Merge pull request volatilityfoundation#1503 from volatilityfoundatio…

…n/issues/kmsg-msglen Linux: Fix kmsg unguarded read of msg.len
Abyss-W4tcher · Jan 3, 2025 · 66eb161 · 66eb161
2 parents 801c933 + ac3e766
commit 66eb161
Showing 1 changed file with 21 additions and 17 deletions.
diff --git a/volatility3/framework/plugins/linux/kmsg.py b/volatility3/framework/plugins/linux/kmsg.py
@@ -317,23 +317,27 @@ def run(self) -> Iterator[Tuple[str, str, str, str, str]]:
         while cur_idx < end_idx:
             msg_offset = log_buf_ptr + cur_idx  # type: ignore
             msg = self.vmlinux.object(object_type=log_struct_name, offset=msg_offset)
-            if msg.len == 0:
-                # As per kernel/printk.c:
-                # A length == 0 for the next message indicates a wrap-around to
-                # the beginning of the buffer.
-                cur_idx = 0
-                end_idx = log_next_idx
-            else:
-                facility, level, timestamp, caller = self.get_prefix(msg)
-                level_txt = self.get_level_text(level)
-                facility_txt = self.get_facility_text(facility)
-
-                for line in self.get_log_lines(msg):
-                    yield facility_txt, level_txt, timestamp, caller, line
-                for line in self.get_dict_lines(msg):
-                    yield facility_txt, level_txt, timestamp, caller, line
-
-                cur_idx += msg.len
+            try:
+                if msg.len == 0:
+                    # As per kernel/printk.c:
+                    # A length == 0 for the next message indicates a wrap-around to
+                    # the beginning of the buffer.
+                    cur_idx = 0
+                    end_idx = log_next_idx
+                else:
+                    facility, level, timestamp, caller = self.get_prefix(msg)
+                    level_txt = self.get_level_text(level)
+                    facility_txt = self.get_facility_text(facility)
+
+                    for line in self.get_log_lines(msg):
+                        yield facility_txt, level_txt, timestamp, caller, line
+                    for line in self.get_dict_lines(msg):
+                        yield facility_txt, level_txt, timestamp, caller, line
+
+                    cur_idx += msg.len
+            except exceptions.InvalidAddressException:
+                vollog.warning("Kmsg buffer msg length could not be read")
+                return
 
 
 class Kmsg_3_11_to_5_10(Kmsg_3_5_to_3_11):