Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-06-27 11:09:44 +00:00
Code Issues Projects Releases Packages Wiki Activity

[FREELDR]

Browse source 
- Correctly check for buffer overflow in DetectPnpBios. Patch by Serge Gautherie.
CORE-12623 #resolve

svn path=/trunk/; revision=73617
This commit is contained in:
Thomas Faber 2017-01-29 00:00:22 +00:00
parent dde1f97a02
commit 17990b28a2
1 changed files with 8 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

14
reactos/boot/freeldr/freeldr/arch/i386/machpc.c
View file

@ -101,7 +101,7 @@ PcGetHarddiskConfigurationData(UCHAR DriveNumber, ULONG* pSize)
PartialResourceList = FrLdrHeapAlloc(Size, TAG_HW_RESOURCE_LIST); PartialResourceList = FrLdrHeapAlloc(Size, TAG_HW_RESOURCE_LIST);
if (PartialResourceList == NULL) if (PartialResourceList == NULL)
{ {
ERR("Failed to allocate a full resource descriptor\n"); ERR("Failed to allocate resource descriptor\n");
return NULL; return NULL;
} }
@ -170,6 +170,7 @@ DetectPnpBios(PCONFIGURATION_COMPONENT_DATA SystemKey, ULONG *BusNumber)
ULONG FoundNodeCount; ULONG FoundNodeCount;
int i; int i;
ULONG PnpBufferSize; ULONG PnpBufferSize;
ULONG PnpBufferSizeLimit;
ULONG Size; ULONG Size;
char *Ptr; char *Ptr;
@ -204,8 +205,9 @@ DetectPnpBios(PCONFIGURATION_COMPONENT_DATA SystemKey, ULONG *BusNumber)
TRACE("Estimated buffer size %u\n", NodeSize * NodeCount); TRACE("Estimated buffer size %u\n", NodeSize * NodeCount);
/* Set 'Configuration Data' value */ /* Set 'Configuration Data' value */
Size = sizeof(CM_PARTIAL_RESOURCE_LIST) PnpBufferSizeLimit = sizeof(CM_PNP_BIOS_INSTALLATION_CHECK)
+ sizeof(CM_PNP_BIOS_INSTALLATION_CHECK) + (NodeSize * NodeCount); + (NodeSize * NodeCount);
Size = sizeof(CM_PARTIAL_RESOURCE_LIST) + PnpBufferSizeLimit;
PartialResourceList = FrLdrHeapAlloc(Size, TAG_HW_RESOURCE_LIST); PartialResourceList = FrLdrHeapAlloc(Size, TAG_HW_RESOURCE_LIST);
if (PartialResourceList == NULL) if (PartialResourceList == NULL)
{ {
@ -229,10 +231,10 @@ DetectPnpBios(PCONFIGURATION_COMPONENT_DATA SystemKey, ULONG *BusNumber)
/* Set installation check data */ /* Set installation check data */
memcpy (Ptr, InstData, sizeof(CM_PNP_BIOS_INSTALLATION_CHECK)); memcpy (Ptr, InstData, sizeof(CM_PNP_BIOS_INSTALLATION_CHECK));
Ptr += sizeof(CM_PNP_BIOS_INSTALLATION_CHECK); Ptr += sizeof(CM_PNP_BIOS_INSTALLATION_CHECK);
PnpBufferSize = sizeof(CM_PNP_BIOS_INSTALLATION_CHECK);
/* Copy device nodes */ /* Copy device nodes */
FoundNodeCount = 0; FoundNodeCount = 0;
PnpBufferSize = sizeof(CM_PNP_BIOS_INSTALLATION_CHECK);
for (i = 0; i < 0xFF; i++) for (i = 0; i < 0xFF; i++)
{ {
NodeNumber = (UCHAR)i; NodeNumber = (UCHAR)i;
@ -247,9 +249,9 @@ DetectPnpBios(PCONFIGURATION_COMPONENT_DATA SystemKey, ULONG *BusNumber)
DeviceNode->Size, DeviceNode->Size,
DeviceNode->Size); DeviceNode->Size);
if (PnpBufferSize + DeviceNode->Size > Size) if (PnpBufferSize + DeviceNode->Size > PnpBufferSizeLimit)
{ {
ERR("Buffer too small!\n"); ERR("Buffer too small! Ignoring remaining device nodes.\n");
break; break;
} }