diff --git a/build/tools/TamperDetectorForSrl/checker.cpp b/build/tools/TamperDetectorForSrl/checker.cpp index c8facc5..f610366 100644 --- a/build/tools/TamperDetectorForSrl/checker.cpp +++ b/build/tools/TamperDetectorForSrl/checker.cpp @@ -202,7 +202,7 @@ void Checker::AnalyzeBanner( RomHeader* gHeaderBuf, RomHeader* mHeaderBuf) } -void Checker::AnalyzeFNT( RomHeader* headerBuf, FILE* fp, Entry* entry, PrintLevel print_enable) +bool Checker::AnalyzeFNT( RomHeader* headerBuf, FILE* fp, Entry* entry, PrintLevel print_enable) { int i; ROM_FNTDir currentDir; @@ -213,6 +213,12 @@ void Checker::AnalyzeFNT( RomHeader* headerBuf, FILE* fp, Entry* entry, PrintLev fseek( fp, (u32)(headerBuf->fnt_offset), SEEK_SET); fread( ¤tDir, sizeof(ROM_FNTDir), 1, fp); + if( (currentDir.parent_id) >= 4096) + { + printf( "invalid FNT! directory count over 4096.\n"); + return false; + } + // ディレクトリテーブル全体を読む fseek( fp, (u32)(headerBuf->fnt_offset), SEEK_SET); fread( &fntBuf, sizeof(ROM_FNTDir) * currentDir.parent_id, 1, fp); @@ -235,6 +241,11 @@ void Checker::AnalyzeFNT( RomHeader* headerBuf, FILE* fp, Entry* entry, PrintLev } tmpDirEntry.self_id = (0xF000 + i); tmpDirEntry.parent_id = fntBuf[i].parent_id; + if( fntBuf[i].parent_id < 0xF000) + { + printf( "invalid FNT! illegal parent-directory-id.\n"); + return false; + } } if( !entry->FindDirEntry( tmpDirEntry.self_id)) { // 見つからなかったら追加 @@ -243,14 +254,18 @@ void Checker::AnalyzeFNT( RomHeader* headerBuf, FILE* fp, Entry* entry, PrintLev entry->addDirEntry( pDirEntry); } - FindEntry( fntBuf[i].entry_start, - fntBuf[i].entry_file_id, - headerBuf, fp, entry, tmpDirEntry.self_id, - print_enable); + if( !FindEntry( fntBuf[i].entry_start, + fntBuf[i].entry_file_id, + headerBuf, fp, entry, tmpDirEntry.self_id, + print_enable)) + { + return false; + } } + return true; } -void Checker::FindEntry( u32 fnt_offset, u16 entry_id, RomHeader* headerBuf, FILE* fp, Entry* entry, u16 parent_id, PrintLevel print_enable) +bool Checker::FindEntry( u32 fnt_offset, u16 entry_id, RomHeader* headerBuf, FILE* fp, Entry* entry, u16 parent_id, PrintLevel print_enable) { EntryInfo entryInfo; char entryNames[FILE_NAME_LENGTH]; @@ -273,6 +288,11 @@ void Checker::FindEntry( u32 fnt_offset, u16 entry_id, RomHeader* headerBuf, FIL if( print_enable) { printf( "- %s(file_id:0x%d)\n", entryNames, entry_id); } + if( entry_id >= 61440) + { + printf( "invalid FNT! file count over 61440.\n"); + return false; + } /* パス解析用 */ fileEntry = (MyFileEntry*)malloc( sizeof(MyFileEntry)); entry->InitializeEntry( fileEntry); @@ -303,6 +323,7 @@ void Checker::FindEntry( u32 fnt_offset, u16 entry_id, RomHeader* headerBuf, FIL entry->SetName( dirEntry, entryNames, entryInfo.entry_name_length); } } + return true; } void Checker::FindAllocation( u16 entry_id, RomHeader* headerBuf, FILE* fp, Entry* entry, PrintLevel print_enable) diff --git a/build/tools/TamperDetectorForSrl/checker.h b/build/tools/TamperDetectorForSrl/checker.h index 307fa41..5947d1c 100644 --- a/build/tools/TamperDetectorForSrl/checker.h +++ b/build/tools/TamperDetectorForSrl/checker.h @@ -51,8 +51,8 @@ class Checker void AnalyzeBanner( RomHeader* gHeaderBuf, RomHeader* mHeaderBuf); /* FNT と FAT を解析して、各ファイルに対して Diff をかける */ - void AnalyzeFNT( RomHeader* headerBuf, FILE* fp, Entry* entry, PrintLevel print_enable); - void FindEntry( u32 fnt_offset, u16 entry_id, RomHeader* headerBuf, FILE* fp, Entry* entry, u16 parent_id, PrintLevel print_enable); + bool AnalyzeFNT( RomHeader* headerBuf, FILE* fp, Entry* entry, PrintLevel print_enable); + bool FindEntry( u32 fnt_offset, u16 entry_id, RomHeader* headerBuf, FILE* fp, Entry* entry, u16 parent_id, PrintLevel print_enable); void FindAllocation( u16 entry_id, RomHeader* headerBuf, FILE* fp, Entry* entry, PrintLevel print_enable); void CheckAllEntries( Entry* gEntry, Entry* mEntry); diff --git a/build/tools/TamperDetectorForSrl/main.cpp b/build/tools/TamperDetectorForSrl/main.cpp index 5df253a..7bff090 100644 --- a/build/tools/TamperDetectorForSrl/main.cpp +++ b/build/tools/TamperDetectorForSrl/main.cpp @@ -140,12 +140,12 @@ int main (int argc, char *argv[]) gEntry.FollowParent(); gEntry.AutoSetFullPath(); - checker.AnalyzeFNT( &mHeaderBuf, mfp, &mEntry, PRINT_LEVEL_0); - mEntry.FollowParent(); - mEntry.AutoSetFullPath(); - - checker.CheckAllEntries( &gEntry, &mEntry); - + if( checker.AnalyzeFNT( &mHeaderBuf, mfp, &mEntry, PRINT_LEVEL_0)) + { + mEntry.FollowParent(); + mEntry.AutoSetFullPath(); + checker.CheckAllEntries( &gEntry, &mEntry); + } checker.ExportGenuineBmpFiles( &gEntry, PRINT_LEVEL_0); /* gEntry.PrintAllDirEntry(); diff --git a/build/tools/TamperDetectorForSrl/tamperdetector.exe b/build/tools/TamperDetectorForSrl/tamperdetector.exe index 8a83d16..eb6dd2d 100755 Binary files a/build/tools/TamperDetectorForSrl/tamperdetector.exe and b/build/tools/TamperDetectorForSrl/tamperdetector.exe differ