Giters

puffyCid / artemis

A cross platform forensic parser written in Rust!

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Add arithmetic checks when using nom take

puffyCid opened this issue · comments

commented

What new feature do you think would be cool to add to artemis?
Add checks when using nom take() function and applying a size adjustment. Ex: take(size-adjust)
If size is smaller than adjust nom will panic due to the negative number. And the panic will crash artemis :/

Describe the solution you'd like
Add if blocks to always make sure original value is larger than adjustments

Additional context
There are not too many instances where adjusts are used in artemis. so it should be easy to add.
From artemis-core/src

grep adjust -R * | grep "\- " | grep take
artifacts/os/windows/ese/pages/leaf.rs:        let (input, fixed) = take(variable_data_offset - adjust_offset)(input)?;
artifacts/os/windows/shimdb/tags/stringref.rs:    let (string_entry, _) = take(offset - adjust_offset)(stringtable_data)?;
artifacts/os/windows/shellitems/beef/beef0004.rs:    let (remaining_data, input) = take(sig_size - adjust_size)(input)?;
artifacts/os/windows/shellitems/items.rs:        let (remaining_input, input) = take(size - adjust_size)(input)?;
artifacts/os/windows/shellitems/variable.rs:        let (input, _) = take(input.len() - beef_adjust)(data)?;
artifacts/os/windows/shortcuts/shellitems.rs:        let (remaining_input, shellitem_data) = take(item_size - adjust_size)(shell_input)?;
artifacts/os/windows/shortcuts/network.rs:        let (remaining_input, input) = take(size - adjust_size)(input)?;
artifacts/os/windows/shortcuts/location.rs:        let (remaining_input, input) = take(size - adjust_size)(input)?;
artifacts/os/windows/shortcuts/volume.rs:        let (remaining_input, input) = take(size - adjust_size)(input)?;
artifacts/os/windows/shortcuts/extras/property.rs:    let (property_tracker, _) = take(sig_start.len() - adjust_start)(data)?;
artifacts/os/windows/shortcuts/extras/tracker.rs:    let (tracker_start, _) = take(sig_start.len() - adjust_start)(data)?;
artifacts/os/windows/shortcuts/extras/environment.rs:    let (env_data, _) = take(sig_start.len() - adjust_start)(data)?;
artifacts/os/windows/securitydescriptor/acl.rs:        let (remaining_input, input) = take(size - adjust_size)(input)?;
artifacts/os/windows/securitydescriptor/acl.rs:            let (input, ace_entry_data) = take(size - adjust_entry_size)(input)?;
artifacts/os/windows/registry/hbin.rs:                let (input, _) = take(size - adjust_cell_size)(input)?;
artifacts/os/windows/registry/hbin.rs:            let (input, cell_data) = take(size - adjust_cell_size)(input)?;
artifacts/os/windows/registry/cell.rs:    let (_, list_data) = take(size - adjust_cell_size)(list_data)?;
artifacts/os/windows/registry/cell.rs:    let (_, mut list_data) = take(size - adjust_cell_size)(list_data)?;
artifacts/os/windows/registry/cell.rs:        let (_, vk_data) = take(size - adjust_cell_size)(vk_data)?;
artifacts/os/windows/registry/keys/data.rs:    let (_, allocated_data) = take(data_cell_size - adjust_cell_size)(input)?;
artifacts/os/windows/registry/keys/data.rs:    let (_, allocated_data) = take(data_cell_size - adjust_cell_size)(input)?;
artifacts/os/windows/registry/keys/data.rs:        let (_, allocated_data) = take(data_cell_size - adjust_cell_size)(data)?;
artifacts/os/windows/propertystore/store.rs:        let (remaining_data, store_data) = take(size - size_adjust)(input)?;