Applied updates and addition boundary checks for corrupted data

configure.ac

@@ -2,7 +2,7 @@ AC_PREREQ( 2.59 )
 
 AC_INIT(
  [libevt],
- [20180125],
+ [20180317],
  [joachim.metz@gmail.com])
 
 AC_CONFIG_SRCDIR(
@@ -48,6 +48,12 @@ AX_COMMON_CHECK_ENABLE_WINAPI
 dnl Check if wide character type should be enabled
 AX_COMMON_CHECK_ENABLE_WIDE_CHARACTER_TYPE
 
+dnl Check if verbose output should be enabled
+AX_COMMON_CHECK_ENABLE_VERBOSE_OUTPUT
+
+dnl Check if debug output should be enabled
+AX_COMMON_CHECK_ENABLE_DEBUG_OUTPUT
+
 dnl Check for type definitions
 AX_TYPES_CHECK_LOCAL
 
@@ -146,12 +152,6 @@ AX_LIBCDIRECTORY_CHECK_ENABLE
 dnl Check if evttools required headers and functions are available
 AX_EVTTOOLS_CHECK_LOCAL
 
-dnl Check if libevt should be build with verbose output
-AX_COMMON_CHECK_ENABLE_VERBOSE_OUTPUT
-
-dnl Check if libevt should be build with debug output
-AX_COMMON_CHECK_ENABLE_DEBUG_OUTPUT
-
 dnl Check if tests required headers and functions are available
 AX_TESTS_CHECK_LOCAL
 

libevt.nuspec

@@ -2,15 +2,15 @@
 <package >
   <metadata>
     <id>libevt</id>
-    <version>20180125</version>
+    <version>20180317</version>
     <authors>Joachim Metz</authors>
     <owners>joachimmetz</owners>
     <licenseUrl>https://raw.githubusercontent.com/libyal/libevt/master/COPYING</licenseUrl>
     <projectUrl>https://github.com/libyal/libevt</projectUrl>
     <requireLicenseAcceptance>false</requireLicenseAcceptance>
     <title>libevt</title>
     <description>Library to access the Windows Event Log (EVT) format</description>
-    <releaseNotes>Release of libevt 20180125</releaseNotes>
+    <releaseNotes>Release of libevt 20180317</releaseNotes>
     <copyright>Copyright (C) 2011-2018</copyright>
     <tags>native</tags>
   </metadata>

libevt/libevt_libfvalue.h

@@ -29,6 +29,7 @@
 #if defined( HAVE_LOCAL_LIBFVALUE )
 
 #include <libfvalue_codepage.h>
+#include <libfvalue_data_handle.h>
 #include <libfvalue_definitions.h>
 #include <libfvalue_floating_point.h>
 #include <libfvalue_integer.h>

libevt/libevt_record_values.c

@@ -1157,6 +1157,17 @@ int libevt_record_values_read_event(
 	}
 	if( user_sid_size != 0 )
 	{
+		if( user_sid_size > ( ( record_data_size - 4 ) - user_sid_offset ) )
+		{
+			libcerror_error_set(
+			 error,
+			 LIBCERROR_ERROR_DOMAIN_RUNTIME,
+			 LIBCERROR_RUNTIME_ERROR_VALUE_OUT_OF_BOUNDS,
+			 "%s: user SID data size value out of bounds.",
+			 function );
+
+			goto on_error;
+		}
 		if( libfvalue_value_type_initialize(
 		     &( record_values->user_security_identifier ),
 		     LIBFVALUE_VALUE_TYPE_NT_SECURITY_IDENTIFIER,
@@ -1218,6 +1229,17 @@ int libevt_record_values_read_event(
 	}
 	if( strings_size != 0 )
 	{
+		if( strings_size > ( ( record_data_size - 4 ) - strings_offset ) )
+		{
+			libcerror_error_set(
+			 error,
+			 LIBCERROR_ERROR_DOMAIN_RUNTIME,
+			 LIBCERROR_RUNTIME_ERROR_VALUE_OUT_OF_BOUNDS,
+			 "%s: strings size value out of bounds.",
+			 function );
+
+			goto on_error;
+		}
 #if defined( HAVE_DEBUG_OUTPUT )
 		if( libcnotify_verbose != 0 )
 		{
@@ -1285,14 +1307,25 @@ int libevt_record_values_read_event(
 	}
 	if( data_size != 0 )
 	{
+		if( data_size > ( ( record_data_size - 4 ) - data_offset ) )
+		{
+			libcerror_error_set(
+			 error,
+			 LIBCERROR_ERROR_DOMAIN_RUNTIME,
+			 LIBCERROR_RUNTIME_ERROR_VALUE_OUT_OF_BOUNDS,
+			 "%s: data size value out of bounds.",
+			 function );
+
+			goto on_error;
+		}
 #if defined( HAVE_DEBUG_OUTPUT )
 		if( libcnotify_verbose != 0 )
 		{
 			libcnotify_printf(
 			 "%s: data:\n",
 			 function );
 			libcnotify_print_data(
-			 &( record_data[ data_offset ] ),
+			 &( record_data[ record_data_offset ] ),
 			 (size_t) data_size,
 			 LIBCNOTIFY_PRINT_DATA_FLAG_GROUP_DATA );
 		}

m4/libcdata.m4

@@ -1,6 +1,6 @@
 dnl Checks for libcdata or required headers and functions
 dnl
-dnl Version: 20170904
+dnl Version: 20180316
 
 dnl Function to detect if libcdata is available
 dnl ac_libcdata_dummy is used to prevent AC_CHECK_LIB adding unnecessary -l<library> arguments
@@ -123,6 +123,48 @@ AC_DEFUN([AX_LIBCDATA_CHECK_LIB],
           [ac_cv_libcdata_dummy=yes],
           [ac_cv_libcdata=no])
 
+        dnl Balanced tree functions
+        AC_CHECK_LIB(
+          cdata,
+          libfdata_btree_initialize,
+          [ac_cv_libcdata_dummy=yes],
+          [ac_cv_libcdata=no])
+        AC_CHECK_LIB(
+          cdata,
+          libcdata_btree_free,
+          [ac_cv_libcdata_dummy=yes],
+          [ac_cv_libcdata=no])
+        AC_CHECK_LIB(
+          cdata,
+          libcdata_btree_get_number_of_values,
+          [ac_cv_libcdata_dummy=yes],
+          [ac_cv_libcdata=no])
+        AC_CHECK_LIB(
+          cdata,
+          libcdata_btree_get_value_by_index,
+          [ac_cv_libcdata_dummy=yes],
+          [ac_cv_libcdata=no])
+        AC_CHECK_LIB(
+          cdata,
+          libcdata_btree_get_value_by_value,
+          [ac_cv_libcdata_dummy=yes],
+          [ac_cv_libcdata=no])
+        AC_CHECK_LIB(
+          cdata,
+          libcdata_btree_insert_value,
+          [ac_cv_libcdata_dummy=yes],
+          [ac_cv_libcdata=no])
+        AC_CHECK_LIB(
+          cdata,
+          libcdata_btree_replace_value,
+          [ac_cv_libcdata_dummy=yes],
+          [ac_cv_libcdata=no])
+        AC_CHECK_LIB(
+          cdata,
+          libcdata_btree_remove_value,
+          [ac_cv_libcdata_dummy=yes],
+          [ac_cv_libcdata=no])
+
         dnl List functions
         AC_CHECK_LIB(
           cdata,

m4/libcsplit.m4

@@ -1,6 +1,6 @@
 dnl Checks for libcsplit or required headers and functions
 dnl
-dnl Version: 20170903
+dnl Version: 20180217
 
 dnl Function to detect if libcsplit is available
 dnl ac_libcsplit_dummy is used to prevent AC_CHECK_LIB adding unnecessary -l<library> arguments
@@ -111,7 +111,7 @@ AC_DEFUN([AX_LIBCSPLIT_CHECK_LIB],
         AS_IF(
           [test "x$ac_cv_enable_wide_character_type" != xno],
           [AC_CHECK_LIB(
-          csplit,
+            csplit,
             libcsplit_wide_string_split,
             [ac_cv_libcsplit_dummy=yes],
             [ac_cv_libcsplit=no])

m4/libfdata.m4

@@ -1,6 +1,6 @@
 dnl Functions for libfdata
 dnl
-dnl Version: 20170905
+dnl Version: 20180316
 
 dnl Function to detect if libfdata is available
 dnl ac_libfdata_dummy is used to prevent AC_CHECK_LIB adding unnecessary -l<library> arguments
@@ -49,7 +49,76 @@ AC_DEFUN([AX_LIBFDATA_CHECK_LIB],
           [ac_cv_libfdata=no])
 
         dnl Area functions
-        dnl TODO: add functions
+        AC_CHECK_LIB(
+          fdata,
+          libfdata_area_initialize,
+          [ac_cv_libfdata_dummy=yes],
+          [ac_cv_libfdata=no])
+        AC_CHECK_LIB(
+          fdata,
+          libfdata_area_free,
+          [ac_cv_libfdata_dummy=yes],
+          [ac_cv_libfdata=no])
+        AC_CHECK_LIB(
+          fdata,
+          libfdata_area_clone,
+          [ac_cv_libfdata_dummy=yes],
+          [ac_cv_libfdata=no])
+        AC_CHECK_LIB(
+          fdata,
+          libfdata_area_empty,
+          [ac_cv_libfdata_dummy=yes],
+          [ac_cv_libfdata=no])
+        AC_CHECK_LIB(
+          fdata,
+          libfdata_area_resize,
+          [ac_cv_libfdata_dummy=yes],
+          [ac_cv_libfdata=no])
+        AC_CHECK_LIB(
+          fdata,
+          libfdata_area_get_number_of_segments,
+          [ac_cv_libfdata_dummy=yes],
+          [ac_cv_libfdata=no])
+        AC_CHECK_LIB(
+          fdata,
+          libfdata_area_get_segment_by_index,
+          [ac_cv_libfdata_dummy=yes],
+          [ac_cv_libfdata=no])
+        AC_CHECK_LIB(
+          fdata,
+          libfdata_area_set_segment_by_index,
+          [ac_cv_libfdata_dummy=yes],
+          [ac_cv_libfdata=no])
+        AC_CHECK_LIB(
+          fdata,
+          libfdata_area_prepend_segment,
+          [ac_cv_libfdata_dummy=yes],
+          [ac_cv_libfdata=no])
+        AC_CHECK_LIB(
+          fdata,
+          libfdata_area_append_segment,
+          [ac_cv_libfdata_dummy=yes],
+          [ac_cv_libfdata=no])
+        AC_CHECK_LIB(
+          fdata,
+          libfdata_area_get_element_data_size,
+          [ac_cv_libfdata_dummy=yes],
+          [ac_cv_libfdata=no])
+        AC_CHECK_LIB(
+          fdata,
+          libfdata_area_get_element_value_at_offset,
+          [ac_cv_libfdata_dummy=yes],
+          [ac_cv_libfdata=no])
+        AC_CHECK_LIB(
+          fdata,
+          libfdata_area_set_element_value_at_offset,
+          [ac_cv_libfdata_dummy=yes],
+          [ac_cv_libfdata=no])
+        AC_CHECK_LIB(
+          fdata,
+          libfdata_area_get_size,
+          [ac_cv_libfdata_dummy=yes],
+          [ac_cv_libfdata=no])
 
         dnl Balanced tree functions
         dnl TODO: add functions

runtests.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 # Script that runs the tests
 #
-# Version: 20171210
+# Version: 20180214
 
 EXIT_SUCCESS=0;
 EXIT_FAILURE=1;
@@ -201,6 +201,14 @@ echo "${CONFIGURE_HELP}" | grep -- '--enable-wide-character-type' > /dev/null;
 
 HAVE_ENABLE_WIDE_CHARACTER_TYPE=$?;
 
+echo "${CONFIGURE_HELP}" | grep -- '--enable-verbose-output' > /dev/null;
+
+HAVE_ENABLE_VERBOSE_OUTPUT=$?;
+
+echo "${CONFIGURE_HELP}" | grep -- '--enable-debug-output' > /dev/null;
+
+HAVE_ENABLE_DEBUG_OUTPUT=$?;
+
 echo "${CONFIGURE_HELP}" | grep -- '--with-zlib' > /dev/null;
 
 HAVE_WITH_ZLIB=$?;
@@ -230,6 +238,19 @@ then
 	exit ${EXIT_FAILURE};
 fi
 
+if test ${HAVE_ENABLE_VERBOSE_OUTPUT} -eq 0 && test ${HAVE_ENABLE_DEBUG_OUTPUT} -eq 0;
+then
+	# Test "./configure && make && make check" with verbose and debug output.
+
+	run_configure_make_check "--enable-verbose-output --enable-debug-output";
+	RESULT=$?;
+
+	if test ${RESULT} -ne ${EXIT_SUCCESS};
+	then
+		exit ${EXIT_FAILURE};
+	fi
+fi
+
 if test ${HAVE_WITH_ZLIB} -eq 0;
 then
 	# Test "./configure && make && make check" with fallback zlib implementation.