From 357f26fa64fd1d9ccac2331fe174a8ee9c607adb Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 30 Oct 2014 13:50:39 +0000
Subject: [PATCH 1/2] handle: Refuse to open files < 8192 bytes in size.
These cannot be valid hives, since they don't contain a full header
page and at least a single page of data (in other words they couldn't
contain a root node).
Thanks: Mahmoud Al-Qudsi
---
lib/handle.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/lib/handle.c b/lib/handle.c
index 62a8644..a3cbcf7 100644
--- a/lib/handle.c
+++ b/lib/handle.c
@@ -104,6 +104,13 @@ hivex_open (const char *filename, int flags)
h->size = statbuf.st_size;
+ if (h->size < 0x2000) {
+ SET_ERRNO (EINVAL,
+ "%s: file is too small to be a Windows NT Registry hive file",
+ filename);
+ goto error;
+ }
+
if (!h->writable) {
h->addr = mmap (NULL, h->size, PROT_READ, MAP_SHARED, h->fd, 0);
if (h->addr == MAP_FAILED)
--
2.1.0