Bug 1423436 - hivex: Add HIVEX_OPEN_UNSAFE flag
Summary: hivex: Add HIVEX_OPEN_UNSAFE flag
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: hivex
Version: 7.4
Hardware: x86_64
OS: Unspecified
high
high
Target Milestone: rc
: 7.4
Assignee: Richard W.M. Jones
QA Contact: Virtualization Bugs
URL:
Whiteboard: V2V
Depends On: 888379
Blocks: 1311890
TreeView+ depends on / blocked
 
Reported: 2017-02-17 10:27 UTC by Richard W.M. Jones
Modified: 2017-08-02 08:13 UTC (History)
12 users (show)

Fixed In Version: hivex-1.3.10-5.8.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1311890
Environment:
Last Closed: 2017-08-01 16:45:24 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:1967 normal SHIPPED_LIVE hivex bug fix update 2017-08-01 17:56:54 UTC

Description Richard W.M. Jones 2017-02-17 10:27:57 UTC
+++ This bug was initially created as a clone of Bug #1311890 +++

Description of problem:

This patch series adds the HIVEX_OPEN_UNSAFE flag, allowing hivex to
tolerate various forms of mild registry corruption:

https://www.redhat.com/archives/libguestfs/2017-February/msg00187.html

We should backport this into hivex in RHEL, and that will allow us to
fix bug 1311890.

Comment 1 Richard W.M. Jones 2017-02-17 10:50:35 UTC
To verify this bug:

(1) Download SOFTWARE.xz, the attachment from bug 1311890.

(2) unxz SOFTWARE.xz

(3) Run these commands:

  $ hivexsh SOFTWARE 
  hivexsh: failed to open hive file: SOFTWARE: Operation not supported

  $ hivexsh -u SOFTWARE 

  Welcome to hivexsh, the hivex interactive shell for examining
  Windows Registry binary hive files.

  Type: 'help' for help summary
        'quit' to quit the shell

  SOFTWARE\> exit

Notice that the first command fails because the hive file contains
some corruption.  The second command (with -u flag) succeeds because
we tell hivex to ignore some forms of corruption.

(The -u flag was not available in RHEL <= 7.3).

(4) Enable debugging and check that it is skipping corruption:

  $ echo exit | hivexsh -u -d SOFTWARE
  ...
  hivex: hivex_open: page not found at expected offset 0x2084000, seeking until one is found or EOF is reached

(5) Check that HIVEX_OPEN_UNSAFE appears in /usr/include/hivex.h:

  $ grep HIVEX_OPEN_UNSAFE /usr/include/hivex.h 
  #define HIVEX_OPEN_UNSAFE     8

Comment 2 Richard W.M. Jones 2017-02-17 16:27:44 UTC
Waiting for this package to be added to the ACL before I can
create an erratum.

Comment 5 errata-xmlrpc 2017-08-01 16:45:24 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1967


Note You need to log in before you can comment on or make changes to this bug.