https://git.reactos.org/?p=reactos.git;a=commitdiff;h=ef4c7ae978a6937442854… commit ef4c7ae978a6937442854ead4a1a1c942f1edcd2 Author: Jérôme Gardou &lt;jerome.gardou(a)reactos.org&gt; AuthorDate: Thu Dec 10 11:30:01 2020 +0100 Commit: Jérôme Gardou &lt;jerome.gardou(a)reactos.org&gt; CommitDate: Tue Dec 22 11:06:38 2020 +0100 [NTOS:IO] Validate input parameters in NtQueryDirectoryFile It turns out this is not the job of the FS driver --- ntoskrnl/io/iomgr/iofunc.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/ntoskrnl/io/iomgr/iofunc.c b/ntoskrnl/io/iomgr/iofunc.c index 62c7799e47a..80814a70ba3 100644 --- a/ntoskrnl/io/iomgr/iofunc.c +++ b/ntoskrnl/io/iomgr/iofunc.c @@ -2052,6 +2052,26 @@ NtQueryDirectoryFile(IN HANDLE FileHandle, _SEH2_END; } + /* Check input parameters */ + + switch (FileInformationClass) + { +#define CHECK_LENGTH(class, struct) \ + case class: \ + if (Length < sizeof(struct)) \ + return STATUS_INFO_LENGTH_MISMATCH; \ + break + CHECK_LENGTH(FileDirectoryInformation, FILE_DIRECTORY_INFORMATION); + CHECK_LENGTH(FileFullDirectoryInformation, FILE_FULL_DIR_INFORMATION); + CHECK_LENGTH(FileIdFullDirectoryInformation, FILE_ID_FULL_DIR_INFORMATION); + CHECK_LENGTH(FileNamesInformation, FILE_NAMES_INFORMATION); + CHECK_LENGTH(FileBothDirectoryInformation, FILE_BOTH_DIR_INFORMATION); + CHECK_LENGTH(FileIdBothDirectoryInformation, FILE_ID_BOTH_DIR_INFORMATION); + default: + break; +#undef CHECK_LENGTH + } + /* Get File Object */ Status = ObReferenceObjectByHandle(FileHandle, FILE_LIST_DIRECTORY,