From d372f04effff791321f34917dde960805cf698c1 Mon Sep 17 00:00:00 2001 From: Andrew Case Date: Fri, 3 Jan 2025 19:03:32 +0000 Subject: [PATCH 1/4] Add proper exception handling in file descriptor enumeration --- volatility3/framework/symbols/linux/__init__.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/volatility3/framework/symbols/linux/__init__.py b/volatility3/framework/symbols/linux/__init__.py index c8a22c7f5..f1a618804 100644 --- a/volatility3/framework/symbols/linux/__init__.py +++ b/volatility3/framework/symbols/linux/__init__.py @@ -339,15 +339,23 @@ def files_descriptors_for_process( symbol_table: str, task: interfaces.objects.ObjectInterface, ): - # task.files can be null - if not (task.files and task.files.is_readable()): + try: + files = task.files + except exceptions.InvalidAddressException: + return None + + if not files.is_readable(): + return None + + try: + fd_table = files.get_fds() + except exceptions.InvalidAddressException: return None - fd_table = task.files.get_fds() if fd_table == 0: return None - max_fds = task.files.get_max_fds() + max_fds = files.get_max_fds() # corruption check if max_fds > 500000: From 968241aeddcca340c47a1ca6ffa0061fbf7f70d1 Mon Sep 17 00:00:00 2001 From: Andrew Case Date: Fri, 31 Jan 2025 18:03:02 +0000 Subject: [PATCH 2/4] Address feedback --- volatility3/framework/symbols/linux/__init__.py | 7 ------- 1 file changed, 7 deletions(-) diff --git a/volatility3/framework/symbols/linux/__init__.py b/volatility3/framework/symbols/linux/__init__.py index f1a618804..314522eee 100644 --- a/volatility3/framework/symbols/linux/__init__.py +++ b/volatility3/framework/symbols/linux/__init__.py @@ -341,13 +341,6 @@ def files_descriptors_for_process( ): try: files = task.files - except exceptions.InvalidAddressException: - return None - - if not files.is_readable(): - return None - - try: fd_table = files.get_fds() except exceptions.InvalidAddressException: return None From 9c5b01693256d802384f99c8677f0a3c2264f6fd Mon Sep 17 00:00:00 2001 From: Andrew Case Date: Fri, 7 Feb 2025 13:11:41 -0600 Subject: [PATCH 3/4] Move all initial access into try/except block --- volatility3/framework/symbols/linux/__init__.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/volatility3/framework/symbols/linux/__init__.py b/volatility3/framework/symbols/linux/__init__.py index 314522eee..f6687a5e4 100644 --- a/volatility3/framework/symbols/linux/__init__.py +++ b/volatility3/framework/symbols/linux/__init__.py @@ -342,14 +342,13 @@ def files_descriptors_for_process( try: files = task.files fd_table = files.get_fds() - except exceptions.InvalidAddressException: - return None + if fd_table == 0: + return None - if fd_table == 0: + max_fds = files.get_max_fds() + except exceptions.InvalidAddressException: return None - max_fds = files.get_max_fds() - # corruption check if max_fds > 500000: return None From 4c2d21d0867b8beaa25d9b9c09361a639fdaf6b2 Mon Sep 17 00:00:00 2001 From: Andrew Case Date: Fri, 7 Feb 2025 13:15:31 -0600 Subject: [PATCH 4/4] bump patch number --- volatility3/framework/constants/_version.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/volatility3/framework/constants/_version.py b/volatility3/framework/constants/_version.py index cf7c7b51a..3aca23898 100644 --- a/volatility3/framework/constants/_version.py +++ b/volatility3/framework/constants/_version.py @@ -1,7 +1,7 @@ # We use the SemVer 2.0.0 versioning scheme VERSION_MAJOR = 2 # Number of releases of the library with a breaking change VERSION_MINOR = 20 # Number of changes that only add to the interface -VERSION_PATCH = 0 # Number of changes that do not change the interface +VERSION_PATCH = 1 # Number of changes that do not change the interface VERSION_SUFFIX = "" PACKAGE_VERSION = (