Author: pschweitzer Date: Fri Mar 25 22:12:08 2016 New Revision: 71047 URL: http://svn.reactos.org/svn/reactos?rev=71047&view=rev Log: [NTOSKRNL_VISTA] Bug fixes to FsRtlRemoveDotsFromPath() (buffer overrun, buffer underrun, etc.). This fixes the failing test Modified: trunk/reactos/lib/drivers/ntoskrnl_vista/fsrtl.c Modified: trunk/reactos/lib/drivers/ntoskrnl_vista/fsrtl.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/drivers/ntoskrnl_vista… ============================================================================== --- trunk/reactos/lib/drivers/ntoskrnl_vista/fsrtl.c [iso-8859-1] (original) +++ trunk/reactos/lib/drivers/ntoskrnl_vista/fsrtl.c [iso-8859-1] Fri Mar 25 22:12:08 2016 @@ -16,7 +16,7 @@ IN USHORT PathLength, OUT USHORT *NewLength) { - USHORT Length, ReadPos, WritePos = 0; + USHORT Length, ReadPos, WritePos; Length = PathLength / sizeof(WCHAR); @@ -35,79 +35,79 @@ return STATUS_IO_REPARSE_DATA_INVALID; } - if (Length > 0) + for (ReadPos = 0, WritePos = 0; ReadPos < Length; ++WritePos) { - ReadPos = 0; + for (; ReadPos > 0 && ReadPos < Length; ++ReadPos) + { + if (ReadPos < Length - 1 && OriginalString[ReadPos] == '\\' && OriginalString[ReadPos + 1] == '\\') + { + continue; + } - for (; ReadPos < Length; ++WritePos) - { - for (; ReadPos < Length; ++ReadPos) + if (OriginalString[ReadPos] != '.') { - if (ReadPos < Length - 1 && OriginalString[ReadPos] == '\\' && OriginalString[ReadPos + 1] == '\\') + break; + } + + if (ReadPos == Length - 1) + { + if (OriginalString[ReadPos - 1] == '\\') { + if (WritePos > 1) + { + --WritePos; + } + continue; } - if (OriginalString[ReadPos] != '.') + OriginalString[WritePos] = '.'; + ++WritePos; + continue; + } + + if (OriginalString[ReadPos + 1] == '\\') + { + if (OriginalString[ReadPos - 1] != '\\') { - break; + OriginalString[WritePos] = '.'; + ++WritePos; + continue; } - - if (ReadPos == Length - 1) + } + else + { + if (OriginalString[ReadPos + 1] != '.' || OriginalString[ReadPos - 1] != '\\' || + ((ReadPos != Length - 2) && OriginalString[ReadPos + 2] != '\\')) { - if (OriginalString[ReadPos - 1] == '\\') - { - if (WritePos > 1) - { - --WritePos; - } - - continue; - } - OriginalString[WritePos] = '.'; ++WritePos; continue; } - if (OriginalString[ReadPos + 1] == '\\') + for (WritePos -= 2; (SHORT)WritePos > 0 && OriginalString[WritePos] != '\\'; --WritePos); + + if ((SHORT)WritePos < 0 || OriginalString[WritePos] != '\\') { - if (OriginalString[ReadPos - 1] != '\\') - { - OriginalString[WritePos] = '.'; - ++WritePos; - continue; - } - } - else - { - if (OriginalString[ReadPos + 1] != '.' || OriginalString[ReadPos - 1] != '\\' || - ((ReadPos != Length - 2) && OriginalString[ReadPos + 2] != '\\')) - { - OriginalString[WritePos] = '.'; - ++WritePos; - continue; - } - - for (WritePos -= 2; (SHORT)WritePos > 0 && OriginalString[WritePos] != '\\'; --WritePos); - - if ((SHORT)WritePos < 0 || OriginalString[WritePos] != '\\') - { - return STATUS_IO_REPARSE_DATA_INVALID; - } - - if (WritePos == 0 && ReadPos == Length - 2) - { - WritePos = 1; - } + return STATUS_IO_REPARSE_DATA_INVALID; } - ++ReadPos; + if (WritePos == 0 && ReadPos == Length - 2) + { + WritePos = 1; + } } - OriginalString[WritePos] = OriginalString[ReadPos]; ++ReadPos; } + + if (ReadPos >= Length) + { + break; + } + + OriginalString[WritePos] = OriginalString[ReadPos]; + ++ReadPos; } *NewLength = WritePos * sizeof(WCHAR);