Created attachment 14935 [details] gitlab patch This looks like just a crash (the memcmp() would fail), but to be sure I'm filing a bug so we can track it. Identified using ASAN: Supplying a malformed registry hive file to the registry hive I/O code can lead to out-of-bounds reads.
I think this is very close to being a security issue, but as long as it 'just' out of bounds reads I don't think we will CVE it. But I will say both the prs_ based code here and the registry parsing stuff is very old, and if you don't find something more serious I'll be shocked. There is a call path via: _winreg_RestoreKey() reg_restorekey() restore_registry_key() regfio_rootkey() next_nk_record()
Created attachment 14951 [details] The Gitlab patch Andrew meant to attach
Created attachment 14982 [details] git-am fix for 4.10.next, 4.9.next. Back-port cherry-picked from master. Applies cleanly to 4.10.next, 4.9.next.
Karolin please apply for 4.10.next, 4.9.next.
(In reply to Jeremy Allison from comment #4) Pushed to autobuild-v4-{10,9}-test.
Pushed to v4-9-test, pushed again to autobuild-v4-10-test.
(In reply to Karolin Seeger from comment #6) Pushed to v4-10-test. Closing out bug report. Thanks!
This causes a compilation error on Fedora 29: ../source3/registry/tests/test_regfio.c: In function ‘teardown_context’: ../source3/registry/tests/test_regfio.c:86:3: error: implicit declaration of function ‘unlink’; did you mean ‘unix’? [-Werror=implicit-function-declaration] unlink(test_ctx->tmp_regfile); ^~~~~~ unix
Created attachment 15161 [details] Follow-up fix for master
Created attachment 15219 [details] Fixup patch for 4.9 and 4.10
Reassigning to Karolin for inclusion in 4.9 and 4.10.
(In reply to Ralph Böhme from comment #11) Pushed follow-up patch to autobuild-v4-{9,10}-test.
(In reply to Karolin Seeger from comment #12) Pushed to both branches. Closing out bug report. Thanks!