https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f9f5a787154a3886f96fb… commit f9f5a787154a3886f96fbae303474a054d103190 Author: Victor Perevertkin <victor.perevertkin(a)reactos.org> AuthorDate: Wed Dec 16 01:12:26 2020 +0300 Commit: Victor Perevertkin <victor.perevertkin(a)reactos.org> CommitDate: Wed Dec 16 01:13:57 2020 +0300 [MOUNTMGR] Fix bugs in MountMgrQueryDosVolumePath - Do not access uninitialized SymlinkInformation on failure case and just return - Do not make an assumption that MOUNTMGR_TARGET_NAME has a zero-string --- drivers/storage/mountmgr/device.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/storage/mountmgr/device.c b/drivers/storage/mountmgr/device.c index ecdb0b21526..ad70f80c23f 100644 --- a/drivers/storage/mountmgr/device.c +++ b/drivers/storage/mountmgr/device.c @@ -865,7 +865,8 @@ MountMgrQueryDosVolumePath(IN PDEVICE_EXTENSION DeviceExtension, } /* Validate the entry structure size */ - if (Target->DeviceNameLength + sizeof(UNICODE_NULL) > Stack->Parameters.DeviceIoControl.InputBufferLength) + if ((FIELD_OFFSET(MOUNTMGR_TARGET_NAME, DeviceNameLength) + Target->DeviceNameLength) > + Stack->Parameters.DeviceIoControl.InputBufferLength) { return STATUS_INVALID_PARAMETER; } @@ -878,7 +879,7 @@ MountMgrQueryDosVolumePath(IN PDEVICE_EXTENSION DeviceExtension, /* Construct string for query */ SymbolicName.Length = Target->DeviceNameLength; - SymbolicName.MaximumLength = Target->DeviceNameLength + sizeof(UNICODE_NULL); + SymbolicName.MaximumLength = Target->DeviceNameLength; SymbolicName.Buffer = Target->DeviceName; /* Find device with our info */ @@ -911,7 +912,7 @@ MountMgrQueryDosVolumePath(IN PDEVICE_EXTENSION DeviceExtension, /* We didn't find, break */ if (SymlinksEntry == &(DeviceInformation->SymbolicLinksListHead)) { - break; + return STATUS_NOT_FOUND; } /* It doesn't have associated device, go to fallback method */