Hi,
Attached patch fixes an annoying segmentation fault while running
ntfsrecover -f for investigation.
May it be reviewed ? Feel free to change and apply if suitable.
Thank you.
-
Best regards,
Rakesh Pandit
>From 07b92574d4de1689ad8d9e53909803d97a381354 Mon Sep 17 00:00:00 2001
From: Rakesh Pandit <rak...@tuxera.com>
Date: Tue, 12 Apr 2016 11:13:47 +0300
Subject: [PATCH] ntfsrecover: fix segmentation fault on empty $LogFile
ntfsrecover -f -v <log file> receives a SIGSEGV because of trying to
read memory outside allocated buffer because of no sanity checks on
restart page header values. This happens on an empty $LogFile because
of no basic checks present. Attached patch adds basic checks similar
to those inside logfile library and allows tool to exit with more
suitable message.
---
ntfsprogs/ntfsrecover.c | 32 +++++++++++++++++++++++++++++---
1 file changed, 29 insertions(+), 3 deletions(-)
diff --git a/ntfsprogs/ntfsrecover.c b/ntfsprogs/ntfsrecover.c
index aae96ad..a608b78 100644
--- a/ntfsprogs/ntfsrecover.c
+++ b/ntfsprogs/ntfsrecover.c
@@ -3114,12 +3114,32 @@ static BOOL getlogfiledata(CONTEXT *ctx, const char *boot)
BOOL ok;
u32 off;
s64 size;
+ u32 system_page_size;
+ u32 log_page_size;
ok = FALSE;
fseek(ctx->file,0L,2);
size = ftell(ctx->file);
rph = (const struct RESTART_PAGE_HEADER*)boot;
off = le16_to_cpu(rph->restart_offset);
+ /*
+ * If the system or log page sizes are smaller than the ntfs block size
+ * or either is not a power of 2 we cannot handle this log file.
+ */
+ system_page_size = le32_to_cpu(rph->system_page_size);
+ log_page_size = le32_to_cpu(rph->log_page_size);
+ if (system_page_size < NTFS_BLOCK_SIZE ||
+ log_page_size < NTFS_BLOCK_SIZE ||
+ system_page_size &
+ (system_page_size - 1) ||
+ log_page_size & (log_page_size - 1)) {
+ printf("** Unsupported page size.\n");
+ goto out;
+ }
+ if (off & 7 || off > system_page_size) {
+ printf("** Inconsistent restart area offset.\n");
+ goto out;
+ }
rest = (const struct RESTART_AREA*)&boot[off];
/* estimate cluster size from log file size (unreliable) */
@@ -3143,6 +3163,7 @@ static BOOL getlogfiledata(CONTEXT *ctx, const char *boot)
mftrecsz = 0;
mftrecbits = 0;
ok = TRUE;
+out:
return (ok);
}
@@ -3173,8 +3194,9 @@ static BOOL getvolumedata(CONTEXT *ctx, char *boot)
if (ctx->file
&& (!memcmp(boot,"RSTR",4) || !memcmp(boot,"CHKD",4))) {
printf("* Assuming a log file copy\n");
- getlogfiledata(ctx, boot);
- ok = TRUE;
+ ok = getlogfiledata(ctx, boot);
+ if (!ok)
+ goto out;
} else
fprintf(stderr,"** Not an NTFS image or log file\n");
}
@@ -3188,6 +3210,7 @@ static BOOL getvolumedata(CONTEXT *ctx, char *boot)
if (le16_to_cpu(rest->client_in_use_list) > 1)
printf("** multiple clients not implemented\n");
}
+out:
return (ok);
}
@@ -3225,8 +3248,10 @@ static BOOL open_volume(CONTEXT *ctx, const char *device_name)
ctx->vol = (ntfs_volume*)NULL;
ok = getvolumedata(ctx, boot.buf);
}
- if (!ok)
+ if (!ok) {
fclose(ctx->file);
+ goto out;
+ }
}
if (!ok) {
/* Not a log file, assume an ntfs device, mount it */
@@ -3240,6 +3265,7 @@ static BOOL open_volume(CONTEXT *ctx, const char *device_name)
ntfs_umount(ctx->vol, TRUE);
}
}
+out:
return (ok);
}
--
2.4.3
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
ntfs-3g-devel mailing list
ntfs-3g-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ntfs-3g-devel
