Author: pschweitzer Date: Tue Jun 23 06:54:44 2015 New Revision: 68244
URL: http://svn.reactos.org/svn/reactos?rev=68244&view=rev Log: [CDFS] In case of directory enumeration, validate the record earlier to really prevent any potentiel buffer overflow
CORE-9254
Modified: trunk/reactos/drivers/filesystems/cdfs/dirctl.c
Modified: trunk/reactos/drivers/filesystems/cdfs/dirctl.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/cdfs/di... ============================================================================== --- trunk/reactos/drivers/filesystems/cdfs/dirctl.c [iso-8859-1] (original) +++ trunk/reactos/drivers/filesystems/cdfs/dirctl.c [iso-8859-1] Tue Jun 23 06:54:44 2015 @@ -117,6 +117,12 @@ DPRINT("Index %lu RecordLength %lu Offset %lu\n", *pIndex, Record->RecordLength, *CurrentOffset);
+ if (!CdfsIsRecordValid(DeviceExt, Record)) + { + CcUnpinData(*Context); + return STATUS_DISK_CORRUPT_ERROR; + } + CdfsGetDirEntryName(DeviceExt, Record, Name);
*Ptr = Record; @@ -259,18 +265,11 @@ { break; } - else if (Status == STATUS_UNSUCCESSFUL) + else if (Status == STATUS_UNSUCCESSFUL || Status == STATUS_DISK_CORRUPT_ERROR) { /* Note: the directory cache has already been unpinned */ RtlFreeUnicodeString(&FileToFindUpcase); return Status; - } - - if (!CdfsIsRecordValid(DeviceExt, Record)) - { - RtlFreeUnicodeString(&FileToFindUpcase); - CcUnpinData(Context); - return STATUS_DISK_CORRUPT_ERROR; }
DPRINT("Name '%S'\n", name);