[ros-diffs] [reactos] 01/01: [NTOS:IO] Do not pass bogus file offset to the FS in NtReadFile & NtWriteFile

22 Dec 2020

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=a6c0af2e218cba4dc6f1a9...
commit a6c0af2e218cba4dc6f1a9b2254f9a37a997ff6a
Author:     Jérôme Gardou jerome.gardou@reactos.org
AuthorDate: Fri Dec 18 17:21:01 2020 +0100
Commit:     Jérôme Gardou jerome.gardou@reactos.org
CommitDate: Tue Dec 22 11:02:33 2020 +0100
[NTOS:IO] Do not pass bogus file offset to the FS in NtReadFile & NtWriteFile
---
 ntoskrnl/io/iomgr/iofunc.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/ntoskrnl/io/iomgr/iofunc.c b/ntoskrnl/io/iomgr/iofunc.c
index 627ff9644b3..62c7799e47a 100644
--- a/ntoskrnl/io/iomgr/iofunc.c
+++ b/ntoskrnl/io/iomgr/iofunc.c
@@ -2776,6 +2776,14 @@ NtReadFile(IN HANDLE FileHandle,
         if (Key) CapturedKey = *Key;
     }
+    /* Check for invalid offset */
+    if ((CapturedByteOffset.QuadPart < 0) && (CapturedByteOffset.QuadPart != -2))
+    {
+        /* -2 is FILE_USE_FILE_POINTER_POSITION */
+        ObDereferenceObject(FileObject);
+        return STATUS_INVALID_PARAMETER;
+    }
+
     /* Check for event */
     if (Event)
     {
@@ -3827,6 +3835,15 @@ NtWriteFile(IN HANDLE FileHandle,
         if (Key) CapturedKey = *Key;
     }
+    /* Check for invalid offset */
+    if (CapturedByteOffset.QuadPart < -2)
+    {
+        /* -1 is FILE_WRITE_TO_END_OF_FILE */
+        /* -2 is FILE_USE_FILE_POINTER_POSITION */
+        ObDereferenceObject(FileObject);
+        return STATUS_INVALID_PARAMETER;
+    }
+
     /* Check if this is an append operation */
     if ((ObjectHandleInfo.GrantedAccess &
         (FILE_APPEND_DATA | FILE_WRITE_DATA)) == FILE_APPEND_DATA)

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[ros-diffs] [reactos] 01/01: [NTOS:IO] Do not pass bogus file offset to the FS in NtReadFile & NtWriteFile