Minor update.

msuhanov · Sep 23, 2019 · ecdfa96 · ecdfa96
1 parent bd0f84b
commit ecdfa96
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 5 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,9 @@
+Version: 1.0.0-beta20
+
+Minor update.
+
+---
+
 Version: 1.0.0-beta19
 
 Minor update.

diff --git a/ReadMe b/ReadMe
@@ -8,7 +8,7 @@ dfir_ntfs: an NTFS parser for digital forensics & incident response
 
 2. Installation
 
-# pip3 install https://github.com/msuhanov/dfir_ntfs/archive/1.0.0-beta19.tar.gz
+# pip3 install https://github.com/msuhanov/dfir_ntfs/archive/1.0.0-beta20.tar.gz
 
 3. License
 

diff --git a/dfir_ntfs/LogFile.py b/dfir_ntfs/LogFile.py
@@ -1664,7 +1664,12 @@ def get_lcns_for_page(self):
 
 		i = 0
 		while i < self.get_lcns_to_follow():
-			lcn = struct.unpack('<q', self.buf[32 + i * 8 : 40 + i * 8])[0]
+			lcn_buf = self.buf[32 + i * 8 : 40 + i * 8]
+			if len(lcn_buf) != 8:
+				raise ClientException('Invalid (truncated) log record length: {}'.format(len(self.buf)))
+
+			lcn = struct.unpack('<q', lcn_buf)[0]
+
 			lcns.append(lcn)
 
 			i += 1

diff --git a/dfir_ntfs/__init__.py b/dfir_ntfs/__init__.py
@@ -1,5 +1,5 @@
 # dfir_ntfs: an NTFS parser for digital forensics & incident response
 # (c) Maxim Suhanov
 
-__version__ = '1.0.0-beta19'
+__version__ = '1.0.0-beta20'
 __all__ = [ 'MFT', 'Attributes', 'WSL', 'USN', 'LogFile', 'BootSector', 'ShadowCopy', 'PartitionTable' ]
diff --git a/ntfs_parser b/ntfs_parser
@@ -402,8 +402,12 @@ def process_log():
 			output_lines.append('Unknown offset in target')
 
 		lcns = []
-		for lcn in log_record.get_lcns_for_page():
-			lcns.append(str(lcn))
+		try:
+			for lcn in log_record.get_lcns_for_page():
+				lcns.append(str(lcn))
+		except LogFile.ClientException:
+			output_lines.append('Warning: truncated page')
+			return '\n'.join(output_lines)
 
 		if len(lcns) > 0:
 			output_lines.append('LCN(s): {}'.format(' '.join(lcns)))