[ros-diffs] [jgardou] 53209: [SETUPAPI] - fix broken check - fix potential NULL pointer dereference - fix non critical parameter checks.

Author: jgardou Date: Sat Aug 13 19:53:29 2011 New Revision: 53209 URL: http://svn.reactos.org/svn/reactos?rev=53209&view=rev Log: [SETUPAPI] - fix broken check - fix potential NULL pointer dereference - fix non critical parameter checks. Modified: trunk/reactos/dll/win32/setupapi/devinst.c Modified: trunk/reactos/dll/win32/setupapi/devinst.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/setupapi/devinst… ============================================================================== --- trunk/reactos/dll/win32/setupapi/devinst.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/setupapi/devinst.c [iso-8859-1] Sat Aug 13 19:53:29 2011 @@ -1288,7 +1288,10 @@ SetLastError(ERROR_INVALID_MACHINENAME); goto cleanup; } - size += (len + 3) * sizeof(WCHAR); + if(len > 0) + size += (len + 3) * sizeof(WCHAR); + else + MachineName = NULL; } if (Reserved != NULL) @@ -3022,13 +3025,19 @@ SetLastError(ERROR_INVALID_PARAMETER); return FALSE; } - if (DeviceInterfaceDetailData && (DeviceInterfaceDetailData->cbSize < - FIELD_OFFSET(SP_DEVICE_INTERFACE_DETAIL_DATA_A, DevicePath) + 1 || - DeviceInterfaceDetailData->cbSize > sizeof(SP_DEVICE_INTERFACE_DETAIL_DATA_A))) + if (DeviceInterfaceDetailData && (DeviceInterfaceDetailData->cbSize != sizeof(SP_DEVICE_INTERFACE_DETAIL_DATA_A))) { SetLastError(ERROR_INVALID_USER_BUFFER); return FALSE; } + + if((DeviceInterfaceDetailDataSize != 0) && + (DeviceInterfaceDetailDataSize < (FIELD_OFFSET(SP_DEVICE_INTERFACE_DETAIL_DATA_A, DevicePath) + sizeof(CHAR)))) + { + SetLastError(ERROR_INVALID_USER_BUFFER); + return FALSE; + } + if (!DeviceInterfaceDetailData && DeviceInterfaceDetailDataSize) { SetLastError(ERROR_INVALID_USER_BUFFER); @@ -3045,10 +3054,10 @@ { SetLastError(ERROR_NOT_ENOUGH_MEMORY); } + DeviceInterfaceDetailDataW->cbSize = sizeof(SP_DEVICE_INTERFACE_DETAIL_DATA_W); } if (!DeviceInterfaceDetailData || (DeviceInterfaceDetailData && DeviceInterfaceDetailDataW)) { - DeviceInterfaceDetailDataW->cbSize = sizeof(SP_DEVICE_INTERFACE_DETAIL_DATA_W); ret = SetupDiGetDeviceInterfaceDetailW( DeviceInfoSet, DeviceInterfaceData, @@ -3060,7 +3069,7 @@ + FIELD_OFFSET(SP_DEVICE_INTERFACE_DETAIL_DATA_A, DevicePath); if (RequiredSize) *RequiredSize = bytesNeeded; - if (ret && DeviceInterfaceDetailData && DeviceInterfaceDetailDataSize <= bytesNeeded) + if (ret && DeviceInterfaceDetailData && DeviceInterfaceDetailDataSize >= bytesNeeded) { if (!WideCharToMultiByte( CP_ACP, 0, @@ -3123,7 +3132,8 @@ SetLastError(ERROR_INVALID_PARAMETER); return FALSE; } - if (DeviceInterfaceDetailData != NULL && DeviceInterfaceDetailDataSize < FIELD_OFFSET(SP_DEVICE_INTERFACE_DETAIL_DATA_W, DevicePath) + sizeof(WCHAR)) + if ((DeviceInterfaceDetailData != NULL) + && (DeviceInterfaceDetailDataSize < (FIELD_OFFSET(SP_DEVICE_INTERFACE_DETAIL_DATA_W, DevicePath)) + sizeof(WCHAR))) { SetLastError(ERROR_INVALID_PARAMETER); return FALSE;