Author: janderwald Date: Tue Jun 1 11:12:32 2010 New Revision: 47509

URL: http://svn.reactos.org/svn/reactos?rev=47509&view=rev Log: [NPFS] - Add more buffer checks - Clear DO_DEVICE_INITIALIZING flag

Modified: trunk/reactos/drivers/filesystems/npfs/finfo.c trunk/reactos/drivers/filesystems/npfs/npfs.c

Modified: trunk/reactos/drivers/filesystems/npfs/finfo.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/npfs/fi... ============================================================================== --- trunk/reactos/drivers/filesystems/npfs/finfo.c [iso-8859-1] (original) +++ trunk/reactos/drivers/filesystems/npfs/finfo.c [iso-8859-1] Tue Jun 1 11:12:32 2010 @@ -26,6 +26,13 @@ PFILE_PIPE_INFORMATION Request; DPRINT("NpfsSetPipeInformation()\n");

+ if (*BufferLength < sizeof(FILE_PIPE_INFORMATION)) + { + /* Buffer too small */ + return STATUS_INFO_LENGTH_MISMATCH; + } + + /* Get the Pipe and data */ Fcb = Ccb->Fcb; Request = (PFILE_PIPE_INFORMATION)Info; @@ -63,6 +70,12 @@ PFILE_PIPE_REMOTE_INFORMATION Request; DPRINT("NpfsSetPipeRemoteInformation()\n");

+ if (*BufferLength < sizeof(FILE_PIPE_REMOTE_INFORMATION)) + { + /* Buffer too small */ + return STATUS_INFO_LENGTH_MISMATCH; + } + /* Get the Pipe and data */ Fcb = Ccb->Fcb; Request = (PFILE_PIPE_REMOTE_INFORMATION)Info; @@ -86,6 +99,13 @@ ULONG ConnectionSideReadMode; DPRINT("NpfsQueryPipeInformation()\n");

+ if (*BufferLength < sizeof(FILE_PIPE_INFORMATION)) + { + /* Buffer too small */ + *BufferLength = sizeof(FILE_PIPE_INFORMATION); + return STATUS_BUFFER_OVERFLOW; + } + /* Get the Pipe */ Fcb = Ccb->Fcb;

@@ -100,7 +120,7 @@ Info->ReadMode = ConnectionSideReadMode;

/* Return success */ - *BufferLength -= sizeof(FILE_PIPE_INFORMATION); + *BufferLength = sizeof(FILE_PIPE_INFORMATION); return STATUS_SUCCESS; }

@@ -114,6 +134,13 @@ PNPFS_FCB Fcb; DPRINT("NpfsQueryPipeRemoteInformation()\n");

+ if (*BufferLength < sizeof(FILE_PIPE_REMOTE_INFORMATION)) + { + /* Buffer too small */ + *BufferLength = sizeof(FILE_PIPE_REMOTE_INFORMATION); + return STATUS_BUFFER_OVERFLOW; + } + /* Get the Pipe */ Fcb = Ccb->Fcb;

@@ -125,7 +152,7 @@ Info->CollectDataTime = Fcb->TimeOut;

/* Return success */ - *BufferLength -= sizeof(FILE_PIPE_REMOTE_INFORMATION); + *BufferLength = sizeof(FILE_PIPE_REMOTE_INFORMATION); return STATUS_SUCCESS; }

@@ -140,11 +167,21 @@

DPRINT("NpfsQueryLocalPipeInformation()\n");

- Fcb = Ccb->Fcb; - + if (*BufferLength < sizeof(FILE_PIPE_REMOTE_INFORMATION)) + { + /* Buffer too small */ + *BufferLength = sizeof(FILE_PIPE_REMOTE_INFORMATION); + return STATUS_BUFFER_OVERFLOW; + } + + /* Get the Pipe */ + Fcb = Ccb->Fcb; + + /* Clear Info */ RtlZeroMemory(Info, sizeof(FILE_PIPE_LOCAL_INFORMATION));

+ /* Return Info */ Info->NamedPipeType = Fcb->PipeType; Info->NamedPipeConfiguration = Fcb->PipeConfiguration; Info->MaximumInstances = Fcb->MaximumInstances; @@ -165,7 +202,7 @@ Info->WriteQuotaAvailable = Ccb->OtherSide->WriteQuotaAvailable; }

- *BufferLength -= sizeof(FILE_PIPE_LOCAL_INFORMATION); + *BufferLength = sizeof(FILE_PIPE_LOCAL_INFORMATION); return STATUS_SUCCESS; }

@@ -226,14 +263,12 @@

default: Status = STATUS_NOT_SUPPORTED; + BufferLength = 0; }

Irp->IoStatus.Status = Status; - if (NT_SUCCESS(Status)) - Irp->IoStatus.Information = - IoStack->Parameters.QueryFile.Length - BufferLength; - else - Irp->IoStatus.Information = 0; + Irp->IoStatus.Information = BufferLength; + IoCompleteRequest (Irp, IO_NO_INCREMENT);

return Status;

Modified: trunk/reactos/drivers/filesystems/npfs/npfs.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/npfs/np... ============================================================================== --- trunk/reactos/drivers/filesystems/npfs/npfs.c [iso-8859-1] (original) +++ trunk/reactos/drivers/filesystems/npfs/npfs.c [iso-8859-1] Tue Jun 1 11:12:32 2010 @@ -70,6 +70,7 @@

/* initialize the device object */ DeviceObject->Flags |= DO_DIRECT_IO; + DeviceObject->Flags &= ~DO_DEVICE_INITIALIZING;

/* initialize the device extension */ DeviceExtension = DeviceObject->DeviceExtension;