summaryrefslogtreecommitdiffstats
path: root/src/file_bmp.c
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2011-05-02 22:19:44 +0200
committerChristophe Grenier <grenier@cgsecurity.org>2011-05-02 22:19:44 +0200
commita0ac86600304652b85bb68ed4a32f362daf3c502 (patch)
tree645ab564b6132d09d752eb38382ce310802bca9a /src/file_bmp.c
parent5118568923556949fa5e7b6657cabd1ebf490ae1 (diff)
PhotoRec: stricter check for BMP files
Diffstat (limited to 'src/file_bmp.c')
-rw-r--r--src/file_bmp.c20
1 files changed, 17 insertions, 3 deletions
diff --git a/src/file_bmp.c b/src/file_bmp.c
index 2972298..5ec2cd7 100644
--- a/src/file_bmp.c
+++ b/src/file_bmp.c
@@ -29,6 +29,7 @@
#include <stdio.h>
#include "types.h"
#include "filegen.h"
+#include "common.h"
static void register_header_check_bmp(file_stat_t *file_stat);
static int header_check_bmp(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new);
@@ -50,15 +51,28 @@ static void register_header_check_bmp(file_stat_t *file_stat)
register_header_check(0, bmp_header,sizeof(bmp_header), &header_check_bmp, file_stat);
}
+struct bmp_header
+{
+ uint16_t magic;
+ uint32_t size;
+ uint32_t reserved;
+ uint32_t offset;
+} __attribute__ ((__packed__));
+
static int header_check_bmp(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
{
- if(buffer[0]=='B' && buffer[1]=='M' &&
- buffer[6]==0x00 && buffer[7]==0x00 && buffer[8]==0x00 && buffer[9]==0x00)
+ const struct bmp_header *bm=(const struct bmp_header *)buffer;
+ if(buffer[0]=='B' && buffer[1]=='M' && bm->reserved==0 &&
+ (buffer[14]==12 || buffer[14]==64 || buffer[14]==40 || buffer[14]==52 ||
+ buffer[14]==56 || buffer[14]==108 || buffer[14]==124) &&
+ buffer[15]==0 && buffer[16]==0 && buffer[17]==0 &&
+ le32(bm->offset) < le32(bm->size))
{
+ /* See http://en.wikipedia.org/wiki/BMP_file_format */
reset_file_recovery(file_recovery_new);
file_recovery_new->extension=file_hint_bmp.extension;
file_recovery_new->min_filesize=65;
- file_recovery_new->calculated_file_size=(uint64_t)buffer[2]+(((uint64_t)buffer[3])<<8)+(((uint64_t)buffer[4])<<16)+(((uint64_t)buffer[5])<<24);
+ file_recovery_new->calculated_file_size=(uint64_t)le32(bm->size);
file_recovery_new->data_check=&data_check_size;
file_recovery_new->file_check=&file_check_size;
return 1;