[Libguestfs] [PATCH 2/2] lib: allow to walk registry with corrupted blocks

Richard W.M. Jones rjones at redhat.com
Tue Feb 14 14:30:03 UTC 2017 

On Wed, Feb 08, 2017 at 04:36:31PM -0500, Dawid Zamirski wrote:
> There are some corrupted registry files that have invalid hbin cells
> but are still readable. This patch makes the following changes:
> 
> * hivex_open - do not abort with complete failure if we run across a
>   block with invalid size (unless it's the root block). Instead just
>   log the event, and move on. This will allow open hives that have
>   apparent invalid blocks but the ones of potential interest might be
>   perfectly accessible.
> * _hivex_get_children - similiarly, if the's invalid subkey, just skip
>   it instead of failing so one can continue to browse other valid
>   subkeys.
> 
> The above is similar to the behavior to Windows regedit where one can
> load such corrupted hives with e.g. "reg load HKU\Corrupted" and
> browse/change it despite some keys might be missing.
> ---
>  lib/handle.c | 13 +++++++++----
>  lib/node.c   | 11 +++++------
>  2 files changed, 14 insertions(+), 10 deletions(-)
> 
> diff --git a/lib/handle.c b/lib/handle.c
> index 1e122ea..9be3b5f 100644
> --- a/lib/handle.c
> +++ b/lib/handle.c
> @@ -300,10 +300,15 @@ hivex_open (const char *filename, int flags)
>        int used;
>        seg_len = block_len (h, blkoff, &used);
>        if (seg_len <= 4 || (seg_len & 3) != 0) {
> -        SET_ERRNO (ENOTSUP,
> -                   "%s: block size %" PRIi32 " at 0x%zx, bad registry",
> -                   filename, le32toh (block->seg_len), blkoff);
> -        goto error;
> +        if (is_root) {
> +          bad_root_block = 1;
> +        } else {
> +          DEBUG(2,

As before, space before parens in function and macro calls.

> @@ -408,7 +407,7 @@ _get_children (hive_h *h, hive_node_h blkoff,
>        hive_node_h subkey = le32toh (lf->keys[i].offset);
>        subkey += 0x1000;
>        if (check_child_is_nk_block (h, subkey, flags) == -1)
> -        return -1;
> +        continue;

I think this deserves a debug message.

There is also a further call to check_child_is_nk_block in
this function, but if that fails it still returns.  Why is
that case different?

Rich.

>        if (_hivex_add_to_offset_list (children, subkey) == -1)
>          return -1;
>      }
> -- 
> 2.9.3
> 
> _______________________________________________
> Libguestfs mailing list
> Libguestfs at redhat.com
> https://www.redhat.com/mailman/listinfo/libguestfs

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html

More information about the Libguestfs mailing list