diff options
author | Christophe Grenier <grenier@cgsecurity.org> | 2014-07-24 23:27:43 +0200 |
---|---|---|
committer | Christophe Grenier <grenier@cgsecurity.org> | 2014-07-24 23:27:43 +0200 |
commit | af40c8738fda2e7077a7ead6e5bf12c732a8bb9d (patch) | |
tree | 44d1852f09c39dc426028a90ff1b3f24dbde92f5 /src/file_cwk.c | |
parent | 00088b523ebe635facabe73fcdb46a78b17f810e (diff) |
PhotoRec: stricter check for .cwk
Diffstat (limited to 'src/file_cwk.c')
-rw-r--r-- | src/file_cwk.c | 47 |
1 files changed, 33 insertions, 14 deletions
diff --git a/src/file_cwk.c b/src/file_cwk.c index cbaca0c..01c9653 100644 --- a/src/file_cwk.c +++ b/src/file_cwk.c @@ -29,6 +29,7 @@ #include <stdio.h> #include "types.h" #include "filegen.h" +#include "common.h" static void register_header_check_cwk(file_stat_t *file_stat); static int header_check_cwk(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new); @@ -44,27 +45,45 @@ const file_hint_t file_hint_cwk= { .register_header_check=®ister_header_check_cwk }; -static const unsigned char cwk_header[4]= {'B','O','B','O'}; +/* http://wiki.wirelust.com/x/index.php/AppleWorks_/_ClarisWorks */ +struct cwk_header +{ + unsigned char major_version; + unsigned char minor_version[3]; + uint32_t creator_type; /* BOBO */ + unsigned char old_major_version; + unsigned char old_minor_version[3]; + uint64_t reserved0; + uint16_t reserved1; + uint16_t marker; + uint16_t unk1; + uint32_t unk2; + uint16_t height; + uint16_t width; + uint16_t margins[6]; + uint16_t inner_height; + uint16_t inner_width; +} __attribute__ ((__packed__)); -static void register_header_check_cwk(file_stat_t *file_stat) +static void file_check_cwk(file_recovery_t *file_recovery) { - register_header_check(4, cwk_header,sizeof(cwk_header), &header_check_cwk, file_stat); + const unsigned char cwk_footer[4]= {0xf0, 0xf1, 0xf2, 0xf3}; + file_search_footer(file_recovery, cwk_footer, sizeof(cwk_footer), 4); } static int header_check_cwk(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new) { - if(memcmp(buffer+4, cwk_header, sizeof(cwk_header))==0) - { - reset_file_recovery(file_recovery_new); - file_recovery_new->extension=file_hint_cwk.extension; - file_recovery_new->file_check=&file_check_cwk; - return 1; - } - return 0; + const struct cwk_header *cwk=(const struct cwk_header *)buffer; + if(be64(cwk->reserved0)!=0 || be16(cwk->reserved1)!=1) + return 0; + reset_file_recovery(file_recovery_new); + file_recovery_new->extension=file_hint_cwk.extension; + file_recovery_new->file_check=&file_check_cwk; + return 1; } -static void file_check_cwk(file_recovery_t *file_recovery) +static void register_header_check_cwk(file_stat_t *file_stat) { - const unsigned char cwk_footer[4]= {0xf0, 0xf1, 0xf2, 0xf3}; - file_search_footer(file_recovery, cwk_footer, sizeof(cwk_footer), 4); + static const unsigned char cwk_header[4]= {'B','O','B','O'}; + register_header_check(4, cwk_header,sizeof(cwk_header), &header_check_cwk, file_stat); } |