[Libguestfs] [hivex PATCH 2/5] Return real length of buffer from hivex_value_value.

[Richard W.M. Jones]

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://et.redhat.com/~rjones/virt-top
-------------- next part --------------
>From c22ed5a6cb58aff70bf74df5b7c1edd33d796ef4 Mon Sep 17 00:00:00 2001
From: Richard W.M. Jones <rjones at redhat.com>
Date: Wed, 13 Apr 2011 13:55:49 +0100
Subject: [PATCH 2/5] Return real length of buffer from hivex_value_value.

In real registries, often the length declared in the header does not
match the length of the block.  In this case hivex_value_value would
only allocate a value with a size which is the shorter of the two
length values, which is correct and safe.

However user code could do:

  buf = hivex_value_value (h, v, &t, &len);
  memcpy (somewhere, buf, len);

which would copy uninitialized data.

If hivex_value_value truncates a value like this, we also need to
return the shorter length to the user as well.
---
 lib/hivex.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/lib/hivex.c b/lib/hivex.c
index 3f4c629..b1f6ea6 100644
--- a/lib/hivex.c
+++ b/lib/hivex.c
@@ -1245,6 +1245,10 @@ hivex_value_value (hive_h *h, hive_value_h value,
       fprintf (stderr, "hivex_value_value: warning: declared data length is longer than the block it is in (data 0x%zx, data len %zu, block len %zu)\n",
                data_offset, len, blen);
     len = blen - 4;
+
+    /* Return the smaller length to the caller too. */
+    if (len_rtn)
+      *len_rtn = len;
   }
 
   char *data = h->addr + data_offset + 4;
-- 
1.7.4.1