Maxim Suhanov issues

Results 28 issues of


                                            Maxim Suhanov

Known issues

1. Data becomes misaligned when a faulty sector is encountered on a source drive. [NIST report](https://www.dhs.gov/sites/default/files/publications/DCFLDD%201%203%204-1%20Test%20Report_updated.pdf), [upstream patch](http://lists.gnu.org/archive/html/bug-coreutils/2003-10/msg00071.html). 2. An infinite loop when a faulty sector is encountered on a...

potential-bug

Information disclosure in fuse-exfat

Affected versions: 1.3.0 and latest code (11e4f03). Details: In the exFAT file system, each file has a stream extension with the following fields defined (among others): DataLength and ValidDataLength (https://docs.microsoft.com/en-us/windows/win32/fileio/exfat-specification#76-stream-extension-directory-entry)....

FAT12/16/32: replacing 0xE5 with underscore is ambiguous

Hello. If a file is deleted and the first character of its name is 0xE5, it's replaced with an underscore: https://github.com/sleuthkit/sleuthkit/blob/f2a2ff627739426ef5ebb4872893611b9cf5e0ee/tsk/fs/fatxxfs_dent.c#L293 https://github.com/sleuthkit/sleuthkit/blob/0239c5934e348699d0be38f694fb6320252a91fc/tsk/fs/fatxxfs_meta.c#L554 When deleting a directory, some operating systems (like...

exFAT: fsstat runs into the infinite loop when reading a deleted volume label

Hello. ``` $ sudo icat /dev/sdb1 2 | hexdump -C 00000000 03 03 31 00 32 00 33 00 00 00 00 00 00 00 00 00 |..1.2.3.........| 00000010 00...

exFAT: valid data length is ignored

Hello. [According to the exFAT specification](https://docs.microsoft.com/en-us/windows/win32/fileio/exfat-specification#765-validdatalength-field), the valid data length field is used to define which data in the stream is uninitialized. Currently, bytes beyond the valid data length are...

FAT12/16/32: fsstat ignores a volume label if it is not in the first sector of the root directory

Hello. ``` # qemu-img create fat_label.raw 512M Formatting 'fat_label.raw', fmt=raw size=536870912 # mkfs.fat fat_label.raw mkfs.fat 4.1 (2017-01-24) # mount -o rw,loop fat_label.raw /mnt/tmp/ # for i in `seq 1 64`;...

exFAT: fsstat displays incorrect volume label

Hello. ``` # fsstat /dev/sdb1 FILE SYSTEM INFORMATION -------------------------------------------- File System Type: exFAT Volume Serial Number: a253-c0c2 Volume Label (from root directory): $EMPTY_VOLUME_LABEL File System Name (from MBR): EXFAT File...

exFAT: "fls -l" prints incorrect last access timestamps

Hello. ``` $ fls -V The Sleuth Kit ver 4.11.1 $ istat -V The Sleuth Kit ver 4.11.1 $ istat -o 2048 exfat_lin_part.raw 390 Directory Entry: 390 Allocated File Attributes:...

Fix the issue #2663.

This will fix: https://github.com/sleuthkit/sleuthkit/issues/2663.

FAT12/16/32 & exFAT: timestamps reported can be off by 1 second

Hello. The _fatfs_dos_2_unix_time_ function contains the following condition: https://github.com/sleuthkit/sleuthkit/blob/042f791a6028cf9ed58a71d0ea7b5bd78b63fc7b/tsk/fs/fatfs_utils.c#L152 It is incorrect, should be: ``` if (timetens >= 100) ``` The bug results in the incorrect timestamps being reported, for...