Author: tfaber Date: Sat Sep 22 09:48:27 2012 New Revision: 57362

URL: http://svn.reactos.org/svn/reactos?rev=57362&view=rev Log: [NPFS] - Do not fail for a valid buffer size in NpfsPeekPipe - Do not read from an output buffer in NpfsPeekPipe

Modified: trunk/reactos/drivers/filesystems/npfs/fsctrl.c

Modified: trunk/reactos/drivers/filesystems/npfs/fsctrl.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/npfs/fs... ============================================================================== --- trunk/reactos/drivers/filesystems/npfs/fsctrl.c [iso-8859-1] (original) +++ trunk/reactos/drivers/filesystems/npfs/fsctrl.c [iso-8859-1] Sat Sep 22 09:48:27 2012 @@ -581,14 +581,14 @@ DPRINT("OutputBufferLength: %lu\n", OutputBufferLength);

/* Validate parameters */ - if (OutputBufferLength < sizeof(FILE_PIPE_PEEK_BUFFER)) + if (OutputBufferLength < FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[0])) { DPRINT1("Buffer too small\n"); return STATUS_INVALID_PARAMETER; }

Ccb = IoStack->FileObject->FsContext2; - Reply = (PFILE_PIPE_PEEK_BUFFER)Irp->AssociatedIrp.SystemBuffer; + Reply = Irp->AssociatedIrp.SystemBuffer; //Fcb = Ccb->Fcb;

@@ -604,46 +604,49 @@ { DPRINT("Byte Stream Mode\n"); Reply->MessageLength = Ccb->ReadDataAvailable; - DPRINT("Reply->MessageLength %lu\n",Reply->MessageLength ); + DPRINT("Reply->MessageLength %lu\n", Reply->MessageLength); MessageCount = 1;

- if (Reply->Data[0] && (OutputBufferLength >= Ccb->ReadDataAvailable + FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[0]))) - { + if (OutputBufferLength >= FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[Ccb->ReadDataAvailable])) + { + RtlCopyMemory(Reply->Data, BufferPtr, Ccb->ReadDataAvailable); ReturnLength = Ccb->ReadDataAvailable; - memcpy(&Reply->Data[0], (PVOID)BufferPtr, Ccb->ReadDataAvailable); } } else { DPRINT("Message Mode\n"); - ReadDataAvailable=Ccb->ReadDataAvailable; + ReadDataAvailable = Ccb->ReadDataAvailable;

if (ReadDataAvailable > 0) { - memcpy(&Reply->MessageLength, BufferPtr, sizeof(ULONG)); + RtlCopyMemory(&Reply->MessageLength, + BufferPtr, + sizeof(Reply->MessageLength));

while ((ReadDataAvailable > 0) && (BufferPtr < Ccb->WritePtr)) { - memcpy(&MessageLength, BufferPtr, sizeof(MessageLength)); + RtlCopyMemory(&MessageLength, BufferPtr, sizeof(MessageLength));

ASSERT(MessageLength > 0);

- DPRINT("MessageLength = %lu\n",MessageLength); + DPRINT("MessageLength = %lu\n", MessageLength); ReadDataAvailable -= MessageLength; MessageCount++;

/* If its the first message, copy the Message if the size of buffer is large enough */ - if (MessageCount==1) + if (MessageCount == 1) { - if ((Reply->Data[0]) - && (OutputBufferLength >= (MessageLength + FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[0])))) + if (OutputBufferLength >= FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[MessageLength])) { - memcpy(&Reply->Data[0], (PVOID)((ULONG_PTR)BufferPtr + sizeof(MessageLength)), MessageLength); + RtlCopyMemory(Reply->Data, + (PVOID)((ULONG_PTR)BufferPtr + sizeof(MessageLength)), + MessageLength); ReturnLength = MessageLength; } }

- BufferPtr =(PVOID)((ULONG_PTR)BufferPtr + MessageLength + sizeof(MessageLength)); + BufferPtr = (PVOID)((ULONG_PTR)BufferPtr + sizeof(MessageLength) + MessageLength); DPRINT("BufferPtr = %x\n", BufferPtr); DPRINT("ReadDataAvailable: %lu\n", ReadDataAvailable); } @@ -659,7 +662,7 @@

Reply->NumberOfMessages = MessageCount;

- Irp->IoStatus.Information = ReturnLength + FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[0]); + Irp->IoStatus.Information = FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[ReturnLength]); Irp->IoStatus.Status = STATUS_SUCCESS;

Status = STATUS_SUCCESS;