On Tue, Feb 21, 2023 at 03:07:00AM +0100, Theo Buehler wrote:
> By design of d2i, it's the caller's responsibility to check a DER object
> has been fully consumed. We read files from the disk, check hashes,
> parse and validate the DER we encounter, but we do not make sure that
> nothing follows th
On Tue, Feb 21, 2023 at 02:51:09AM +, Job Snijders wrote:
> ps. If there are 'bytes trailing garbage' on an *.mft discovered in the
> DIR_VALID storage area, would a more pristine version of the MFT in
> DIR_TEMP be ignored?
Yes. The whole point of the complicated dance in proc_parser_mft() is
On Tue, Feb 21, 2023 at 03:07:00AM +0100, Theo Buehler wrote:
> By design of d2i, it's the caller's responsibility to check a DER object
> has been fully consumed. We read files from the disk, check hashes,
> parse and validate the DER we encounter, but we do not make sure that
> nothing follows th
By design of d2i, it's the caller's responsibility to check a DER object
has been fully consumed. We read files from the disk, check hashes,
parse and validate the DER we encounter, but we do not make sure that
nothing follows the DER blob we parsed.
As Job noticed, it is possible to append data t