[Libguestfs] increasing HIVEX_MAX_SUBKEYS and HIVEX_MAX_VALUES

Richard W.M. Jones rjones at redhat.com
Sat Dec 3 12:01:06 UTC 2016 

On Fri, Dec 02, 2016 at 06:59:32PM -0500, Matt Coleman wrote:
> I feel a conservative approach would be to increase the limits to
> approximately 1.5 times the largest observed counts:
>
> • If we decide to go with the values observed from just the
> 'Microsoft\Windows NT\CurrentVersion' key in our cloud, then
> HIVEX_MAX_SUBKEYS would become 70000 and HIVEX_MAX_VALUES would
> become 55000. These are the initial values I was going to base
> my patch on, since (selfishly) that's all my code cares about,
> but I figured it makes more sense to account for all regions of
> the hive.

This is reasonable and safe.

> • If we decide to go with the values from the whole software hive,
> then HIVEX_MAX_SUBKEYS would become 3600000 and HIVEX_MAX_VALUES
> would become 110000. These are the values I used in the attached
> patch. The only thing that makes me hesitant is that they're
> both so significantly larger than the current limits.

These are getting rather large.  As discussed on IRC if we're going
for this kind of approach I would rather that the limits were made
completely configurable through the API, so that callers who know what
they're doing can increase them (or even remove them), while those
that don't won't get bitten by a malicious hive that causes a denial
of service.

> What about removing the limits entirely? The registry format allows
> up to 2^32 subkeys and values. On IRC, rwmjones said, "the limits
> are there to stop malicious hives from using too much memory". I
> hadn't heard of malicious hives before. Have there been exploits
> that leveraged this, or is it just being cautious about a potential
> threat?

We are very much concerned about malicious hives because tools built
on top of hivex (such as libguestfs) are frequently run against
untrusted guests, eg in cloud situations like OpenStack.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/

More information about the Libguestfs mailing list