git.annexia.org
/
hivex.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Version 1.2.2.
[hivex.git]
/
lib
/
hivex.c
diff --git
a/lib/hivex.c
b/lib/hivex.c
index
45a099d
..
74a7f55
100644
(file)
--- a/
lib/hivex.c
+++ b/
lib/hivex.c
@@
-56,8
+56,8
@@
#include "byte_conversions.h"
/* These limits are in place to stop really stupid stuff and/or exploits. */
#include "byte_conversions.h"
/* These limits are in place to stop really stupid stuff and/or exploits. */
-#define HIVEX_MAX_SUBKEYS 1
0
000
-#define HIVEX_MAX_VALUES
1
000
+#define HIVEX_MAX_SUBKEYS 1
5
000
+#define HIVEX_MAX_VALUES
10
000
#define HIVEX_MAX_VALUE_LEN 1000000
#define HIVEX_MAX_ALLOCATION 1000000
#define HIVEX_MAX_VALUE_LEN 1000000
#define HIVEX_MAX_ALLOCATION 1000000
@@
-727,6
+727,9
@@
get_children (hive_h *h, hive_node_h node,
/* Arbitrarily limit the number of subkeys we will ever deal with. */
if (nr_subkeys_in_nk > HIVEX_MAX_SUBKEYS) {
/* Arbitrarily limit the number of subkeys we will ever deal with. */
if (nr_subkeys_in_nk > HIVEX_MAX_SUBKEYS) {
+ if (h->msglvl >= 2)
+ fprintf (stderr, "hivex: get_children: returning ERANGE because nr_subkeys_in_nk > HIVEX_MAX_SUBKEYS (%zu > %d)\n",
+ nr_subkeys_in_nk, HIVEX_MAX_SUBKEYS);
errno = ERANGE;
goto error;
}
errno = ERANGE;
goto error;
}
@@
-997,6
+1000,9
@@
get_values (hive_h *h, hive_node_h node,
/* Arbitrarily limit the number of values we will ever deal with. */
if (nr_values > HIVEX_MAX_VALUES) {
/* Arbitrarily limit the number of values we will ever deal with. */
if (nr_values > HIVEX_MAX_VALUES) {
+ if (h->msglvl >= 2)
+ fprintf (stderr, "hivex: get_values: returning ERANGE because nr_values > HIVEX_MAX_VALUES (%zu > %d)\n",
+ nr_values, HIVEX_MAX_VALUES);
errno = ERANGE;
goto error;
}
errno = ERANGE;
goto error;
}
@@
-1195,6
+1201,9
@@
hivex_value_value (hive_h *h, hive_value_h value,
/* Arbitrarily limit the length that we will read. */
if (len > HIVEX_MAX_VALUE_LEN) {
/* Arbitrarily limit the length that we will read. */
if (len > HIVEX_MAX_VALUE_LEN) {
+ if (h->msglvl >= 2)
+ fprintf (stderr, "hivex_value_value: returning ERANGE because data length > HIVEX_MAX_VALUE_LEN (%zu > %d)\n",
+ len, HIVEX_MAX_SUBKEYS);
errno = ERANGE;
return NULL;
}
errno = ERANGE;
return NULL;
}
@@
-1851,6
+1860,8
@@
allocate_block (hive_h *h, size_t seg_len, const char id[2])
struct ntreg_hbin_block *blockhdr =
(struct ntreg_hbin_block *) (h->addr + offset);
struct ntreg_hbin_block *blockhdr =
(struct ntreg_hbin_block *) (h->addr + offset);
+ memset (blockhdr, 0, seg_len);
+
blockhdr->seg_len = htole32 (- (int32_t) seg_len);
if (id[0] && id[1] && seg_len >= sizeof (struct ntreg_hbin_block)) {
blockhdr->id[0] = id[0];
blockhdr->seg_len = htole32 (- (int32_t) seg_len);
if (id[0] && id[1] && seg_len >= sizeof (struct ntreg_hbin_block)) {
blockhdr->id[0] = id[0];