summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/ntfs.c16
-rw-r--r--src/ntfsx.c42
-rw-r--r--src/ntfsx.h1
3 files changed, 39 insertions, 20 deletions
diff --git a/src/ntfs.c b/src/ntfs.c
index 3e2b657..0d7210d 100644
--- a/src/ntfs.c
+++ b/src/ntfs.c
@@ -101,25 +101,25 @@ bool ntfs_dofixups(byte* cluster, uint32 size)
{
ntfs_recordheader* record = (ntfs_recordheader*)cluster;
byte numSectors;
- uint16* updSeq;
- uint16* sectorFooter;
- byte i;
+ uint16* updSeq;
+ uint16* sectorFooter;
+ byte i;
ASSERT(size % kSectorSize == 0);
- numSectors = (byte)(size / kSectorSize);
+ numSectors = (byte)(size / kSectorSize);
- /* Check the number of sectors against array */
+ /* Check the number of sectors against array */
if(record->cwUpdSeq - 1 < numSectors)
numSectors = record->cwUpdSeq - 1;
-
+
updSeq = (uint16*)(cluster + record->offUpdSeq);
for(i = 0; i < numSectors; i++)
{
- /*
+ /*
* Check last 2 bytes in each sector against
* first double byte value in update sequence
- */
+ */
sectorFooter = (uint16*)((cluster + (kSectorSize - 2)) + (i * kSectorSize));
if(*sectorFooter == updSeq[0])
*sectorFooter = updSeq[i + 1];
diff --git a/src/ntfsx.c b/src/ntfsx.c
index 6008e1a..865199d 100644
--- a/src/ntfsx.c
+++ b/src/ntfsx.c
@@ -452,31 +452,49 @@ ntfsx_record* ntfsx_record_alloc(partitioninfo* info)
void ntfsx_record_free(ntfsx_record* record)
{
- ntfsx_cluster_release(&(record->_clus));
- free(record);
+ ntfsx_cluster_release(&(record->_clus));
+ free(record);
}
bool ntfsx_record_read(ntfsx_record* record, uint64 begSector, int dd)
{
- ntfs_recordheader* rechead;
+ ntfs_recordheader* rechead;
- if(!ntfsx_cluster_read(&(record->_clus), record->info, begSector, dd))
- {
- warn("couldn't read mft record from drive");
- return false;
- }
+ if(!ntfsx_cluster_read(&(record->_clus), record->info, begSector, dd))
+ {
+ warn("couldn't read mft record from drive");
+ return false;
+ }
/* Check and validate this record */
rechead = ntfsx_record_header(record);
if(rechead->magic != kNTFS_RecMagic ||
+ !ntfsx_record_validate(record) ||
!ntfs_dofixups(record->_clus.data, record->_clus.size))
{
- warnx("invalid mft record");
- ntfsx_cluster_release(&(record->_clus));
- return false;
+ warnx("invalid mft record");
+ ntfsx_cluster_release(&(record->_clus));
+ return false;
}
- return true;
+ return true;
+}
+
+bool ntfsx_record_validate(ntfsx_record* record)
+{
+ ntfs_recordheader* rechead;
+ rechead = ntfsx_record_header(record);
+
+ /*
+ * TODO: We need more validation here
+ * In addition we should be validating attribute
+ * headers and anything else we read into memory
+ */
+
+ if(rechead->offUpdSeq > kSectorSize)
+ return false;
+
+ return true;
}
ntfsx_cluster* ntfsx_record_cluster(ntfsx_record* record)
diff --git a/src/ntfsx.h b/src/ntfsx.h
index 2c1054c..45bcbdc 100644
--- a/src/ntfsx.h
+++ b/src/ntfsx.h
@@ -88,6 +88,7 @@ ntfsx_record* ntfsx_record_alloc(partitioninfo* info);
ntfsx_cluster* ntfsx_record_cluster(ntfsx_record* record);
void ntfsx_record_free(ntfsx_record* record);
bool ntfsx_record_read(ntfsx_record* record, uint64 begSector, int dd);
+bool ntfsx_record_validate(ntfsx_record* record);
ntfs_recordheader* ntfsx_record_header(ntfsx_record* record);
ntfsx_attribute* ntfsx_record_findattribute(ntfsx_record* record, uint32 attrType, int dd);