22 Dec
2010
22 Dec
'10
12:13 a.m.
Author: pschweitzer
Date: Wed Dec 22 00:13:03 2010
New Revision: 50090
URL: http://svn.reactos.org/svn/reactos?rev=50090&view=rev
Log:
[FASTFAT]
Fix for a buffer overflow and then a buffer overrun (if ever it fixes something)
The way filenames are handled for FAT entries should be REALLY simplified. This would
prevent such errors.
Thus, there are more magic values in fastfat driver than everywhere else in ReactOS which
makes proper fixing hard (impossible?).
Finally, the code for that fix is crappy, but I don't care, it fits the rest of the
fastfat driver code.
*pissed off*
Fixes CID #2502
Modified:
trunk/reactos/drivers/filesystems/fastfat/volume.c
Modified: trunk/reactos/drivers/filesystems/fastfat/volume.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/fastfa…
==============================================================================
--- trunk/reactos/drivers/filesystems/fastfat/volume.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/filesystems/fastfat/volume.c [iso-8859-1] Wed Dec 22 00:13:03
2010
@@ -220,8 +220,16 @@
}
else
{
- RtlCopyMemory(VolumeLabelDirEntry.Fat.Filename, cString, LabelLen);
- memset(&VolumeLabelDirEntry.Fat.Filename[LabelLen], ' ', 11 - LabelLen);
+ RtlCopyMemory(VolumeLabelDirEntry.Fat.Filename, cString,
max(sizeof(VolumeLabelDirEntry.Fat.Filename), LabelLen));
+ if (LabelLen > sizeof(VolumeLabelDirEntry.Fat.Filename))
+ {
+ memset(VolumeLabelDirEntry.Fat.Ext, ' ',
sizeof(VolumeLabelDirEntry.Fat.Ext));
+ RtlCopyMemory(VolumeLabelDirEntry.Fat.Ext, cString +
sizeof(VolumeLabelDirEntry.Fat.Filename), LabelLen -
sizeof(VolumeLabelDirEntry.Fat.Filename));
+ }
+ else
+ {
+ memset(&VolumeLabelDirEntry.Fat.Filename[LabelLen], ' ',
sizeof(VolumeLabelDirEntry.Fat.Filename) - LabelLen);
+ }
VolumeLabelDirEntry.Fat.Attrib = 0x08;
}