[hpoussin] 65203: [NTFS] Fix IRP_MJ_QUERY_INFORMATION/FileNameInformation, which should handle buffers not big enough - Ros-diffs

2 Nov 2014

Author: hpoussin
Date: Sun Nov  2 22:56:47 2014
New Revision: 65203

URL: http://svn.reactos.org/svn/reactos?rev=65203&view=rev
Log:
[NTFS] Fix IRP_MJ_QUERY_INFORMATION/FileNameInformation, which should handle buffers not
big enough

Modified:
    trunk/reactos/drivers/filesystems/ntfs/finfo.c

Modified: trunk/reactos/drivers/filesystems/ntfs/finfo.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/ntfs/f…
==============================================================================

--- trunk/reactos/drivers/filesystems/ntfs/finfo.c	[iso-8859-1] (original)
+++ trunk/reactos/drivers/filesystems/ntfs/finfo.c	[iso-8859-1] Sun Nov  2 22:56:47 2014
@@ -143,7 +143,7 @@
                        PFILE_NAME_INFORMATION NameInfo,
                        PULONG BufferLength)
 {
-    ULONG NameLength;
+    ULONG BytesToCopy;
 
     UNREFERENCED_PARAMETER(FileObject);
     UNREFERENCED_PARAMETER(DeviceObject);
@@ -153,18 +153,30 @@
     ASSERT(NameInfo != NULL);
     ASSERT(Fcb != NULL);
 
-    NameLength = wcslen(Fcb->PathName) * sizeof(WCHAR);
-//  NameLength = 2;
-    if (*BufferLength < sizeof(FILE_NAME_INFORMATION) + NameLength)
-        return STATUS_BUFFER_OVERFLOW;
-
-    NameInfo->FileNameLength = NameLength;
-    memcpy(NameInfo->FileName,
-           Fcb->PathName,
-           NameLength + sizeof(WCHAR));
-//  wcscpy(NameInfo->FileName, L"\\");
-
-    *BufferLength -= (sizeof(FILE_NAME_INFORMATION) + NameLength + sizeof(WCHAR));
+    /* If buffer can't hold at least the file name length, bail out */
+    if (*BufferLength < (ULONG)FIELD_OFFSET(FILE_NAME_INFORMATION, FileName[0]))
+        return STATUS_BUFFER_OVERFLOW;
+
+    /* Save file name length, and as much file len, as buffer length allows */
+    NameInfo->FileNameLength = wcslen(Fcb->PathName) * sizeof(WCHAR);
+
+    /* Calculate amount of bytes to copy not to overflow the buffer */
+    BytesToCopy = min(NameInfo->FileNameLength,
+                      *BufferLength - FIELD_OFFSET(FILE_NAME_INFORMATION, FileName[0]));
+
+    /* Fill in the bytes */
+    RtlCopyMemory(NameInfo->FileName, Fcb->PathName, BytesToCopy);
+
+    /* Check if we could write more but are not able to */
+    if (*BufferLength < NameInfo->FileNameLength +
(ULONG)FIELD_OFFSET(FILE_NAME_INFORMATION, FileName[0]))
+    {
+        /* Return number of bytes written */
+        *BufferLength -= FIELD_OFFSET(FILE_NAME_INFORMATION, FileName[0]) + BytesToCopy;
+        return STATUS_BUFFER_OVERFLOW;
+    }
+
+    /* We filled up as many bytes, as needed */
+    *BufferLength -= (FIELD_OFFSET(FILE_NAME_INFORMATION, FileName[0]) +
NameInfo->FileNameLength);
 
     return STATUS_SUCCESS;
 }



    