>From 14fa3081bdc88ef8c356bcbb1ea1e350d6452ee3 Mon Sep 17 00:00:00 2001 From: Richard Jones Date: Tue, 19 Jan 2010 15:21:06 +0000 Subject: [PATCH 2/2] hivex: Add missing le32toh conversion around field access. This was missing. It only worked because we test on a little endian platform. --- hivex/hivex.c | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/hivex/hivex.c b/hivex/hivex.c index 1f5c08b..d8e599b 100644 --- a/hivex/hivex.c +++ b/hivex/hivex.c @@ -787,7 +787,7 @@ get_children (hive_h *h, hive_node_h node, size_t i; for (i = 0; i < nr_subkeys_in_lf; ++i) { - hive_node_h subkey = lf->keys[i].offset; + hive_node_h subkey = le32toh (lf->keys[i].offset); subkey += 0x1000; if (!IS_VALID_BLOCK (h, subkey)) { if (h->msglvl >= 2) @@ -865,7 +865,7 @@ get_children (hive_h *h, hive_node_h node, size_t j; for (j = 0; j < le16toh (lf->nr_keys); ++j) { - hive_node_h subkey = lf->keys[j].offset; + hive_node_h subkey = le32toh (lf->keys[j].offset); subkey += 0x1000; if (!IS_VALID_BLOCK (h, subkey)) { if (h->msglvl >= 2) @@ -1198,7 +1198,7 @@ hivex_value_value (hive_h *h, hive_value_h value, return ret; } - size_t data_offset = vk->data_offset; + size_t data_offset = le32toh (vk->data_offset); data_offset += 0x1000; if (!IS_VALID_BLOCK (h, data_offset)) { if (h->msglvl >= 2) -- 1.6.5.2