https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f9f5a787154a3886f96fba...
commit f9f5a787154a3886f96fbae303474a054d103190 Author: Victor Perevertkin victor.perevertkin@reactos.org AuthorDate: Wed Dec 16 01:12:26 2020 +0300 Commit: Victor Perevertkin victor.perevertkin@reactos.org CommitDate: Wed Dec 16 01:13:57 2020 +0300
[MOUNTMGR] Fix bugs in MountMgrQueryDosVolumePath
- Do not access uninitialized SymlinkInformation on failure case and just return - Do not make an assumption that MOUNTMGR_TARGET_NAME has a zero-string --- drivers/storage/mountmgr/device.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/storage/mountmgr/device.c b/drivers/storage/mountmgr/device.c index ecdb0b21526..ad70f80c23f 100644 --- a/drivers/storage/mountmgr/device.c +++ b/drivers/storage/mountmgr/device.c @@ -865,7 +865,8 @@ MountMgrQueryDosVolumePath(IN PDEVICE_EXTENSION DeviceExtension, }
/* Validate the entry structure size */ - if (Target->DeviceNameLength + sizeof(UNICODE_NULL) > Stack->Parameters.DeviceIoControl.InputBufferLength) + if ((FIELD_OFFSET(MOUNTMGR_TARGET_NAME, DeviceNameLength) + Target->DeviceNameLength) > + Stack->Parameters.DeviceIoControl.InputBufferLength) { return STATUS_INVALID_PARAMETER; } @@ -878,7 +879,7 @@ MountMgrQueryDosVolumePath(IN PDEVICE_EXTENSION DeviceExtension,
/* Construct string for query */ SymbolicName.Length = Target->DeviceNameLength; - SymbolicName.MaximumLength = Target->DeviceNameLength + sizeof(UNICODE_NULL); + SymbolicName.MaximumLength = Target->DeviceNameLength; SymbolicName.Buffer = Target->DeviceName;
/* Find device with our info */ @@ -911,7 +912,7 @@ MountMgrQueryDosVolumePath(IN PDEVICE_EXTENSION DeviceExtension, /* We didn't find, break */ if (SymlinksEntry == &(DeviceInformation->SymbolicLinksListHead)) { - break; + return STATUS_NOT_FOUND; }
/* It doesn't have associated device, go to fallback method */
-
Victor Perevertkin