diff options
| -rw-r--r-- | AUTHORS | 1 | ||||
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | configure.in | 4 | ||||
| -rw-r--r-- | src/ntfs.c | 16 | ||||
| -rw-r--r-- | src/ntfsx.c | 42 | ||||
| -rw-r--r-- | src/ntfsx.h | 1 |
6 files changed, 46 insertions, 22 deletions
@@ -3,3 +3,4 @@ nielsen@memberwebs.com PATCHES: Marius HillenBrand <marius@sirius.inka.de> +Albert Kwok <Albert.Kwok@Sun.COM> @@ -1,3 +1,7 @@ +0.8.7 + - Fix crasher on corrupted drives. A problem with update + sequence offset being filled with garbage [Albert Kwok] + 0.8.6 - Don't exit on error reading source drive [Marius Hillenbrand] - Fixed core dump when attribute list, but no MFT loaded [Marius Hillenbrand] diff --git a/configure.in b/configure.in index 486e7b1..6b9af12 100644 --- a/configure.in +++ b/configure.in @@ -36,8 +36,8 @@ dnl Nate Nielsen <nielsen@memberwebs.com> dnl dnl Process this file with autoconf to produce a configure script. -AC_INIT(scrounge-ntfs, 0.8.6, nielsen@memberwebs.com) -AM_INIT_AUTOMAKE(scrounge-ntfs, 0.8.6) +AC_INIT(scrounge-ntfs, 0.8.6.90, nielsen@memberwebs.com) +AM_INIT_AUTOMAKE(scrounge-ntfs, 0.8.6.90) LDFLAGS="$LDFLAGS -L/usr/local/lib" CFLAGS="$CFLAGS -I/usr/local/include" @@ -101,25 +101,25 @@ bool ntfs_dofixups(byte* cluster, uint32 size) { ntfs_recordheader* record = (ntfs_recordheader*)cluster; byte numSectors; - uint16* updSeq; - uint16* sectorFooter; - byte i; + uint16* updSeq; + uint16* sectorFooter; + byte i; ASSERT(size % kSectorSize == 0); - numSectors = (byte)(size / kSectorSize); + numSectors = (byte)(size / kSectorSize); - /* Check the number of sectors against array */ + /* Check the number of sectors against array */ if(record->cwUpdSeq - 1 < numSectors) numSectors = record->cwUpdSeq - 1; - + updSeq = (uint16*)(cluster + record->offUpdSeq); for(i = 0; i < numSectors; i++) { - /* + /* * Check last 2 bytes in each sector against * first double byte value in update sequence - */ + */ sectorFooter = (uint16*)((cluster + (kSectorSize - 2)) + (i * kSectorSize)); if(*sectorFooter == updSeq[0]) *sectorFooter = updSeq[i + 1]; diff --git a/src/ntfsx.c b/src/ntfsx.c index 6008e1a..865199d 100644 --- a/src/ntfsx.c +++ b/src/ntfsx.c @@ -452,31 +452,49 @@ ntfsx_record* ntfsx_record_alloc(partitioninfo* info) void ntfsx_record_free(ntfsx_record* record) { - ntfsx_cluster_release(&(record->_clus)); - free(record); + ntfsx_cluster_release(&(record->_clus)); + free(record); } bool ntfsx_record_read(ntfsx_record* record, uint64 begSector, int dd) { - ntfs_recordheader* rechead; + ntfs_recordheader* rechead; - if(!ntfsx_cluster_read(&(record->_clus), record->info, begSector, dd)) - { - warn("couldn't read mft record from drive"); - return false; - } + if(!ntfsx_cluster_read(&(record->_clus), record->info, begSector, dd)) + { + warn("couldn't read mft record from drive"); + return false; + } /* Check and validate this record */ rechead = ntfsx_record_header(record); if(rechead->magic != kNTFS_RecMagic || + !ntfsx_record_validate(record) || !ntfs_dofixups(record->_clus.data, record->_clus.size)) { - warnx("invalid mft record"); - ntfsx_cluster_release(&(record->_clus)); - return false; + warnx("invalid mft record"); + ntfsx_cluster_release(&(record->_clus)); + return false; } - return true; + return true; +} + +bool ntfsx_record_validate(ntfsx_record* record) +{ + ntfs_recordheader* rechead; + rechead = ntfsx_record_header(record); + + /* + * TODO: We need more validation here + * In addition we should be validating attribute + * headers and anything else we read into memory + */ + + if(rechead->offUpdSeq > kSectorSize) + return false; + + return true; } ntfsx_cluster* ntfsx_record_cluster(ntfsx_record* record) diff --git a/src/ntfsx.h b/src/ntfsx.h index 2c1054c..45bcbdc 100644 --- a/src/ntfsx.h +++ b/src/ntfsx.h @@ -88,6 +88,7 @@ ntfsx_record* ntfsx_record_alloc(partitioninfo* info); ntfsx_cluster* ntfsx_record_cluster(ntfsx_record* record); void ntfsx_record_free(ntfsx_record* record); bool ntfsx_record_read(ntfsx_record* record, uint64 begSector, int dd); +bool ntfsx_record_validate(ntfsx_record* record); ntfs_recordheader* ntfsx_record_header(ntfsx_record* record); ntfsx_attribute* ntfsx_record_findattribute(ntfsx_record* record, uint32 attrType, int dd); |