summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2020-04-21 17:48:45 +0200
committerChristophe Grenier <grenier@cgsecurity.org>2020-04-21 17:48:45 +0200
commit3840fa62b3134af8273c5f98fdc0561529827fed (patch)
tree243aa85666f012ff4f9444c8c9e58ca8befd55e4
parent0fea045597acaefdf129ed882ffa06034c825b40 (diff)
ntfs.c,ntfs_adv.c: ntfs_getattributedata() may return NULL, avoid potential NULL dereference
-rw-r--r--src/ntfs.c11
-rw-r--r--src/ntfs_adv.c6
2 files changed, 13 insertions, 4 deletions
diff --git a/src/ntfs.c b/src/ntfs.c
index 1cbdeaa..933ab02 100644
--- a/src/ntfs.c
+++ b/src/ntfs.c
@@ -305,6 +305,7 @@ static void ntfs_get_volume_name(disk_t *disk_car, partition_t *partition, const
unsigned char *buffer;
uint64_t mft_pos;
unsigned int mft_record_size;
+ partition->fsname[0]='\0';
if(ntfs_header->clusters_per_mft_record>0)
mft_record_size=ntfs_header->clusters_per_mft_record * ntfs_header->sectors_per_cluster * ntfs_sector_size(ntfs_header);
else
@@ -334,13 +335,19 @@ static void ntfs_get_volume_name(disk_t *disk_car, partition_t *partition, const
const ntfs_attribresident *attrib=(const ntfs_attribresident *)ntfs_findattribute((const ntfs_recordheader*)buffer, 0x60, (char*)buffer+mft_record_size);
if(attrib && attrib->header.bNonResident==0) /* attribute is resident */
{
- char *dest=partition->fsname;
+ char *dest;
const char *name_it;
unsigned int volume_name_length=le32(attrib->cbAttribData);
volume_name_length/=2; /* Unicode */
if(volume_name_length>sizeof(partition->fsname)-1)
volume_name_length=sizeof(partition->fsname)-1;
- for(name_it=ntfs_getattributedata(attrib, (char*)(buffer+mft_record_size));
+ name_it=ntfs_getattributedata(attrib, (char*)(buffer+mft_record_size));
+ if(name_it==NULL)
+ {
+ free(buffer);
+ return;
+ }
+ for(dest=partition->fsname;
volume_name_length>0 && *name_it!='\0' && name_it[1]=='\0';
name_it+=2,volume_name_length--)
*dest++=*name_it;
diff --git a/src/ntfs_adv.c b/src/ntfs_adv.c
index 159eac8..4bf9e0a 100644
--- a/src/ntfs_adv.c
+++ b/src/ntfs_adv.c
@@ -451,7 +451,8 @@ int rebuild_NTFS_BS(disk_t *disk_car, partition_t *partition, const int verbose,
if(attr30 && attr30->bNonResident==0)
{
const TD_FILE_NAME_ATTR *file_name_attr=(const TD_FILE_NAME_ATTR *)ntfs_getattributedata((const ntfs_attribresident *)attr30, buffer+0x400);
- if(file_name_attr->file_name_length==4 &&
+ if(file_name_attr!=NULL &&
+ file_name_attr->file_name_length==4 &&
(const char*)&file_name_attr->file_name[0]+8 <= buffer+0x400 &&
memcmp(file_name_attr->file_name,"$\0M\0F\0T\0", 8)==0)
res=1;
@@ -518,7 +519,8 @@ int rebuild_NTFS_BS(disk_t *disk_car, partition_t *partition, const int verbose,
if(attr30 && attr30->bNonResident==0)
{
const TD_FILE_NAME_ATTR *file_name_attr=(const TD_FILE_NAME_ATTR *)ntfs_getattributedata((const ntfs_attribresident *)attr30, buffer+0x400);
- if(file_name_attr->file_name_length==4 &&
+ if(file_name_attr!=NULL &&
+ file_name_attr->file_name_length==4 &&
(const char*)&file_name_attr->file_name[0]+8 <= buffer+0x400 &&
memcmp(file_name_attr->file_name,"$\0M\0F\0T\0", 8)==0)
res=1;