From e6f9ddb0579b106295bedfed865972738b35ec7f Mon Sep 17 00:00:00 2001 From: Andrew Case Date: Fri, 3 Jan 2025 19:03:32 +0000 Subject: [PATCH 1/2] Add proper exception handling in file descriptor enumeration --- volatility3/framework/symbols/linux/__init__.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/volatility3/framework/symbols/linux/__init__.py b/volatility3/framework/symbols/linux/__init__.py index afdfee39c..2c7a666db 100644 --- a/volatility3/framework/symbols/linux/__init__.py +++ b/volatility3/framework/symbols/linux/__init__.py @@ -336,15 +336,23 @@ def files_descriptors_for_process( symbol_table: str, task: interfaces.objects.ObjectInterface, ): - # task.files can be null - if not (task.files and task.files.is_readable()): + try: + files = task.files + except exceptions.InvalidAddressException: + return None + + if not files.is_readable(): + return None + + try: + fd_table = files.get_fds() + except exceptions.InvalidAddressException: return None - fd_table = task.files.get_fds() if fd_table == 0: return None - max_fds = task.files.get_max_fds() + max_fds = files.get_max_fds() # corruption check if max_fds > 500000: From 26db6cd7c5fcecc9ea44f60fe98dfa3b569ad74a Mon Sep 17 00:00:00 2001 From: Andrew Case Date: Fri, 31 Jan 2025 18:03:02 +0000 Subject: [PATCH 2/2] Address feedback --- volatility3/framework/symbols/linux/__init__.py | 7 ------- 1 file changed, 7 deletions(-) diff --git a/volatility3/framework/symbols/linux/__init__.py b/volatility3/framework/symbols/linux/__init__.py index 2c7a666db..bdbd8eb83 100644 --- a/volatility3/framework/symbols/linux/__init__.py +++ b/volatility3/framework/symbols/linux/__init__.py @@ -338,13 +338,6 @@ def files_descriptors_for_process( ): try: files = task.files - except exceptions.InvalidAddressException: - return None - - if not files.is_readable(): - return None - - try: fd_table = files.get_fds() except exceptions.InvalidAddressException: return None