mirror of
https://github.com/reactos/reactos.git
synced 2025-01-03 21:09:19 +00:00
- Get rid of possible buffer overflows and memory corruptions due to an assumption that UNICODE_STRING's buffers are always NULL-terminated.
svn path=/trunk/; revision=31565
This commit is contained in:
parent
681c695d20
commit
3c0efbc70d
2 changed files with 26 additions and 26 deletions
|
@ -222,27 +222,31 @@ IopNormalizeImagePath(
|
|||
|
||||
if (InputImagePath.Length == 0)
|
||||
{
|
||||
ImagePath->Length = (33 * sizeof(WCHAR)) + ServiceName->Length;
|
||||
ImagePath->MaximumLength = ImagePath->Length + sizeof(UNICODE_NULL);
|
||||
ImagePath->Length = 0;
|
||||
ImagePath->MaximumLength =
|
||||
(33 * sizeof(WCHAR)) + ServiceName->Length + sizeof(UNICODE_NULL);
|
||||
ImagePath->Buffer = ExAllocatePool(NonPagedPool, ImagePath->MaximumLength);
|
||||
if (ImagePath->Buffer == NULL)
|
||||
return STATUS_NO_MEMORY;
|
||||
|
||||
wcscpy(ImagePath->Buffer, L"\\SystemRoot\\system32\\drivers\\");
|
||||
wcscat(ImagePath->Buffer, ServiceName->Buffer);
|
||||
wcscat(ImagePath->Buffer, L".sys");
|
||||
RtlAppendUnicodeToString(ImagePath, L"\\SystemRoot\\system32\\drivers\\");
|
||||
RtlAppendUnicodeStringToString(ImagePath, ServiceName);
|
||||
RtlAppendUnicodeToString(ImagePath, L".sys");
|
||||
} else
|
||||
if (InputImagePath.Buffer[0] != L'\\')
|
||||
{
|
||||
ImagePath->Length = (12 * sizeof(WCHAR)) + InputImagePath.Length;
|
||||
ImagePath->MaximumLength = ImagePath->Length + sizeof(UNICODE_NULL);
|
||||
ImagePath->Length = 0;
|
||||
ImagePath->MaximumLength =
|
||||
12 * sizeof(WCHAR) + InputImagePath.Length + sizeof(UNICODE_NULL);
|
||||
ImagePath->Buffer = ExAllocatePool(NonPagedPool, ImagePath->MaximumLength);
|
||||
if (ImagePath->Buffer == NULL)
|
||||
return STATUS_NO_MEMORY;
|
||||
|
||||
wcscpy(ImagePath->Buffer, L"\\SystemRoot\\");
|
||||
wcscat(ImagePath->Buffer, InputImagePath.Buffer);
|
||||
ExFreePool(InputImagePath.Buffer);
|
||||
RtlAppendUnicodeToString(ImagePath, L"\\SystemRoot\\");
|
||||
RtlAppendUnicodeStringToString(ImagePath, &InputImagePath);
|
||||
|
||||
/* Free caller's string */
|
||||
RtlFreeUnicodeString(&InputImagePath);
|
||||
}
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
|
|
|
@ -1593,7 +1593,6 @@ IopGetParentIdPrefix(PDEVICE_NODE DeviceNode,
|
|||
PUNICODE_STRING ParentIdPrefix)
|
||||
{
|
||||
ULONG KeyNameBufferLength;
|
||||
PWSTR KeyNameBuffer = NULL;
|
||||
PKEY_VALUE_PARTIAL_INFORMATION ParentIdPrefixInformation = NULL;
|
||||
UNICODE_STRING KeyName;
|
||||
UNICODE_STRING KeyValue;
|
||||
|
@ -1620,15 +1619,20 @@ IopGetParentIdPrefix(PDEVICE_NODE DeviceNode,
|
|||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
goto cleanup;
|
||||
}
|
||||
KeyNameBuffer = ExAllocatePool(PagedPool, (49 * sizeof(WCHAR)) + DeviceNode->Parent->InstancePath.Length);
|
||||
if (!KeyNameBuffer)
|
||||
|
||||
|
||||
KeyName.Buffer = ExAllocatePool(PagedPool, (49 * sizeof(WCHAR)) + DeviceNode->Parent->InstancePath.Length);
|
||||
if (!KeyName.Buffer)
|
||||
{
|
||||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
goto cleanup;
|
||||
}
|
||||
wcscpy(KeyNameBuffer, L"\\Registry\\Machine\\System\\CurrentControlSet\\Enum\\");
|
||||
wcscat(KeyNameBuffer, DeviceNode->Parent->InstancePath.Buffer);
|
||||
RtlInitUnicodeString(&KeyName, KeyNameBuffer);
|
||||
KeyName.Length = 0;
|
||||
KeyName.MaximumLength = (49 * sizeof(WCHAR)) + DeviceNode->Parent->InstancePath.Length;
|
||||
|
||||
RtlAppendUnicodeToString(&KeyName, L"\\Registry\\Machine\\System\\CurrentControlSet\\Enum\\");
|
||||
RtlAppendUnicodeStringToString(&KeyName, &DeviceNode->Parent->InstancePath);
|
||||
|
||||
Status = IopOpenRegistryKeyEx(&hKey, NULL, &KeyName, KEY_QUERY_VALUE | KEY_SET_VALUE);
|
||||
if (!NT_SUCCESS(Status))
|
||||
goto cleanup;
|
||||
|
@ -1678,7 +1682,7 @@ cleanup:
|
|||
Status = RtlDuplicateUnicodeString(RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE, &KeyValue, ParentIdPrefix);
|
||||
}
|
||||
ExFreePool(ParentIdPrefixInformation);
|
||||
ExFreePool(KeyNameBuffer);
|
||||
RtlFreeUnicodeString(&KeyName);
|
||||
if (hKey != NULL)
|
||||
ZwClose(hKey);
|
||||
return Status;
|
||||
|
@ -1713,7 +1717,6 @@ IopActionInterrogateDeviceStack(PDEVICE_NODE DeviceNode,
|
|||
WCHAR InstancePath[MAX_PATH];
|
||||
IO_STACK_LOCATION Stack;
|
||||
NTSTATUS Status;
|
||||
PWSTR KeyBuffer;
|
||||
PWSTR Ptr;
|
||||
USHORT Length;
|
||||
USHORT TotalLength;
|
||||
|
@ -1851,19 +1854,12 @@ IopActionInterrogateDeviceStack(PDEVICE_NODE DeviceNode,
|
|||
/*
|
||||
* Create registry key for the instance id, if it doesn't exist yet
|
||||
*/
|
||||
KeyBuffer = ExAllocatePool(
|
||||
PagedPool,
|
||||
(49 * sizeof(WCHAR)) + DeviceNode->InstancePath.Length);
|
||||
wcscpy(KeyBuffer, L"\\Registry\\Machine\\System\\CurrentControlSet\\Enum\\");
|
||||
wcscat(KeyBuffer, DeviceNode->InstancePath.Buffer);
|
||||
Status = IopCreateDeviceKeyPath(/*KeyBuffer*/&DeviceNode->InstancePath, &InstanceKey);
|
||||
ExFreePool(KeyBuffer);
|
||||
Status = IopCreateDeviceKeyPath(&DeviceNode->InstancePath, &InstanceKey);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
DPRINT1("Failed to create the instance key! (Status %lx)\n", Status);
|
||||
}
|
||||
|
||||
|
||||
{
|
||||
/* Set 'Capabilities' value */
|
||||
RtlInitUnicodeString(&ValueName, L"Capabilities");
|
||||
|
|
Loading…
Reference in a new issue