[ros-diffs] [pschweitzer] 65186: [NTFS] Fix a really nasty bug in NTFS: it was possible to perform a buffer overflow when reading the bitmap data.

Author: pschweitzer Date: Sun Nov 2 17:53:18 2014 New Revision: 65186 URL: http://svn.reactos.org/svn/reactos?rev=65186&view=rev Log: [NTFS] Fix a really nasty bug in NTFS: it was possible to perform a buffer overflow when reading the bitmap data. Modified: trunk/reactos/drivers/filesystems/ntfs/volinfo.c Modified: trunk/reactos/drivers/filesystems/ntfs/volinfo.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/ntfs/v… ============================================================================== --- trunk/reactos/drivers/filesystems/ntfs/volinfo.c [iso-8859-1] (original) +++ trunk/reactos/drivers/filesystems/ntfs/volinfo.c [iso-8859-1] Sun Nov 2 17:53:18 2014 @@ -70,7 +70,7 @@ BitmapDataSize = AttributeDataLength(&DataContext->Record); ASSERT((BitmapDataSize * 8) >= (DeviceExt->NtfsInfo.SectorCount / DeviceExt->NtfsInfo.SectorsPerCluster)); - BitmapData = ExAllocatePoolWithTag(NonPagedPool, BitmapDataSize, TAG_NTFS); + BitmapData = ExAllocatePoolWithTag(NonPagedPool, ROUND_UP(BitmapDataSize, DeviceExt->NtfsInfo.BytesPerSector), TAG_NTFS); if (BitmapData == NULL) { ReleaseAttributeContext(DataContext);