Author: tfaber Date: Sat Sep 22 09:48:27 2012 New Revision: 57362 URL: http://svn.reactos.org/svn/reactos?rev=57362&view=rev Log: [NPFS] - Do not fail for a valid buffer size in NpfsPeekPipe - Do not read from an output buffer in NpfsPeekPipe Modified: trunk/reactos/drivers/filesystems/npfs/fsctrl.c Modified: trunk/reactos/drivers/filesystems/npfs/fsctrl.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/npfs/f… ============================================================================== --- trunk/reactos/drivers/filesystems/npfs/fsctrl.c [iso-8859-1] (original) +++ trunk/reactos/drivers/filesystems/npfs/fsctrl.c [iso-8859-1] Sat Sep 22 09:48:27 2012 @@ -581,14 +581,14 @@ DPRINT("OutputBufferLength: %lu\n", OutputBufferLength); /* Validate parameters */ - if (OutputBufferLength < sizeof(FILE_PIPE_PEEK_BUFFER)) + if (OutputBufferLength < FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[0])) { DPRINT1("Buffer too small\n"); return STATUS_INVALID_PARAMETER; } Ccb = IoStack->FileObject->FsContext2; - Reply = (PFILE_PIPE_PEEK_BUFFER)Irp->AssociatedIrp.SystemBuffer; + Reply = Irp->AssociatedIrp.SystemBuffer; //Fcb = Ccb->Fcb; @@ -604,46 +604,49 @@ { DPRINT("Byte Stream Mode\n"); Reply->MessageLength = Ccb->ReadDataAvailable; - DPRINT("Reply->MessageLength %lu\n",Reply->MessageLength ); + DPRINT("Reply->MessageLength %lu\n", Reply->MessageLength); MessageCount = 1; - if (Reply->Data[0] && (OutputBufferLength >= Ccb->ReadDataAvailable + FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[0]))) - { + if (OutputBufferLength >= FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[Ccb->ReadDataAvailable])) + { + RtlCopyMemory(Reply->Data, BufferPtr, Ccb->ReadDataAvailable); ReturnLength = Ccb->ReadDataAvailable; - memcpy(&Reply->Data[0], (PVOID)BufferPtr, Ccb->ReadDataAvailable); } } else { DPRINT("Message Mode\n"); - ReadDataAvailable=Ccb->ReadDataAvailable; + ReadDataAvailable = Ccb->ReadDataAvailable; if (ReadDataAvailable > 0) { - memcpy(&Reply->MessageLength, BufferPtr, sizeof(ULONG)); + RtlCopyMemory(&Reply->MessageLength, + BufferPtr, + sizeof(Reply->MessageLength)); while ((ReadDataAvailable > 0) && (BufferPtr < Ccb->WritePtr)) { - memcpy(&MessageLength, BufferPtr, sizeof(MessageLength)); + RtlCopyMemory(&MessageLength, BufferPtr, sizeof(MessageLength)); ASSERT(MessageLength > 0); - DPRINT("MessageLength = %lu\n",MessageLength); + DPRINT("MessageLength = %lu\n", MessageLength); ReadDataAvailable -= MessageLength; MessageCount++; /* If its the first message, copy the Message if the size of buffer is large enough */ - if (MessageCount==1) + if (MessageCount == 1) { - if ((Reply->Data[0]) - && (OutputBufferLength >= (MessageLength + FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[0])))) + if (OutputBufferLength >= FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[MessageLength])) { - memcpy(&Reply->Data[0], (PVOID)((ULONG_PTR)BufferPtr + sizeof(MessageLength)), MessageLength); + RtlCopyMemory(Reply->Data, + (PVOID)((ULONG_PTR)BufferPtr + sizeof(MessageLength)), + MessageLength); ReturnLength = MessageLength; } } - BufferPtr =(PVOID)((ULONG_PTR)BufferPtr + MessageLength + sizeof(MessageLength)); + BufferPtr = (PVOID)((ULONG_PTR)BufferPtr + sizeof(MessageLength) + MessageLength); DPRINT("BufferPtr = %x\n", BufferPtr); DPRINT("ReadDataAvailable: %lu\n", ReadDataAvailable); } @@ -659,7 +662,7 @@ Reply->NumberOfMessages = MessageCount; - Irp->IoStatus.Information = ReturnLength + FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[0]); + Irp->IoStatus.Information = FIELD_OFFSET(FILE_PIPE_PEEK_BUFFER, Data[ReturnLength]); Irp->IoStatus.Status = STATUS_SUCCESS; Status = STATUS_SUCCESS;