Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent infinite looping and out of memory errors #1482 #1490

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Prevent infinite looping and out of memory errors #1482 #1490

wants to merge 1 commit into from

Conversation

atcuno
Copy link
Contributor

@atcuno atcuno commented Dec 28, 2024

No description provided.

@atcuno atcuno requested a review from ikelos December 28, 2024 22:33
@atcuno
Copy link
Contributor Author

atcuno commented Dec 28, 2024

This is ready @ikelos

@ikelos ikelos linked an issue Dec 30, 2024 that may be closed by this pull request
get_full_key_name infinite loop causes out of memory errors on analyst systems #1482
Open
ikelos
ikelos reviewed Dec 30, 2024
View reviewed changes
Copy link
Member

@ikelos ikelos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Happy with the error checking, just wondering how best to indicate the error to the user? Possibly we should have a vollog warning that prints as much of the key name as could be recovered? I'm not sure...

Also, if you want github to auto tag the issues these are supposed to fix, you can't just mention it in the title, you need to put "Fixes #blah" or "Closes #blah" in the bug body, please...

volatility3/framework/symbols/windows/extensions/registry.py
kcb = self.KeyControlBlock
while kcb.ParentKcb:
if kcb.ParentKcb.vol.offset in seen:
return ""
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't these be None or something else? I don't want the BaseAbsentValues sneaking in here, but it feels like we should be alerting people that things didn't work? The downside with that is then you have to do error checking whenever you try to pull the full key name? Just wondering of the consequences of it returning a value but blank string in case of an error?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That function is called from handles on this line:

https://github.com/volatilityfoundation/volatility3/blob/develop/volatility3/framework/plugins/windows/handles.py#L313

Which, in the else case of that same block, the empty string is used to indicate an error:

https://github.com/volatilityfoundation/volatility3/blob/develop/volatility3/framework/plugins/windows/handles.py#L318

If it makes more sense, I can change both places (the registry extension + line 318 in handles) to send back None instead of "", then have the yield() handler do the "variable or renderers....." setup. Is that preferred? That avoids the extension API having to send back a renderer instance.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, thanks for this:

"Also, if you want github to auto tag the issues these are supposed to fix, you can't just mention it in the title, you need to put "Fixes #blah" or "Closes #blah" in the bug body, please..."

I am used to GitLab where tagging the number accomplishes it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I think it would be better to return None as a way of indicating an error, and then let the caller figure out what to do with it. Also, no problem. 5;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ikelos ikelos ikelos left review comments

Assignees
No one assigned
Labels
parity-release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

get_full_key_name infinite loop causes out of memory errors on analyst systems
2 participants
@atcuno @ikelos