[ntfs-3g-devel] [PATCH] ntfsrecover: avoid comparison with uninitialized buffer

Wed, 11 Nov 2015 06:23:06 -0800 

Hi Jean-Pierre,
May you check that while playing redo operations in play_redos if we don't need old record (or ignore it), we allocate a buffer without initializing but then use it later. At least in redo_create_file this was done for one of the NTFS storage devices I have. 


Attached is possible way to avoid it. Note that this might be an issue 
in other places but I have just skimmed through some actions but seems 
worth fix even if trivial.


Best regards,

>From 07a6df2b19d732c40f8c19badc504c6cb7f4c281 Mon Sep 17 00:00:00 2001
From: Rakesh Pandit <rak...@tuxera.com>
Date: Wed, 11 Nov 2015 15:54:06 +0200
Subject: [PATCH] ntfsrecover: Avoid memcmp with uninitialized data while
 playing redos

Everytime we ignore old records in play_redos both for MFT and INDX,
we allocate a new buffer. At least redo_create_file we use this buffer
and compare with existing data in log record which isn't
required. This is trivial but anyway fix it.
---
 ntfsprogs/playlog.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/ntfsprogs/playlog.c b/ntfsprogs/playlog.c
index 46346fa..41499c1 100644
--- a/ntfsprogs/playlog.c
+++ b/ntfsprogs/playlog.c
@@ -2017,7 +2017,10 @@ static int redo_create_file(ntfs_volume *vol,
 		dump(buffer,mftrecsz);
 	}
 	if ((target + length) <= mftrecsz) {
-		changed = memcmp(buffer + target, data, length);
+		if (record->magic == magic_FILE)
+			changed = memcmp(buffer + target, data, length);
+		else
+			changed = 1;
 		err = 0;
 		if (changed || !(record->flags & MFT_RECORD_IN_USE)) {
 			memcpy(buffer + target, data, length);
@@ -4372,9 +4375,11 @@ printf("** %s (action %d) not acting on MFT\n",actionname(rop),(int)action->num)
 				} else {
 					if (!warn) {
 						/* Old record not needed */
-						if (!buffer)
+						if (!buffer) {
 							buffer =
 							(char*)malloc(mftrecsz);
+							memset(buffer, 0, 4);
+						}
 						if (buffer)
 							executed = FALSE;
 						else
@@ -4417,9 +4422,11 @@ printf("** %s (action %d) not acting on INDX\n",actionname(rop),(int)action->num
 				} else {
 					if (!warn) {
 						/* Old record not needed */
-						if (!buffer)
+						if (!buffer) {
 							buffer = 
 							(char*)malloc(xsize);
+							memset(buffer, 0, 4);
+						}
 						if (buffer)
 							executed = FALSE;
 						else
-- 
2.4.3


------------------------------------------------------------------------------

_______________________________________________
ntfs-3g-devel mailing list
ntfs-3g-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ntfs-3g-devel






















					Reply via email to