tsk_release_lock(&ext2fs->lock);
free(dino_buf); free(dino_buf);
tsk_error_reset(); tsk_error_reset();
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment