https://git.reactos.org/?p=reactos.git;a=commitdiff;h=d8695eee1e92a7f2bdcdb…
commit d8695eee1e92a7f2bdcdbc638d1372fcb8fe1a5e
Author: Hermès Bélusca-Maïto <hermes.belusca-maito(a)reactos.org>
AuthorDate: Tue Aug 22 20:41:02 2023 +0200
Commit: Hermès Bélusca-Maïto <hermes.belusca-maito(a)reactos.org>
CommitDate: Tue Aug 29 17:26:57 2023 +0200
[NTOS:MM] Add missing validation of Ordinal in MiLocateExportName (#4918)
---
ntoskrnl/mm/ARM3/sysldr.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ntoskrnl/mm/ARM3/sysldr.c b/ntoskrnl/mm/ARM3/sysldr.c
index 89f394bddb5..c5f42ca582d 100644
--- a/ntoskrnl/mm/ARM3/sysldr.c
+++ b/ntoskrnl/mm/ARM3/sysldr.c
@@ -304,6 +304,9 @@ MiLocateExportName(IN PVOID DllBase,
/* Check if we couldn't find it */
if (Ordinal == -1) return NULL;
+ /* Validate the ordinal */
+ if (Ordinal >= ExportDirectory->NumberOfFunctions) return NULL;
+
/* Resolve the address and write it */
ExportTable = (PULONG)((ULONG_PTR)DllBase +
ExportDirectory->AddressOfFunctions);