From ebcb61e3d88d99b929b4d8ccaad837a871c102d8 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Thu, 30 Oct 2014 13:50:39 +0000 Subject: [PATCH 05/12] handle: Refuse to open files < 8192 bytes in size. These cannot be valid hives, since they don't contain a full header page and at least a single page of data (in other words they couldn't contain a root node). Thanks: Mahmoud Al-Qudsi (cherry picked from commit 357f26fa64fd1d9ccac2331fe174a8ee9c607adb) --- lib/handle.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/handle.c b/lib/handle.c index 62a8644..a3cbcf7 100644 --- a/lib/handle.c +++ b/lib/handle.c @@ -104,6 +104,13 @@ hivex_open (const char *filename, int flags) h->size = statbuf.st_size; + if (h->size < 0x2000) { + SET_ERRNO (EINVAL, + "%s: file is too small to be a Windows NT Registry hive file", + filename); + goto error; + } + if (!h->writable) { h->addr = mmap (NULL, h->size, PROT_READ, MAP_SHARED, h->fd, 0); if (h->addr == MAP_FAILED) -- 1.8.3.1