Menu

#218 Out of bounds read in HFS+ module

1.65
open
nobody
None
5
2015-03-20
2015-03-20
No

Regarding sleuthkit 4.1.3:
hfs_UTF16toUTF8() in hfs_dent.c is used to translate a name.length long name.unicode into an ascii name.name. When called from hfs_dir_open_meta_cb() name.length is not sanity checked, so a length around 65535 will result in a read overflow of name.unicode.

To reproduce, uncompress the attached image and run "fls segv" or "icat segv 17".

1 Attachments

Discussion


Log in to post a comment.