23 Jun
2015
23 Jun
'15
6:54 a.m.
Author: pschweitzer
Date: Tue Jun 23 06:54:44 2015
New Revision: 68244
URL: http://svn.reactos.org/svn/reactos?rev=68244&view=rev
Log:
[CDFS]
In case of directory enumeration, validate the record earlier to really prevent any
potentiel buffer overflow
CORE-9254
Modified:
trunk/reactos/drivers/filesystems/cdfs/dirctl.c
Modified: trunk/reactos/drivers/filesystems/cdfs/dirctl.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/cdfs/d…
==============================================================================
--- trunk/reactos/drivers/filesystems/cdfs/dirctl.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/filesystems/cdfs/dirctl.c [iso-8859-1] Tue Jun 23 06:54:44 2015
@@ -117,6 +117,12 @@
DPRINT("Index %lu RecordLength %lu Offset %lu\n",
*pIndex, Record->RecordLength, *CurrentOffset);
+ if (!CdfsIsRecordValid(DeviceExt, Record))
+ {
+ CcUnpinData(*Context);
+ return STATUS_DISK_CORRUPT_ERROR;
+ }
+
CdfsGetDirEntryName(DeviceExt, Record, Name);
*Ptr = Record;
@@ -259,18 +265,11 @@
{
break;
}
- else if (Status == STATUS_UNSUCCESSFUL)
+ else if (Status == STATUS_UNSUCCESSFUL || Status == STATUS_DISK_CORRUPT_ERROR)
{
/* Note: the directory cache has already been unpinned */
RtlFreeUnicodeString(&FileToFindUpcase);
return Status;
- }
-
- if (!CdfsIsRecordValid(DeviceExt, Record))
- {
- RtlFreeUnicodeString(&FileToFindUpcase);
- CcUnpinData(Context);
- return STATUS_DISK_CORRUPT_ERROR;
}
DPRINT("Name '%S'\n", name);