https://git.reactos.org/?p=reactos.git;a=commitdiff;h=e72a9a78b0148254c35f8… commit e72a9a78b0148254c35f80f368516d7368a9799b Author: Hermès Bélusca-Maïto &lt;hermes.belusca-maito(a)reactos.org&gt; AuthorDate: Sun Jan 19 22:32:25 2025 +0100 Commit: Hermès Bélusca-Maïto &lt;hermes.belusca-maito(a)reactos.org&gt; CommitDate: Tue Jan 21 19:15:59 2025 +0100 [MOUNTMGR] Fix some other bugs (#6990) - Use FIELD_OFFSET to correct structure and member instead of hardcoding sizeof-s of fields until the member of interest. - Fix a bug in MountMgrQueryDosVolumePath() where the FIELD_OFFSET used in the entry structure size validation was incorrect. FIELD_OFFSET(MOUNTMGR_TARGET_NAME, DeviceNameLength) is == 0 since DeviceNameLength is the first member of the MOUNTMGR_TARGET_NAME structure. The intended member was DeviceName. Addendum to commit f9f5a78715. --- drivers/storage/mountmgr/device.c | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/drivers/storage/mountmgr/device.c b/drivers/storage/mountmgr/device.c index 62d28cf7192..58a478115e9 100644 --- a/drivers/storage/mountmgr/device.c +++ b/drivers/storage/mountmgr/device.c @@ -637,7 +637,8 @@ MountMgrNextDriveLetter(IN PDEVICE_EXTENSION DeviceExtension, } DriveLetterTarget = (PMOUNTMGR_DRIVE_LETTER_TARGET)Irp->AssociatedIrp.SystemBuffer; - if (DriveLetterTarget->DeviceNameLength + sizeof(USHORT) > Stack->Parameters.DeviceIoControl.InputBufferLength) + if (FIELD_OFFSET(MOUNTMGR_DRIVE_LETTER_TARGET, DeviceName) + DriveLetterTarget->DeviceNameLength > + Stack->Parameters.DeviceIoControl.InputBufferLength) { return STATUS_INVALID_PARAMETER; } @@ -842,14 +843,14 @@ MountMgrQueryDosVolumePath(IN PDEVICE_EXTENSION DeviceExtension, } /* Validate the entry structure size */ - if ((FIELD_OFFSET(MOUNTMGR_TARGET_NAME, DeviceNameLength) + Target->DeviceNameLength) > + if (FIELD_OFFSET(MOUNTMGR_TARGET_NAME, DeviceName) + Target->DeviceNameLength > Stack->Parameters.DeviceIoControl.InputBufferLength) { return STATUS_INVALID_PARAMETER; } /* Ensure we can at least return needed size */ - if (Stack->Parameters.DeviceIoControl.OutputBufferLength < sizeof(ULONG)) + if (Stack->Parameters.DeviceIoControl.OutputBufferLength < FIELD_OFFSET(MOUNTMGR_VOLUME_PATHS, MultiSz)) { return STATUS_INVALID_PARAMETER; } @@ -1007,11 +1008,10 @@ TryWithVolumeName: /* At least, we will return our length */ Output->MultiSzLength = DeviceLength; - /* MOUNTMGR_VOLUME_PATHS is a string + a ULONG */ - Irp->IoStatus.Information = DeviceLength + sizeof(ULONG); + Irp->IoStatus.Information = FIELD_OFFSET(MOUNTMGR_VOLUME_PATHS, MultiSz) + DeviceLength; /* If we have enough room for copying the string */ - if (sizeof(ULONG) + DeviceLength <= Stack->Parameters.DeviceIoControl.OutputBufferLength) + if (Irp->IoStatus.Information <= Stack->Parameters.DeviceIoControl.OutputBufferLength) { /* Copy it */ if (DeviceLength) @@ -1031,7 +1031,7 @@ TryWithVolumeName: { /* Just return the size needed and leave */ FreePool(DeviceString); - Irp->IoStatus.Information = sizeof(ULONG); + Irp->IoStatus.Information = FIELD_OFFSET(MOUNTMGR_VOLUME_PATHS, MultiSz); return STATUS_BUFFER_OVERFLOW; } } @@ -1469,13 +1469,14 @@ MountMgrQueryDosVolumePaths(IN PDEVICE_EXTENSION DeviceExtension, } /* Validate the entry structure size */ - if (Target->DeviceNameLength + FIELD_OFFSET(MOUNTMGR_TARGET_NAME, DeviceName) > Stack->Parameters.DeviceIoControl.InputBufferLength) + if (FIELD_OFFSET(MOUNTMGR_TARGET_NAME, DeviceName) + Target->DeviceNameLength > + Stack->Parameters.DeviceIoControl.InputBufferLength) { return STATUS_INVALID_PARAMETER; } /* Ensure we can at least return needed size */ - if (Stack->Parameters.DeviceIoControl.OutputBufferLength < sizeof(ULONG)) + if (Stack->Parameters.DeviceIoControl.OutputBufferLength < FIELD_OFFSET(MOUNTMGR_VOLUME_PATHS, MultiSz)) { return STATUS_INVALID_PARAMETER; } @@ -1566,12 +1567,12 @@ MountMgrQueryDosVolumePaths(IN PDEVICE_EXTENSION DeviceExtension, Output->MultiSzLength = Paths->MultiSzLength; /* Compute total length */ - OutputLength = Output->MultiSzLength + sizeof(ULONG); + OutputLength = FIELD_OFFSET(MOUNTMGR_VOLUME_PATHS, MultiSz) + Output->MultiSzLength; /* If it cannot fit, just return the size needed and leave */ if (OutputLength > Stack->Parameters.DeviceIoControl.OutputBufferLength) { - Irp->IoStatus.Information = sizeof(ULONG); + Irp->IoStatus.Information = FIELD_OFFSET(MOUNTMGR_VOLUME_PATHS, MultiSz); FreePool(Paths); return STATUS_BUFFER_OVERFLOW; } @@ -1605,7 +1606,8 @@ MountMgrKeepLinksWhenOffline(IN PDEVICE_EXTENSION DeviceExtension, } Target = (PMOUNTMGR_TARGET_NAME)Irp->AssociatedIrp.SystemBuffer; - if (Target->DeviceNameLength + sizeof(USHORT) > Stack->Parameters.DeviceIoControl.InputBufferLength) + if (FIELD_OFFSET(MOUNTMGR_TARGET_NAME, DeviceName) + Target->DeviceNameLength > + Stack->Parameters.DeviceIoControl.InputBufferLength) { return STATUS_INVALID_PARAMETER; } @@ -1649,7 +1651,8 @@ MountMgrVolumeArrivalNotification(IN PDEVICE_EXTENSION DeviceExtension, } Target = (PMOUNTMGR_TARGET_NAME)Irp->AssociatedIrp.SystemBuffer; - if (Target->DeviceNameLength + sizeof(USHORT) > Stack->Parameters.DeviceIoControl.InputBufferLength) + if (FIELD_OFFSET(MOUNTMGR_TARGET_NAME, DeviceName) + Target->DeviceNameLength > + Stack->Parameters.DeviceIoControl.InputBufferLength) { return STATUS_INVALID_PARAMETER; }