X-Git-Url: http://git.annexia.org/?a=blobdiff_plain;f=lib%2Fhivex.c;h=74a7f55fbf4f61902ddbf3710d5e36e016ca1f14;hb=refs%2Ftags%2F1.2.2;hp=45a099d5218a70c143b8d1538e17e21459ebd843;hpb=bc1784a2103d884f85a448af856d5c6254583979;p=hivex.git

diff --git a/lib/hivex.c b/lib/hivex.c
index 45a099d..74a7f55 100644
--- a/lib/hivex.c
+++ b/lib/hivex.c
@@ -56,8 +56,8 @@
 #include "byte_conversions.h"
 
 /* These limits are in place to stop really stupid stuff and/or exploits. */
-#define HIVEX_MAX_SUBKEYS       10000
-#define HIVEX_MAX_VALUES         1000
+#define HIVEX_MAX_SUBKEYS       15000
+#define HIVEX_MAX_VALUES        10000
 #define HIVEX_MAX_VALUE_LEN   1000000
 #define HIVEX_MAX_ALLOCATION  1000000
 
@@ -727,6 +727,9 @@ get_children (hive_h *h, hive_node_h node,
 
   /* Arbitrarily limit the number of subkeys we will ever deal with. */
   if (nr_subkeys_in_nk > HIVEX_MAX_SUBKEYS) {
+    if (h->msglvl >= 2)
+      fprintf (stderr, "hivex: get_children: returning ERANGE because nr_subkeys_in_nk > HIVEX_MAX_SUBKEYS (%zu > %d)\n",
+               nr_subkeys_in_nk, HIVEX_MAX_SUBKEYS);
     errno = ERANGE;
     goto error;
   }
@@ -997,6 +1000,9 @@ get_values (hive_h *h, hive_node_h node,
 
   /* Arbitrarily limit the number of values we will ever deal with. */
   if (nr_values > HIVEX_MAX_VALUES) {
+    if (h->msglvl >= 2)
+      fprintf (stderr, "hivex: get_values: returning ERANGE because nr_values > HIVEX_MAX_VALUES (%zu > %d)\n",
+               nr_values, HIVEX_MAX_VALUES);
     errno = ERANGE;
     goto error;
   }
@@ -1195,6 +1201,9 @@ hivex_value_value (hive_h *h, hive_value_h value,
 
   /* Arbitrarily limit the length that we will read. */
   if (len > HIVEX_MAX_VALUE_LEN) {
+    if (h->msglvl >= 2)
+      fprintf (stderr, "hivex_value_value: returning ERANGE because data length > HIVEX_MAX_VALUE_LEN (%zu > %d)\n",
+               len, HIVEX_MAX_SUBKEYS);
     errno = ERANGE;
     return NULL;
   }
@@ -1851,6 +1860,8 @@ allocate_block (hive_h *h, size_t seg_len, const char id[2])
   struct ntreg_hbin_block *blockhdr =
     (struct ntreg_hbin_block *) (h->addr + offset);
 
+  memset (blockhdr, 0, seg_len);
+
   blockhdr->seg_len = htole32 (- (int32_t) seg_len);
   if (id[0] && id[1] && seg_len >= sizeof (struct ntreg_hbin_block)) {
     blockhdr->id[0] = id[0];