Fix handling of invalid hive files.
This commit is contained in:
parent
5f941c3ead
commit
fd938bff1d
35
0001-handle-Refuse-to-open-files-8192-bytes-in-size.patch
Normal file
35
0001-handle-Refuse-to-open-files-8192-bytes-in-size.patch
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
From 357f26fa64fd1d9ccac2331fe174a8ee9c607adb Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Thu, 30 Oct 2014 13:50:39 +0000
|
||||||
|
Subject: [PATCH 1/2] handle: Refuse to open files < 8192 bytes in size.
|
||||||
|
|
||||||
|
These cannot be valid hives, since they don't contain a full header
|
||||||
|
page and at least a single page of data (in other words they couldn't
|
||||||
|
contain a root node).
|
||||||
|
|
||||||
|
Thanks: Mahmoud Al-Qudsi
|
||||||
|
---
|
||||||
|
lib/handle.c | 7 +++++++
|
||||||
|
1 file changed, 7 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/handle.c b/lib/handle.c
|
||||||
|
index 62a8644..a3cbcf7 100644
|
||||||
|
--- a/lib/handle.c
|
||||||
|
+++ b/lib/handle.c
|
||||||
|
@@ -104,6 +104,13 @@ hivex_open (const char *filename, int flags)
|
||||||
|
|
||||||
|
h->size = statbuf.st_size;
|
||||||
|
|
||||||
|
+ if (h->size < 0x2000) {
|
||||||
|
+ SET_ERRNO (EINVAL,
|
||||||
|
+ "%s: file is too small to be a Windows NT Registry hive file",
|
||||||
|
+ filename);
|
||||||
|
+ goto error;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (!h->writable) {
|
||||||
|
h->addr = mmap (NULL, h->size, PROT_READ, MAP_SHARED, h->fd, 0);
|
||||||
|
if (h->addr == MAP_FAILED)
|
||||||
|
--
|
||||||
|
2.1.0
|
||||||
|
|
@ -0,0 +1,32 @@
|
|||||||
|
From 4bbdf555f88baeae0fa804a369a81a83908bd705 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Richard W.M. Jones" <rjones@redhat.com>
|
||||||
|
Date: Thu, 30 Oct 2014 14:02:25 +0000
|
||||||
|
Subject: [PATCH 2/2] handle: Check that pages do not extend beyond the end of
|
||||||
|
the file.
|
||||||
|
|
||||||
|
Thanks: Mahmoud Al-Qudsi
|
||||||
|
---
|
||||||
|
lib/handle.c | 7 +++++++
|
||||||
|
1 file changed, 7 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/handle.c b/lib/handle.c
|
||||||
|
index a3cbcf7..3a8f09b 100644
|
||||||
|
--- a/lib/handle.c
|
||||||
|
+++ b/lib/handle.c
|
||||||
|
@@ -247,6 +247,13 @@ hivex_open (const char *filename, int flags)
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (off + page_size > h->size) {
|
||||||
|
+ SET_ERRNO (ENOTSUP,
|
||||||
|
+ "%s: page size %zu at 0x%zx extends beyond end of file, bad registry",
|
||||||
|
+ filename, page_size, off);
|
||||||
|
+ goto error;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* Read the blocks in this page. */
|
||||||
|
size_t blkoff;
|
||||||
|
struct ntreg_hbin_block *block;
|
||||||
|
--
|
||||||
|
2.1.0
|
||||||
|
|
11
hivex.spec
11
hivex.spec
@ -1,6 +1,6 @@
|
|||||||
Name: hivex
|
Name: hivex
|
||||||
Version: 1.3.5
|
Version: 1.3.5
|
||||||
Release: 5%{?dist}
|
Release: 6%{?dist}
|
||||||
Summary: Read and write Windows Registry binary hive files
|
Summary: Read and write Windows Registry binary hive files
|
||||||
|
|
||||||
Group: Development/Libraries
|
Group: Development/Libraries
|
||||||
@ -33,6 +33,10 @@ Patch0003: 0003-RHEL-5-build-Define-builddir-abs_srcdir-if-they-don-.patch
|
|||||||
Patch4: %{name}-1.2.3-dirs.patch
|
Patch4: %{name}-1.2.3-dirs.patch
|
||||||
BuildRequires: autoconf, automake, libtool
|
BuildRequires: autoconf, automake, libtool
|
||||||
|
|
||||||
|
# Fix handling of invalid hive files.
|
||||||
|
Patch5: 0001-handle-Refuse-to-open-files-8192-bytes-in-size.patch
|
||||||
|
Patch6: 0002-handle-Check-that-pages-do-not-extend-beyond-the-end.patch
|
||||||
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Hive files are the undocumented binary blobs that Windows uses to
|
Hive files are the undocumented binary blobs that Windows uses to
|
||||||
@ -114,6 +118,8 @@ python-%{name} contains Python bindings for %{name}.
|
|||||||
%patch0002 -p1
|
%patch0002 -p1
|
||||||
%patch0003 -p1
|
%patch0003 -p1
|
||||||
%patch4 -p1 -b .dirs
|
%patch4 -p1 -b .dirs
|
||||||
|
%patch5 -p1
|
||||||
|
%patch6 -p1
|
||||||
autoreconf
|
autoreconf
|
||||||
|
|
||||||
|
|
||||||
@ -199,6 +205,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Nov 25 2014 Richard W.M. Jones <rjones@redhat.com> - 1:1.3.5-6
|
||||||
|
- Fix handling of invalid hive files.
|
||||||
|
|
||||||
* Fri Mar 30 2012 Richard W.M. Jones <rjones@redhat.com> - 1:1.3.5-5
|
* Fri Mar 30 2012 Richard W.M. Jones <rjones@redhat.com> - 1:1.3.5-5
|
||||||
- Copy Fedora Rawhide to EPEL 5 (RHBZ#808193).
|
- Copy Fedora Rawhide to EPEL 5 (RHBZ#808193).
|
||||||
- Disable OCaml, Ruby bindings, since these can't be built on RHEL 5.
|
- Disable OCaml, Ruby bindings, since these can't be built on RHEL 5.
|
||||||
|
Loading…
Reference in New Issue
Block a user