+++ This bug was initially created as a clone of Bug #1311890 +++
Description of problem:
This patch series adds the HIVEX_OPEN_UNSAFE flag, allowing hivex to
tolerate various forms of mild registry corruption:
We should backport this into hivex in RHEL, and that will allow us to
fix bug 1311890.
To verify this bug:
(1) Download SOFTWARE.xz, the attachment from bug 1311890.
(2) unxz SOFTWARE.xz
(3) Run these commands:
$ hivexsh SOFTWARE
hivexsh: failed to open hive file: SOFTWARE: Operation not supported
$ hivexsh -u SOFTWARE
Welcome to hivexsh, the hivex interactive shell for examining
Windows Registry binary hive files.
Type: 'help' for help summary
'quit' to quit the shell
Notice that the first command fails because the hive file contains
some corruption. The second command (with -u flag) succeeds because
we tell hivex to ignore some forms of corruption.
(The -u flag was not available in RHEL <= 7.3).
(4) Enable debugging and check that it is skipping corruption:
$ echo exit | hivexsh -u -d SOFTWARE
hivex: hivex_open: page not found at expected offset 0x2084000, seeking until one is found or EOF is reached
(5) Check that HIVEX_OPEN_UNSAFE appears in /usr/include/hivex.h:
$ grep HIVEX_OPEN_UNSAFE /usr/include/hivex.h
#define HIVEX_OPEN_UNSAFE 8
Waiting for this package to be added to the ACL before I can
create an erratum.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.