[reactos] 01/01: [NTOS:IO] Do not pass bogus file offset to the FS in NtReadFile & NtWriteFile
22 Dec
2020
22 Dec
'20
10:02 a.m.
https://git.reactos.org/?p=reactos.git;a=commitdiff;h=a6c0af2e218cba4dc6f1a…
commit a6c0af2e218cba4dc6f1a9b2254f9a37a997ff6a
Author: Jérôme Gardou <jerome.gardou(a)reactos.org>
AuthorDate: Fri Dec 18 17:21:01 2020 +0100
Commit: Jérôme Gardou <jerome.gardou(a)reactos.org>
CommitDate: Tue Dec 22 11:02:33 2020 +0100
[NTOS:IO] Do not pass bogus file offset to the FS in NtReadFile & NtWriteFile
---
ntoskrnl/io/iomgr/iofunc.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/ntoskrnl/io/iomgr/iofunc.c b/ntoskrnl/io/iomgr/iofunc.c
index 627ff9644b3..62c7799e47a 100644
--- a/ntoskrnl/io/iomgr/iofunc.c
+++ b/ntoskrnl/io/iomgr/iofunc.c
@@ -2776,6 +2776,14 @@ NtReadFile(IN HANDLE FileHandle,
if (Key) CapturedKey = *Key;
}
+ /* Check for invalid offset */
+ if ((CapturedByteOffset.QuadPart < 0) && (CapturedByteOffset.QuadPart !=
-2))
+ {
+ /* -2 is FILE_USE_FILE_POINTER_POSITION */
+ ObDereferenceObject(FileObject);
+ return STATUS_INVALID_PARAMETER;
+ }
+
/* Check for event */
if (Event)
{
@@ -3827,6 +3835,15 @@ NtWriteFile(IN HANDLE FileHandle,
if (Key) CapturedKey = *Key;
}
+ /* Check for invalid offset */
+ if (CapturedByteOffset.QuadPart < -2)
+ {
+ /* -1 is FILE_WRITE_TO_END_OF_FILE */
+ /* -2 is FILE_USE_FILE_POINTER_POSITION */
+ ObDereferenceObject(FileObject);
+ return STATUS_INVALID_PARAMETER;
+ }
+
/* Check if this is an append operation */
if ((ObjectHandleInfo.GrantedAccess &
(FILE_APPEND_DATA | FILE_WRITE_DATA)) == FILE_APPEND_DATA)
1418
days inactive
1418
days old
0 comments
1 participants
participants (1)
-
Jérôme Gardou