[FILESYSTEMS] Fix pool memory disclosure in filesystem drivers supporting FS_INFORMATION_CLASS.FileFsVolumeInformation (#2975)

* FileFsVolumeInformation-memory-disclosure * remove unnecessary assignment to 0 * fix
2025-05-04 18:31:40 +00:00 · 2020-09-11 19:51:35 +07:00 · 2020-09-11 19:51:35 +07:00 · 166f815e7b
commit 166f815e7b
parent ede7a20a17
5 changed files with 15 additions and 7 deletions
--- a/drivers/filesystems/cdfs/volinfo.c
+++ b/drivers/filesystems/cdfs/volinfo.c
@ -160,6 +160,10 @@ Return Value:
        //  and false if it couldn't wait for any I/O to complete.
        //

+#ifdef __REACTOS__
+        RtlZeroMemory(Irp->AssociatedIrp.SystemBuffer, Length);
+#endif // __REACTOS__
+
        switch (IrpSp->Parameters.QueryVolume.FsInformationClass) {

        case FileFsSizeInformation:
--- a/drivers/filesystems/fastfat/volume.c
+++ b/drivers/filesystems/fastfat/volume.c
@ -48,7 +48,6 @@ FsdGetFsVolumeInformation(
        RtlCopyMemory(FsVolumeInfo->VolumeLabel,
                      DeviceObject->Vpb->VolumeLabel,
                      *BufferLength);
-        *BufferLength = 0;
    }
    else
    {
@ -457,6 +456,8 @@ VfatQueryVolumeInformation(
    DPRINT("FsInformationClass %d\n", FsInformationClass);
    DPRINT("SystemBuffer %p\n", SystemBuffer);

+    RtlZeroMemory(SystemBuffer, BufferLength);
+
    switch (FsInformationClass)
    {
        case FileFsVolumeInformation:
--- a/drivers/filesystems/nfs/nfs41_driver.c
+++ b/drivers/filesystems/nfs/nfs41_driver.c
@ -4546,6 +4546,10 @@ NTSTATUS nfs41_QueryVolumeInformation(
    status = check_nfs41_dirquery_args(RxContext);
    if (status) goto out;

+#ifdef __REACTOS__
+    RtlZeroMemory(RxContext->Info.Buffer, RxContext->Info.LengthRemaining);
+#endif // __REACTOS__
+
    switch (InfoClass) {
    case FileFsVolumeInformation:
        if ((ULONG)RxContext->Info.LengthRemaining >= DevExt->VolAttrsLen) {
--- a/drivers/filesystems/npfs/volinfo.c
+++ b/drivers/filesystems/npfs/volinfo.c
@ -27,8 +27,6 @@ NpQueryFsVolumeInfo(IN PVOID Buffer,

    *Length -= FIELD_OFFSET(FILE_FS_VOLUME_INFORMATION, VolumeLabel);

-    InfoBuffer->VolumeCreationTime.QuadPart = 0;
-    InfoBuffer->VolumeSerialNumber = 0;
    InfoBuffer->SupportsObjects = 0;

    NameLength = 18;
@ -61,8 +59,6 @@ NpQueryFsSizeInfo(IN PVOID Buffer,

    *Length -= sizeof(*InfoBuffer);

-    InfoBuffer->TotalAllocationUnits.QuadPart = 0;
-    InfoBuffer->AvailableAllocationUnits.QuadPart = 0;
    InfoBuffer->SectorsPerAllocationUnit = 1;
    InfoBuffer->BytesPerSector = 1;

@ -78,8 +74,6 @@ NpQueryFsDeviceInfo(IN PVOID Buffer,
    PFILE_FS_DEVICE_INFORMATION InfoBuffer = Buffer;
    TRACE("Entered\n");

-    InfoBuffer->DeviceType = 0;
-    InfoBuffer->Characteristics = 0;
    InfoBuffer->DeviceType = FILE_DEVICE_NAMED_PIPE;
    *Length -= sizeof(*InfoBuffer);

@ -153,6 +147,8 @@ NpCommonQueryVolumeInformation(IN PDEVICE_OBJECT DeviceObject,
    Length = IoStack->Parameters.QueryVolume.Length;
    InfoClass = IoStack->Parameters.QueryVolume.FsInformationClass;

+    RtlZeroMemory(Buffer, Length);
+
    switch (InfoClass)
    {
        case FileFsVolumeInformation:
--- a/drivers/filesystems/udfs/volinfo.cpp
+++ b/drivers/filesystems/udfs/volinfo.cpp
@ -197,6 +197,9 @@ UDFCommonQueryVolInfo(
            try_return(RC);
        }
 #endif //UDF_ENABLE_SECURITY
+
+        RtlZeroMemory(Irp->AssociatedIrp.SystemBuffer, Length);
+
        switch (IrpSp->Parameters.QueryVolume.FsInformationClass) {
    
        case FileFsVolumeInformation: