Author: hyperion Date: Mon Nov 24 07:47:44 2008 New Revision: 37616 URL: http://svn.reactos.org/svn/reactos?rev=37616&view=rev Log: modified ntoskrnl/ex/sysinfo.c MaxSystemInfoClass is now much larger than the size of the CallQS table: use the actual size of the table in range checks to prevent an overrun Fixes CID 527, CID 528 Modified: trunk/reactos/ntoskrnl/ex/sysinfo.c Modified: trunk/reactos/ntoskrnl/ex/sysinfo.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ex/sysinfo.c?rev=… ============================================================================== --- trunk/reactos/ntoskrnl/ex/sysinfo.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ex/sysinfo.c [iso-8859-1] Mon Nov 24 07:47:44 2008 @@ -1794,6 +1794,9 @@ SI_QX(SystemSessionProcessesInformation) }; +C_ASSERT(SystemBasicInformation == 0); +#define MIN_SYSTEM_INFO_CLASS (SystemBasicInformation) +#define MAX_SYSTEM_INFO_CLASS (sizeof(CallQS) / sizeof(CallQS[0])) /* * @implemented @@ -1825,7 +1828,7 @@ /* * Check the request is valid. */ - if (SystemInformationClass >= MaxSystemInfoClass) + if (SystemInformationClass >= MAX_SYSTEM_INFO_CLASS) { _SEH2_YIELD(return STATUS_INVALID_INFO_CLASS); } @@ -1892,8 +1895,8 @@ /* * Check the request is valid. */ - if ( (SystemInformationClass >= SystemBasicInformation) - && (SystemInformationClass < MaxSystemInfoClass) + if ( (SystemInformationClass >= MIN_SYSTEM_INFO_CLASS) + && (SystemInformationClass < MAX_SYSTEM_INFO_CLASS) ) { if (NULL != CallQS [SystemInformationClass].Set)