From 01ba5f80ee02405f2a558e735e32957a710fdd5b Mon Sep 17 00:00:00 2001 From: Richard Jones Date: Thu, 4 Feb 2010 13:26:04 +0000 Subject: [PATCH] hivex: Don't die on valid registries which have bad declared data lengths. Some apparently valid registries contain value data length declarations which exceed the allocated block size for the value. Previously the code would return EFAULT for such registries. However since these appear to be otherwise valid registries, turn this into a warning and just use the allocated block size as the data length (in other words, truncate the value). --- hivex/hivex.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/hivex/hivex.c b/hivex/hivex.c index af36868..6a9d509 100644 --- a/hivex/hivex.c +++ b/hivex/hivex.c @@ -1186,15 +1186,18 @@ hivex_value_value (hive_h *h, hive_value_h value, return NULL; } - /* Check that the declared size isn't larger than the block its in. */ + /* Check that the declared size isn't larger than the block its in. + * + * XXX Some apparently valid registries are seen to have this, + * so turn this into a warning and substitute the smaller length + * instead. + */ size_t blen = block_len (h, data_offset, NULL); if (len > blen - 4 /* subtract 4 for block header */) { if (h->msglvl >= 2) - fprintf (stderr, "hivex_value_value: returning EFAULT because data is longer than its block (data 0x%zx, data len %zu, block len %zu)\n", + fprintf (stderr, "hivex_value_value: warning: declared data length is longer than the block it is in (data 0x%zx, data len %zu, block len %zu)\n", data_offset, len, blen); - errno = EFAULT; - free (ret); - return NULL; + len = blen - 4; } char *data = h->addr + data_offset + 4; -- 1.8.3.1