Author: janderwald Date: Mon Jan 30 16:47:39 2012 New Revision: 55329

URL: http://svn.reactos.org/svn/reactos?rev=55329&view=rev Log: [HIDCLASS] - Prevent buffer overflow in HidClassPDO_HandleQueryHardwareId - Reimplement HidClassPDO_HandleQueryInstanceId - USB Composite driver now gets further(hangs at installation stage)

Modified: branches/usb-bringup-trunk/drivers/hid/hidclass/pdo.c branches/usb-bringup-trunk/drivers/hid/kbdhid/kbdhid.c

Modified: branches/usb-bringup-trunk/drivers/hid/hidclass/pdo.c URL: http://svn.reactos.org/svn/reactos/branches/usb-bringup-trunk/drivers/hid/hi... ============================================================================== --- branches/usb-bringup-trunk/drivers/hid/hidclass/pdo.c [iso-8859-1] (original) +++ branches/usb-bringup-trunk/drivers/hid/hidclass/pdo.c [iso-8859-1] Mon Jan 30 16:47:39 2012 @@ -143,7 +143,7 @@ { NTSTATUS Status; PHIDCLASS_PDO_DEVICE_EXTENSION PDODeviceExtension; - WCHAR Buffer[100]; + WCHAR Buffer[200]; ULONG Offset = 0; LPWSTR Ptr; PHIDP_COLLECTION_DESC CollectionDescription; @@ -280,26 +280,38 @@ IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp) { - NTSTATUS Status; - - // - // copy current stack location - // - IoCopyCurrentIrpStackLocationToNext(Irp); - - // - // call mini-driver - // - Status = HidClassFDO_DispatchRequestSynchronous(DeviceObject, Irp); - if (!NT_SUCCESS(Status)) + LPWSTR Buffer; + PHIDCLASS_PDO_DEVICE_EXTENSION PDODeviceExtension; + + // + // get device extension + // + PDODeviceExtension = (PHIDCLASS_PDO_DEVICE_EXTENSION)DeviceObject->DeviceExtension; + ASSERT(PDODeviceExtension->Common.IsFDO == FALSE); + + + // + // allocate buffer + // + Buffer = ExAllocatePool(NonPagedPool, 5 * sizeof(WCHAR)); + if (!Buffer) { // // failed // - return Status; - } - DPRINT1("HidClassPDO_HandleQueryInstanceId Buffer %S\n", Irp->IoStatus.Information); - return Status; + return STATUS_INSUFFICIENT_RESOURCES; + } + + // + // write device id + // + swprintf(Buffer, L"%04x", PDODeviceExtension->CollectionNumber); + Irp->IoStatus.Information = (ULONG_PTR)Buffer; + + // + // done + // + return STATUS_SUCCESS; }

NTSTATUS

Modified: branches/usb-bringup-trunk/drivers/hid/kbdhid/kbdhid.c URL: http://svn.reactos.org/svn/reactos/branches/usb-bringup-trunk/drivers/hid/kb... ============================================================================== --- branches/usb-bringup-trunk/drivers/hid/kbdhid/kbdhid.c [iso-8859-1] (original) +++ branches/usb-bringup-trunk/drivers/hid/kbdhid/kbdhid.c [iso-8859-1] Mon Jan 30 16:47:39 2012 @@ -384,7 +384,6 @@ { /* not implemented */ DPRINT1("IOCTL_KEYBOARD_QUERY_INDICATORS not implemented\n"); - ASSERT(FALSE); Irp->IoStatus.Status = STATUS_NOT_IMPLEMENTED; IoCompleteRequest(Irp, IO_NO_INCREMENT); return STATUS_NOT_IMPLEMENTED; @@ -393,7 +392,6 @@ { /* not implemented */ DPRINT1("IOCTL_KEYBOARD_QUERY_TYPEMATIC not implemented\n"); - ASSERT(FALSE); Irp->IoStatus.Status = STATUS_NOT_IMPLEMENTED; IoCompleteRequest(Irp, IO_NO_INCREMENT); return STATUS_NOT_IMPLEMENTED; @@ -402,7 +400,6 @@ { /* not implemented */ DPRINT1("IOCTL_KEYBOARD_SET_INDICATORS not implemented\n"); - ASSERT(FALSE); Irp->IoStatus.Status = STATUS_NOT_IMPLEMENTED; IoCompleteRequest(Irp, IO_NO_INCREMENT); return STATUS_NOT_IMPLEMENTED; @@ -411,7 +408,6 @@ { /* not implemented */ DPRINT1("IOCTL_KEYBOARD_SET_TYPEMATIC not implemented\n"); - ASSERT(FALSE); Irp->IoStatus.Status = STATUS_NOT_IMPLEMENTED; IoCompleteRequest(Irp, IO_NO_INCREMENT); return STATUS_NOT_IMPLEMENTED; @@ -420,7 +416,6 @@ { /* not implemented */ DPRINT1("IOCTL_KEYBOARD_QUERY_INDICATOR_TRANSLATION not implemented\n"); - ASSERT(FALSE); Irp->IoStatus.Status = STATUS_NOT_IMPLEMENTED; IoCompleteRequest(Irp, IO_NO_INCREMENT); return STATUS_NOT_IMPLEMENTED;