search

libyal / libfsntfs

Library and tools to access the Windows New Technology File System (NTFS)
GNU Lesser General Public License v3.0
186 stars 51 forks source link

Multiple issues not reported to project #9

Closed joachimmetz closed 5 years ago

joachimmetz commented 6 years ago

disclosed PoC files affecting libfsntfs

Someone else also found some relevant crashes, please see http://seclists.org/fulldisclosure/2018/Jun/17

These issues were not directly reported to the libfsntfs project

allows remote attackers to cause an information disclosure (heap-based buffer over-read)
via a crafted ntfs file.

Until date no proof has been presented to back up these claims.

Nor does the reporter bothered to get their terminology straight seeing NTFS is a file system (volume) not a file.

joachimmetz commented 6 years ago

None of the POC are accepted as valid input

fsntfstools/fsntfsinfo ../input/ntfs/corrupted/libfsntfs_attribute_read_from_mft
fsntfsinfo 20180616

Unable to open: ../input/ntfs/corrupted/libfsntfs_attribute_read_from_mft
libfsntfs_attribute_read_from_mft_entry_data: data size value too small.
libfsntfs_mft_entry_read_attributes: unable to read attribute.
libfsntfs_mft_entry_read: unable to read attributes.
libfsntfs_mft_read_mft_entry: unable to read MFT entry: 0.
libfsntfs_internal_volume_open_read: unable to read MFT entry: 0.
libfsntfs_volume_open_file_io_handle: unable to read from file IO handle.
info_handle_open_input: unable to open input volume.
fsntfstools/fsntfsinfo ../input/ntfs/corrupted/libfsntfs_mft_entry_read_attributes
fsntfsinfo 20180616

Unable to open: ../input/ntfs/corrupted/libfsntfs_mft_entry_read_attributes
libfsntfs_attribute_read_from_mft_entry_data: MFT attribute data offset value out of bounds.
libfsntfs_mft_entry_read_attributes: unable to read attribute.
libfsntfs_mft_entry_read: unable to read attributes.
libfsntfs_mft_entry_read_element_data: unable to read MFT entry: 6.
libfdata_vector_get_element_value_by_index: unable to read element data at offset: 0x00004c00.
libfsntfs_mft_get_mft_entry_by_index: unable to retrieve MFT entry: 6.
libfsntfs_internal_volume_read_bitmap: unable to retrieve MFT entry: 6.
libfsntfs_internal_volume_open_read: unable to read MFT entry: 6.
libfsntfs_volume_open_file_io_handle: unable to read from file IO handle.
info_handle_open_input: unable to open input volume.
fsntfstools/fsntfsinfo ../input/ntfs/corrupted/libfsntfs_mft_entry_read_header
fsntfsinfo 20180616

Unable to open: ../input/ntfs/corrupted/libfsntfs_mft_entry_read_header
libfsntfs_mft_entry_read_header: attributes offset value out of bounds.
libfsntfs_mft_entry_read: unable to read header.
libfsntfs_mft_read_mft_entry: unable to read MFT entry: 0.
libfsntfs_internal_volume_open_read: unable to read MFT entry: 0.
libfsntfs_volume_open_file_io_handle: unable to read from file IO handle.
info_handle_open_input: unable to open input volume.
fsntfstools/fsntfsinfo ../input/ntfs/corrupted/libfsntfs_reparse_point_values_read_data
fsntfsinfo 20180616

Unable to open: ../input/ntfs/corrupted/libfsntfs_reparse_point_values_read_data
libfsntfs_cluster_block_read_file_io_handle: unable to read cluster block.
libfsntfs_cluster_block_read_element_data: unable to read cluster block.
libfdata_vector_get_element_value_by_index: unable to read element data at offset: 0x00047000.
libfsntfs_internal_volume_read_bitmap: unable to retrieve cluster block: 0 from vector.
libfsntfs_internal_volume_open_read: unable to read MFT entry: 6.
libfsntfs_volume_open_file_io_handle: unable to read from file IO handle.
info_handle_open_input: unable to open input volume.
fsntfsinfo 20180616

Unable to open: ../input/ntfs/corrupted/libfsntfs_reparse_point_values_read_data

libfdata_stream_read_buffer: unable to read segment: 0 data at offset: 0x00004000.
libfsntfs_security_descriptor_values_read_stream: unable to read security descriptor data.
libfsntfs_attribute_read_value: unable to read security descriptor values from stream.
libfsntfs_mft_entry_append_attribute: unable to read attribute value.
libfsntfs_mft_entry_read_attributes: unable to append attribute.
libfsntfs_mft_entry_read: unable to read attributes.
libfsntfs_mft_read_mft_entry: unable to read MFT entry: 0.
libfsntfs_internal_volume_open_read: unable to read MFT entry: 0.
libfsntfs_volume_open_file_io_handle: unable to read from file IO handle.
info_handle_open_input: unable to open input volume.

So this would not lead to any hypothetical information disclosure or denial-of-service since the POC files would not be accepted as valid input in the first place.

joachimmetz commented 5 years ago

Issues addressed in https://github.com/libyal/libfsntfs/commit/7a17c43be39919227b4fe24684a8a29a90ee54ad