From deba8115d2c2af26df42966b91ef04ff4dd79cde Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Thu, 14 May 2020 11:09:11 +0100 Subject: gentoo resync : 14.05.2020 --- .../files/foremost-1.5.7-set-but-unused.patch | 230 +++++++++++++++++++++ 1 file changed, 230 insertions(+) create mode 100644 app-forensics/foremost/files/foremost-1.5.7-set-but-unused.patch (limited to 'app-forensics/foremost/files') diff --git a/app-forensics/foremost/files/foremost-1.5.7-set-but-unused.patch b/app-forensics/foremost/files/foremost-1.5.7-set-but-unused.patch new file mode 100644 index 000000000000..59b52c68615d --- /dev/null +++ b/app-forensics/foremost/files/foremost-1.5.7-set-but-unused.patch @@ -0,0 +1,230 @@ +diff --git a/api.c b/api.c +index e3ee339..67463a6 100755 +--- a/api.c ++++ b/api.c +@@ -478,7 +478,7 @@ int dump_dirent(int which_one) + { + int i; + char *p; +- short unknown; ++ // short unknown; + struct OLE_DIR *dir; + + dir = (struct OLE_DIR *) &buffer[which_one * sizeof(struct OLE_DIR)]; +@@ -493,7 +493,7 @@ int dump_dirent(int which_one) + p = dir->name; + if (*p < ' ') + { +- unknown = *((short *)p); ++ //unknown = *((short *)p); + + //fprintf (stderr, "%04x\t", unknown); + p += 2; /* step over unknown short */ +diff --git a/engine.c b/engine.c +index 85add5f..4a1ef13 100755 +--- a/engine.c ++++ b/engine.c +@@ -316,7 +316,6 @@ int search_chunk(f_state *s, unsigned char *buf, f_info *i, u_int64_t chunk_size + //u_int64_t buf_off = 0; + + unsigned char *foundat = buf; +- unsigned char *current_pos = NULL; + unsigned char *header_pos = NULL; + unsigned char *newbuf = NULL; + unsigned char *ind_ptr = NULL; +@@ -461,7 +460,6 @@ int search_chunk(f_state *s, unsigned char *buf, f_info *i, u_int64_t chunk_size + } + + c_offset = (foundat - buf); +- current_pos = foundat; + + /*Now lets analyze the file and see if we can determine its size*/ + +@@ -511,12 +509,12 @@ int search_chunk(f_state *s, unsigned char *buf, f_info *i, u_int64_t chunk_size + newbuf = read_from_disk(c_offset + f_offset, i, needle->max_len); + if (newbuf == NULL) + break; +- current_pos = extract_file(s, +- c_offset, +- newbuf, +- needle->max_len, +- needle, +- f_offset); ++ extract_file(s, ++ c_offset, ++ newbuf, ++ needle->max_len, ++ needle, ++ f_offset); + + /*Lets put the fp back*/ + fseeko(i->handle, saveme, SEEK_SET); +diff --git a/extract.c b/extract.c +index 9639117..4fecde5 100755 +--- a/extract.c ++++ b/extract.c +@@ -553,7 +553,6 @@ unsigned char *extract_htm(f_state *s, u_int64_t c_offset, unsigned char *founda + { + unsigned char *buf = foundat; + unsigned char *extractbuf = NULL; +- unsigned char *currentpos = NULL; + + int bytes_to_search = 0; + int i = 0; +@@ -582,7 +581,6 @@ unsigned char *extract_htm(f_state *s, u_int64_t c_offset, unsigned char *founda + } + + /*Store the current position and search for the HTML> tag*/ +- currentpos = foundat; + foundat = bm_search(needle->footer, + needle->footer_len, + foundat, +@@ -1146,15 +1144,15 @@ unsigned char *extract_mov(f_state *s, u_int64_t c_offset, unsigned char *founda + unsigned char *extract_wmv(f_state *s, u_int64_t c_offset, unsigned char *foundat, u_int64_t buflen, + s_spec *needle, u_int64_t f_offset) + { +- +- unsigned char *currentpos = NULL; ++#ifdef DEBUG ++ u_int64_t fileObjHeaderSize = 0; ++#endif + unsigned char *header = foundat; + unsigned char *extractbuf = NULL; + unsigned char *buf = foundat; + unsigned int size = 0; + u_int64_t file_size = 0; + u_int64_t headerSize = 0; +- u_int64_t fileObjHeaderSize = 0; + int numberofHeaderObjects = 0; + int reserved[2]; + int bytes_to_search = 0; +@@ -1184,7 +1182,6 @@ unsigned char *extract_wmv(f_state *s, u_int64_t c_offset, unsigned char *founda + return foundat; + } + +- currentpos = foundat; + if (buflen - (foundat - buf) >= needle->max_len) + bytes_to_search = needle->max_len; + else +@@ -1201,7 +1198,9 @@ unsigned char *extract_wmv(f_state *s, u_int64_t c_offset, unsigned char *founda + if (foundat) + { + foundat += 16; /*jump to the headersize*/ ++#ifdef DEBUG + fileObjHeaderSize = htoll(foundat, FOREMOST_LITTLE_ENDIAN); ++#endif + //printx(foundat,0,8); + foundat += 24; //Jump to the file size obj + size = htoi(foundat, FOREMOST_LITTLE_ENDIAN); +@@ -1401,7 +1400,6 @@ unsigned char *extract_gif(f_state *s, u_int64_t c_offset, unsigned char *founda + s_spec *needle, u_int64_t f_offset) + { + unsigned char *buf = foundat; +- unsigned char *currentpos = foundat; + unsigned char *extractbuf = NULL; + int bytes_to_search = 0; + unsigned short width = 0; +@@ -1420,7 +1418,6 @@ unsigned char *extract_gif(f_state *s, u_int64_t c_offset, unsigned char *founda + sprintf(comment, " (%d x %d)", width, height); + strcat(needle->comment, comment); + +- currentpos = foundat; + if (buflen - (foundat - buf) >= needle->max_len) + bytes_to_search = needle->max_len; + else +@@ -1821,7 +1818,6 @@ unsigned char *extract_jpeg(f_state *s, u_int64_t c_offset, unsigned char *found + s_spec *needle, u_int64_t f_offset) + { + unsigned char *buf = foundat; +- unsigned char *currentpos = NULL; + + unsigned char *extractbuf = NULL; + unsigned short headersize; +@@ -1899,8 +1895,6 @@ unsigned char *extract_jpeg(f_state *s, u_int64_t c_offset, unsigned char *found + return buf + needle->header_len; + } + +- currentpos = foundat; +- + //sprintf("Searching for footer\n"); + if (buflen < (foundat - buf)) { + #ifdef DEBUG +@@ -2094,19 +2088,21 @@ unsigned char *extract_exe(f_state *s, u_int64_t c_offset, unsigned char *founda + unsigned char *extractbuf = NULL; + u_int64_t file_size = 0; + unsigned short pe_offset = 0; +- unsigned int SizeOfCode = 0; +- unsigned int SizeOfInitializedData = 0; +- unsigned int SizeOfUninitializedData = 0; +- unsigned int rva = 0; + unsigned int offset = 0; + unsigned short sections = 0; +- unsigned int sizeofimage = 0; + unsigned int raw_section_size = 0; +- unsigned int size_of_headers = 0; + unsigned short dll = 0; + unsigned int sum = 0; + unsigned short exe_char = 0; ++#ifdef DEBUG ++ unsigned int SizeOfInitializedData = 0; ++ unsigned int SizeOfUninitializedData = 0; ++ unsigned int SizeOfCode = 0; ++ unsigned int rva = 0; ++ unsigned int sizeofimage = 0; ++ unsigned int size_of_headers = 0; + unsigned int align = 0; ++#endif + int i = 0; + time_t compile_time = 0; + struct tm *ret_time; +@@ -2167,14 +2163,16 @@ unsigned char *extract_exe(f_state *s, u_int64_t c_offset, unsigned char *founda + + foundat += 0x18; /*Jump to opt header should be 0x0b 0x01*/ + ++#ifdef DEBUG + SizeOfCode = htoi(&foundat[4], FOREMOST_LITTLE_ENDIAN); + SizeOfInitializedData = htoi(&foundat[8], FOREMOST_LITTLE_ENDIAN); + SizeOfUninitializedData = htoi(&foundat[12], FOREMOST_LITTLE_ENDIAN); + rva = htoi(&foundat[16], FOREMOST_LITTLE_ENDIAN); + align = htoi(&foundat[36], FOREMOST_LITTLE_ENDIAN); +- + sizeofimage = htoi(&foundat[56], FOREMOST_LITTLE_ENDIAN); + size_of_headers = htoi(&foundat[60], FOREMOST_LITTLE_ENDIAN); ++#endif ++ + foundat += 224; + + /*Start of sections*/ +@@ -2193,13 +2191,13 @@ unsigned char *extract_exe(f_state *s, u_int64_t c_offset, unsigned char *founda + sum = offset + raw_section_size; + } + +- /* ++#ifdef DEBUG + printf("rva is %d sum= %d\n",rva,sum); + printf("soi is %d,soh is %d \n",sizeofimage,size_of_headers); + printf("we are off by %d\n",sum-buflen); + printf("soc=%d ,soidr=%d, souid=%d\n",SizeOfCode,SizeOfInitializedData,SizeOfUninitializedData); + printf("fs=%d ,extr=%d\n",SizeOfCode+SizeOfInitializedData,SizeOfUninitializedData); +- */ ++#endif + file_size = sum; + if (file_size < 512 || file_size > 4 * MEGABYTE) + { +@@ -2267,7 +2265,6 @@ unsigned char *extract_rar(f_state *s, u_int64_t c_offset, unsigned char *founda + { + unsigned char *buf = foundat; + unsigned char *extractbuf = NULL; +- u_int64_t file_size = 0; + unsigned short headersize = 0; + unsigned short flags = 0; + unsigned int filesize = 0; +@@ -2424,8 +2421,6 @@ unsigned char *extract_rar(f_state *s, u_int64_t c_offset, unsigned char *founda + + /*We found the EOF, write the file to disk and return*/ + tot_file_size = (foundat - buf); +- if (tot_file_size > buflen) +- file_size = buflen; + + extractbuf = buf; + write_to_disk(s, needle, tot_file_size, extractbuf, c_offset + f_offset); -- cgit v1.2.3