[ros-diffs] [reactos] 01/01: [UMPNPMGR] PNP_RegisterNotification: Add notification filter parameter checks

29 Jun 2019

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=8f5fe0fa4f491b46b0bb0…

commit 8f5fe0fa4f491b46b0bb0417301d64bb97b9a2b2
Author:     Eric Kohl &lt;eric.kohl(a)reactos.org&gt;
AuthorDate: Sat Jun 29 17:52:56 2019 +0200
Commit:     Eric Kohl &lt;eric.kohl(a)reactos.org&gt;
CommitDate: Sat Jun 29 18:16:13 2019 +0200

    [UMPNPMGR] PNP_RegisterNotification: Add notification filter parameter checks
---
 base/services/umpnpmgr/rpcserver.c | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/base/services/umpnpmgr/rpcserver.c b/base/services/umpnpmgr/rpcserver.c
index bda0cdb55c..b76e250fc6 100644
--- a/base/services/umpnpmgr/rpcserver.c
+++ b/base/services/umpnpmgr/rpcserver.c
@@ -3539,6 +3539,8 @@ PNP_RegisterNotification(
     DWORD ulUnknown8,
     DWORD *pulUnknown9)
 {
+    PDEV_BROADCAST_DEVICEINTERFACE_W pBroadcastDeviceInterface;
+    PDEV_BROADCAST_HANDLE pBroadcastDeviceHandle;
 #if 0
     PNOTIFY_DATA pNotifyData;
 #endif
@@ -3555,6 +3557,38 @@ PNP_RegisterNotification(
     if (ulFlags & ~0x7)
         return CR_INVALID_FLAG;
 
+    if ((ulNotificationFilterSize < sizeof(DEV_BROADCAST_HDR)) ||
+        (((PDEV_BROADCAST_HDR)pNotificationFilter)->dbch_size <
sizeof(DEV_BROADCAST_HDR)))
+        return CR_INVALID_DATA;
+
+    if (((PDEV_BROADCAST_HDR)pNotificationFilter)->dbch_devicetype ==
DBT_DEVTYP_DEVICEINTERFACE)
+    {
+        DPRINT1("DBT_DEVTYP_DEVICEINTERFACE\n");
+        pBroadcastDeviceInterface =
(PDEV_BROADCAST_DEVICEINTERFACE_W)pNotificationFilter;
+
+        if ((ulNotificationFilterSize < sizeof(DEV_BROADCAST_DEVICEINTERFACE_W)) ||
+            (pBroadcastDeviceInterface->dbcc_size <
sizeof(DEV_BROADCAST_DEVICEINTERFACE_W)))
+            return CR_INVALID_DATA;
+    }
+    else if (((PDEV_BROADCAST_HDR)pNotificationFilter)->dbch_devicetype ==
DBT_DEVTYP_HANDLE)
+    {
+        DPRINT1("DBT_DEVTYP_HANDLE\n");
+        pBroadcastDeviceHandle = (PDEV_BROADCAST_HANDLE)pNotificationFilter;
+
+        if ((ulNotificationFilterSize < sizeof(DEV_BROADCAST_HANDLE)) ||
+            (pBroadcastDeviceHandle->dbch_size < sizeof(DEV_BROADCAST_HANDLE)))
+            return CR_INVALID_DATA;
+
+        if (ulFlags & DEVICE_NOTIFY_ALL_INTERFACE_CLASSES)
+            return CR_INVALID_FLAG;
+    }
+    else
+    {
+        DPRINT1("Invalid device type %lu\n",
((PDEV_BROADCAST_HDR)pNotificationFilter)->dbch_devicetype);
+        return CR_INVALID_DATA;
+    }
+
+
 #if 0
     pNotifyData = RtlAllocateHeap(GetProcessHeap(), HEAP_ZERO_MEMORY,
sizeof(NOTIFY_DATA));
     if (pNotifyData == NULL)


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[ros-diffs] [reactos] 01/01: [UMPNPMGR] PNP_RegisterNotification: Add notification filter parameter checks