Author: pschweitzer Date: Tue Jun 23 06:54:44 2015 New Revision: 68244 URL: http://svn.reactos.org/svn/reactos?rev=68244&view=rev Log: [CDFS] In case of directory enumeration, validate the record earlier to really prevent any potentiel buffer overflow CORE-9254 Modified: trunk/reactos/drivers/filesystems/cdfs/dirctl.c Modified: trunk/reactos/drivers/filesystems/cdfs/dirctl.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/cdfs/d… ============================================================================== --- trunk/reactos/drivers/filesystems/cdfs/dirctl.c [iso-8859-1] (original) +++ trunk/reactos/drivers/filesystems/cdfs/dirctl.c [iso-8859-1] Tue Jun 23 06:54:44 2015 @@ -117,6 +117,12 @@ DPRINT("Index %lu RecordLength %lu Offset %lu\n", *pIndex, Record->RecordLength, *CurrentOffset); + if (!CdfsIsRecordValid(DeviceExt, Record)) + { + CcUnpinData(*Context); + return STATUS_DISK_CORRUPT_ERROR; + } + CdfsGetDirEntryName(DeviceExt, Record, Name); *Ptr = Record; @@ -259,18 +265,11 @@ { break; } - else if (Status == STATUS_UNSUCCESSFUL) + else if (Status == STATUS_UNSUCCESSFUL || Status == STATUS_DISK_CORRUPT_ERROR) { /* Note: the directory cache has already been unpinned */ RtlFreeUnicodeString(&FileToFindUpcase); return Status; - } - - if (!CdfsIsRecordValid(DeviceExt, Record)) - { - RtlFreeUnicodeString(&FileToFindUpcase); - CcUnpinData(Context); - return STATUS_DISK_CORRUPT_ERROR; } DPRINT("Name '%S'\n", name);