mrc0mmand / rpms / hivex

Forked from rpms/hivex 3 years ago
Clone
Blob Blame History Raw
From 5c718aab579d693ea3169ab4d29b5c3bc9105aa1 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Thu, 30 Oct 2014 14:02:25 +0000
Subject: [PATCH 06/15] handle: Check that pages do not extend beyond the end
 of the file.

Thanks: Mahmoud Al-Qudsi
(cherry picked from commit 4bbdf555f88baeae0fa804a369a81a83908bd705)
---
 lib/handle.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/handle.c b/lib/handle.c
index a3cbcf7..3a8f09b 100644
--- a/lib/handle.c
+++ b/lib/handle.c
@@ -247,6 +247,13 @@ hivex_open (const char *filename, int flags)
       goto error;
     }
 
+    if (off + page_size > h->size) {
+      SET_ERRNO (ENOTSUP,
+                 "%s: page size %zu at 0x%zx extends beyond end of file, bad registry",
+                 filename, page_size, off);
+      goto error;
+    }
+
     /* Read the blocks in this page. */
     size_t blkoff;
     struct ntreg_hbin_block *block;
-- 
1.8.3.1