[ros-diffs] [reactos] 01/01: [SETUPAPI] CM_Request_Device_Eject_ExA/W: Fix pszVetoName buffer size validation (#5943)

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=7f346b1aa350942540c7d… commit 7f346b1aa350942540c7dee9fce3869bea2a72a6 Author: Thamatip Chitpong <thamatip.chitpong(a)reactos.org> AuthorDate: Wed Nov 22 08:58:27 2023 +0700 Commit: GitHub <noreply(a)github.com> CommitDate: Wed Nov 22 08:58:27 2023 +0700 [SETUPAPI] CM_Request_Device_Eject_ExA/W: Fix pszVetoName buffer size validation (#5943) - Return CR_INVALID_POINTER if pszVetoName is NULL and ulNameLength is not zero - CM_Request_Device_Eject_ExA: Allow ulNameLength to be zero when pszVetoName is not NULL Verified with Windows 2003 SP2. --- dll/win32/setupapi/cfgmgr.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/dll/win32/setupapi/cfgmgr.c b/dll/win32/setupapi/cfgmgr.c index 4a4e18ad621..3ab1d6969ce 100644 --- a/dll/win32/setupapi/cfgmgr.c +++ b/dll/win32/setupapi/cfgmgr.c @@ -7483,22 +7483,25 @@ CM_Request_Device_Eject_ExA( _In_ ULONG ulFlags, _In_opt_ HMACHINE hMachine) { - LPWSTR lpLocalVetoName; + LPWSTR lpLocalVetoName = NULL; CONFIGRET ret; TRACE("CM_Request_Device_Eject_ExA(%lx %p %s %lu %lx %p)\n", dnDevInst, pVetoType, debugstr_a(pszVetoName), ulNameLength, ulFlags, hMachine); - if (pszVetoName == NULL && ulNameLength == 0) - return CR_INVALID_POINTER; + if (ulNameLength != 0) + { + if (pszVetoName == NULL) + return CR_INVALID_POINTER; - lpLocalVetoName = HeapAlloc(GetProcessHeap(), 0, ulNameLength * sizeof(WCHAR)); - if (lpLocalVetoName == NULL) - return CR_OUT_OF_MEMORY; + lpLocalVetoName = HeapAlloc(GetProcessHeap(), 0, ulNameLength * sizeof(WCHAR)); + if (lpLocalVetoName == NULL) + return CR_OUT_OF_MEMORY; + } ret = CM_Request_Device_Eject_ExW(dnDevInst, pVetoType, lpLocalVetoName, ulNameLength, ulFlags, hMachine); - if (ret == CR_REMOVE_VETOED) + if (ret == CR_REMOVE_VETOED && ulNameLength != 0) { if (WideCharToMultiByte(CP_ACP, 0, @@ -7544,7 +7547,7 @@ CM_Request_Device_Eject_ExW( if (ulFlags != 0) return CR_INVALID_FLAG; - if (pszVetoName == NULL && ulNameLength == 0) + if (pszVetoName == NULL && ulNameLength != 0) return CR_INVALID_POINTER; if (hMachine != NULL)