From 9b3f0dcca11e7a9e13276515c2a6092113083f94 Mon Sep 17 00:00:00 2001 From: Natalia Portillo Date: Wed, 8 Nov 2017 17:05:00 +0000 Subject: [PATCH] Added bound checks. --- DiscImageChef.Filesystems/Locus.cs | 3 +++ DiscImageChef.Filesystems/QNX4.cs | 3 +++ DiscImageChef.Filesystems/RBF.cs | 3 +++ DiscImageChef.Partitions/AppleMap.cs | 3 +++ DiscImageChef.Partitions/GPT.cs | 3 +++ DiscImageChef.Partitions/Plan9.cs | 4 ++++ DiscImageChef.Partitions/Sun.cs | 3 +++ 7 files changed, 22 insertions(+) diff --git a/DiscImageChef.Filesystems/Locus.cs b/DiscImageChef.Filesystems/Locus.cs index 3bc92d64..bef81392 100644 --- a/DiscImageChef.Filesystems/Locus.cs +++ b/DiscImageChef.Filesystems/Locus.cs @@ -236,6 +236,9 @@ namespace DiscImageChef.Filesystems if((Marshal.SizeOf(LocusSb)) % imagePlugin.GetSectorSize() != 0) sbSize++; + if(partition.Start + location + sbSize >= imagePlugin.GetSectors()) + break; + byte[] sector = imagePlugin.ReadSectors(partition.Start + location, sbSize); if(sector.Length < Marshal.SizeOf(LocusSb)) return false; diff --git a/DiscImageChef.Filesystems/QNX4.cs b/DiscImageChef.Filesystems/QNX4.cs index 382275e6..8a452985 100644 --- a/DiscImageChef.Filesystems/QNX4.cs +++ b/DiscImageChef.Filesystems/QNX4.cs @@ -137,6 +137,9 @@ namespace DiscImageChef.Filesystems public override bool Identify(ImagePlugins.ImagePlugin imagePlugin, Partition partition) { + if(partition.Start + 1 >= imagePlugin.GetSectors()) + return false; + byte[] sector = imagePlugin.ReadSector(partition.Start + 1); if(sector.Length < 512) return false; diff --git a/DiscImageChef.Filesystems/RBF.cs b/DiscImageChef.Filesystems/RBF.cs index f2ce5d61..27e911ab 100644 --- a/DiscImageChef.Filesystems/RBF.cs +++ b/DiscImageChef.Filesystems/RBF.cs @@ -201,6 +201,9 @@ namespace DiscImageChef.Filesystems if(Marshal.SizeOf(RBFSb) % imagePlugin.GetSectorSize() != 0) sbSize++; + if(partition.Start + location + sbSize >= imagePlugin.GetSectors()) + break; + byte[] sector = imagePlugin.ReadSectors(partition.Start + location, sbSize); if(sector.Length < Marshal.SizeOf(RBFSb)) return false; diff --git a/DiscImageChef.Partitions/AppleMap.cs b/DiscImageChef.Partitions/AppleMap.cs index 4df00d36..b3b84449 100644 --- a/DiscImageChef.Partitions/AppleMap.cs +++ b/DiscImageChef.Partitions/AppleMap.cs @@ -68,6 +68,9 @@ namespace DiscImageChef.PartPlugins partitions = new List(); + if(sectorOffset + 2 >= imagePlugin.GetSectors()) + return false; + byte[] ddm_sector = imagePlugin.ReadSector(sectorOffset); AppleDriverDescriptorMap ddm; diff --git a/DiscImageChef.Partitions/GPT.cs b/DiscImageChef.Partitions/GPT.cs index 4d0deaf5..16b90c57 100644 --- a/DiscImageChef.Partitions/GPT.cs +++ b/DiscImageChef.Partitions/GPT.cs @@ -52,6 +52,9 @@ namespace DiscImageChef.PartPlugins { partitions = new List(); + if(sectorOffset + 2 >= imagePlugin.GetSectors()) + return false; + byte[] hdrBytes = imagePlugin.ReadSector(1 + sectorOffset); GptHeader hdr; diff --git a/DiscImageChef.Partitions/Plan9.cs b/DiscImageChef.Partitions/Plan9.cs index c5683eac..20c0458b 100644 --- a/DiscImageChef.Partitions/Plan9.cs +++ b/DiscImageChef.Partitions/Plan9.cs @@ -51,6 +51,10 @@ namespace DiscImageChef.PartPlugins public override bool GetInformation(ImagePlugins.ImagePlugin imagePlugin, out List partitions, ulong sectorOffset) { partitions = new List(); + + if(sectorOffset + 2 >= imagePlugin.GetSectors()) + return false; + byte[] sector = imagePlugin.ReadSector(sectorOffset + 1); // While all of Plan9 is supposedly UTF-8, it uses ASCII strcmp for reading its partition table string[] really = StringHandlers.CToString(sector).Split(new[] {'\n'}); diff --git a/DiscImageChef.Partitions/Sun.cs b/DiscImageChef.Partitions/Sun.cs index 1e84f775..6cff6087 100644 --- a/DiscImageChef.Partitions/Sun.cs +++ b/DiscImageChef.Partitions/Sun.cs @@ -115,6 +115,9 @@ namespace DiscImageChef.PartPlugins if(imagePlugin.GetSectorSize() < 512) return false; + if(sectorOffset + 2 >= imagePlugin.GetSectors()) + return false; + bool useDkl = false, useDkl8 = false, useDkl16 = false; byte[] sunSector = imagePlugin.ReadSector(sectorOffset);