[Forensics-changes] [volatility] 01/02: Imported Upstream version 2.5+git20161026.75fb034
Joao Eriberto Mota Filho
eriberto at moszumanska.debian.org
Sat Nov 5 16:55:26 UTC 2016
This is an automated email from the git hooks/post-receive script.
eriberto pushed a commit to branch debian
in repository volatility.
commit 5e6f1a900babc7eb9b2d2eb61fd6521eec385646
Author: Joao Eriberto Mota Filho <eriberto at debian.org>
Date: Sat Nov 5 14:54:58 2016 -0200
Imported Upstream version 2.5+git20161026.75fb034
---
tools/mac/convert.py | 2 ++
volatility/plugins/linux/arp.py | 6 +++++-
volatility/plugins/linux/bash_hash.py | 15 +++++++++++----
3 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/tools/mac/convert.py b/tools/mac/convert.py
index 963a6e1..270bf91 100755
--- a/tools/mac/convert.py
+++ b/tools/mac/convert.py
@@ -1,3 +1,5 @@
+#!/usr/bin/env python
+
import os, sys, re
class DWARFParser(object):
diff --git a/volatility/plugins/linux/arp.py b/volatility/plugins/linux/arp.py
index 84b9c9b..341ff19 100644
--- a/volatility/plugins/linux/arp.py
+++ b/volatility/plugins/linux/arp.py
@@ -74,7 +74,11 @@ class linux_arp(linux_common.AbstractLinuxCommand):
hash_size = ntable.nht.hash_mask
hash_table = ntable.nht.hash_buckets
else:
- hash_size = (1 << ntable.nht.hash_shift)
+ try:
+ hash_size = (1 << ntable.nht.hash_shift)
+ except OverflowError:
+ return []
+
hash_table = ntable.nht.hash_buckets
if not self.addr_space.is_valid_address(hash_table):
diff --git a/volatility/plugins/linux/bash_hash.py b/volatility/plugins/linux/bash_hash.py
index 48dad9c..b93ddf3 100644
--- a/volatility/plugins/linux/bash_hash.py
+++ b/volatility/plugins/linux/bash_hash.py
@@ -97,18 +97,25 @@ class _bash_hash_table(obj.CType):
def __iter__(self):
if self.is_valid():
+ seen = {}
+
bucket_array = obj.Object(theType="Array", targetType="Pointer", offset = self.bucket_array, vm = self.nbuckets.obj_vm, count = 64)
for bucket_ptr in bucket_array:
bucket = bucket_ptr.dereference_as("bucket_contents")
while bucket.times_found > 0 and bucket.data.is_valid() and bucket.key.is_valid():
- #pdata = bucket.data
+ if bucket.v() in seen:
+ break
+
+ seen[bucket.v()] = 1
+
+ pdata = bucket.data
- #if pdata.path.is_valid() and (0 <= pdata.flags <= 2):
- yield bucket
+ if pdata.path.is_valid() and (0 <= pdata.flags <= 2):
+ yield bucket
bucket = bucket.next
-
+
class BashHashTypes(obj.ProfileModification):
conditions = {"os" : lambda x : x in ["linux"]}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/volatility.git
More information about the forensics-changes
mailing list