From 61ccd82e71d2cbebd45b6dcf5dced9c7d671fbc5 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Fri, 14 Nov 2014 15:42:42 +0000 Subject: [PATCH] Pull in a couple of upstream fixes: * Fix memory leak in _hivex_get_children. * Increase HIVEX_MAX_VALUE_LEN. --- 0001-lib-write-fix-memory-leak.patch | 33 +++++++++++++++++++ ...rease-HIVEX_MAX_VALUE_LEN-to-8000000.patch | 31 +++++++++++++++++ hivex.spec | 13 +++++++- 3 files changed, 76 insertions(+), 1 deletion(-) create mode 100644 0001-lib-write-fix-memory-leak.patch create mode 100644 0002-lib-Increase-HIVEX_MAX_VALUE_LEN-to-8000000.patch diff --git a/0001-lib-write-fix-memory-leak.patch b/0001-lib-write-fix-memory-leak.patch new file mode 100644 index 0000000..d5e9d80 --- /dev/null +++ b/0001-lib-write-fix-memory-leak.patch @@ -0,0 +1,33 @@ +From 62b885e5b6239ac925554063dadeff8eeee7f2fc Mon Sep 17 00:00:00 2001 +From: Pino Toscano +Date: Tue, 11 Nov 2014 11:36:30 +0100 +Subject: [PATCH 1/2] lib: write: fix memory leak + +Free the "blocks" array got from _hivex_get_children. + +Thanks: Mahmoud Al-Qudsi +--- + lib/write.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/lib/write.c b/lib/write.c +index abd12c5..33b64e4 100644 +--- a/lib/write.c ++++ b/lib/write.c +@@ -902,10 +902,13 @@ hivex_node_delete_child (hive_h *h, hive_node_h node) + } + } + } ++ free (blocks); + SET_ERRNO (ENOTSUP, "could not find parent to child link"); + return -1; + + found:; ++ free (blocks); ++ + struct ntreg_nk_record *nk = + (struct ntreg_nk_record *) ((char *) h->addr + parent); + size_t nr_subkeys_in_nk = le32toh (nk->nr_subkeys); +-- +2.1.0 + diff --git a/0002-lib-Increase-HIVEX_MAX_VALUE_LEN-to-8000000.patch b/0002-lib-Increase-HIVEX_MAX_VALUE_LEN-to-8000000.patch new file mode 100644 index 0000000..a03ef95 --- /dev/null +++ b/0002-lib-Increase-HIVEX_MAX_VALUE_LEN-to-8000000.patch @@ -0,0 +1,31 @@ +From 99b613b1c1d326702b2bb527f20d555d7c7e4ee7 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Fri, 14 Nov 2014 15:37:37 +0000 +Subject: [PATCH 2/2] lib: Increase HIVEX_MAX_VALUE_LEN to 8000000. + +I encountered a hive that contained a key of 3_886_561 bytes length in +a key called 'HKLM\SYSTEM\ControlSet001\services\mfeavfk' (apparently +belonging to "McAfee Anti-virus software"). + +The previous limit was set arbitrarily at 2_000_000 bytes. Increase +it to cope with this larger key. +--- + lib/hivex-internal.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/hivex-internal.h b/lib/hivex-internal.h +index e59084d..1613013 100644 +--- a/lib/hivex-internal.h ++++ b/lib/hivex-internal.h +@@ -325,7 +325,7 @@ extern int _hivex_get_values (hive_h *h, hive_node_h node, hive_value_h **values + /* These limits are in place to stop really stupid stuff and/or exploits. */ + #define HIVEX_MAX_SUBKEYS 15000 + #define HIVEX_MAX_VALUES 10000 +-#define HIVEX_MAX_VALUE_LEN 2000000 ++#define HIVEX_MAX_VALUE_LEN 8000000 + #define HIVEX_MAX_ALLOCATION 1000000 + + #endif /* HIVEX_INTERNAL_H_ */ +-- +2.1.0 + diff --git a/hivex.spec b/hivex.spec index 2b797d4..0d54af4 100644 --- a/hivex.spec +++ b/hivex.spec @@ -7,7 +7,7 @@ Name: hivex Version: 1.3.11 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Read and write Windows Registry binary hive files License: LGPLv2 @@ -19,6 +19,10 @@ Source0: http://libguestfs.org/download/hivex/%{name}-%{version}.tar.gz Patch0: %{name}-1.3.8-dirs.patch BuildRequires: autoconf, automake, libtool, gettext-devel +# Pull in a couple of upstream fixes. +Patch1: 0001-lib-write-fix-memory-leak.patch +Patch2: 0002-lib-Increase-HIVEX_MAX_VALUE_LEN-to-8000000.patch + BuildRequires: perl BuildRequires: perl-Test-Simple BuildRequires: perl-Test-Pod @@ -158,6 +162,8 @@ ruby-%{name} contains Ruby bindings for %{name}. %patch0 -p1 -b .dirs autoreconf -i +%patch1 -p1 +%patch2 -p1 %build %configure @@ -264,6 +270,11 @@ rm $RPM_BUILD_ROOT%{python_sitearch}/libhivexmod.la %changelog +* Fri Nov 14 2014 Richard W.M. Jones - 1.3.11-2 +- Pull in a couple of upstream fixes: + * Fix memory leak in _hivex_get_children. + * Increase HIVEX_MAX_VALUE_LEN. + * Thu Oct 30 2014 Richard W.M. Jones - 1.3.11-1 - New upstream version 1.3.11. - Python objects are now placed in a hivex/ subdirectory.