similar to: [libhivex] Undefined behavior when accessing invalid (too small) registry hives

On Oct 29, 2014, at 3:39 PM, Richard W.M. Jones <rjones@redhat.com> wrote: > >> Or is it expected that certain sanity checks would be performed prior to >> passing along any files to libhivex? What would those checks be? > > No, hivex should definitely have those checks. > > I'll have a proper look at this in the morning. > > Thanks, > > Rich.

On Wed, Oct 29, 2014 at 09:26:30PM -0500, Mahmoud Al-Qudsi wrote: > On Oct 29, 2014, at 3:39 PM, Richard W.M. Jones <rjones@redhat.com> wrote: > > > >> Or is it expected that certain sanity checks would be performed prior to > >> passing along any files to libhivex? What would those checks be? > > > > No, hivex should definitely have those checks.

On Wed, Oct 29, 2014 at 10:43:59AM -0500, Mahmoud Al-Qudsi wrote: > Hello all, > > I know that one of the original design goals of libhivex was to be > resilient to corrupt, invalid, or malicious registry hives. I've > encountered some undefined behavior in libhivex when attempting to open > registry files that are too small. I'm not sure if this is a known issue >

Hello, First and foremost - awesome library, beautiful code. Thank you! If I may be so bold as to make my first post to the mailing list a request for an API change, I have attached a patch for a new function in the hivex library that implements obtaining a handle to a "deep" node, allowing the user to enter a path like "SOFTWARE\Intel\Infinst\Uninstall" with only a previous

> On Nov 11, 2014, at 1:57 AM, Richard W.M. Jones <rjones@redhat.com> wrote: > > Yes I was also meaning to do that after reading lcamtuf's postings. Yup. That's the one. > I just started a run now .. Will let it run for a few days and report > any issues on the list. Thank you. Do you mind running it under valgrind to catch out-of-bound reads? Mahmoud

[This email is either empty or too large to be displayed at this time]

hivexml on OS X was failing with a symbol-not-found error while dynamically linking. Adding iconv to libhivex fixes the issue and lets OS X process 'images/large' with hivexml. It took careful iconv autotool additions to get compilation working in Fedora as well, but these two lines build and run on OS X 10.6 and 10.8, and Fedora 17 and 18. Unfortunately, a separate issue is revealed

> On Nov 11, 2014, at 5:36 AM, Mahmoud Al-Qudsi <mqudsi@neosmart.net> wrote: > I'll test it and be back. And it works perfectly. Thanks, Mahmoud

Hi, On Monday 10 November 2014 18:28:52 Mahmoud Al-Qudsi wrote: > I’m not able to pin it myself from a brief look, but it seems that > under certain conditions a call to hivex_node_delete_child can cause > the allocations from _hivex_get_children to not be freed properly? > > I know that if the return value of _hivex_get_children is -1, no free > is called; but from what I can

Hi, libhivex seems to do a great job at parsing hives most of the time, but there are some issues with a few registry keys. These can be worked around in the application that uses libhivex, but I think it'd be better if libhivex handled these itself. 1. UTF16 string in REG_SZ that has garbage after the \0\0 There is code in hivex.c to handle this already but I think it has a typo: /*

The major and minor version were being reported in a debug message. This patch adds the version information to the ABI and reports with hivexml. Signed-off-by: Alex Nelson <ajnelson at cs.ucsc.edu> --- generator/generator.ml | 10 ++++++++++ lib/hivex.c | 32 +++++++++++++++++++++++++++----- xml/hivexml.c | 24 ++++++++++++++++++++++++ 3 files changed, 61

The infrastructure for modified-time reporting has been essentially unused. These changes report the registry time by treating the time fields as Windows filetime fields stored in little-Endian (which means they can be treated as a single 64-bit little-Endian integer). Some of the code changes necessary include: * Exposing the hive_h structure in the hivex header file (via generator.ml) *

Hello all, I've been testing hivexml in OS X, and came across an inconsistency in building. Some while back, I hit a snag with iconv in OS X, where basically this would happen when a hive of any sophistication (greater than hivex/images/small) was processed: >$ xml/hivexml images/large >test.xml >dyld: lazy symbol binding failed: Symbol not found: _iconv_open > Referenced from:

--- configure.ac | 2 +- images/Makefile.am | 5 +++-- lib/Makefile.am | 14 +++++++------- ocaml/Makefile.am | 3 ++- ocaml/t/hivex_300_fold.ml | 3 +-- python/run-python-tests | 25 ------------------------- python/run-python-tests.in | 25 +++++++++++++++++++++++++ 7 files changed, 39 insertions(+), 38 deletions(-) delete mode

Hi As my cross platform registry editor (FRED available from https://www.pinguin.lu (sorry for advertising but I couldn't resist ;-))) is evolving, I recently added write support to it. While under Linux everything worked nice, the Windblows build didn't. It seems that Windows opens files by default in text mode (O_TEXT) which is a problem. The attached patch adds the O_BINARY flag to

This patch series improves, but does not complete, OS X support for hivex. There are several outstanding issues before hivexml and hivexsh can run: * hivexsh uses open_memstream, which doesn't exist in OS X as near as I can see. Unfortunately, I'm inexperienced with autoconf, so I'm not sure how to employ AC_CHECK_FUNCS([open_memstream]) to conditionally add 'sh' to the

Hivex is a small, self-contained C library for reading and writing Windows Registry "hive" binary files. I'm pleased to announce version 1.3.15 which you can get from: http://download.libguestfs.org/hivex/ Highlights of this release: - Improved performance by using a cache of iconv handles, especially when dumping out large hives (Hilko Hengen). - Add the ‘hivexregedit

Encountered the following problem and would like to know if this is a known issue, whether there's a fix, or workaround: Using libguestfs and the python bindings to inspect VMs. Fairly successfully for the most part, but had one Windows image today that fails in the following manner. File "/usr/lib/python2.7/site-packages/guestfs.py", line 910, in inspect_os r =

This is part 1 (updated) and part 2 of the three part patch set to provide tools for merging Windows Registry entries in the 'regedit' textual format. https://bugzilla.redhat.com/show_bug.cgi?id=575738 Using the low-level hivexregedit tool I was able to merge the registry entries described in the following article into an existing 'system' registry hive file:

The following patches address issues when dealing with hives that have corrupted data in them but are otherwise readable/writable. Those were found on some rather rare Windows installations that seem to work fine but current hivex fails to even open. Those patches change hivex to simply log and ignore such "corrupted" regions instead of aborting because the caller might be looking at