[tthompson] 71897: [NTFS] Add error-checking to InternalGetNextAttribute(); don't crash if CurrAttr->Length is invalid. - Ros-diffs

12 Jul 2016

Author: tthompson
Date: Tue Jul 12 09:57:16 2016
New Revision: 71897
URL: http://svn.reactos.org/svn/reactos?rev=71897&view=rev
Log:
[NTFS]
Add error-checking to InternalGetNextAttribute(); don't crash if CurrAttr->Length is invalid.
Modified:
    branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/attrib.c
Modified: branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/attrib.c
URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2016/NTFS/drivers/filesyste...
==============================================================================

--- branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/attrib.c	[iso-8859-1] (original)
+++ branches/GSoC_2016/NTFS/drivers/filesystems/ntfs/attrib.c	[iso-8859-1] Tue Jul 12 09:57:16 2016
@@ -181,6 +181,14 @@
         }
NextAttribute = (PNTFS_ATTR_RECORD)((ULONG_PTR)Context->CurrAttr + Context->CurrAttr->Length);
+
+        if (NextAttribute > Context->LastAttr || NextAttribute < Context->FirstAttr)
+        {
+            DPRINT1("Broken length: 0x%lx!\n", Context->CurrAttr->Length);
+            Context->CurrAttr = (PVOID)-1;
+            return NULL;
+        }
+        
         Context->Offset += ((ULONG_PTR)NextAttribute - (ULONG_PTR)Context->CurrAttr);
         Context->CurrAttr = NextAttribute;

    