[reactos] 04/05: [USBPORT] Avoid a benign integer overflow in USBHI_QueryDeviceInformation (CID 1419219). - Ros-diffs

13 Oct 2017

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=a45779a12f70f3c43a5b78...
commit a45779a12f70f3c43a5b78c7bdf3478c71accccb
Author: Thomas Faber thomas.faber@reactos.org
AuthorDate: Wed Oct 11 17:59:43 2017 +0200
[USBPORT] Avoid a benign integer overflow in USBHI_QueryDeviceInformation (CID 1419219).
---
 drivers/usb/usbport/iface.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/usbport/iface.c b/drivers/usb/usbport/iface.c
index 39f42e77ba..4e56811eb7 100644
--- a/drivers/usb/usbport/iface.c
+++ b/drivers/usb/usbport/iface.c
@@ -211,8 +211,8 @@ USBHI_QueryDeviceInformation(IN PVOID BusContext,
         }
     }
-    ActualLength = sizeof(USB_DEVICE_INFORMATION_0) + 
-                   (NumberOfOpenPipes - 1) * sizeof(USB_PIPE_INFORMATION_0);
+    ActualLength = FIELD_OFFSET(USB_DEVICE_INFORMATION_0, PipeList) + 
+                   NumberOfOpenPipes * sizeof(USB_PIPE_INFORMATION_0);
if (DeviceInfoBufferLen < ActualLength)
     {

    