summaryrefslogtreecommitdiffstats
path: root/src/file_png.c
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2014-07-26 19:17:12 +0200
committerChristophe Grenier <grenier@cgsecurity.org>2014-07-26 19:17:12 +0200
commitecc15d0571d4be528d25c91852cd6a33186dd41d (patch)
tree6f2b87753f54cb038a0ece281dfd55fb44479b61 /src/file_png.c
parentadb18ac16ea696cf50fcb69385e2d49365fe67fc (diff)
PhotoRec: stricter check for .png
Diffstat (limited to 'src/file_png.c')
-rw-r--r--src/file_png.c49
1 files changed, 43 insertions, 6 deletions
diff --git a/src/file_png.c b/src/file_png.c
index 9aa7917..8447580 100644
--- a/src/file_png.c
+++ b/src/file_png.c
@@ -64,8 +64,16 @@ struct png_chunk
static int header_check_jng(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
{
+ if( !((isupper(buffer[8+4]) || islower(buffer[8+4])) &&
+ (isupper(buffer[8+5]) || islower(buffer[8+5])) &&
+ (isupper(buffer[8+6]) || islower(buffer[8+6])) &&
+ (isupper(buffer[8+7]) || islower(buffer[8+7]))))
+ return 0;
reset_file_recovery(file_recovery_new);
file_recovery_new->extension="jng";
+ file_recovery_new->min_filesize=16;
+ if(file_recovery_new->blocksize < 8)
+ return 1;
file_recovery_new->calculated_file_size=8;
file_recovery_new->data_check=&data_check_png;
file_recovery_new->file_check=&file_check_size;
@@ -74,8 +82,16 @@ static int header_check_jng(const unsigned char *buffer, const unsigned int buff
static int header_check_mng(const unsigned char *buffer, const unsigned int buffer_size, const unsigned int safe_header_only, const file_recovery_t *file_recovery, file_recovery_t *file_recovery_new)
{
+ if( !((isupper(buffer[8+4]) || islower(buffer[8+4])) &&
+ (isupper(buffer[8+5]) || islower(buffer[8+5])) &&
+ (isupper(buffer[8+6]) || islower(buffer[8+6])) &&
+ (isupper(buffer[8+7]) || islower(buffer[8+7]))))
+ return 0;
reset_file_recovery(file_recovery_new);
file_recovery_new->extension="mng";
+ file_recovery_new->min_filesize=16;
+ if(file_recovery_new->blocksize < 8)
+ return 1;
file_recovery_new->calculated_file_size=8;
file_recovery_new->data_check=&data_check_mng;
file_recovery_new->file_check=&file_check_size;
@@ -90,8 +106,16 @@ static int header_check_png(const unsigned char *buffer, const unsigned int buff
(strcmp(file_recovery->extension,"sld")==0 ||
strcmp(file_recovery->extension,"sldprt")==0))
return 0;
+ if( !((isupper(buffer[8+4]) || islower(buffer[8+4])) &&
+ (isupper(buffer[8+5]) || islower(buffer[8+5])) &&
+ (isupper(buffer[8+6]) || islower(buffer[8+6])) &&
+ (isupper(buffer[8+7]) || islower(buffer[8+7]))))
+ return 0;
reset_file_recovery(file_recovery_new);
file_recovery_new->extension=file_hint_png.extension;
+ file_recovery_new->min_filesize=16;
+ if(file_recovery_new->blocksize < 8)
+ return 1;
file_recovery_new->calculated_file_size=8;
file_recovery_new->data_check=&data_check_png;
file_recovery_new->file_check=&file_check_size;
@@ -106,9 +130,19 @@ static data_check_t data_check_mng(const unsigned char *buffer, const unsigned i
{
const unsigned int i=file_recovery->calculated_file_size - file_recovery->file_size + buffer_size/2;
const struct png_chunk *chunk=(const struct png_chunk *)&buffer[i];
- file_recovery->calculated_file_size+=12 + be32(chunk->length);
if(memcmp(&buffer[i+4], mng_footer, sizeof(mng_footer))==0)
+ {
+ file_recovery->calculated_file_size+=12 + be32(chunk->length);
return DC_STOP;
+ }
+ if( !((isupper(buffer[i+4]) || islower(buffer[i+4])) &&
+ (isupper(buffer[i+5]) || islower(buffer[i+5])) &&
+ (isupper(buffer[i+6]) || islower(buffer[i+6])) &&
+ (isupper(buffer[i+7]) || islower(buffer[i+7]))))
+ {
+ return DC_ERROR;
+ }
+ file_recovery->calculated_file_size+=12 + be32(chunk->length);
}
return DC_CONTINUE;
}
@@ -120,9 +154,11 @@ static data_check_t data_check_png(const unsigned char *buffer, const unsigned i
{
const unsigned int i=file_recovery->calculated_file_size - file_recovery->file_size + buffer_size/2;
const struct png_chunk *chunk=(const struct png_chunk *)&buffer[i];
- file_recovery->calculated_file_size+=12 + be32(chunk->length);
if(memcmp(&buffer[i+4], "IEND", 4)==0)
+ {
+ file_recovery->calculated_file_size+=12 + be32(chunk->length);
return DC_STOP;
+ }
// PNG chunk code
// IDAT IHDR PLTE bKGD cHRM fRAc gAMA gIFg gIFt gIFx hIST iCCP
// iTXt oFFs pCAL pHYs sBIT sCAL sPLT sRGB sTER tEXt tRNS zTXt
@@ -131,8 +167,9 @@ static data_check_t data_check_png(const unsigned char *buffer, const unsigned i
(isupper(buffer[i+6]) || islower(buffer[i+6])) &&
(isupper(buffer[i+7]) || islower(buffer[i+7]))))
{
- return DC_STOP;
+ return DC_ERROR;
}
+ file_recovery->calculated_file_size+=12 + be32(chunk->length);
}
return DC_CONTINUE;
}
@@ -142,7 +179,7 @@ static void register_header_check_png(file_stat_t *file_stat)
static const unsigned char png_header[8]= { 0x89, 'P', 'N','G', 0x0d, 0x0a, 0x1a, 0x0a};
static const unsigned char mng_header[8]= { 0x8a, 'M', 'N','G', 0x0d, 0x0a, 0x1a, 0x0a};
static const unsigned char jng_header[8]= { 0x8b, 'J', 'N','G', 0x0d, 0x0a, 0x1a, 0x0a};
- register_header_check(0, png_header,sizeof(png_header), &header_check_png, file_stat);
- register_header_check(0, mng_header,sizeof(mng_header), &header_check_mng, file_stat);
- register_header_check(0, jng_header,sizeof(jng_header), &header_check_jng, file_stat);
+ register_header_check(0, png_header, sizeof(png_header), &header_check_png, file_stat);
+ register_header_check(0, mng_header, sizeof(mng_header), &header_check_mng, file_stat);
+ register_header_check(0, jng_header, sizeof(jng_header), &header_check_jng, file_stat);
}