summaryrefslogtreecommitdiffstats
path: root/src/ntfs_adv.c
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2009-07-26 12:07:45 +0200
committerChristophe Grenier <grenier@cgsecurity.org>2009-07-26 12:07:45 +0200
commite0faac2bd7e5a7a1461a0cbb529f32644caf29a6 (patch)
treebda403b34802cfaaba14d6154d46d8d2800d609d /src/ntfs_adv.c
parent5afa137a96a8230b35aa78663a8662bbd16fc6f3 (diff)
TestDisk: add a boundary check when searching NTFS MFT
Diffstat (limited to 'src/ntfs_adv.c')
-rw-r--r--src/ntfs_adv.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/src/ntfs_adv.c b/src/ntfs_adv.c
index 2289cdd..1178d6e 100644
--- a/src/ntfs_adv.c
+++ b/src/ntfs_adv.c
@@ -361,7 +361,7 @@ static int read_mft_info(disk_t *disk_car, partition_t *partition, const uint64_
display_message("NTFS: Can't read mft_sector\n");
return 1;
}
- *mft_lcn=ntfs_get_attr(attr, 0x80, partition, buffer+8*DEFAULT_SECTOR_SIZE, verbose, NULL);
+ *mft_lcn=ntfs_get_attr(attr, 0x80, partition, buffer+sizeof(buffer), verbose, NULL);
*mft_record_size=NTFS_GETU32(attr + 0x1C);
if(*mft_record_size==0)
{
@@ -370,7 +370,13 @@ static int read_mft_info(disk_t *disk_car, partition_t *partition, const uint64_
return 2;
}
attr+= NTFS_GETU32(attr + 0x1C);
- *mftmirr_lcn=ntfs_get_attr(attr, 0x80, partition,buffer+8*DEFAULT_SECTOR_SIZE, verbose, NULL);
+ if(attr < buffer || attr > buffer+sizeof(buffer))
+ {
+ if(verbose<0)
+ log_warning("read_mft_info failed: bad record.\n");
+ return 2;
+ }
+ *mftmirr_lcn=ntfs_get_attr(attr, 0x80, partition,buffer+sizeof(buffer), verbose, NULL);
/* Try to divide by the biggest number first */
if(*mft_lcn<*mftmirr_lcn)
{