From 4fe4c9f274da647fac452bf943176f82f9f05dc1 Mon Sep 17 00:00:00 2001
From: Richard Jones <rjones@redhat.com>
Date: Fri, 5 Feb 2010 12:59:18 +0000
Subject: [PATCH 1/1] hivex: Make limits into macros.

---
 hivex/hivex.c   | 14 ++++++++++----
 hivex/hivexsh.c |  4 +++-
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/hivex/hivex.c b/hivex/hivex.c
index 148d837..5da50ea 100644
--- a/hivex/hivex.c
+++ b/hivex/hivex.c
@@ -55,6 +55,12 @@
 #include "hivex.h"
 #include "byte_conversions.h"
 
+/* These limits are in place to stop really stupid stuff and/or exploits. */
+#define HIVEX_MAX_SUBKEYS       10000
+#define HIVEX_MAX_VALUES         1000
+#define HIVEX_MAX_VALUE_LEN   1000000
+#define HIVEX_MAX_ALLOCATION  1000000
+
 static char *windows_utf16_to_utf8 (/* const */ char *input, size_t len);
 
 struct hive_h {
@@ -719,7 +725,7 @@ get_children (hive_h *h, hive_node_h node,
     goto ok;
 
   /* Arbitrarily limit the number of subkeys we will ever deal with. */
-  if (nr_subkeys_in_nk > 1000000) {
+  if (nr_subkeys_in_nk > HIVEX_MAX_SUBKEYS) {
     errno = ERANGE;
     goto error;
   }
@@ -989,7 +995,7 @@ get_values (hive_h *h, hive_node_h node,
     goto ok;
 
   /* Arbitrarily limit the number of values we will ever deal with. */
-  if (nr_values > 100000) {
+  if (nr_values > HIVEX_MAX_VALUES) {
     errno = ERANGE;
     goto error;
   }
@@ -1188,7 +1194,7 @@ hivex_value_value (hive_h *h, hive_value_h value,
     *len_rtn = len;
 
   /* Arbitrarily limit the length that we will read. */
-  if (len > 1000000) {
+  if (len > HIVEX_MAX_VALUE_LEN) {
     errno = ERANGE;
     return NULL;
   }
@@ -1812,7 +1818,7 @@ allocate_block (hive_h *h, size_t seg_len, const char id[2])
   }
 
   /* Refuse really large allocations. */
-  if (seg_len > 1000000) {
+  if (seg_len > HIVEX_MAX_ALLOCATION) {
     if (h->msglvl >= 2)
       fprintf (stderr, "allocate_block: refusing large allocation (%zu), returning ERANGE\n",
                seg_len);
diff --git a/hivex/hivexsh.c b/hivex/hivexsh.c
index 00f33ae..6d83f0d 100644
--- a/hivex/hivexsh.c
+++ b/hivex/hivexsh.c
@@ -58,6 +58,8 @@
 #include "hivex.h"
 #include "byte_conversions.h"
 
+#define HIVEX_MAX_VALUES         1000
+
 static int quit = 0;
 static int is_tty;
 static hive_h *h = NULL;
@@ -840,7 +842,7 @@ cmd_setval (char *nrvals_str)
              "setval", "nrvals", "xstrtol", xerr);
     return -1;
   }
-  if (nrvals < 0 || nrvals > 1000) {
+  if (nrvals < 0 || nrvals > HIVEX_MAX_VALUES) {
     fprintf (stderr, _("%s: %s: integer out of range\n"),
              "setval", "nrvals");
     return -1;
-- 
1.8.3.1