summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--AUTHORS1
-rw-r--r--ChangeLog4
-rw-r--r--configure.in4
-rw-r--r--src/ntfs.c16
-rw-r--r--src/ntfsx.c42
-rw-r--r--src/ntfsx.h1
6 files changed, 46 insertions, 22 deletions
diff --git a/AUTHORS b/AUTHORS
index f9d43fb..a425635 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -3,3 +3,4 @@ nielsen@memberwebs.com
PATCHES:
Marius HillenBrand <marius@sirius.inka.de>
+Albert Kwok <Albert.Kwok@Sun.COM>
diff --git a/ChangeLog b/ChangeLog
index 73f6ee7..6f0fafe 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+0.8.7
+ - Fix crasher on corrupted drives. A problem with update
+ sequence offset being filled with garbage [Albert Kwok]
+
0.8.6
- Don't exit on error reading source drive [Marius Hillenbrand]
- Fixed core dump when attribute list, but no MFT loaded [Marius Hillenbrand]
diff --git a/configure.in b/configure.in
index 486e7b1..6b9af12 100644
--- a/configure.in
+++ b/configure.in
@@ -36,8 +36,8 @@ dnl Nate Nielsen <nielsen@memberwebs.com>
dnl
dnl Process this file with autoconf to produce a configure script.
-AC_INIT(scrounge-ntfs, 0.8.6, nielsen@memberwebs.com)
-AM_INIT_AUTOMAKE(scrounge-ntfs, 0.8.6)
+AC_INIT(scrounge-ntfs, 0.8.6.90, nielsen@memberwebs.com)
+AM_INIT_AUTOMAKE(scrounge-ntfs, 0.8.6.90)
LDFLAGS="$LDFLAGS -L/usr/local/lib"
CFLAGS="$CFLAGS -I/usr/local/include"
diff --git a/src/ntfs.c b/src/ntfs.c
index 3e2b657..0d7210d 100644
--- a/src/ntfs.c
+++ b/src/ntfs.c
@@ -101,25 +101,25 @@ bool ntfs_dofixups(byte* cluster, uint32 size)
{
ntfs_recordheader* record = (ntfs_recordheader*)cluster;
byte numSectors;
- uint16* updSeq;
- uint16* sectorFooter;
- byte i;
+ uint16* updSeq;
+ uint16* sectorFooter;
+ byte i;
ASSERT(size % kSectorSize == 0);
- numSectors = (byte)(size / kSectorSize);
+ numSectors = (byte)(size / kSectorSize);
- /* Check the number of sectors against array */
+ /* Check the number of sectors against array */
if(record->cwUpdSeq - 1 < numSectors)
numSectors = record->cwUpdSeq - 1;
-
+
updSeq = (uint16*)(cluster + record->offUpdSeq);
for(i = 0; i < numSectors; i++)
{
- /*
+ /*
* Check last 2 bytes in each sector against
* first double byte value in update sequence
- */
+ */
sectorFooter = (uint16*)((cluster + (kSectorSize - 2)) + (i * kSectorSize));
if(*sectorFooter == updSeq[0])
*sectorFooter = updSeq[i + 1];
diff --git a/src/ntfsx.c b/src/ntfsx.c
index 6008e1a..865199d 100644
--- a/src/ntfsx.c
+++ b/src/ntfsx.c
@@ -452,31 +452,49 @@ ntfsx_record* ntfsx_record_alloc(partitioninfo* info)
void ntfsx_record_free(ntfsx_record* record)
{
- ntfsx_cluster_release(&(record->_clus));
- free(record);
+ ntfsx_cluster_release(&(record->_clus));
+ free(record);
}
bool ntfsx_record_read(ntfsx_record* record, uint64 begSector, int dd)
{
- ntfs_recordheader* rechead;
+ ntfs_recordheader* rechead;
- if(!ntfsx_cluster_read(&(record->_clus), record->info, begSector, dd))
- {
- warn("couldn't read mft record from drive");
- return false;
- }
+ if(!ntfsx_cluster_read(&(record->_clus), record->info, begSector, dd))
+ {
+ warn("couldn't read mft record from drive");
+ return false;
+ }
/* Check and validate this record */
rechead = ntfsx_record_header(record);
if(rechead->magic != kNTFS_RecMagic ||
+ !ntfsx_record_validate(record) ||
!ntfs_dofixups(record->_clus.data, record->_clus.size))
{
- warnx("invalid mft record");
- ntfsx_cluster_release(&(record->_clus));
- return false;
+ warnx("invalid mft record");
+ ntfsx_cluster_release(&(record->_clus));
+ return false;
}
- return true;
+ return true;
+}
+
+bool ntfsx_record_validate(ntfsx_record* record)
+{
+ ntfs_recordheader* rechead;
+ rechead = ntfsx_record_header(record);
+
+ /*
+ * TODO: We need more validation here
+ * In addition we should be validating attribute
+ * headers and anything else we read into memory
+ */
+
+ if(rechead->offUpdSeq > kSectorSize)
+ return false;
+
+ return true;
}
ntfsx_cluster* ntfsx_record_cluster(ntfsx_record* record)
diff --git a/src/ntfsx.h b/src/ntfsx.h
index 2c1054c..45bcbdc 100644
--- a/src/ntfsx.h
+++ b/src/ntfsx.h
@@ -88,6 +88,7 @@ ntfsx_record* ntfsx_record_alloc(partitioninfo* info);
ntfsx_cluster* ntfsx_record_cluster(ntfsx_record* record);
void ntfsx_record_free(ntfsx_record* record);
bool ntfsx_record_read(ntfsx_record* record, uint64 begSector, int dd);
+bool ntfsx_record_validate(ntfsx_record* record);
ntfs_recordheader* ntfsx_record_header(ntfsx_record* record);
ntfsx_attribute* ntfsx_record_findattribute(ntfsx_record* record, uint32 attrType, int dd);