Hide Forgot
+++ This bug was initially created as a clone of Bug #1311890 +++ Description of problem: This patch series adds the HIVEX_OPEN_UNSAFE flag, allowing hivex to tolerate various forms of mild registry corruption: https://www.redhat.com/archives/libguestfs/2017-February/msg00187.html We should backport this into hivex in RHEL, and that will allow us to fix bug 1311890.
To verify this bug: (1) Download SOFTWARE.xz, the attachment from bug 1311890. (2) unxz SOFTWARE.xz (3) Run these commands: $ hivexsh SOFTWARE hivexsh: failed to open hive file: SOFTWARE: Operation not supported $ hivexsh -u SOFTWARE Welcome to hivexsh, the hivex interactive shell for examining Windows Registry binary hive files. Type: 'help' for help summary 'quit' to quit the shell SOFTWARE\> exit Notice that the first command fails because the hive file contains some corruption. The second command (with -u flag) succeeds because we tell hivex to ignore some forms of corruption. (The -u flag was not available in RHEL <= 7.3). (4) Enable debugging and check that it is skipping corruption: $ echo exit | hivexsh -u -d SOFTWARE ... hivex: hivex_open: page not found at expected offset 0x2084000, seeking until one is found or EOF is reached (5) Check that HIVEX_OPEN_UNSAFE appears in /usr/include/hivex.h: $ grep HIVEX_OPEN_UNSAFE /usr/include/hivex.h #define HIVEX_OPEN_UNSAFE 8
Waiting for this package to be added to the ACL before I can create an erratum.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:1967