summaryrefslogtreecommitdiffstats
path: root/src/file_bkf.c
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2014-08-09 09:40:34 +0200
committerChristophe Grenier <grenier@cgsecurity.org>2014-08-09 09:40:34 +0200
commitd1ffe732d0302cbb9dc629ff0ba2d86911d7c54a (patch)
tree8690f3feafb22ceb137513144212b4c6b3c9f538 /src/file_bkf.c
parent56a31673a0d1fb98592e7de06cda2fce2f5179bc (diff)
PhotoRec: stricter check for .bkf
Diffstat (limited to 'src/file_bkf.c')
-rw-r--r--src/file_bkf.c68
1 files changed, 43 insertions, 25 deletions
diff --git a/src/file_bkf.c b/src/file_bkf.c
index 46c8e28..d339817 100644
--- a/src/file_bkf.c
+++ b/src/file_bkf.c
@@ -29,10 +29,10 @@
#include <stdio.h>
#include "types.h"
#include "filegen.h"
+#include "common.h"
+#include "log.h"
static void register_header_check_bkf(file_stat_t *file_stat);
-static int header_check_bkf(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new);
-static void file_check_bkf(file_recovery_t *file_recovery);
const file_hint_t file_hint_bkf= {
.extension="bkf",
@@ -44,36 +44,54 @@ const file_hint_t file_hint_bkf= {
.register_header_check=&register_header_check_bkf
};
-static const unsigned char bkf_header[4]= { 'T','A','P','E'};
+struct mtf_db_hdr
+{
+ uint32_t type; /* DBLK type */
+ uint32_t attr; /* block attributes */
+ uint16_t off; /* offset to first event */
+ uint8_t osId; /* OS ID */
+ uint8_t osVer; /* OS version */
+ uint64_t size; /* displayable size */
+ uint64_t fla; /* format logical address */
+ uint16_t mbc; /* reserved for MBC */
+ uint8_t rsv1[6]; /* reserved for future use */
+ uint32_t cbId; /* control block ID */
+ uint8_t rsv2[4]; /* reserved for future use */
+ uint32_t osData; /* OS-specific data */
+ uint8_t strType; /* string type */
+ uint8_t rsv3; /* reserved for future use */
+ uint16_t check; /* header checksum */
+} __attribute__ ((__packed__));
-static void register_header_check_bkf(file_stat_t *file_stat)
+static void file_check_bkf(file_recovery_t *file_recovery)
{
- register_header_check(0, bkf_header,sizeof(bkf_header), &header_check_bkf, file_stat);
+ const unsigned char bkf_footer[4]= { 'S', 'F', 'M', 'B'};
+ file_search_footer(file_recovery, bkf_footer, sizeof(bkf_footer), 0x400-4);
}
static int header_check_bkf(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
{
- if(memcmp(buffer,bkf_header,sizeof(bkf_header))==0 &&
- buffer[0x14]==0 && buffer[0x15]==0 && buffer[0x16]==0 && buffer[0x17]==0 &&
- buffer[0x18]==0 && buffer[0x19]==0 && buffer[0x1a]==0 && buffer[0x1b]==0 &&
- buffer[0x24]==0 && buffer[0x25]==0 && buffer[0x26]==0 && buffer[0x27]==0)
- {
- /* Microsoft Tape Format
- * The DBLK Type field is set to ‘TAPE’.
- * The Format Logical Address field is set to zero.
- * The Control Block ID field is set to zero.
- */
- reset_file_recovery(file_recovery_new);
- file_recovery_new->min_filesize=52;
- file_recovery_new->extension=file_hint_bkf.extension;
- file_recovery_new->file_check=&file_check_bkf;
- return 1;
- }
- return 0;
+ const struct mtf_db_hdr *hdr=(const struct mtf_db_hdr *)buffer;
+ /* Microsoft Tape Format
+ * The DBLK Type field is set to ‘TAPE’.
+ * The Format Logical Address field is set to zero.
+ * The Control Block ID field is set to zero.
+ */
+ if(le64(hdr->fla)!=0 || le32(hdr->cbId)!=0 || hdr->strType>2 ||
+ le16(hdr->off)<sizeof(struct mtf_db_hdr))
+ return 0;
+#ifdef DEBUG_BKF
+ log_info("off=%u\n", le16(hdr->off));
+#endif
+ reset_file_recovery(file_recovery_new);
+ file_recovery_new->min_filesize=52;
+ file_recovery_new->extension=file_hint_bkf.extension;
+ file_recovery_new->file_check=&file_check_bkf;
+ return 1;
}
-static void file_check_bkf(file_recovery_t *file_recovery)
+static void register_header_check_bkf(file_stat_t *file_stat)
{
- const unsigned char bkf_footer[4]= { 'S', 'F', 'M', 'B'};
- file_search_footer(file_recovery, bkf_footer, sizeof(bkf_footer), 0x400-4);
+ static const unsigned char bkf_header[4]= { 'T','A','P','E'};
+ register_header_check(0, bkf_header,sizeof(bkf_header), &header_check_bkf, file_stat);
}