[ros-diffs] [tthompson] 71897: [NTFS] Add error-checking to InternalGetNextAttribute(); don't crash if CurrAttr->Length is invalid.

Author: tthompson Date: Tue Jul 12 09:57:16 2016 New Revision: 71897 URL: http://svn.reactos.org/svn/reactos?rev=71897&view=rev Log: [NTFS] Add error-checking to InternalGetNextAttribute(); don't crash if CurrAttr->Length is invalid. Modified: branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/attrib.c Modified: branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/attrib.c URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2016/NTFS/drivers/filesyst… ============================================================================== --- branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/attrib.c [iso-8859-1] (original) +++ branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/attrib.c [iso-8859-1] Tue Jul 12 09:57:16 2016 @@ -181,6 +181,14 @@ } NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)Context->CurrAttr + Context->CurrAttr->Length); + + if (NextAttribute > Context->LastAttr || NextAttribute < Context->FirstAttr) + { + DPRINT1("Broken length: 0x%lx!\n", Context->CurrAttr->Length); + Context->CurrAttr = (PVOID)-1; + return NULL; + } + Context->Offset += ((ULONG_PTR)NextAttribute - (ULONG_PTR)Context->CurrAttr); Context->CurrAttr = NextAttribute;