From: Richard Jones Date: Thu, 4 Feb 2010 13:26:04 +0000 (+0000) Subject: hivex: Don't die on valid registries which have bad declared data lengths. X-Git-Tag: 1.1.0~29 X-Git-Url: http://git.annexia.org/?p=hivex.git;a=commitdiff_plain;h=0ebcc228ab2bf8554a1b2c091d86b98c7040948f hivex: Don't die on valid registries which have bad declared data lengths. Some apparently valid registries contain value data length declarations which exceed the allocated block size for the value. Previously the code would return EFAULT for such registries. However since these appear to be otherwise valid registries, turn this into a warning and just use the allocated block size as the data length (in other words, truncate the value). --- diff --git a/hivex/hivex.c b/hivex/hivex.c index af36868..6a9d509 100644 --- a/hivex/hivex.c +++ b/hivex/hivex.c @@ -1186,15 +1186,18 @@ hivex_value_value (hive_h *h, hive_value_h value, return NULL; } - /* Check that the declared size isn't larger than the block its in. */ + /* Check that the declared size isn't larger than the block its in. + * + * XXX Some apparently valid registries are seen to have this, + * so turn this into a warning and substitute the smaller length + * instead. + */ size_t blen = block_len (h, data_offset, NULL); if (len > blen - 4 /* subtract 4 for block header */) { if (h->msglvl >= 2) - fprintf (stderr, "hivex_value_value: returning EFAULT because data is longer than its block (data 0x%zx, data len %zu, block len %zu)\n", + fprintf (stderr, "hivex_value_value: warning: declared data length is longer than the block it is in (data 0x%zx, data len %zu, block len %zu)\n", data_offset, len, blen); - errno = EFAULT; - free (ret); - return NULL; + len = blen - 4; } char *data = h->addr + data_offset + 4;