7 Sep
2016
7 Sep
'16
6:42 a.m.
On 2016-09-06 18:59, gedmurphy(a)svn.reactos.org wrote:
+NTSTATUS
+HandleLoadUnloadIoctl(_In_ PDEVICE_OBJECT DeviceObject,
+ _Inout_ PIRP Irp)
+{
+ PIO_STACK_LOCATION StackPtr;
+ UNICODE_STRING Name;
+ PFILTER_NAME FilterName;
+ ULONG BufferLength;
+ ULONG ControlCode;
+
+ /* Get the IOCTL data from the stack pointer */
+ StackPtr = IoGetCurrentIrpStackLocation(Irp);
+ BufferLength = StackPtr->Parameters.DeviceIoControl.InputBufferLength;
+ ControlCode = StackPtr->Parameters.DeviceIoControl.IoControlCode;
+
+ FLT_ASSERT(ControlCode == IOCTL_LOAD_FILTER || ControlCode == IOCTL_UNLOAD_FILTER);
+
+ /* Make sure the buffer is valid */
+ if (BufferLength < sizeof(FILTER_NAME))
+ return STATUS_INVALID_PARAMETER;
+
+ /* Convert the file name buffer into a string */
+ FilterName = (PFILTER_NAME)Irp->AssociatedIrp.SystemBuffer;
+ Name.Length = FilterName->Length;
+ Name.MaximumLength = FilterName->Length;
+ Name.Buffer = (PWCH)((PCHAR)FilterName + FIELD_OFFSET(FILTER_NAME, FilterName[0]));
You're missing a check for
BufferLength < FIELD_OFFSET(FILTER_NAME, FilterName[FilterName->Length /
sizeof(WCHAR)])
+
+ /* Forward the request to our Flt routines */
+ if (ControlCode == IOCTL_LOAD_FILTER)
+ {
+ return FltLoadFilter(&Name);
+ }
+ else
+ {
+ return FltUnloadFilter(&Name);
+ }
+}