[ros-diffs] [reactos] 01/01: [NTOS:IO] Do not pass bogus file offset to the FS in NtReadFile & NtWriteFile

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=a6c0af2e218cba4dc6f1a… commit a6c0af2e218cba4dc6f1a9b2254f9a37a997ff6a Author: Jérôme Gardou &lt;jerome.gardou(a)reactos.org&gt; AuthorDate: Fri Dec 18 17:21:01 2020 +0100 Commit: Jérôme Gardou &lt;jerome.gardou(a)reactos.org&gt; CommitDate: Tue Dec 22 11:02:33 2020 +0100 [NTOS:IO] Do not pass bogus file offset to the FS in NtReadFile & NtWriteFile --- ntoskrnl/io/iomgr/iofunc.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/ntoskrnl/io/iomgr/iofunc.c b/ntoskrnl/io/iomgr/iofunc.c index 627ff9644b3..62c7799e47a 100644 --- a/ntoskrnl/io/iomgr/iofunc.c +++ b/ntoskrnl/io/iomgr/iofunc.c @@ -2776,6 +2776,14 @@ NtReadFile(IN HANDLE FileHandle, if (Key) CapturedKey = *Key; } + /* Check for invalid offset */ + if ((CapturedByteOffset.QuadPart < 0) && (CapturedByteOffset.QuadPart != -2)) + { + /* -2 is FILE_USE_FILE_POINTER_POSITION */ + ObDereferenceObject(FileObject); + return STATUS_INVALID_PARAMETER; + } + /* Check for event */ if (Event) { @@ -3827,6 +3835,15 @@ NtWriteFile(IN HANDLE FileHandle, if (Key) CapturedKey = *Key; } + /* Check for invalid offset */ + if (CapturedByteOffset.QuadPart < -2) + { + /* -1 is FILE_WRITE_TO_END_OF_FILE */ + /* -2 is FILE_USE_FILE_POINTER_POSITION */ + ObDereferenceObject(FileObject); + return STATUS_INVALID_PARAMETER; + } + /* Check if this is an append operation */ if ((ObjectHandleInfo.GrantedAccess & (FILE_APPEND_DATA | FILE_WRITE_DATA)) == FILE_APPEND_DATA)