Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-04-04 12:39:35 +00:00
Code Issues Projects Releases Packages Wiki Activity

[FREELDR]

Browse source 
- Correctly check for buffer overflow in DetectPnpBios. Patch by Serge Gautherie.
CORE-12623 #resolve

svn path=/trunk/; revision=73617
This commit is contained in:
Thomas Faber 2017-01-29 00:00:22 +00:00
parent dde1f97a02
commit 17990b28a2
1 changed files with 8 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
reactos/boot/freeldr/freeldr/arch/i386/machpc.c
View file

@ -101,7 +101,7 @@ PcGetHarddiskConfigurationData(UCHAR DriveNumber, ULONG* pSize)
PartialResourceList = FrLdrHeapAlloc(Size, TAG_HW_RESOURCE_LIST);
if (PartialResourceList == NULL)
{
ERR("Failed to allocate a full resource descriptor\n");
ERR("Failed to allocate resource descriptor\n");
return NULL;
}
@ -170,6 +170,7 @@ DetectPnpBios(PCONFIGURATION_COMPONENT_DATA SystemKey, ULONG *BusNumber)
ULONG FoundNodeCount;
int i;
ULONG PnpBufferSize;
ULONG PnpBufferSizeLimit;
ULONG Size;
char *Ptr;
@ -204,8 +205,9 @@ DetectPnpBios(PCONFIGURATION_COMPONENT_DATA SystemKey, ULONG *BusNumber)
TRACE("Estimated buffer size %u\n", NodeSize * NodeCount);
/* Set 'Configuration Data' value */
Size = sizeof(CM_PARTIAL_RESOURCE_LIST)
+ sizeof(CM_PNP_BIOS_INSTALLATION_CHECK) + (NodeSize * NodeCount);
PnpBufferSizeLimit = sizeof(CM_PNP_BIOS_INSTALLATION_CHECK)
+ (NodeSize * NodeCount);
Size = sizeof(CM_PARTIAL_RESOURCE_LIST) + PnpBufferSizeLimit;
PartialResourceList = FrLdrHeapAlloc(Size, TAG_HW_RESOURCE_LIST);
if (PartialResourceList == NULL)
{
@ -229,10 +231,10 @@ DetectPnpBios(PCONFIGURATION_COMPONENT_DATA SystemKey, ULONG *BusNumber)
/* Set installation check data */
memcpy (Ptr, InstData, sizeof(CM_PNP_BIOS_INSTALLATION_CHECK));
Ptr += sizeof(CM_PNP_BIOS_INSTALLATION_CHECK);
PnpBufferSize = sizeof(CM_PNP_BIOS_INSTALLATION_CHECK);
/* Copy device nodes */
FoundNodeCount = 0;
PnpBufferSize = sizeof(CM_PNP_BIOS_INSTALLATION_CHECK);
for (i = 0; i < 0xFF; i++)
{
NodeNumber = (UCHAR)i;
@ -247,9 +249,9 @@ DetectPnpBios(PCONFIGURATION_COMPONENT_DATA SystemKey, ULONG *BusNumber)
DeviceNode->Size,
DeviceNode->Size);
if (PnpBufferSize + DeviceNode->Size > Size)
if (PnpBufferSize + DeviceNode->Size > PnpBufferSizeLimit)
{
ERR("Buffer too small!\n");
ERR("Buffer too small! Ignoring remaining device nodes.\n");
break;
}