From ce353d688420387c32de1172885e9c86b7327c3c Mon Sep 17 00:00:00 2001 From: Natalia Portillo Date: Fri, 4 Jun 2021 18:42:29 +0100 Subject: [PATCH] Guard several filesystems against crashes when identifying on a data buffer smaller than needed. --- Aaru.Filesystems/AppleHFS/Info.cs | 7 +++++++ Aaru.Filesystems/AppleHFSPlus.cs | 3 +++ Aaru.Filesystems/ProDOS.cs | 8 ++++---- Aaru.Filesystems/SysV.cs | 16 ++++++++++------ 4 files changed, 24 insertions(+), 10 deletions(-) diff --git a/Aaru.Filesystems/AppleHFS/Info.cs b/Aaru.Filesystems/AppleHFS/Info.cs index d7b1f5506..b66f3e987 100644 --- a/Aaru.Filesystems/AppleHFS/Info.cs +++ b/Aaru.Filesystems/AppleHFS/Info.cs @@ -62,6 +62,9 @@ namespace Aaru.Filesystems 0, 0x200, 0x400, 0x600, 0x800, 0xA00 }) { + if(mdbSector.Length < offset + 0x7C + 2) + continue; + drSigWord = BigEndianBitConverter.ToUInt16(mdbSector, offset); if(drSigWord != AppleCommon.HFS_MAGIC) @@ -76,6 +79,10 @@ namespace Aaru.Filesystems else { mdbSector = imagePlugin.ReadSector(2 + partition.Start); + + if(mdbSector.Length < 0x7C + 2) + return false; + drSigWord = BigEndianBitConverter.ToUInt16(mdbSector, 0); if(drSigWord != AppleCommon.HFS_MAGIC) diff --git a/Aaru.Filesystems/AppleHFSPlus.cs b/Aaru.Filesystems/AppleHFSPlus.cs index e843c3272..dae04601a 100644 --- a/Aaru.Filesystems/AppleHFSPlus.cs +++ b/Aaru.Filesystems/AppleHFSPlus.cs @@ -64,6 +64,9 @@ namespace Aaru.Filesystems byte[] vhSector = imagePlugin.ReadSectors(partition.Start, sectorsToRead); + if(vhSector.Length < 0x800) + return false; + ushort drSigWord = BigEndianBitConverter.ToUInt16(vhSector, 0x400); if(drSigWord == AppleCommon.HFS_MAGIC) // "BD" diff --git a/Aaru.Filesystems/ProDOS.cs b/Aaru.Filesystems/ProDOS.cs index 5af942514..974630e29 100644 --- a/Aaru.Filesystems/ProDOS.cs +++ b/Aaru.Filesystems/ProDOS.cs @@ -107,7 +107,7 @@ namespace Aaru.Filesystems foreach(int offset in new[] { 0, 0x200, 0x400, 0x600, 0x800, 0xA00 - }.Where(offset => BitConverter.ToUInt16(tmp, offset) == 0 && + }.Where(offset => tmp.Length > offset + 0x200 && BitConverter.ToUInt16(tmp, offset) == 0 && (byte)((tmp[offset + 0x04] & STORAGE_TYPE_MASK) >> 4) == ROOT_DIRECTORY_TYPE && tmp[offset + 0x23] == ENTRY_LENGTH && tmp[offset + 0x24] == ENTRIES_PER_BLOCK)) { @@ -154,9 +154,9 @@ namespace Aaru.Filesystems totalBlocks /= 4; AaruConsole.DebugWriteLine("ProDOS plugin", "{0} <= ({1} - {2} + 1)? {3}", totalBlocks, partition.End, - partition.Start, totalBlocks <= (partition.End - partition.Start) + 1); + partition.Start, totalBlocks <= partition.End - partition.Start + 1); - return totalBlocks <= (partition.End - partition.Start) + 1; + return totalBlocks <= partition.End - partition.Start + 1; } public void GetInformation(IMediaImage imagePlugin, Partition partition, out string information, @@ -326,7 +326,7 @@ namespace Aaru.Filesystems Type = "ProDOS" }; - XmlFsType.ClusterSize = (uint)((((partition.End - partition.Start) + 1) * imagePlugin.Info.SectorSize) / + XmlFsType.ClusterSize = (uint)((partition.End - partition.Start + 1) * imagePlugin.Info.SectorSize / XmlFsType.Clusters); if(!dateCorrect) diff --git a/Aaru.Filesystems/SysV.cs b/Aaru.Filesystems/SysV.cs index befc7cb67..2b0637644 100644 --- a/Aaru.Filesystems/SysV.cs +++ b/Aaru.Filesystems/SysV.cs @@ -82,14 +82,15 @@ namespace Aaru.Filesystems byte sb_size_in_sectors; - if(imagePlugin.Info.SectorSize <= 0x400 - ) // Check if underlying device sector size is smaller than SuperBlock size + if(imagePlugin.Info.SectorSize <= + 0x400) // Check if underlying device sector size is smaller than SuperBlock size sb_size_in_sectors = (byte)(0x400 / imagePlugin.Info.SectorSize); else sb_size_in_sectors = 1; // If not a single sector can store it - if(partition.End <= partition.Start + (4 * (ulong)sb_size_in_sectors) + sb_size_in_sectors - ) // Device must be bigger than SB location + SB size + offset + if(partition.End <= + partition.Start + (4 * (ulong)sb_size_in_sectors) + + sb_size_in_sectors) // Device must be bigger than SB location + SB size + offset return false; // Sectors in a cylinder @@ -110,6 +111,9 @@ namespace Aaru.Filesystems Select(i => imagePlugin.ReadSectors((ulong)i + partition.Start, sb_size_in_sectors))) { + if(sb_sector.Length < 0x400) + continue; + uint magic = BitConverter.ToUInt32(sb_sector, 0x3F8); if(magic == XENIX_MAGIC || @@ -202,8 +206,8 @@ namespace Aaru.Filesystems byte sb_size_in_sectors; int offset = 0; - if(imagePlugin.Info.SectorSize <= 0x400 - ) // Check if underlying device sector size is smaller than SuperBlock size + if(imagePlugin.Info.SectorSize <= + 0x400) // Check if underlying device sector size is smaller than SuperBlock size sb_size_in_sectors = (byte)(0x400 / imagePlugin.Info.SectorSize); else sb_size_in_sectors = 1; // If not a single sector can store it