[reactos] 15/72: [NTFS] Add error-checking to InternalGetNextAttribute(); don't crash if CurrAttr->Length is invalid. - Ros-diffs

10 Dec 2017

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=7c576a836f635bc1a07fc7...
commit 7c576a836f635bc1a07fc7f310690a0424051382
Author: Trevor Thompson tmt256@email.vccs.edu
AuthorDate: Tue Jul 12 09:57:16 2016 +0000
[NTFS]
    Add error-checking to InternalGetNextAttribute(); don't crash if CurrAttr->Length is invalid.
svn path=/branches/GSoC_2016/NTFS/; revision=71897
---
 drivers/filesystems/ntfs/attrib.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/filesystems/ntfs/attrib.c b/drivers/filesystems/ntfs/attrib.c
index 80022f5957..fc2463fee5 100644
--- a/drivers/filesystems/ntfs/attrib.c
+++ b/drivers/filesystems/ntfs/attrib.c
@@ -181,6 +181,14 @@ InternalGetNextAttribute(PFIND_ATTR_CONTXT Context)
         }
NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)Context->CurrAttr + Context->CurrAttr->Length);
+
+        if (NextAttribute > Context->LastAttr || NextAttribute < Context->FirstAttr)
+        {
+            DPRINT1("Broken length: 0x%lx!\n", Context->CurrAttr->Length);
+            Context->CurrAttr = (PVOID)-1;
+            return NULL;
+        }
+        
         Context->Offset += ((ULONG_PTR)NextAttribute - (ULONG_PTR)Context->CurrAttr);
         Context->CurrAttr = NextAttribute;

    