[hyperion] 37616: modified ntoskrnl/ex/sysinfo.c MaxSystemInfoClass is now much larger than the size of the CallQS table: use the actual size of the table in range checks to prevent an overrun Fixes CID 527, CID 528 - Ros-diffs

24 Nov 2008

Author: hyperion
Date: Mon Nov 24 07:47:44 2008
New Revision: 37616
URL: http://svn.reactos.org/svn/reactos?rev=37616&view=rev
Log:
modified   ntoskrnl/ex/sysinfo.c
   MaxSystemInfoClass is now much larger than the size of the CallQS table: use the actual size of the table in range checks to prevent an overrun
   Fixes CID 527, CID 528
Modified:
    trunk/reactos/ntoskrnl/ex/sysinfo.c
Modified: trunk/reactos/ntoskrnl/ex/sysinfo.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ex/sysinfo.c?rev=3...
==============================================================================

--- trunk/reactos/ntoskrnl/ex/sysinfo.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/ex/sysinfo.c [iso-8859-1] Mon Nov 24 07:47:44 2008
@@ -1794,6 +1794,9 @@
    SI_QX(SystemSessionProcessesInformation)
 };
+C_ASSERT(SystemBasicInformation == 0);
+#define MIN_SYSTEM_INFO_CLASS (SystemBasicInformation)
+#define MAX_SYSTEM_INFO_CLASS (sizeof(CallQS) / sizeof(CallQS[0]))
/*
  * @implemented
@@ -1825,7 +1828,7 @@
       /*
        * Check the request is valid.
        */
-      if (SystemInformationClass >= MaxSystemInfoClass)
+      if (SystemInformationClass >= MAX_SYSTEM_INFO_CLASS)
         {
           _SEH2_YIELD(return STATUS_INVALID_INFO_CLASS);
         }
@@ -1892,8 +1895,8 @@
    /*
     * Check the request is valid.
     */
-	if (	(SystemInformationClass >= SystemBasicInformation)
-		&& (SystemInformationClass < MaxSystemInfoClass)
+	if (	(SystemInformationClass >= MIN_SYSTEM_INFO_CLASS)
+		&& (SystemInformationClass < MAX_SYSTEM_INFO_CLASS)
    	)
    {
    	if (NULL != CallQS [SystemInformationClass].Set)

    