[pschweitzer] 65186: [NTFS] Fix a really nasty bug in NTFS: it was possible to perform a buffer overflow when reading the bitmap data. - Ros-diffs

2 Nov 2014

Author: pschweitzer
Date: Sun Nov  2 17:53:18 2014
New Revision: 65186
URL: http://svn.reactos.org/svn/reactos?rev=65186&view=rev
Log:
[NTFS]
Fix a really nasty bug in NTFS: it was possible to perform a buffer overflow when reading the bitmap data.
Modified:
    trunk/reactos/drivers/filesystems/ntfs/volinfo.c
Modified: trunk/reactos/drivers/filesystems/ntfs/volinfo.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/ntfs/vo...
==============================================================================

--- trunk/reactos/drivers/filesystems/ntfs/volinfo.c	[iso-8859-1] (original)
+++ trunk/reactos/drivers/filesystems/ntfs/volinfo.c	[iso-8859-1] Sun Nov  2 17:53:18 2014
@@ -70,7 +70,7 @@
BitmapDataSize = AttributeDataLength(&DataContext->Record);
     ASSERT((BitmapDataSize * 8) >= (DeviceExt->NtfsInfo.SectorCount / DeviceExt->NtfsInfo.SectorsPerCluster));
-    BitmapData = ExAllocatePoolWithTag(NonPagedPool, BitmapDataSize, TAG_NTFS);
+    BitmapData = ExAllocatePoolWithTag(NonPagedPool, ROUND_UP(BitmapDataSize, DeviceExt->NtfsInfo.BytesPerSector), TAG_NTFS);
     if (BitmapData == NULL)
     {
         ReleaseAttributeContext(DataContext);

    