search

stephanelpaul / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

what's the point of rawreg.py's VALUE_TYPES.setdefault? #171

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
I think this is an accident waiting to happen, but wanted to discuss before 
fixing it. 

In rawreg.py we do this:

VALUE_TYPES.setdefault("REG_UNKNOWN")

I think what the original author intended this to do was set a default so if a 
key didn't exist in the dictionary they got back "REG_UNKNOWN". But instead it 
creates an entry in the dictionary with the key "REG_UNKNOWN" and None as the 
value. 

Thus the following line:

http://code.google.com/p/volatility/source/browse/trunk/volatility/win32/rawreg.
py#154
valtype = VALUE_TYPES[val.Type.v()]

...is not protected from KeyError. I would suggest we apply a patch like this:

- VALUE_TYPES.setdefault("REG_UNKNOWN")
- valtype = VALUE_TYPES[val.Type.v()]
+ valtype = VALUE_TYPES.get(val.Type.v(), "REG_UNKNOWN")

Gleeda or I will take care of it later this week if no objections.

Original issue reported on code.google.com by michael.hale@gmail.com on 30 Nov 2011 at 8:45

GoogleCodeExporter commented 9 years ago 
This issue was closed by revision r1155.

Original comment by michael.hale@gmail.com on 13 Dec 2011 at 2:55