[Forensics-changes] [volatility] 01/02: Imported Upstream version 2.5+git20161026.75fb034

Sat Nov 5 16:55:26 UTC 2016

This is an automated email from the git hooks/post-receive script.

eriberto pushed a commit to branch debian
in repository volatility.

commit 5e6f1a900babc7eb9b2d2eb61fd6521eec385646
Author: Joao Eriberto Mota Filho <eriberto at debian.org>
Date:   Sat Nov 5 14:54:58 2016 -0200

    Imported Upstream version 2.5+git20161026.75fb034
---
 tools/mac/convert.py                  |  2 ++
 volatility/plugins/linux/arp.py       |  6 +++++-
 volatility/plugins/linux/bash_hash.py | 15 +++++++++++----
 3 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/tools/mac/convert.py b/tools/mac/convert.py
index 963a6e1..270bf91 100755
--- a/tools/mac/convert.py
+++ b/tools/mac/convert.py
@@ -1,3 +1,5 @@
+#!/usr/bin/env python
+
 import os, sys, re
 
 class DWARFParser(object):
diff --git a/volatility/plugins/linux/arp.py b/volatility/plugins/linux/arp.py
index 84b9c9b..341ff19 100644
--- a/volatility/plugins/linux/arp.py
+++ b/volatility/plugins/linux/arp.py
@@ -74,7 +74,11 @@ class linux_arp(linux_common.AbstractLinuxCommand):
             hash_size = ntable.nht.hash_mask
             hash_table = ntable.nht.hash_buckets
         else:
-            hash_size = (1 << ntable.nht.hash_shift)
+            try:
+                hash_size = (1 << ntable.nht.hash_shift)
+            except OverflowError:
+                return []        
+    
             hash_table = ntable.nht.hash_buckets
 
         if not self.addr_space.is_valid_address(hash_table):
diff --git a/volatility/plugins/linux/bash_hash.py b/volatility/plugins/linux/bash_hash.py
index 48dad9c..b93ddf3 100644
--- a/volatility/plugins/linux/bash_hash.py
+++ b/volatility/plugins/linux/bash_hash.py
@@ -97,18 +97,25 @@ class _bash_hash_table(obj.CType):
        
     def __iter__(self):
         if self.is_valid():
+            seen = {}
+
             bucket_array = obj.Object(theType="Array", targetType="Pointer", offset = self.bucket_array, vm = self.nbuckets.obj_vm, count = 64)
    
             for bucket_ptr in bucket_array:
                 bucket = bucket_ptr.dereference_as("bucket_contents")
                 while bucket.times_found > 0 and bucket.data.is_valid() and bucket.key.is_valid():  
-                    #pdata = bucket.data 
+                    if bucket.v() in seen:
+                        break
+
+                    seen[bucket.v()] = 1
+
+                    pdata = bucket.data 
 
-                    #if pdata.path.is_valid() and (0 <= pdata.flags <= 2):
-                    yield bucket
+                    if pdata.path.is_valid() and (0 <= pdata.flags <= 2):
+                        yield bucket
 
                     bucket = bucket.next
- 
+                     
 class BashHashTypes(obj.ProfileModification):
     conditions = {"os" : lambda x : x in ["linux"]}
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/volatility.git

