[pschweitzer] 65186: [NTFS] Fix a really nasty bug in NTFS: it was possible to perform a buffer overflow when reading the bitmap data. - Ros-diffs

2 Nov 2014

Author: pschweitzer
Date: Sun Nov  2 17:53:18 2014
New Revision: 65186

URL: http://svn.reactos.org/svn/reactos?rev=65186&view=rev
Log:
[NTFS]
Fix a really nasty bug in NTFS: it was possible to perform a buffer overflow when reading
the bitmap data.

Modified:
    trunk/reactos/drivers/filesystems/ntfs/volinfo.c

Modified: trunk/reactos/drivers/filesystems/ntfs/volinfo.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/ntfs/v…
==============================================================================

--- trunk/reactos/drivers/filesystems/ntfs/volinfo.c	[iso-8859-1] (original)
+++ trunk/reactos/drivers/filesystems/ntfs/volinfo.c	[iso-8859-1] Sun Nov  2 17:53:18
2014
@@ -70,7 +70,7 @@
 
     BitmapDataSize = AttributeDataLength(&DataContext->Record);
     ASSERT((BitmapDataSize * 8) >= (DeviceExt->NtfsInfo.SectorCount /
DeviceExt->NtfsInfo.SectorsPerCluster));
-    BitmapData = ExAllocatePoolWithTag(NonPagedPool, BitmapDataSize, TAG_NTFS);
+    BitmapData = ExAllocatePoolWithTag(NonPagedPool, ROUND_UP(BitmapDataSize,
DeviceExt->NtfsInfo.BytesPerSector), TAG_NTFS);
     if (BitmapData == NULL)
     {
         ReleaseAttributeContext(DataContext);



    