Skip to content

Commit c86d973

Browse files
gcmoreiragcmoreira
committed
Linux page cache plugins pointer verification improvements
1 parent e76d512 commit c86d973

File tree

2 files changed

+25
-13
lines changed

2 files changed

+25
-13
lines changed

volatility3/framework/plugins/linux/mountinfo.py

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ class MountInfo(plugins.PluginInterface):
3737

3838
_required_framework_version = (2, 2, 0)
3939

40-
_version = (1, 2, 0)
40+
_version = (1, 2, 1)
4141

4242
@classmethod
4343
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]:
@@ -272,11 +272,16 @@ def get_superblocks(
272272
continue
273273

274274
sb_ptr = mnt.get_mnt_sb()
275-
if not sb_ptr or sb_ptr in seen_sb_ptr:
275+
if not (sb_ptr and sb_ptr.is_readable()):
276+
continue
277+
278+
if sb_ptr in seen_sb_ptr:
276279
continue
277280
seen_sb_ptr.add(sb_ptr)
278281

279-
yield sb_ptr.dereference(), path_root
282+
superblock = sb_ptr.dereference()
283+
284+
yield superblock, path_root
280285

281286
def run(self):
282287
pids = self.config.get("pids")

volatility3/framework/plugins/linux/pagecache.py

Lines changed: 17 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -104,7 +104,7 @@ class Files(plugins.PluginInterface, timeliner.TimeLinerInterface):
104104

105105
_required_framework_version = (2, 0, 0)
106106

107-
_version = (1, 0, 0)
107+
_version = (1, 0, 1)
108108

109109
@classmethod
110110
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]:
@@ -186,8 +186,12 @@ def _walk_dentry(
186186

187187
seen_dentries.add(dentry_addr)
188188

189-
inode = dentry.d_inode
190-
if not (inode and inode.is_valid()):
189+
inode_ptr = dentry.d_inode
190+
if not (inode_ptr and inode_ptr.is_readable()):
191+
continue
192+
193+
inode = inode_ptr.dereference()
194+
if not inode.is_valid():
191195
continue
192196

193197
# This allows us to have consistent paths
@@ -242,8 +246,9 @@ def get_inodes(
242246

243247
# More dentry/inode sanity checks
244248
root_inode_ptr = root_dentry.d_inode
245-
if not root_inode_ptr:
249+
if not (root_inode_ptr and root_inode_ptr.is_readable()):
246250
continue
251+
247252
root_inode = root_inode_ptr.dereference()
248253
if not root_inode.is_valid():
249254
continue
@@ -269,10 +274,12 @@ def get_inodes(
269274
):
270275
if not file_dentry:
271276
continue
277+
272278
# Dentry/inode sanity checks
273279
file_inode_ptr = file_dentry.d_inode
274-
if not file_inode_ptr:
280+
if not (file_inode_ptr and file_inode_ptr.is_readable()):
275281
continue
282+
276283
file_inode = file_inode_ptr.dereference()
277284
if not file_inode.is_valid():
278285
continue
@@ -382,7 +389,7 @@ class InodePages(plugins.PluginInterface):
382389

383390
_required_framework_version = (2, 0, 0)
384391

385-
_version = (1, 0, 0)
392+
_version = (1, 0, 1)
386393

387394
@classmethod
388395
def get_requirements(cls) -> List[interfaces.configuration.RequirementInterface]:
@@ -482,15 +489,15 @@ def _generator(self):
482489
vollog.error("You must use either --inode or --find")
483490
return
484491

492+
if not inode.is_valid():
493+
vollog.error("Invalid inode at 0x%x", inode.vol.offset)
494+
return
495+
485496
if not inode.is_reg:
486497
vollog.error("The inode is not a regular file")
487498
return
488499

489500
inode_size = inode.i_size
490-
if not inode.is_valid():
491-
vollog.error("Invalid inode at 0x%x", self.config["inode"])
492-
return
493-
494501
for page_obj in inode.get_pages():
495502
page_vaddr = page_obj.vol.offset
496503
page_paddr = page_obj.to_paddr()

0 commit comments

Comments
 (0)